Search content
Sort by
Showing 20 of 26 results by 1440000bytes
Re: Security disclosure: OP_RETURN embedding of Malware signatures into Blockchain
I was unable to send security the test script in the email because :
Code:
Sorry, we were unable to deliver your message to the following address.
<security@bitcoincore.org>:
550: 5.7.1 Reject for policy reason RULE1_1: Virus/Malware detected
<security@bitcoincore.org>:
550: 5.7.1 Reject for policy reason RULE1_1: Virus/Malware detected
Can you scan it on https://www.virustotal.com/gui/home/upload and share the results link?
Re: What is your take on Bitcoin Knotz? Bitcoin node and wallet by Luke Dashjr
The coming changes to Bitcoin Core would force node runners to host all kinds of garbage including images of child pornography
and other useless or even illegal material. That is no exaggeration. Since it is against the law to host CP on your computer every node runner
would become potential targets of the criminal justice system, through no fault of their own. Which is why I switched to Knots long ago.
This would provide governments with a legal justification to shut down bitcoin completely or at least outlaw it in their respective country.
and other useless or even illegal material. That is no exaggeration. Since it is against the law to host CP on your computer every node runner
would become potential targets of the criminal justice system, through no fault of their own. Which is why I switched to Knots long ago.
This would provide governments with a legal justification to shut down bitcoin completely or at least outlaw it in their respective country.
This is not true. Neither developers nor other users would be responsible for CP on bitcoin. It is the same with freenet and other p2p networks.
Re: What is your take on Bitcoin Knotz? Bitcoin node and wallet by Luke Dashjr
⭐ Merited by vjudeu (1)
But in general, Bitcoin Knots is very similar to Bitcoin Core. There are some minor changes here and there, but it is not something rewritten from scratch, and implemented in a completely different way, than Bitcoin Core. Which means, that many fixes, and code changes, are used by both clients, and they share most of the source code.
I think we will see more such implementations based on the consensus code used in core, through the libbitcoinkernel library.
Re: What is your take on Bitcoin Knotz? Bitcoin node and wallet by Luke Dashjr
Bitcoin Knots is a codebase fork of Bitcoin Core (since December 2011) that recently gained adoption (17% of nodes) because of its mempool policies. A development [fund](https://xcancel.com/Dennis_Porter_/status/1961495059662344264) for its contributors was also created recently.
Re: Free Lunch: Testing free relay with new minimum relay fee rate
⭐ Merited by vjudeu (1)
The goal of free relay is to keep the transaction in mempool and never get included in a block. It can be used by an attacker to waste bandwidth, memory etc. for nodes in the p2p network.
Nodes limit their mempools to 300MB by default, so there's not really a large surface to attack.
https://en.wikipedia.org/wiki/Bandwidth_(computing)
Re: Free Lunch: Testing free relay with new minimum relay fee rate
⭐ Merited by stwenhao (1)
Quote
For that reason, things can be signed with SIGHASH_ALL | SIGHASH_ANYONECANPAY. Then, all outputs will be protected, but more inputs could be added by anyone, to bump fees, when needed.
The goal of free relay is to keep the transaction in mempool and never get included in a block. It can be used by an attacker to waste bandwidth, memory etc. for nodes in the p2p network. SIGHASH_ALL | SIGHASH_ANYONECANPAY isn't used by a lot of transactions. Although it has some use cases and joinstr(coinjoin cimplementation) uses this sighash flag.
Free Lunch: Testing free relay with new minimum relay fee rate
Most mining pools have started including sub 1 sat/vB transaction in blocks and some nodes have reduced minrelaytxfee to 0.1 sat/vB. The default minrelaytxfee in bitcoin core was also changed to 0.1 sat/vB in PR 33106. However, transactions with 0.1 sat/vB have been unconfirmed since couple of weeks. Some of them recently got re-broadcasted. Example: db2eb7f83b4b9ff8dfa74a69bf8b3e05ce1ad77d007906716f1ee14605cc6300
I am curious if these 10-15 sat fee transactions with some ancestors in the mempool will ever get mined. So, I have created 'free lunch' to test relay on bitcoin p2p network. You can join me with some sats and relay low fee transactions. It won't require more than 1000 sats. Read the docs for more information and feel free to suggest any improvements.
