RT @sprucesystems: Announcing ShibeID: Announcing a new DID-Method for $DOGE - enabling decentralized identity on #dogecoin https://t.co/ea…

Tue Feb 02 04:53:51 +0000 2021

RT @sprucesystems: Our specification draws heavily from the work of @ChristopherA and @kimdhamilton within the W3C CCG on did:btcr due to…

Tue Feb 02 04:53:53 +0000 2021

This is an important new technology for Bitcoin security, which I hope proves out, scales up, and becomes fully implemented in bitcoin-core. Basically it addresses the problem of having to prove the entire blockchain even if you decide only to keep a pruned portion of it. https://twitter.com/tdryja/status/1356414548992020482

Tue Feb 02 05:28:53 +0000 2021

Instead, uutreexo creates a dynamic hash accumulator from the blockchain data, which among other things the payer can include with a payment to prove that they have control of the funds. This allows for blockchains to become much smaller in size.

Tue Feb 02 06:21:24 +0000 2021

RT @BitMEXResearch: Progress Towards Utreexo Goals

100x Group grantee @kcalvinalvinn explores several claims about the benefits of Utreexo…

Tue Feb 02 06:23:45 +0000 2021

RT @kallewoof: First joinmarket coinjoin on signet! https://x0f.org/@waxwing/105656018148146093

Tue Feb 02 06:30:59 +0000 2021

Replying to @MichelleSidun and @SenLummis

Maybe if you see a jackalope in Wyoming on Feb 1 then spring will be early.

Tue Feb 02 21:06:39 +0000 2021

Though a multisig of 10K of a 10M isn’t very useful in and of itself (0.1%) it shows it is possible to allow the 20K holder of shares in a DAO (say using the new #Wyoming DAO/LAO bill) to provably vote 10K+1 a stockholder resolution to change the bylaws or spend to dissolve corp. https://twitter.com/n1ckler/status/1356640993232236544

Tue Feb 02 21:16:45 +0000 2021

RT @lloydalter: .@peterwalker99 ’s new book “The Miracle Pill” https://www.simonandschuster.ca/books/The-Miracle-Pill/Peter-Walker/9781471192548 has so much in it that I have to discuss it in piece…

Thu Feb 04 22:05:28 +0000 2021

RT @SarahJamieLewis: I’d be willing to bet that more deliberate vulnerabilities have been introduced into critical systems by known actors…

Fri Feb 05 07:28:42 +0000 2021

RT @awrigh01: Proud of the work @CardozoLaw students put in to (hopefully) make DAOs legally recognized in Wyoming.

We held the primary pe…

Fri Feb 05 07:30:55 +0000 2021

I also enjoyed this “I Fail Pretty” video 😂 https://youtu.be/29vsUt7yqsw

Fri Feb 05 19:49:30 +0000 2021

I also like the idea behind the “Distinguished Failure Award”. At the iOSDevCamp hackathons I offered one of the top prizes to the “Best Sacrifice to the Demo Gods” to encourage the valiant freedom to fail.

Fri Feb 05 19:49:30 +0000 2021

“A failure to break a cryptographic system is a positive result for its security, and a failure to secure a cryptographic system can be a positive result for cryptanalysis, or at least yield new insights relevant to testing or threat-modeling” 👍

Fri Feb 05 19:49:30 +0000 2021

I’m a big believer in freedom to fail, & good honest post-mortem analysis, so I am quite pleased to see this conference happening, chaired by @TheAlliBishop “We believe that failure plays a crucial role in the progress of scientific research.” #cfail https://www.cfail.org/

Fri Feb 05 19:49:30 +0000 2021

RT @opencryptoorg: COPA stands for an open financial system and was formed to remove barriers that stifle innovation. We are hosting the Bi…

Fri Feb 05 22:42:27 +0000 2021

Replying to @cycryptr, @dr_orlovsky and @kimdhamilton

There a few minor implementations of BTCR 0.1 out there, but none in serious use. I’ve been holding off a bit to nail down some underlying problems: pre-keys before registration for KERI-like P2P, single-use seals, Lightning support, multisig (+fixing the non-BIP 48 xpub reuse).

