Blockchain Commons @BlockchainComns has long recognized #multisig as the future of how we handle responsible key management for cryptocurrencies and digital assets, as well as an important future for digital identity and authorization. [1/13]

Mon Mar 01 17:27:09 +0000 2021

But multisig is just a tool. Our goal is to increase security (so that your funds aren’t stolen) and safety (so that you don’t lose your keys), while simultaneously ensuring the reliability and accessibility of your funds. In short: #SmartCustody. [2/13]

Mon Mar 01 17:27:10 +0000 2021

We’re currently in the process of writing a design guide for multisig. It’s a step-by-step process for constructing different kinds of multisig transactions that specifically addresses adversaries like Network Attacks, Theft, Social Engineering, and Key Fragility. [3/13]

Mon Mar 01 17:27:11 +0000 2021

Are there other adversaries that you think aren’t being considered by traditional single-signature accounts? Or even by newer multisignature accounts? [4/13]

Mon Mar 01 17:27:12 +0000 2021

Design Patterns are the cornerstone of our approach to multisigs. These are standard techniques like “Partition of Keys”, “Separation of Interests”, “Backup of Keys”, and “Time Locking of Funds”, each of which addresses specific adversaries. [5/13]

Mon Mar 01 17:27:15 +0000 2021

We also think that adversaries can be defeated by ensuring that each key in a multisig comes with a role: a specific way in which it’s intended to be used. We’ve identified Proposer, Authorizer, Corroborator, Emergency Responder, Auditor, Backup, Watcher, and Watchtower. [6/13]

Mon Mar 01 17:27:16 +0000 2021

Are there Design Patterns you’ve found effective for creating multisigs? Are there roles that represent other ways in which keys should be used? Let us know your answers! [7/13]

Mon Mar 01 17:27:17 +0000 2021

We’re looking forward to releasing the next edition of our #SmartCustody document, but in the meantime we’d love to hear your thoughts on the design of multisigs, either here or in our Airgapped Wallet discussion community. [9/13]

Mon Mar 01 17:27:18 +0000 2021

These topics are particularly important for self-sovereign solutions, where a good design can mean the difference between autonomously protecting your funds … and losing them all. [8/13]

Mon Mar 01 17:27:18 +0000 2021

Today, as the first of March, is our budget day. The more support we have, the more we can do. The less we have, the less we can do. Support us TODAY to increase our work, become one of our GitHub patrons. [13/13]

Mon Mar 01 17:27:19 +0000 2021

However, Blockchain Commons is not endowed, nor does it have any notable supply of bitcoins. We’re running month to month solely with support from patrons. [12/13]

Mon Mar 01 17:27:19 +0000 2021

At Blockchain Commons we’re working on what we think are the important foundations for safety & reliability of blockchain technology, including creating good architectures and supporting vendor independence. [11/13]

Mon Mar 01 17:27:19 +0000 2021

We are not only about the theoretical design — we’re also working on practical considerations, such as how to establish multisig policies & how to safe gather together public keys multisigs. We believe this is an area that deserves more attention. [10/13]

Mon Mar 01 17:27:19 +0000 2021

@jeffburdges the w3f-research link in your twitter profile 404s.

Mon Mar 01 19:34:07 +0000 2021

Replying to @gladstein, @HRF, @jesseposner, @MuunWallet, @J9Roem and @BlockchainComns

We’re very appreciative of @HRF’s support for @BlockchainComns! We know that activists are already using technologies like SecureDrop, and hope that our interns can support them with new apps, new software bundles, new documentation, and new engagement models.

Tue Mar 02 22:38:13 +0000 2021

Today @HRF, the Human Rights Foundation, announced a grant for the @BlockchainComns summer class of interns, whose time will include work to support activists. [1/10]

Tue Mar 02 22:39:16 +0000 2021

Want to be one of our summer interns? We’d love to get an application from you. [2/10]

Tue Mar 02 22:39:43 +0000 2021

Our program isn’t just about work, but also mentoring you and helping you to make decisions about your career. Coindesk wrote about some intern takeaways from 2020. [3/10]

Tue Mar 02 22:40:07 +0000 2021

What does activism have to do with Blockchain Commons? We’ve been building blockchain architectures focused on anonymity, privacy, and non-correlation. But this isn’t just about keeping your bitcoins safe: we’re working to protect people, not just money. [4/10]

