It was a busy summer for @BlockchainComns, but I think its work at @ietf on international specifications that support data interoperability while supporting privacy might have been the most important. [1/8]

Wed Oct 04 19:39:42 +0000 2023

As the quarterly report discusses, meetings at IETF 117 led to some great cleanups of both the Gordian Envelope and dCBOR specifications, as well as the granting of CBOR tag #200 for Gordian Envelope. [2/8]

Wed Oct 04 19:39:43 +0000 2023

Gordian Envelope also introduced new methodologies for encoding keys and seeds, and, perhaps most importantly, vendor-specified attachments, allowing for interoperability and longevity for vendor content [3/8].

Wed Oct 04 19:39:43 +0000 2023

For more explanations and details, take a look at the new @BlockchainComns developer website which contains extensive information on all the Blockchain Commons specifications (and architectural concepts) to date. [6/8]

Wed Oct 04 19:39:44 +0000 2023

To argue the reasoning behind our specs, @BlockchainComns has been publishing my Musings of a Trust Architect. The most important from Q3 may be a look at the Origins of Self-Sovereign Identity, which highlights its fundamental goals and intents [5/8].

Wed Oct 04 19:39:44 +0000 2023

To support the implementation of these (and other) specifications, @BlockchainComns also releases reference libraries and reference apps. One of the big expansions reported this quarter was the conversion of our libraries to Rust! [4/8]

Wed Oct 04 19:39:44 +0000 2023

Support interoperability, resilience, privacy, and independence for digital assets by becoming a @BlockchainComns patron. [8/8]

Wed Oct 04 19:39:45 +0000 2023

Read the Q3 quarterly report from @BlockchainComns for the details on all of this and more. [7/8]

Wed Oct 04 19:39:45 +0000 2023

Replying to @dstadulis

Shorter video of on this topic at

I’m also posted more info and also some historical data about what happened in France at:

Hopefully a new video soon on whole topic.

Sun Oct 08 01:08:11 +0000 2023

RT @torproject: Tor Browser 13.0 is here, and it’s packed with some fantastic updates. [🧵 1/5]
#TorBrowser #PrivacyMatters #NewRelease

Sat Oct 14 01:40:23 +0000 2023

Replying to @Shahla_Atapoor and @Karim_Baghery

Any reference code?

Mon Oct 16 16:13:01 +0000 2023

RT @Shahla_Atapoor: Happy to announce that our paper on
-PQ Secure Verifiable Secret Sharing
-Distributed Key Generation,
-Threshold Signat…

Mon Oct 16 16:13:15 +0000 2023

RT @howardnoakley: Sonoma’s changes to iCloud may stop Time Machine backups completing via @howardnoakley

Mon Oct 16 16:32:23 +0000 2023

I’ve experienced this bug after Sonoma upgrade. If you use both iCloud & Time Machine, check to see if you last backup worked.

Mon Oct 16 16:34:01 +0000 2023

RT @ZcashFoundation: In Summer 2023, the @ZcashFoundation engaged @NCCGroupInfosec to conduct a security assessment of the Foundation’s FRO…

Tue Oct 24 20:44:04 +0000 2023

This is a BIG deal—the first code review for FROST under secp256k1 & ristretto. I believe the future of cryptographic security will be profoundly impacted by the opportunities offered by Schnorr signatures, FROST quorum signing, Musig2 signing, VSS and related cryptography.

Tue Oct 24 20:47:29 +0000 2023

The exciting news, if you missed it, is that the @ZcashFoundation has had its implementation of FROST using Schnorr, a threshold signature system, reviewed by security professionals. Why is this so important? 🧵… [1/9] RT:

Wed Oct 25 02:50:49 +0000 2023

And besides being beautifully elegant, Schnorr has a lot of advantages. One of the biggest is signature aggregation. Multiple people can sign, and the signature stays the same size, creating privacy for signers–did only one person sign it, or many? [4/9]

Wed Oct 25 02:50:50 +0000 2023

So how does Schnorr work? Why is it great? I’ve put together an overview with a layperson’s explanation of this important digital signature technology. [3/9]

Wed Oct 25 02:50:50 +0000 2023

This is a major milestone in cryptographic privacy because it means that now we are one step further in deploying multisignature Schnorr in production software using open source software. [2/9]

Wed Oct 25 02:50:50 +0000 2023

There’s lots more. Besides signature aggregation and threshold signatures, Schnorr can also support blind signatures and adapter signatures. My intro article overviews them all. [7/9]

Wed Oct 25 02:50:51 +0000 2023

With Schnorr threshold signatures, you can verify, for example, that 3 out of 5 people signed something, but not which 3 they were. So you can see the privacy advantages. [6/9]