Mon Feb 08 23:22:53 +0000 2021

We need an interoperable standard for not reusing the same xpub in bitcoin multisig descriptors. Some discussions on bitcoin-dev list and in the Airgapped Wallet Community. @hugohanoi @FullyNoded @StepanSnigirev @FOUNDATIONdvcs @SparrowWallet @bluewalletio @COLDCARDwallet https://twitter.com/hugomofn/status/1359146676490022919

Wed Feb 10 09:12:23 +0000 2021

RT @KimZetter: Beverly Hills police officer starts playing music on mobile phone when he realizes activist is live-streaming their encounte…

Wed Feb 10 16:05:13 +0000 2021

Replying to @martijnbolt, @gimly_io, @IdentityWoman, @OR13b, @DecentralizedID, @drummondreed, @henkvancann, @theblockstalk and @rutgervz

Slides are at https://docs.google.com/presentation/d/1XnV9Hm0UU4IyDC0URAMYJJIfBLW7ErDd-BsktJMZYbQ/edit

Wed Feb 10 20:43:02 +0000 2021

Replying to @martijnbolt, @gimly_io, @IdentityWoman, @OR13b, @DecentralizedID, @drummondreed, @henkvancann, @theblockstalk and @rutgervz

I also had an advanced follow up on the bleeding edges of SSI: https://docs.google.com/presentation/d/1BbkBX-tUgifiS_VKcqCZYRTQAGF5pK-JEYQwmHYbMcI/edit

Wed Feb 10 20:44:36 +0000 2021

Replying to @martijnbolt, @gimly_io, @IdentityWoman, @OR13b, @DecentralizedID, @drummondreed, @henkvancann, @theblockstalk and @rutgervz

Video for that is at: https://youtu.be/WlDSMRb_X-s

Wed Feb 10 20:46:44 +0000 2021

Replying to @drummondreed and @posth

Can you post a backup of the paper on GitHub somewhere?

Thu Feb 11 17:30:38 +0000 2021

Replying to @martijnbolt, @gimly_io, @IdentityWoman, @OR13b, @DecentralizedID, @drummondreed, @henkvancann, @theblockstalk and @rutgervz

BTW, my favorite new graphic about DIDs. A bit technical but less so than others I’ve seen which are more intimidating. By @shigeya_suzuki

Thu Feb 11 18:58:14 +0000 2021

Replying to @martijnbolt, @gimly_io, @IdentityWoman, @OR13b, @DecentralizedID, @drummondreed, @henkvancann, @theblockstalk, @rutgervz and @shigeya_suzuki

For reference, more complex one that I think is great but I’ll not use in an presentation, also by @shigeya_suzuki is this one:

Thu Feb 11 19:17:34 +0000 2021

Just saw today a great paper by Alexandra Giannoupolou @alex_giann of University of Amsterdam adding the term Self-Sovereign Identity to the Glossary of Distributed Technologies at @PolicyR: 👍 https://policyreview.info/open-abstracts/self-sovereign-identity

Thu Feb 11 19:29:38 +0000 2021

Replying to @posth, @alex_giann and @PolicyR

Both @moskovich with @BitmarkInc and I worked on some creative work rights management approaches over the years, and I’d say some it inspired my early work in designing today’s DID architecture. Bitmark also deployed some solutions using their non-token based blockchain.

Fri Feb 12 00:23:54 +0000 2021

Replying to @henkvancann, @martijnbolt, @gimly_io, @IdentityWoman, @OR13b, @DecentralizedID, @drummondreed, @theblockstalk, @rutgervz and @shigeya_suzuki

Right now “verifiable data registry” is a category of services, not a spec. DIF & Microsoft have one, IPFS has one, Ethereum has one, and there is also Solid from @timberners_lee. I’m working on an torgapped approach using P2P encrypted objects over onion, but roadmap is slow.