Tue Mar 02 22:40:59 +0000 2021

Red Cross workers are having their computers seized or searched while crossing borers; whistleblowers are being sought out for deanonymization, identification, and punishment; and journalists are facing new hostility. They all need ways to keep their work private. [5/10]

Tue Mar 02 22:41:22 +0000 2021

Our Gordian architecture offers a first step. Its Torgap design means that unfriendly governments don’t know that you’re transacting Bitcoins. It can grant the freedom to associate, to work, and to send and receive money. [6/10]

Tue Mar 02 22:41:46 +0000 2021

Of course, our architecture is only helpful if it’s accessible to the people who need it. That’s where we hope to get support from our Summer 2021 interns. Gordian expansions, activist documentation, and Tails OS bundles are some of the possibilities. [7/10]

Tue Mar 02 22:42:03 +0000 2021

But to really support activists requires knowing what they need. So, we’re also considering using research and interviews to create user engagement models for activists. This would be similar to the Amira model I worked on for RWOT. [8/10]

Tue Mar 02 22:42:22 +0000 2021

We had great results from our 2020 interns, including the creation of Spotbit, extending the anonymity and non-correlation of Bitcoin to pricing services, filling a notable gap. We look forward to this year’s output, and thank @HRF for their support in making it possible. [9/10]

Tue Mar 02 22:42:48 +0000 2021

Of course, we’d also love to improve the program! You can help by joining HRF in their support, either as a GitHub sponsor ( or with a one-time BTC payment ( Thank you! [10/10]

Tue Mar 02 22:43:08 +0000 2021

RT @BitcoinMagazine: Today, the @HRF has announced four new grants as part of its Bitcoin Development Fund, a program launched last year to…

Wed Mar 03 01:15:53 +0000 2021

RT @Leishman: Great article by @gladstein:

Wed Mar 03 02:04:34 +0000 2021

Some of our most crucial work to date has focused on multisig, which we see as the future of resilient cryptowallet design. A teaser example: how do you initially create an account map (aka a descriptor) with airgap, to describe a multisig account? [3/11]

Thu Mar 04 19:15:12 +0000 2021

To manage this requires worth with many wallet developers to agree on common specifications for interoperability. That’s what we’re doing in the Airgapped Wallet Community. [2/11]

Thu Mar 04 19:15:12 +0000 2021

Blockchain Commons’ Gordian architecture is built on Bitcoin wallet interoperability. We want developers to create their own tools that work together, and for the field to be improved by this cooperative competition. [1/11]

Thu Mar 04 19:15:12 +0000 2021

That’s where our crypto-request and crypto-response specs come into play. They’re built to standardize the creation of multisigs using airgapped communications and our UR specification. [4/11]

Thu Mar 04 19:15:13 +0000 2021

The multisig account initiator first sends out a crypto-request that asks an offline wallet for an xpub for a specific derivation, such as [48’/1’/0’/2’] (multisig, bitcoin, account 0, segwit), but does not request it to be from a specific master key. Here is that QR. [5/11]

Thu Mar 04 19:15:14 +0000 2021

The user of the offline wallet recognizes this QR as a request for a key, chooses a seed (or master key) to derive it from, and approves returning the resulting hdkey [6/11]:

Thu Mar 04 19:15:15 +0000 2021

A lot of the magic occurs thanks to our Uniform Resources (UR) specification. It’s works great with QR, URLs, deep links, and is self-describing thus supports the inclusion of metadata (such as labels, notes, dates), making it easy for different tools to work together. [9/11]

Thu Mar 04 19:15:17 +0000 2021

Voila! The account map is now partially filled in, using a standardized methodology that means everyone can interoperate. Later we can also use other UR based QRs to share this Account Map, request a PSBT to be signed (which even animated if very large), and more. [8/11]

Thu Mar 04 19:15:17 +0000 2021

The offline wallet then returns a crypto-response. The network wallet decodes this as [604b93f2/48’/1’/0’/2’]tpubDEibSujoTc8Bnikd7a8wxCPzayy5JAXNC9GJLYzdDC3MMfzP5L5RgoZ194XvBeEN5KC88VZYbjhnpALxvwLYo9JwEf3qFyx79wF6bKnukNM and then inserts it into the multisig descriptor. [7/11]