Docs: https://freelunch.lol/docs/
Leaderboard: https://freelunch.lol/leaderboard/
I am curious if these 10-15 sat fee transactions with some ancestors in the mempool will ever get mined. So, I have created 'free lunch' to test relay on bitcoin p2p network. You can join me with some sats and relay low fee transactions. It won't require more than 1000 sats. Read the docs for more information and feel free to suggest any improvements.
Docs: https://freelunch.lol/docs/
Leaderboard: https://freelunch.lol/leaderboard/
Re: Emulating OP_CHECKSIGFROMSTACK with a chain of OP_CHECKSIG operations
Not sure if this emulates CHECKSIGFROMSTACK in the way you are trying to achieve. I found this thread interesting and wanted to share this idea:
1. CHECKSIGFROMSTACK requires 3 parameters: signature, message and public key. What if we could combine message and public key? So, public key contains the message.
2. Lets assume the message is "TEST". We encode each character in the message to hex: 54 45 53 54.
3. Generate keypairs for each hex being the first in public key after prefix.
import os
from ecdsa import SigningKey, SECP256k1
from colorama import Fore, Style, init
init(autoreset=True)
def generate_privkey():
while True:
key_bytes = os.urandom(32)
if 1 <= int.from_bytes(key_bytes, "big") < SECP256k1.order:
return SigningKey.from_string(key_bytes, curve=SECP256k1)
def find_vanity_pubkey(pattern: str):
pattern = pattern.lower()
attempts = 0
while True:
priv_key = generate_privkey()
pub_key = priv_key.get_verifying_key()
pub_hex = pub_key.to_string("compressed").hex()
if pub_hex[2:4] == pattern:
return priv_key.to_string().hex(), pub_hex
attempts += 1
def main():
while True:
pattern = input("\nEnter a 2-character hex pattern: ").strip().lower()
if len(pattern) == 2:
try:
int(pattern, 16)
break
except ValueError:
print(Fore.RED + "Error: Invalid hex")
else:
print(Fore.RED + "Error: Enter 2 hex characters")
priv, pub = find_vanity_pubkey(pattern)
print(f"\nPrivate key: {priv}")
print(f"Public key : {pub[:2]}{Fore.LIGHTCYAN_EX}[{pub[2:4]}]{Style.RESET_ALL}{pub[4:]}\n")
if __name__ == "__main__":
main()
4. Create a 4-of-4 multisig address using these 4 public keys and send some sats to the address. This UTXO can only be spent when all the 4 keys sign the transaction and all the public keys combined will give us the message: TEST.
Note: This is just an experiment and don't try it on mainnet.
1. CHECKSIGFROMSTACK requires 3 parameters: signature, message and public key. What if we could combine message and public key? So, public key contains the message.