Fri Feb 12 00:27:47 +0000 2021

Replying to @posth, @alex_giann, @PolicyR, @moskovich and @BitmarkInc


Fri Feb 12 01:26:24 +0000 2021

…This is part of the reason you should not “roll your own crypto”. I don’t trust even anything I write at the cryptographic level, nor should you, without sufficient review by others. Within a few years we also need more of these formal proofs as well.

Fri Feb 12 22:39:34 +0000 2021

These kind of formal proofs for cryptographic implementations, speed optimizations, etc. are becoming a more important part of the process of fully reviewing code to securing blockchain & decentralized identity technologies. They are difficult but important! https://twitter.com/pwuille/status/1360347812588707840

Fri Feb 12 22:39:34 +0000 2021

Replying to @OR13b, @darrello and @memberpass

More details on onion-based infrastructure at https://github.com/BlockchainCommons/torgap

Sun Feb 14 05:41:18 +0000 2021

Replying to @OR13b, @darrello and @memberpass

Live demo of did:onion document and a signed vc available, but we have a lot more tooling yet to do. http://fscst5exmlmr262byztwz4kzhggjlzumvc2ndvgytzoucr2tkgxf7mid.onion

Sun Feb 14 05:43:39 +0000 2021

RT @EFF: After over a year of advocacy by EFF and dozens of other organizations, Ring will finally offer end-to-end encryption. We hope thi…

Sun Feb 14 23:49:23 +0000 2021

Replying to @dustyweb

Have you looked at our did:onion demo yet? http://fscst5exmlmr262byztwz4kzhggjlzumvc2ndvgytzoucr2tkgxf7mid.onion/

Mon Feb 15 06:46:09 +0000 2021

I agree that we need to stop the current bad practice of reusing the same xpub in multiple bitcoin multisig descriptors. But I’m not confident this is the quite the right approach. Needs maybe a real commitment scheme? But perfection is the enemy of the good, so Concept ACK. https://twitter.com/FullyNoded/status/1361300150543556615

Mon Feb 15 19:05:54 +0000 2021

Replying to @dustyweb

We have a linode script for did:onion microservice. Should be easy to do for Docker, AWS etc. However, note that you can’t use Tor generated key elsewhere if you want to also use it for signing. Instead you need to generate key independently and convert it to a Tor key.

Tue Feb 16 01:29:59 +0000 2021

Replying to @dustyweb and @spritelyproject

We too have been looking at launching our own Tor service directly inside our apps, including cli apps, rather than using the daemon proxy.

Thu Feb 18 17:56:25 +0000 2021

Gordian Cosigner from @BlockchainComns is now available as an early beta release for iOS (and soon macOS). It allows you to easily add your signature to participate in Bitcoin multisig transactions. [1/11] https://github.com/BlockchainCommons/GordianCosigner-Catalyst

Thu Feb 18 19:49:19 +0000 2021

In modern Bitcoin architectures, multisig wallets leveraging descriptors & PSBTs will be the norm. Gordian Cosigner is unique in that it isn’t the initiator or the first signer of a transaction. It is a middle signer. Other wallets serve as the transaction coordinator. [2/11]

Thu Feb 18 19:49:20 +0000 2021

This puts Gordian Cosigner in a unique place for understanding issues of Bitcoin wallet interoperability. How to share multisig public key Account Maps, how to use animated QRs for large PSBTs, issues of responsible key management, etc. are all parts of the big picture. [3/11]

Thu Feb 18 19:49:22 +0000 2021

Gordian Cosigner is our reference application for interoperability. At Blockchain Commons we believe in creating a stronger Bitcoin ecosystem by supporting COOPETITION: with modular design, we can work together to create a better whole. Gordian Cosigner is part of that. [4/11]

Thu Feb 18 19:49:23 +0000 2021

Of course this all requires specifications for interoperability, which is what we’ve been discussing in the Blockchain Commons Airgapped Wallet community. [5/11] https://github.com/BlockchainCommons/Airgapped-Wallet-Community