Thu Mar 04 19:15:17 +0000 2021

If you like to see more of this kind of work supporting Bitcoin wallet interoperability, and our focus on open infrastructure for independence, resilience, and openness for digital assets & privacy, please sponsor @BlockchainComns on GitHub. [11/11]

Thu Mar 04 19:15:18 +0000 2021

If you’re a developer, we’d love to have your input on this work, so that we can push on additional features that will support everyone. Please join us in the Airgapped Wallet Community hosted by Blockchain Commons. [10/11]

Thu Mar 04 19:15:18 +0000 2021

RT @snowjake: There is only one right answer to the question of what people should have to do to get the maximum legal privacy protection:…

Sun Mar 07 23:40:48 +0000 2021

I am still frustrated by the policy of ISO charging extortionate amounts of money (at least for individuals & small businesses) for over 30 years. They also significantly hurt quality of early internet security (x.509, etc) which harmed both TLS & even recently Bitcoin. Avoid!

Sun Mar 07 23:45:45 +0000 2021

Definition of digital identity in WYO Bill SF0039 passes the Mining Committee: “‘Personal digital identity’ means the intangible digital representation of, by and for a natural person, over which he has principal authority and through which he intentionally communicates or acts;”

Mon Mar 08 20:20:44 +0000 2021

RT @kiarabickers: An internship was how I found my first job in the Bitcoin space. Anyone looking to break into Bitcoin should check it out…

Mon Mar 08 21:52:11 +0000 2021

Replying to @fer_ananda

As I understand it (IANAL), “principal authority” comes from the “law of agency”, as the person where all delegation begins. There is no higher level. I had hoped for self-sovereign, but this was the closest the law experts could find that mapped to it.

Tue Mar 09 03:51:28 +0000 2021

I’ve been an advisor on the new #Wyoming bill SF0038 that enables DAO based LLCs (sometimes called a LAO). A major milestone today with it being approved and passed onward by the powerful WY Senate Corporations committee. Some great work from the team led by professor @awrigh01.

Tue Mar 09 20:43:22 +0000 2021

Note this particular bill supports not only algorithmic managed DAOs (using smart contracts in blockchains like Ethereum) they also can be formed to be democratically managed using shareholder’s voting, using keys such as those used a Bitcoin multisig. Not Ethereum specific!

Tue Mar 09 20:48:04 +0000 2021

RT @ChristopherA: Note this particular bill supports not only algorithmic managed DAOs (using smart contracts in blockchains like Ethereum)…

Tue Mar 09 20:48:10 +0000 2021

Replying to @NZN

We came close to using the phrase self-sovereign. Wyoming State Senator & Minority Leader Chris @Rothfuss tried, but there was strong pushback by the broader law community.

Tue Mar 09 20:53:04 +0000 2021

Replying to @NZN and @rothfuss

The key legal principle that we found was that was acceptable is under the law of agency (used for things like delegation of rights) the “principle authority” is the highest authority. Other terms we tried collided with existing law, in particular property law. Agency was higher.

Tue Mar 09 20:56:13 +0000 2021

With this @HRF grant we have more flexibility to offer not just internships for aspiring bitcoin software engineers, but also support those with other skills needed by the blockchain ecosystem like UX, library science, documentation, law, etc. Apply at

Wed Mar 10 16:12:04 +0000 2021

RT @ErikNordman: I’m very excited to share that my book, THE UNCOMMON KNOWLEDGE OF ELINOR OSTROM, is now available for pre-order through @I…

Thu Mar 11 06:21:28 +0000 2021

RT @martinwoodward: Reminder: When you send a message in an issue or PR to an open source project, you are usually talking to someone who i…

Thu Mar 11 06:35:38 +0000 2021

RT @NZN: Backwards Thinking #Precedent

Creates Backasswards Reality. #Sovereignty

$You are a data-slave. $ID is primary key. #HumanRIght…

Fri Mar 12 07:47:53 +0000 2021

Replying to @MattrGlobal and @itsPreetPatel

Take a look at our QRs that optimally leverage QR compression, and support multiple QRs & animated QRs for larger content. There are now libraries in multiple languages:

Sat Mar 13 22:54:16 +0000 2021

It’s been fascinating to me to see the Arkham Horror cooperative board game evolve from the original @Chaosium_Inc version in ‘87, to the version I produced in 2005 for @FFGames, and now the newer editions in the last few years. Here is analysis of Elder Horror published in 2013.