2. Lets assume the message is "TEST". We encode each character in the message to hex: 54 45 53 54.
3. Generate keypairs for each hex being the first in public key after prefix.
Code:
import os
from ecdsa import SigningKey, SECP256k1
from colorama import Fore, Style, init
init(autoreset=True)
def generate_privkey():
while True:
key_bytes = os.urandom(32)
if 1 <= int.from_bytes(key_bytes, "big") < SECP256k1.order:
return SigningKey.from_string(key_bytes, curve=SECP256k1)
def find_vanity_pubkey(pattern: str):
pattern = pattern.lower()
attempts = 0
while True:
priv_key = generate_privkey()
pub_key = priv_key.get_verifying_key()
pub_hex = pub_key.to_string("compressed").hex()
if pub_hex[2:4] == pattern:
return priv_key.to_string().hex(), pub_hex
attempts += 1
def main():
while True:
pattern = input("\nEnter a 2-character hex pattern: ").strip().lower()
if len(pattern) == 2:
try:
int(pattern, 16)
break
except ValueError:
print(Fore.RED + "Error: Invalid hex")
else:
print(Fore.RED + "Error: Enter 2 hex characters")
priv, pub = find_vanity_pubkey(pattern)
print(f"\nPrivate key: {priv}")
print(f"Public key : {pub[:2]}{Fore.LIGHTCYAN_EX}[{pub[2:4]}]{Style.RESET_ALL}{pub[4:]}\n")
if __name__ == "__main__":
main()
Enter a 2-character hex pattern: 54
Private key: 8160b69a538fb88b4d3f0c70e4441000d8ff572413c5442ba1e875333a41cb9a
Public key : 03[54]18283ba776b1f386d5ba80f778aa18b6246520d42e656d6663ff970edd89df
Enter a 2-character hex pattern: 45
Private key: 3dcc44110f5c41c70edf6ea4cb4b43ac50f5bbaf98a009cfec662d3bcb96a702
Public key : 03[45]f71ac5af4e00e0455ebcc656720a2ec8c205ab8554bc75944bf939c0a6bb5e
Enter a 2-character hex pattern: 53
Private key: 4b5d731db2ecbb6884f262873bd4168e754302d11a167339ed7b1c3a5b18009e
Public key : 03[53]fd655009b51646098106cf4d70081c9ed8255e74abcde0f6aea4c62c99f9d4
Enter a 2-character hex pattern: 54
Private key: e62f12f7778b85ee250cdaec62d3137eb19472f1c799262466600084f6f85622
Public key : 02[54]c33f24382926fc346fb524594217164b95d5f7ad9c6aafb8388e4ed4963b20
4. Create a 4-of-4 multisig address using these 4 public keys and send some sats to the address. This UTXO can only be spent when all the 4 keys sign the transaction and all the public keys combined will give us the message: TEST.
Note: This is just an experiment and don't try it on mainnet.
⭐ Merited by vapourminer (2)
Currently, in a 3-of-5 wallet, all 5 keys are treated as equals. While this may be fine for a majority of uses, it might not be best for all.
Lets assume there are 5 users (alice, bob, carol, david and eva). You can create a 3-of-5 multisig using miniscript in which alice and bob should be a part of 3 users that sign the spending transaction. The third signer could be anyone among the remaining.
It was possible to test miniscript and visually see different policies using bdk playground but it doesn't exit anymore.
⭐ Merited by vapourminer (2)
There is no Wiki about that and no post explaining:
That's not true, see https://en.bitcoinwiki.org/wiki/Running_Bitcoind
%b gets replaced by the block hash if transaction is confirmed or 'unconfirmed' as long as the transaction is still in the mempool waiting to be confirmed.
%h gets replaced by the block height or -1 if not yet confirmed.
Correct link: https://bitcoinwiki.org/wiki/running-bitcoin
Re: New ashigaru whirlpool coordinator can de-anonymize users
How much do you make from coordinator fee?
Re: New ashigaru whirlpool coordinator can de-anonymize users
Lucas has shared another method that can be used by the coordinator to link inputs and outputs:: https://njump.me/nevent1qqsqqqpslx5y7asqkckk92d2vfcat535t5r5k4pt7xy0ynmcepd4lcgpz4mhxue69uhkummnw3ezummcw3ezuer9wchsygy7xr55qguvm847h33js9md6ngsnqfp99zz72nv8pe8l3n05l4fpgpsgqqqqqqsqg4s4v
The coordinator can use different mixid for each input. At this point it wouldn't be wrong to say that zerolink protocol (as implemented in whirlpool) has multiple vulnerabilities that could be exploited by the coordinator. I do not expect Ashigaru team or the delusional cult to ever acknowledge and fix these vulnerabilities.