Wed Oct 25 02:50:51 +0000 2023

Schnorr is difficult to implement safely in multisig protocols. Two major approaches are being explored: MuSig2 & FROST. MuSig2 also offers signature aggegation, but FROST goes further and supports threshold sigs as well. It is FROST code that @ZcashFoundation had reviewed. [5/9]

Wed Oct 25 02:50:51 +0000 2023

You can support Blockchain Commons’ work with Schnorr, initially the incorporation of FROST-compatible VSS into our wallet libraries, by becoming a member of Blockchain Commons! [9/9]

Wed Oct 25 02:50:52 +0000 2023

I’m looking forward to the near-future of multisig technology, as we see FROST, Schnorr, and other related technologies such as VSS (Verifiable Secret Sharing) and DKG (Distributed Key Generation) deployed for production. [8/9]

Wed Oct 25 02:50:52 +0000 2023

I’ve written a “A Layperson’s Intro to Schnorr” in my “Musings of a Trust Architect” blog. It also talks about the importance of FROST.

Wed Oct 25 02:53:16 +0000 2023


Yes, DKG is an important part of FROST, but what I like about FROST is the power of quorums. With threshold signatures, there are many opportunities not only for increased privacy but also for reliability. I also predict interesting future collaboration protocols will use FROST.

Wed Oct 25 02:55:54 +0000 2023

Replying to @cronokirby

I never liked ECDSA, even though I was briefly CTO of Certicom which held many EC patents. I preferred Schnorr. However, the patent holder was totally unwilling to reasonably license it. Thus, the dominance of the hack that is ECDSA today. See also:

Wed Oct 25 03:04:30 +0000 2023

RT @rusty_twit: I now think OP_CAT is something I can get behind.

Wed Oct 25 03:14:05 +0000 2023

I wrote about a number of other issues back in May, and unfortuantely they haven’t been addressed. They include use of homogeneous authorization, use of “legal citizen identities” for authentication, and lack of choice for users. [2/7]

Thu Oct 26 16:54:50 +0000 2023

A great tweet from @sethforprivacy on the dangers of Ledger Recover. In short: he has realistic worries that a corrupt government could steal all your funds [1/7]

Thu Oct 26 16:54:50 +0000 2023

It builds on our Gordian Principles: Independence, Privacy, Resilience, and Openness. [4/7]

Thu Oct 26 16:54:51 +0000 2023

The Collaborative Seed Recovery (CSR) system from @BlockchainComns helps wallet devs to support user choice as their core proposition. Users assess their own risk profiles and store shares in ways that make sense for them, not the vendor. [3/7]

Thu Oct 26 16:54:51 +0000 2023

Support our ideals of Independence, Privacy, Resilience, and Openness, and our work toward wallet interoperability by also becoming a monthly Gordian patron. [7/7]

Thu Oct 26 16:54:52 +0000 2023

Join us in developing resilient storage of digital assets in a way that’s not dependent on a single company, platform, or worse, a government. Sign up for our Gordian Developer mailing list or Signal. Our next meeting is November 1st! [6/7]

Thu Oct 26 16:54:52 +0000 2023

We hope to expand CSR in the next year to include VSS, building on the recent security assessment for the @ZcashFoundation implementation of FROST. This will allow for some additional capabilities such as collaborative signing [5/7]

Thu Oct 26 16:54:52 +0000 2023

This is what my articles on Open Silicon & Self-Sovereign Computing are all about. Without it, you own nothing that has chips in it, you only rent it.

Fri Oct 27 01:18:36 +0000 2023

Replying to @grittygrease and @grittygrease

You might interested that this week the actual code from Ken Thompson’s “Reflections on Trusting Trust” was shared at by @_rsc (no long on X). I also wrote a little about “Reflections…” in my Open Silicon post

Fri Oct 27 01:38:10 +0000 2023

I wrote a little about “Reflections…” in a recent post in my “Musings of a Trust Architect: Open Silicon”:

Fri Oct 27 01:44:29 +0000 2023

In October ‘83, 40 years ago this week, Ken Thompson wrote “Reflections on Trusting Trust” essential reading on security. Yesterday @_rsc shared at some of the actual code! “After watching the video…I emailed Ken and asked him for code…(he) mailed back”!

Fri Oct 27 01:44:29 +0000 2023

A related post is the concept of “Self-Sovereign Computing”. Without it, you really can’t own anything that requires a chip – you are merely renting it.

Fri Oct 27 01:46:48 +0000 2023

RT @balajis: This is true.

But you should also get to a jurisdiction that doesn’t have a sovereign debt crisis. And where property rights…

Sat Oct 28 00:14:37 +0000 2023

An important story about the the need for ‘freedom to transact’, the ways that you can loose it, and the threats when it is lost.

Sat Oct 28 18:31:46 +0000 2023