Thu Feb 18 19:49:24 +0000 2021

We’ve also started to work on documents for interoperating with our own Gordian Wallet, and we’re planning for interoperability guidelines for Spectre, @FullyNoded , @COLDCARDwallet and for our own LetheKit. More integration to come! [7/11] https://github.com/BlockchainCommons/GordianCosigner-Catalyst/blob/master/Docs/Integrating.md

Thu Feb 18 19:49:25 +0000 2021

So how does Gordian Cosigner work with other applications? We’ve recently written an interoperability guide for Bitcoin Core. You create a PSBT with bitcoin-cli, you sign it with Gordian Cosigner(s), and then your finalize and send from the command line. [6/11]

Thu Feb 18 19:49:25 +0000 2021

If you’d like to talk about the future of interoperability for multisigs and for other cryptocurrency wallets, please join our Airgapped Wallet Community. [9/11] https://github.com/BlockchainCommons/Airgapped-Wallet-Community

Thu Feb 18 19:49:26 +0000 2021

Figuring out interoperability for multisigs and other Bitcoin operations is still very cutting edge, and so we’re expecting sharp corners. There will be gotchas. We want to figure them out now, rather than after more multisig wallets have been deployed. [8/11]

Thu Feb 18 19:49:26 +0000 2021

Support our work in creating infrastructure for the next-generation of Bitcoin & cryptocurrency wallets! Become a GitHub sponsor of Blockchain Commons. [12/12] https://github.com/sponsors/BlockchainCommons

Thu Feb 18 19:49:27 +0000 2021

We also are interested in talking with various digital asset support organizations, investment advisors, custodians, etc. who might want to white label, fork, or otherwise adapt Gordian Cosigner for use in their collaborative custody scenarios. [11/12] https://testflight.apple.com/join/sJTaoUsM

Thu Feb 18 19:49:27 +0000 2021

I’ve written extensively about the #DunbarNumber and other individual cognitive & social limits to group size. New paper out that uses phone records of 6m people pre-smartphone with evidence for some of the “personal circles” that I spoke of back in 2008: http://www.lifewithalacrity.com/2008/11/personal-circle.html https://twitter.com/emollick/status/1363203069144690688

Sun Feb 21 04:20:15 +0000 2021

We offer a number of libraries related to Bitcoin & the crypto-commons. We typically write first in C or C++, then create support for them in Swift for iOS, or rewrite them in native Swift. Next we do Java for Android and Rust for the greatest security. https://github.com/BlockchainCommons/crypto-commons https://twitter.com/BitcoinIsSaving/status/1362757118172954626

Sun Feb 21 04:26:18 +0000 2021

Replying to @phil_geiger, @nvk, @MrHodl, @LarryBitcoin, @provoost and @unchainedcap

With interoperability specs between wallet apps like @BlockchainComns is working on, collaborative custody will get easier. I’ve already seen some very interesting UX mock-ups & prototypes leveraging the Gordian architecture that demonstrate that we are moving in right direction.

Sun Feb 21 23:28:25 +0000 2021

Replying to @MrHodl, @phil_geiger, @nvk, @LarryBitcoin, @provoost and @unchainedcap

Though I do feel that a single seed on titanium and following our #SmartCustody best practices is the best today, it still is a single point of failure given institutional & government theft adversaries. But soon collaborative custody wallets will be better solution. https://twitter.com/ChristopherA/status/1271172827320705024

Sun Feb 21 23:37:20 +0000 2021

Replying to @phil_geiger, @LarryBitcoin, @nvk, @Hanakookie1, @MrHodl, @provoost and @unchainedcap

I love what Green Address proved was possible, but you are vendor locked into their security architecture. What I’m trying to to with #AirGap, #TorGap & collaborative custody interoperability specs is help ecosystem by allowing you to choose. I want the freedom to…

Sun Feb 21 23:44:15 +0000 2021

Replying to @phil_geiger, @LarryBitcoin, @nvk, @Hanakookie1, @MrHodl, @provoost and @unchainedcap

…be able to choose a complex policy where one key is locked by Unchained & another by Casa and another by Green Address. Each has slightly different approaches and I’d to be able choose.