Code:
String mixId = confirmInputMixStatusNotification.mixId;
this.bordereau = ClientUtils.generateBordereau();
String blindedBordereau64 =
WhirlpoolProtocol.encodeBytes(
clientCryptoService.blind(this.bordereau, blindingParams));
String userHash = premixHandler.computeUserHash(mixId);
ConfirmInputRequest confirmInputRequest =
new ConfirmInputRequest(mixId, blindedBordereau64, userHash);
this.bordereau = ClientUtils.generateBordereau();
String blindedBordereau64 =
WhirlpoolProtocol.encodeBytes(
clientCryptoService.blind(this.bordereau, blindingParams));
String userHash = premixHandler.computeUserHash(mixId);
ConfirmInputRequest confirmInputRequest =
new ConfirmInputRequest(mixId, blindedBordereau64, userHash);
The coordinator can use different mixid for each input. At this point it wouldn't be wrong to say that zerolink protocol (as implemented in whirlpool) has multiple vulnerabilities that could be exploited by the coordinator. I do not expect Ashigaru team or the delusional cult to ever acknowledge and fix these vulnerabilities.
Re: New ashigaru whirlpool coordinator can de-anonymize users
⭐ Merited by vapourminer (2)
They specifically mention this in their update. And there seems to be a coordinated effort across all platforms by the Wasabi fans to just pump FUD. It’s becoming very cultish.
Maybe you should’ve done your testing before making the post. You make a conclusion in your title that has not yet been tested.
Maybe you should’ve done your testing before making the post. You make a conclusion in your title that has not yet been tested.
I am not associated with Wasabi. This is a free review and testing unlike others who trust the anonymous developers or not competent enough to review. Denying the bugs based on an announcement to use suboptimal tools sounds cultish.
The conclusion is still the same. Too many red flags to trust this coordinator and everyone should do their own research before wasting money in coordinator fees.
Re: New ashigaru whirlpool coordinator can de-anonymize users
- The coordinator can link input-outputs even with the hardcoded key
The client doesn't verify that the unblinded signature is actually a valid RSA signature for the hardcoded public key. The coordinator can still do tagging and link inputs-outputs after output registration.
- A new DoS vector is introduced in the code
If you confirm an input getting a blind sig, and then just time out, you can later use the same unblinded sig in a subsequent session and register an additional output which is a DoS issue.
[/list]
Related tweets by nothingmuch: https://xcancel.com/not_nothingmuch/status/1937176085461930033
Re: New ashigaru whirlpool coordinator can de-anonymize users
It seems they aren't using code from whirlpool-client repository in the terminal. Instead hardcoded a public key for signing:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5iSNzsR0S77fby4CFkG
OHF2oKNKsAYyK8e8SEwQrqmheYHF2t3mRAoYa0iN1OUXqhl3AkN5pOZQxJosIUFL
GR2tVNtYFv0ehzxUwYWBTIFNblNysccayBlFwQMuZaCa7/Cz/MGuemmn9/tBh1Vp
7CxfYRYVXHlSe08cYImtVg6dtrcarw/rm24ke1siUxLnrM6/LbgCWfvR6SKTZ7Zm
Ox5pi0TRTkcL1dJli5QDkUA6sLFUxmvG03rZLJ61LFFqm495VLsRCHVT5jDHz5aK
Xljk9Hhe2II9iHiy3GRy+01w1ZvPZ6Am2mO1usgAu1J5Zilnt0ahxLEQB2wRnXTP
UQIDAQAB
-----END PUBLIC KEY-----
// use receiveAddress as bordereau. keep it private, but transmit blindedBordereau
// clear receiveAddress will be provided with unblindedSignedBordereau by connecting with
// another identity for REGISTER_OUTPUT
final RSAKeyParameters rsaPublicKey;
byte[] publicKey = WhirlpoolProtocol.decodeBytes(confirmInputMixStatusNotification.publicKey64);
if (publicKey != null && publicKey.length > 0) {
throw new ProtocolException("not expected to receive public key for blind signature from whirlpool server");
//rsaPublicKey = ClientUtils.publicKeyUnserialize(publicKey);
} else {
rsaPublicKey = blindSignaturePublicKey;
}
this.blindingParams = clientCryptoService.computeBlindingParams(rsaPublicKey);
String mixId = confirmInputMixStatusNotification.mixId;
this.bordereau = ClientUtils.generateBordereau();
String blindedBordereau64 =
WhirlpoolProtocol.encodeBytes(
clientCryptoService.blind(this.bordereau, blindingParams));
String userHash = premixHandler.computeUserHash(mixId);
ConfirmInputRequest confirmInputRequest =
new ConfirmInputRequest(mixId, blindedBordereau64, userHash);
confirmedInput = true;
return confirmInputRequest;
}
This introduces other issues in the coinjoin process. I will add more details after doing some research and testing.