Tue Mar 16 22:03:16 +0000 2021

”Perhaps, government officials should pause to consider the flip side of crypto—its value in protecting people from illicit activity.” — @HesterPeirce speaking on Paper, Plastic, Peer-to-Peer at British Blockchain Association Conference yesterday. 👍👏

Wed Mar 17 06:32:12 +0000 2021

I testified in Wyoming earlier this year in regards to a bill to increase penalties on telcos that did not stop SIM-swapping attacks. I did say that telcos deserved some of the blame, but the majority of the blame belonged to CTOs for still allowing SMS-based 2FA.

Wed Mar 17 06:45:34 +0000 2021

RT @TheAbridgedZach: Reminder that the Hayek Hangout this Thursday will feature computer scientist @marksammiller and economist at @agoric…

Wed Mar 17 08:16:25 +0000 2021

RT @Suitpossum: I’ve been investigating the ‘war on cash’ for a few years now & this piece by Hakon von Holst is an illuminating addition t…

Wed Mar 17 21:13:50 +0000 2021

Replying to @nimakam, @heathervescent, @LeahHoustonMD, @mwherman2000, @IdentityWoman, @HearroInc and @drummondreed

Take a look at the Amira 1.0.0 use case & engagement model from #RWOT5 for an example of how a decentralized anonymous reputation system could be used to protect an immigrant coder and her human-rights advocacy.

Fri Mar 19 06:30:28 +0000 2021

Interesting overview of the design patterns of different functions used in game design, and their perceived effect on play. One of my old favorites for level advancement, the triangle function, is included.

Sat Mar 20 16:57:44 +0000 2021

As a principal authority I can delegate to others, and revoke those delegations. Not quite as strong as the “self-sovereignty” definition that I was hoping for, but existing body of law supporting self-sovereignty is not well defined. 4/7

Tue Mar 23 22:27:41 +0000 2021

In the end, we chose a relatively obscure legal term “principal authority”. As I understand it (IANAL), “principal authority” comes from the area of “law of agency” (, and is the person where all delegation begins. There is no higher level. 3/7

Tue Mar 23 22:27:41 +0000 2021

There is a lot of subtlety here: “’Personal digital identity’ means the intangible digital representation of, by and for a natural person, over which he has principal authority and through which he intentionally communicates or acts;” 2/7

Tue Mar 23 22:27:41 +0000 2021

I’m quite pleased today to report that the State of Wyoming Senate & House both voted today for the Digital Identity Act, which creates for the first time a legal definition for both personal & corporate digital identity. 1/7

Tue Mar 23 22:27:41 +0000 2021

Sponsored by Wyoming State Senator & Minority Leader Chris @Rothfuss, the team included @dazzagreenwood @ScottLDavid @OwnYourDataNow Clare Sullivan, Carla Reyes and myself. Many thanks for your hard work! 7/7 ៚

Tue Mar 23 22:27:42 +0000 2021

Thus “principal authority” is sufficient to come close to my original intent in choosing the term self-sovereignty 5+ years ago. Once signed by the Governor, text steps are to puzzle out how to codify the 10 SSI principles under law! 6/7

Tue Mar 23 22:27:42 +0000 2021

Though “law of agency” is largely used in commercial law, it also applies to more than just property, but to things like healthcare directives & other forms of delegation. But it also hasn’t been used so strongly there is a body of law that confuses it with other uses. 5/7

Tue Mar 23 22:27:42 +0000 2021

RT @ACTobin: The EU has announced their Green Certificate vaccine pass program. We spent hours trawling through their documents and have wr…

Wed Mar 24 21:46:01 +0000 2021

RT @constellationr: Is Digital Proof of Vaccination Really an Identity Problem? - great post by @Steve_Lockstep #Id…

Wed Mar 24 21:49:19 +0000 2021

Replying to @katrynadow, @Leon_Vandenberg, @meeco_me, @SunifiedEnergy and @katrynadow

Wyoming chose a number of years ago to use “he” for all under law texts. As the first state to give women the vote (and refused to join the union if not allowed to) and first woman governor, they deserve some slack :-)

Thu Mar 25 04:59:02 +0000 2021

Replying to @Leon_Vandenberg, @katrynadow, @meeco_me, @SunifiedEnergy and @CaitlinLong_

It was explained to me this is the convention for all Wyoming laws.