Sun Feb 21 23:45:26 +0000 2021

Replying to @phil_geiger, @Mandrik, @MrHodl, @LowBtc, @nvk, @LarryBitcoin, @provoost, @unchainedcap and @CasaHODL

In our next #SmartCustody book we are adding a number multisig scenarios. For inheritance account I like 1yr timelocked to a titanium key held by an executor, with semi-annual checks of possession and sweeps. I want wallet apps to be able to make this easy. https://twitter.com/ChristopherA/status/1295151222085652481

Sun Feb 21 23:50:17 +0000 2021

Replying to @MrHodl, @Mandrik, @LowBtc, @phil_geiger, @nvk, @LarryBitcoin, @provoost, @unchainedcap and @CasaHODL

Problem with backup seeds is though it increases resilience, it also increases your attack surface - all the backups need to be protected strongly. Without backups you can invest strongly in securing the one backup you have (say Swiss bank vault) at cost to resilience. Multisig…

Sun Feb 21 23:55:31 +0000 2021

Replying to @MrHodl, @Mandrik, @LowBtc, @phil_geiger, @nvk, @LarryBitcoin, @provoost, @unchainedcap and @CasaHODL

Multisig can be leveraged such that you can make more choices of costs to protect attack surface vs resilience. It does come with complexity which is its own adversary. This one we can compensate for with better apps, interoperability, and industry best practices. https://twitter.com/ChristopherA/status/1280954188063596544

Sun Feb 21 23:59:50 +0000 2021

Replying to @MrHodl, @Mandrik, @LowBtc, @phil_geiger, @nvk, @LarryBitcoin, @provoost, @unchainedcap and @CasaHODL

We’ve an early draft of a research paper on multisig, including terminology, risk modeling, collaborative custody, and a number of interesting policy scenarios. If you are willing to give it a solid read and comment, DM me.

Mon Feb 22 03:03:21 +0000 2021

RT @ChristopherA: @MrHodl @Mandrik @LowBtc @phil_geiger @nvk @LarryBitcoin @provoost @unchainedcap @CasaHODL We’ve an early draft of a rese…

Mon Feb 22 16:11:04 +0000 2021

Apparently encoded into the design of the Mars Perseverance Rover was a secret #EasterEgg that when decrypted asks us to “dare mighty things”, the @NASAJPL slogan. Congratulations @NASAPersevere!

/ht @ElonkaDunin https://twitter.com/adithya_balaji/status/1364020082599460872

Tue Feb 23 20:23:46 +0000 2021

👍”This may be surprising to some: ProRAW is not a proprietary or closed format. Credit where it is due: Apple deserves kudos for bringing their improvements to the DNG standard. When you shoot with ProRAW, there’s absolutely nothing locking your photos into the Apple ecosystem.” https://twitter.com/halidecamera/status/1338907382110248960

Fri Feb 26 02:07:58 +0000 2021

RT @theBumbleSec: Just when you thought JSON was the one thing you could trust. My latest research on JSON interoperability vulnerabilities…

Fri Feb 26 16:04:55 +0000 2021

RT @sedyst: This announcement shows that European leaders do not understand what it takes and what the consequences are in putting a global…

Fri Feb 26 16:09:28 +0000 2021

RT @vshymanskyy: αcτµαlly pδrταblε εxεcµταblε
Awesome project by @JustineTunney :
“… reconfigured the stock compiler on Linux so it outpu…

Fri Feb 26 17:28:35 +0000 2021

Privacy for international travelers is getting worse: “We know of no previous instance in which the U.N. has mandated the creation of a new surveillance agency and the deployment of a  new surveillance capability by all U.N. members.” https://papersplease.org/wp/2021/02/25/precog-in-a-box/

Fri Feb 26 17:40:41 +0000 2021

RT @schneierblog: The Problem with Treating Data as a Commodity https://www.schneier.com/blog/archives/2021/02/the-problem-with-treating-data-as-a-commodity.html