Code:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5iSNzsR0S77fby4CFkG
OHF2oKNKsAYyK8e8SEwQrqmheYHF2t3mRAoYa0iN1OUXqhl3AkN5pOZQxJosIUFL
GR2tVNtYFv0ehzxUwYWBTIFNblNysccayBlFwQMuZaCa7/Cz/MGuemmn9/tBh1Vp
7CxfYRYVXHlSe08cYImtVg6dtrcarw/rm24ke1siUxLnrM6/LbgCWfvR6SKTZ7Zm
Ox5pi0TRTkcL1dJli5QDkUA6sLFUxmvG03rZLJ61LFFqm495VLsRCHVT5jDHz5aK
Xljk9Hhe2II9iHiy3GRy+01w1ZvPZ6Am2mO1usgAu1J5Zilnt0ahxLEQB2wRnXTP
UQIDAQAB
-----END PUBLIC KEY-----
Code:
// use receiveAddress as bordereau. keep it private, but transmit blindedBordereau
// clear receiveAddress will be provided with unblindedSignedBordereau by connecting with
// another identity for REGISTER_OUTPUT
final RSAKeyParameters rsaPublicKey;
byte[] publicKey = WhirlpoolProtocol.decodeBytes(confirmInputMixStatusNotification.publicKey64);
if (publicKey != null && publicKey.length > 0) {
throw new ProtocolException("not expected to receive public key for blind signature from whirlpool server");
//rsaPublicKey = ClientUtils.publicKeyUnserialize(publicKey);
} else {
rsaPublicKey = blindSignaturePublicKey;
}
this.blindingParams = clientCryptoService.computeBlindingParams(rsaPublicKey);
String mixId = confirmInputMixStatusNotification.mixId;
this.bordereau = ClientUtils.generateBordereau();
String blindedBordereau64 =
WhirlpoolProtocol.encodeBytes(
clientCryptoService.blind(this.bordereau, blindingParams));
String userHash = premixHandler.computeUserHash(mixId);
ConfirmInputRequest confirmInputRequest =
new ConfirmInputRequest(mixId, blindedBordereau64, userHash);
confirmedInput = true;
return confirmInputRequest;
}
This introduces other issues in the coinjoin process. I will add more details after doing some research and testing.
New ashigaru whirlpool coordinator can de-anonymize users
⭐ Merited by LoyceV (12) ,NotATether (6) ,cAPSLOCK (5) ,d5000 (5) ,theymos (2) ,DireWolfM14 (1) ,ABCbits (1)
Ashigaru announcement: https://ashigaru.rs/news/announcement-whirlpool/
https://i.ibb.co/Q7G2rDBr/rsa.png
Background: Nothingmuch had reported a vulnerability in whirlpool in December 2024: https://groups.google.com/g/bitcoindev/c/CbfbEGozG7c/m/w2B-RRdUCQAJ
This allows a malicious coordinator to link inputs and outputs by providing each input with a unique RSA public key. Since the unblinded signatures are made by different keys, the server can learn the mapping from inputs to outputs.
