Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
James Edwards Profile picture
@librehash
Aug 25, 2021 22 tweets 11 min read Read on X
Scrolly
1/ I published a public comment for BIP340 a few months ago on the official Bitcoin GitHub

After publishing said comment, it was later removed (censored) by Gregory Maxwell (@Blockstream CTO "formerly"; listed as a co-founder of @Blockstream as well).

github.com/bitcoin/bips/b… ImageImage
2/ To start off, what Gregory Maxwell wrote is a demonstrable lie - full stop.

You can view my original comment here - github.com/bitcoin/bips/w…

As screenshots, what I wrote was comprehensive, to the point + included numerous references to published (peer-reviewed) ImageImageImage
3/ Before getting into all of that, let me address Gregory Maxwell's claim that my comment was "linked elsewhere while the comments below are ignored"; this is actually false. Image
4/ On May 22nd, 2021 (more than a week before Maxwell's false update), I updated my public Telegram channel to inform everyone of my comment and *included* Peter Wiulle's response to my comment as well. ImageImage
5/ Additionally, Peter Wiulle conceded *numerous* points I made above in his response (read it closely).

Additionally though - Wiulle is *100% wrong in many of his responses here*; I'll go through those briefly. Image
6/ Peter claimed that nearly all Bitcoin wallets adhere to RFC6979 nonce generation specs ; this is not true.

Example here - github.com/bitpay/bitcore…

Issue still open here - github.com/bitpay/bitcore…
7/ Elliptic curve coord. pairings (x, y) are co-factors plotted over a finite field; 'x' (private key) has a direct relationship to 'y' (pubkey)

The 'order' (n) = lowest prime order cyclic subgroup ; this is the order of the curve base point ('G') ImageImage
8/ Given the above, for signatures we can create a proof via taking a random value (k), multiplying it by the curve base point (G) to arrive at a diff 'y' (R) on the elliptic curve [R=kG]; thus the corresponding priv. key is R*x, where x = private key Image
8a/ There's a nuance in RFC6979 for those attempting to generate *deterministic* ecdsa (secp256k1) keys that goes further than simply deriving the value 'k' from HMAC'ing (h+x)

We'll get to that in a second.
9/ From this point you can create a proof that says

's' = k^(-1) * (h + r*x)(modulo 'n')
‘s’ is determined by the [inverse of ‘k’] multiplied by [hash of the message output when XOR’d with ‘r*x’] which is modulo'd with 'n' ; 'n' = lowest prime order of cyclic subgroup Image
10/ Perhaps Gregory Maxwell decided to censor my comment on BIP340 because I called @Blockstream and @adam3us out about a recent whitepaper, in which researchers outlined how they were able to *successfully recover funds from Bitcoin wallets*

11/ In that thread, I cite the name of the study, "Biased Nonce Sense: Lattice Attacks Against Weak ECDSA Signatures in Cryptocurrencies"

Curiously, the researchers documented conversations they had *directly* with Gregory Maxwell about this issue. ImageImageImageImage
12/ Skipping to the point here - I think Wiulle's confusion stemmed from my use of the word "random". For the *generator*, these values should not be random (in a deterministic setting), yes.

But to the *outside world*, it absolutely should (obviously).
13/ The researchers make it clear *in the Abstract*, "If this nonce is not generated uniformly at random, an attacker can potentially exploit this bias to compute the long-term signing key."

eprint.iacr.org/2019/023.pdf ImageImageImage
14/Continuing - "We also calculated 1,296 private keys from repeated signature nonces. These keys had generated 4,295,141 signatures."

Also, "Some of the transactions using k = (n-1)/2 are with withdrawing from addresses derived from easily guessable brainwallet passwords."
14a/ The researchers explicitly state they reached out to Greg Maxwell about these nuances in secp256k1 nonce generation on the blockchain (and they record his response noting an out-of-bound, 'SHA1' hash is used to "sweep 'dust' transactions" <-- is this even documented? Image
15/ The researchers note the fact Bitcoin switched to "deterministic nonces" back in 2015/2016; however as we can see in the study's excerpt attached to this tweet - that did not mitigate this problem entirely (by any means) Image
16/ Revisiting RFC 6979 is critical here, bc the nonce is *supposed* to be deterministic now for Bitcoin (this change was made in '15), last pic is most relevant - "performing a simple modular reduction would induce biases that would be detrimental to signature security." ImageImage
16a/ Knowing that's true, I wonder if that's what is causing the leakage of nonce values - bc the full signature proof is: k^-1 * (h + r * privKey)(mod 'n') ; 'n' = prime curve order ImageImage
16b/ Looking to verify signature; you'll notice that the random point used during signing is supposed to be recoverable to check the proof ; however doing so requires deriving the modulo inverse of 's'... Image
16c/ IF one were to use the regular formula (k^-1 rep. the modulo by 'n' ; n = lowest prime order of the curve), then you end up with 'k' outright. 'k' in rfc6979 = h+privKey