Fri Feb 26 17:42:08 +0000 2021

Here are the 12 criteria for #Covid19 #ImmunityCredentials #VaccinePassports suggested by @melindacmills & the @RoyalSociety. I agree, but but only as start — to deploy this safely & securely is quite difficult. https://royalsociety.org/-/media/policy/projects/set-c/set-c-vaccine-passports.pdf https://twitter.com/melindacmills/status/1365357148687982593

Sat Feb 27 17:56:54 +0000 2021

Replying to @harryhalpin, @melindacmills and @royalsociety

I do worry about naive and poor implementations of VCs/DIDs, which is why we held a decentralized privacy salon last week. And not all DIDs use blockchain. However, the architecture that separates identifiers from identification, credentials & claims is essential.

Sat Feb 27 20:38:41 +0000 2021

Advice on #VaccineCertificates in @w3c_ccg by @aniltj of DHS “1 Expect and anticipate breakage, but don’t let the perfect be the enemy of the good 2 Everyone is not going to get everything they want right now 3 Real interoperability REQUIRES constraints!” https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0128.html

Sat Feb 27 20:50:44 +0000 2021

I agree with many of @harryhalpin’s arguments in “A Critique of Immunity Passports & W3C Decentralized Identifiers”—we need “more stringent guidelines for security & privacy review”. But bringing in anti-blockchain & #SSI in these arguments is unnecessary. https://arxiv.org/abs/2012.00136

Sat Feb 27 21:10:00 +0000 2021

Replying to @harryhalpin, @melindacmills and @royalsociety

DIDs/VCs don’t require blockchain, and many implementations don’t use them. I also agree we need “more stringent guidelines for security & privacy review” of standards and implementations. Let’s focus on that — your other critiques are getting in the way of your advocacy.

Sat Feb 27 21:11:55 +0000 2021

Replying to @harryhalpin, @melindacmills and @royalsociety

Help us fix what needs fixing. I am not a fan of how JSON-LD has evolved, but IETF’s JOSE stack sucks too. Let solve this problem and the others you point out. Unfortunately, the topic cryptographic protocol experts have not joined in this community. We need their input.

Sat Feb 27 21:13:58 +0000 2021

Replying to @harryhalpin, @melindacmills and @royalsociety

In my case, I’m working on the did:onion method, which leverages the keys and anti-correlation choices used by the Tor protocol. It doesn’t use a blockchain, we likely will be using CBOR rather than JSON-LD. But did:onion is not designed for scalability.

Sat Feb 27 21:15:45 +0000 2021

Replying to @harryhalpin

It’s not needed. I personally in my implementations either not using them, or using blockchain minimally for things like time stamps. I agree that there is some “decentralization theatre” going on — but by myself it has been hard to stop that when $M of gov grants are involved.

Sat Feb 27 21:17:53 +0000 2021

Replying to @harryhalpin

So let’s focus on why the #W3C has not been able to attract the wider privacy/security community participation, and why #IETF, #LinuxFoundation, etc. are failing to evolve them as well. These are systemic problems due to lack of support of incentives for good infrastructure.

Sat Feb 27 21:20:25 +0000 2021

Replying to @harryhalpin

I welcome you to bring up your critique of “decentralization theatre”, but I hope you don’t focus on that at first. The real problem is lack of real support for critical review of critical security infrastructure. We can do better.

Sat Feb 27 21:26:31 +0000 2021

Replying to @harryhalpin

You are correct that #W3C sold out, but in many ways so did #IETF & other orgs. JOSE stack has been seriously flawed for over a decade: we can’t even get modern crypto in it, support multisig, or other kinds of proofs. The inertia is huge, largely due to corporate dominance.

Sat Feb 27 21:32:02 +0000 2021

Replying to @harryhalpin

I still support #SSI, but agree that there are many that don’t understand it sufficiently. In particular, in my version of #SSI there is no one GUID, there are myriad. This is one reason why we (#RWOT) hosted our Decentralized Privacy Salon last week — we are quite concerned.

Sat Feb 27 21:37:53 +0000 2021