The blind signing process requires a server or coordinator to share the public key. The highlighted text in the announcement is misleading. I looked at the code in [Whirlpool-Client](http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Whirlpool-Client) and [Whirlpool-Server](http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Whirlpool-Server) and found that the vulnerability is not fixed.
// generate a secret bordereau. keep it private and register INPUT with blindedBordereau
// bordereau will be provided with unblindedSignedBordereau to register POSTMIX with another
// identity
this.bordereau = ClientUtils.generateBordereau();
byte[] publicKey = WhirlpoolProtocol.decodeBytes(confirmInputMixStatusNotification.publicKey64);
RSAKeyParameters serverPublicKey = ClientUtils.publicKeyUnserialize(publicKey);
this.blindingParams = clientCryptoService.computeBlindingParams(serverPublicKey);
String mixId = confirmInputMixStatusNotification.mixId;
String blindedBordereau64 =
WhirlpoolProtocol.encodeBytes(clientCryptoService.blind(bordereau, blindingParams));
String userHash = premixHandler.computeUserHash(mixId);
ConfirmInputRequest confirmInputRequest =
new ConfirmInputRequest(mixId, blindedBordereau64, userHash);
confirmedInput = true;
return confirmInputRequest;
}
http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Whirlpool-Client/src/commit/a64bd8b4e0ee8a4cfab03da4565f166d07caa7ec/src/main/java/com/samourai/whirlpool/client/mix/MixProcess.java
// register confirming input
String publicKey64 = WhirlpoolProtocol.encodeBytes(mix.getPublicKey());
ConfirmInputMixStatusNotification confirmInputMixStatusNotification =
new ConfirmInputMixStatusNotification(mix.getMixId(), publicKey64);
mix.registerConfirmingInput(registeredInput);
http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Whirlpool-Server/src/branch/main/src/main/java/com/samourai/whirlpool/server/services/MixService.java
Conclusion: Users should not trust this centralized coordinator and do their own research before paying 5% coordinator fees.
https://i.ibb.co/Q7G2rDBr/rsa.png
Background: Nothingmuch had reported a vulnerability in whirlpool in December 2024: https://groups.google.com/g/bitcoindev/c/CbfbEGozG7c/m/w2B-RRdUCQAJ
This allows a malicious coordinator to link inputs and outputs by providing each input with a unique RSA public key. Since the unblinded signatures are made by different keys, the server can learn the mapping from inputs to outputs.
The blind signing process requires a server or coordinator to share the public key. The highlighted text in the announcement is misleading. I looked at the code in [Whirlpool-Client](http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Whirlpool-Client) and [Whirlpool-Server](http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Whirlpool-Server) and found that the vulnerability is not fixed.
Code:
// generate a secret bordereau. keep it private and register INPUT with blindedBordereau
// bordereau will be provided with unblindedSignedBordereau to register POSTMIX with another
// identity
this.bordereau = ClientUtils.generateBordereau();
byte[] publicKey = WhirlpoolProtocol.decodeBytes(confirmInputMixStatusNotification.publicKey64);
RSAKeyParameters serverPublicKey = ClientUtils.publicKeyUnserialize(publicKey);
this.blindingParams = clientCryptoService.computeBlindingParams(serverPublicKey);
String mixId = confirmInputMixStatusNotification.mixId;
String blindedBordereau64 =
WhirlpoolProtocol.encodeBytes(clientCryptoService.blind(bordereau, blindingParams));
String userHash = premixHandler.computeUserHash(mixId);
ConfirmInputRequest confirmInputRequest =
new ConfirmInputRequest(mixId, blindedBordereau64, userHash);
confirmedInput = true;
return confirmInputRequest;
}
http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Whirlpool-Client/src/commit/a64bd8b4e0ee8a4cfab03da4565f166d07caa7ec/src/main/java/com/samourai/whirlpool/client/mix/MixProcess.java
Code:
// register confirming input
String publicKey64 = WhirlpoolProtocol.encodeBytes(mix.getPublicKey());
ConfirmInputMixStatusNotification confirmInputMixStatusNotification =
new ConfirmInputMixStatusNotification(mix.getMixId(), publicKey64);
mix.registerConfirmingInput(registeredInput);
http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Whirlpool-Server/src/branch/main/src/main/java/com/samourai/whirlpool/server/services/MixService.java
Conclusion: Users should not trust this centralized coordinator and do their own research before paying 5% coordinator fees.