Thu Mar 25 05:00:37 +0000 2021

RT @AvantiBT: NEWS: @AvantiBT announces completion of our Series A capital raise, bringing the total raised to date to $44m as we prepare f…

Thu Mar 25 18:34:33 +0000 2021

RT @ChristopherA: Microsoft has been a sponsor of our decentralized self-sovereign identity efforts #RebootingWebOfTrust for several years.…

Fri Mar 26 20:53:15 +0000 2021

Unfortunately far too true in open infrastructure & security projects. We need another way.“It’s hard to find code reviews, and there generally isn’t a fixed process ensuring that vitally important code gets reviewed prior to inclusion.”

Sat Mar 27 03:39:15 +0000 2021

Replying to @jeremiahg

You are missing at least 2 important steps. The likelihood that a particular event will happen & how the adversary is motivated, including non-financial motivation. See the Risk Modeling & Adversarial Analysis chapters of my free #SmartCustody book.

Sat Mar 27 05:23:40 +0000 2021

Replying to @jeremiahg

Sat Mar 27 05:48:59 +0000 2021

How do you transmit data across an airgap? That’s been another crucial element in Blockchain Commons’ research, resulting in our deployment of the Universal Resource specification. [4/8]

Wed Mar 31 18:29:39 +0000 2021

.@gorazdko’s video example goes even further, demonstrating the highest level of Gordian security: airgapping. Because we can never be sure whether one device will try to corrupt another, we sometimes use an airgap to create an invulnerable bulwark of protection. [3/8]

Wed Mar 31 18:29:39 +0000 2021

These are discrete Gordian projects that can be connected together, an idea that is a linchpin of the architecture: the Gordian system partitions services to preserve privacy and increase security. [2/8]

Wed Mar 31 18:29:39 +0000 2021

The Blockchain Commons Gordian architecture is continuing to expand. Today, @gorazdko posted a video showing how to integrate LetheKit and Gordian Cosigner. [1/8]

Wed Mar 31 18:29:39 +0000 2021

URs provide a standard method for encoding binary data in typed plain text that can be efficiently transmitted in QR codes. You display a QR on one device and read it on another, without physically connecting them, allowing you to safely transmit keys, PSBTs, and more. [5/8]

Wed Mar 31 18:29:40 +0000 2021

You can also support the continued development of interoperability specifications for Bitcoin & other blockchain wallets by becoming a Sponsor of Blockchain Commons at GitHub. [8/8]

Wed Mar 31 18:29:42 +0000 2021

Blockchain Commons has been designing these new interoperability specifications for Bitcoin wallets with our Airgapped Wallet community. Join us to talk about QRs, URs, multisigs, and airgaps! [7/8]

Wed Mar 31 18:29:42 +0000 2021

The most popular application of URs thus far has been to use their serialization functions to create animated QRs of PSBTs, which were typically too large to transmit as a single QR code. [6/8]

Wed Mar 31 18:29:42 +0000 2021

Replying to @Be1garat

More coming next week on our Shamir-based SSKR spec, reference code & working implementations.

Wed Mar 31 18:37:41 +0000 2021

Replying to @Be1garat

We also shared last week a scenario leveraging SSKR along with the advantage of multisig as part of bitcoin wallet resilience strategy being implemented by a 3rd party to our Gordian standards.

Wed Mar 31 18:38:27 +0000 2021

Replying to @MartyBent

You should definitely take a look at my video last year, on the anniversary of those who died attempting to bomb the civil archives captured by the Nazis in Holland (used to kill more Jew by %) and to #foremembrance those defending the vulnerable today.

Wed Mar 31 19:16:44 +0000 2021

👍 “we need to be very thoughtful about what tools are appropriate to combat sexual assault and what impacts they might have on user privacy and on how we develop relationships. Using data as a weapon against sexual violence can introduce more problems than it solves.”

Thu Apr 01 02:54:47 +0000 2021

RT @adamcjonas: Announcing

Thu Apr 01 03:59:41 +0000 2021

My advice continues to be that being careful about the physical possession of cryptographic hardware is required for all single key bitcoin security scenarios. No current bitcoin hardware is yet sufficient against physical theft by a very smart attacker. Leave in a safe or vault!

Thu Apr 01 04:06:07 +0000 2021