The attached screenshot is from libsecp256k1 ; I wonder if this spec. (mandating mod.) is the culprit Image
17/ In either case, it should be abundantly clear that my comment on BIP340 was far from "misinformation" and that Gregory Maxwell and @Blockstream are completely full of shit. Full stop.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with James Edwards

James Edwards Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @librehash

James Edwards Profile picture
May 15, 2023
1/ Now let's talk about how @PeterMcCormack tried to bully me out of the crypto space by spreading malicious content that doxxed my family (incl. underaged girls), called me a "nigger" and falsely claimed I was a child predator on the sex offender registry. Image
2/ Here's one of the (many; some deleted since) posts by @PeterMcCormack that he shared on Twitter under his podcast account (@WhatBitcoinDid) directly that features a Steemit piece with some very nasty, malicious content. Image
2a/ The article calls me a "nigger" and also accuses me of being on the Maryland sex offender registry. It also states that I scammed and defrauded a # of individuals with a clothing company. Additionally, it doxxes underaged relatives (those pics not included). ImageImage
Read 10 tweets
James Edwards Profile picture
May 15, 2023
1/ In this thread we're going to explore how @PeterMcCormack is a sock puppet "social media influencer" whose platform was artificially pumped up by @Tether_to, @Blockstream and other affiliated entities for the sole purpose of promoting *their* $BTC solutions. Image
1a/ Before continuing this thread - let me be clear in stating that I am FAN of $BTC. Always have been. But I don't like the cabal that dominates & controls $BTC #Bitcoin . I'm not affiliated with ANY project in this space & NOBODY pays me.
2/ Once upon a time (back in 2019), @PeterMcCormack wrote a thread with a bunch of 'guidance' about starting a podcast. You won't be able to find it online since its deleted (like most of this threads). But here's the archived link - ImageImage
Read 19 tweets
James Edwards Profile picture
Mar 20, 2023
1/ Not sure how this space missed this but @fluffypony (Riccardo Spagni), the founder & lead maintainer of @monero $XMR outed himself as an informant for Interpol after he was detained by U.S. Marshals pending extradition. Evidence strongly suggests he helped them track Monero.
2/ Ok, so first some background. Case #: 3:21-mj-04149

Apparently in 2011, Spagni's old employer (Cape Cookies) sought prosecution against him for allegedly fudging >$100k in fake invoices. Case dragged on for years until 2021 when South Africa requested extradition
3/ @fluffypony's counsel states he was afraid to travel & catch COVID19 + trial date was delayed to March 24th, 2021.

Curiously that didn't stop him & his wife from applying for a Visa & leaving South Africa on March 21st, 2021...just 3 days before his scheduled court date.
Read 15 tweets
James Edwards Profile picture
Dec 16, 2022
1/ The class action lawsuits against @silvergatebank aren't just about FTX/Alameda oversights. They're about @silvergatebank allowing @PaxosGlobal & other crypto firms to launder >$425 million to South American drug cartels (verified fact, not FUD). We'll explore in this thread.
2/ Virtually every news outlet in crypto has ignored this elephant in the room for @silvergatebank, choosing instead to fogus on FTX + Alameda.

@CoinDesk hasn't said a *word* about @silvergatebank since Dec 6th - maybe @DCGco has something to do w that.
3/ The link to the official PR = prnewswire.com/news-releases/…

FTX is only mentioned *once*. The PR is clear in stating the class action is being filed to address >$425M laundered funds via @silvergatebank ; investors believe ensuing sanctions, penalties, violations are inevitable
Read 12 tweets
James Edwards Profile picture
Nov 12, 2022
1/ This thread is going to link the activities of @Tether_to directly to Mossad and other high-ranking members of Israeli intelligence.

The story starts w the DOJ's indictment of Reginald Fowler & Ravid Yosef in 2019 = justice.gov/usao-sdny/pr/a…
2/ I published a thread conclusively proving that @bitfinex & @Tether_to were the conduits used by Fowler & Yosef to launder hundreds of millions of dollars behind a criminal payment processor called, 'Crypto Capital Co'.

3/ While Reginald Fowler was arrested initially, Ravid Yosef was not; she remained at large. Earlier that year she registered a company in the UK called 'Finnovative Holdings'

The companies execs were her, Eitan Tregar, Amit Raz and Avraham Kochva
Read 22 tweets
James Edwards Profile picture
Nov 12, 2022
1/ This thread is going to link the activities of @Tether_to directly to Mossad and other high-ranking members of Israeli intelligence.

The story starts w the DOJ's indictment of Reginald Fowler & Ravid Yosef in 2019 = justice.gov/usao-sdny/pr/a… ImageImage
2/ I published a thread conclusively proving that @bitfinex & @Tether_to were the conduits used by Fowler & Yosef to launder hundreds of millions of dollars behind a criminal payment processor called, 'Crypto Capital Co'.

3/ While Reginald Fowler was arrested initially, Ravid Yosef was not; she remained at large. Earlier that year she registered a company in the UK called 'Finnovative Holdings'

The companies execs were her, Eitan Tregar, Amit Raz and Avraham Kochva ImageImage
Read 22 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(