Paul Miller

@paulm

30 Following

18971 Followers

Paul Miller pfp

Releasing micro-zk-proofs: JS library to create and verify zk-SNARK proofs. Proofs are created in parallel using Web Workers. Noble cryptography is utilized underneath. During development of zkp, a vulnerability was found in wasmsnark, alternative proof generation library.

2 replies

1 recast

9 reactions

Paul Miller pfp

Releasing ESPLR - a local ETH block explorer. Big problem of ecosystem is reliance on 3rd party RPCs (infura, alchemy, quicknode). Also reliance on 3rd party explorers (etherscan). They track users: it makes system one big panopticon. Local nodes can make the situation better! PC with an archive node only costs $40/mo or $500 one-time. Esplr only needs RPC URL of an archive node. It can view transactions, account balances and token transfer history (unique feature). https://github.com/paulmillr/esplr

23 replies

80 recasts

329 reactions

Paul Miller pfp

New vulnerability in elliptic.js allows attackers to extract private keys from signatures. This happened because fully deterministic signatures are not your friends. Check out my latest blog post describing the bug and prevention methods: https://paulmillr.com/posts/deterministic-signatures/

2 replies

6 recasts

45 reactions

Paul Miller pfp

Updated the 2020 article about building an elliptic curve library from scratch. We need more implementations, in different languages. It’s really easy. Check it out: https://paulmillr.com/posts/noble-secp256k1-fast-ecc/

3 replies

14 recasts

80 reactions

Paul Miller pfp

A few updates: - Repos are now deployed to JSR.io and work in Deno / Bun. JSR auto-generates docs! - Tests run 5x faster with “micro-should” (400-line parallel ESM replacement for Jest) - A server is fuzzing noble for 8 hours every day. Code coverage stats have been added

4 replies

7 recasts

49 reactions

Paul Miller pfp

Some thoughts on how ETH can become quantum-resistant. There are lots of small tasks, but it seems quite doable. https://ethresear.ch/t/tidbits-of-post-quantum-eth/21296

2 replies

13 recasts

81 reactions

Paul Miller pfp

Fresh drop from australian NSA: “taking into account projected technological advances in quantum computing” - DH / ECDH / ECDSA will not be approved for use beyond 2030 - Also AES-128 and AES-192 - Also SHA-256 (!) - Also ML-KEM-768 / ML-DSA-65 (!!) https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography

3 replies

9 recasts

87 reactions

Paul Miller pfp

There are challenges in upgrading blockchains to be post-quantum safe, however, some of them seem easy. Most keys these days are generated from BIP39 mnemonics. Bip39 is pq-safe. We freeze all balances. To unfreeze, we ask users to generate a STARK proof which shows seedphrase is related to their address. After that funds are moved to a new system. Done. (https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901)

6 replies

39 recasts

112 reactions

Paul Miller pfp

NIST wants to ban ECDSA in 2035. It is tight. HTTPS, messengers, cryptocurrencies and everyone else will need to move to new algorithms. Not all functionality is currently feasible in pq setting. Here’s an excerpt from noble-post-quantum on speed & key size in JS implementations.

7 replies

28 recasts

136 reactions

Paul Miller pfp

noble-ciphers got audited, while curves got their third audit. Thanks to OpenSats for funding & Cure53 for the work! PDF in repo. Contact me if you’re: - auditor (paid / unpaid) willing to review new open-source goods - willing to fund auditors https://github.com/paulmillr/noble-ciphers

1 reply

2 recasts

32 reactions

Paul Miller pfp

Ethereum $130B staking contract was created using Tornado Cash. Torn has mostly been used for legit on-chain privacy. An example is the transaction by anon dev, deploying the contract. The repo rebuilds it using modern tech. Great for ZK education! https://github.com/nkrishang/tornado-cash-rebuilt https://etherscan.io/tx/0xe75fb554e433e03763a1560646ee22dcb74e5274b34c5ad644e7c0f619a7e1d0

0 reply

4 recasts

19 reactions

Paul Miller pfp

Kinda sad there are people working on eth who think Tornado should be shut down due to crime. Even though most of its usage is legitimate privacy, which cannot be reliably achieved in other methods. Anti privacy ethos all the way.

1 reply

14 recasts

72 reactions

Paul Miller pfp

New release of JS eth-signer is out. A lot of new features have been added: - EIP-7702 AA transactions - EIP-4844 KZG implementation in pure JS - EIP-712 / EIP-191 message signing - EIP-7495 SSZ stable container https://github.com/paulmillr/micro-eth-signer

2 replies

23 recasts

52 reactions

Paul Miller pfp

Just released post-quantum v0.2.0, implementing final FIPS 203 / 204 / 205 specs. You can now use PQ cryptography in JS apps today! https://github.com/paulmillr/noble-post-quantum

1 reply

11 recasts

37 reactions

Paul Miller pfp

This is one of the best cryptography libraries: - ~High level language (nim) - Tons of useful docs and comments. Check out repository issues! - All kinds of algorithms. ECC, pairings, r1cs, you name it - Solid for educating newcomers Great job @mratsim

0 reply

28 recasts

72 reactions

Paul Miller pfp

Releasing new package: micro-rsa-dsa-dh Minimal implementation of older cryptography algorithms. Elliptic curves have gained adoption these days, however, classical algos are still needed sometimes. As usual, the code is simple and good for education. https://github.com/paulmillr/micro-rsa-dsa-dh

0 reply

11 recasts

77 reactions

Paul Miller pfp

The new ETH client by @gakonst and @paradigm is live. All historical transactions (aka “archive node”) fit in just 2.3TB. Full node is 1.2TB. Syncing from genesis takes 50 hours. Can be ran on a cheap pc: no need to pay for 3rd party RPC which tracks users. https://www.paradigm.xyz/2024/06/reth-prod

9 replies

46 recasts

196 reactions

Paul Miller pfp

Human Rights Foundation (hrf.org) awarded us some money for nip44 encrypted chat spec. Looks like we’ll be having an audit of noble-ciphers and remaining parts of curves later in the summer!

1 reply

59 recasts

414 reactions

Paul Miller pfp

micro-eth-signer 0.9 is out. No more block explorers: the release adds ability to fetch full account history and token balances using an archive node, such as @erigon It also implements SSZ in just 900 lines: nearest library is 8x larger. https://github.com/paulmillr/micro-eth-signer

0 reply

4 recasts

10 reactions

Paul Miller pfp

Grateful for the grant from Farcaster. Going to spend the funding on new security audits of open-source software.

0 reply

6 recasts

8 reactions