It is possible to prove that you own a UTXO of certain amount without revealing UTXO details using one of these methods:
1. Anonymous usage tokens from curve trees
2. taproot-ringsig
3. OutputZero
1. Anonymous usage tokens from curve trees
2. taproot-ringsig
3. OutputZero
Without having looking into this, could any of it be implemented in a nice web interface where people can request proof of funds of your company and then you get back the results showing the BTC is indeed there, or you need to do some convoluted things? Since this is aimed for the general public to check funds of a company, not to generate your own cryptographic proof only, it has to be well presented to the average joe.
[/quote]
Yes it is possible.
Related IRC conversation: https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2025-05-08#1119190;
Quote
17:00 <Murch[m]> Next testnet reset should have a substantial premine for any dev that signs up in advance to get one
17:00 <Murch[m]> That should make it easier to get coins to anyone that needs them and provide ample coin to sell into any exchanges that might start trading it
17:01 <Murch[m]> Like maybe 1'000'000 coins per party that wants any
17:15 <_aj_> 10.5M coins divided by how many people sign up, and block reward halves every 105k blocks would make the maths easier maybe
17:16 <laanwj> dzxzg: a fun idea but i'm afraid giving them unique colors will only encourage people to collect them all
17:28 <laanwj> Murch: yes you'd say if the premine is that large it will discourage people from trading them for real money, on the other hand, crypto people...
17:31 <Murch[m]> Given that Testnet 4 was immediately monopolized and traded after launch, it seems like another thing that could be tried
17:32 <Murch[m]> Giving out half the coins in advance and halving the reward schedule like _aj_ suggests sounds good
17:00 <Murch[m]> That should make it easier to get coins to anyone that needs them and provide ample coin to sell into any exchanges that might start trading it
17:01 <Murch[m]> Like maybe 1'000'000 coins per party that wants any
17:15 <_aj_> 10.5M coins divided by how many people sign up, and block reward halves every 105k blocks would make the maths easier maybe
17:16 <laanwj> dzxzg: a fun idea but i'm afraid giving them unique colors will only encourage people to collect them all
17:28 <laanwj> Murch: yes you'd say if the premine is that large it will discourage people from trading them for real money, on the other hand, crypto people...
17:31 <Murch[m]> Given that Testnet 4 was immediately monopolized and traded after launch, it seems like another thing that could be tried
17:32 <Murch[m]> Giving out half the coins in advance and halving the reward schedule like _aj_ suggests sounds good
⭐ Merited by stwenhao (1)
It is possible to prove that you own a UTXO of certain amount without revealing UTXO details using one of these methods:
1. Anonymous usage tokens from curve trees
2. taproot-ringsig
3. https://github.com/halseth/output-zero
1. Anonymous usage tokens from curve trees
2. taproot-ringsig
3. https://github.com/halseth/output-zero
Since it's megathread located on Bitcoin parent board, how about making list of some Bitcoin software or service which use Nostr? For example, https://joinstr.xyz/.
Thank you for mentioning joinstr
Agree. A list of bitcoin projects that use nostr would be more relevant on bitcointalk.