Paul Miller pfp

Paul Miller

@paulm

29 Following
18261 Followers
sudo rm -rf --no-preserve-root / pfp
sudo rm -rf --no-preserve-root /
@pcaversaccio
Starting the case here for "hedged signatures". If anyone has a specific view / opinion, let me know in the thread: https://ethresear.ch/t/hedged-signatures-ftw/21757
1 reply
5 recasts
27 reactions
Paul Miller pfp
Paul Miller
@paulm
Past performance is not indicative of future results
0 reply
0 recast
0 reaction
Paul Miller pfp
Paul Miller
@paulm
Hit me up on email for more credibility.
0 reply
0 recast
2 reactions
Paul Miller pfp
Paul Miller
@paulm
New vulnerability in elliptic.js allows attackers to extract private keys from signatures. This happened because fully deterministic signatures are not your friends. Check out my latest blog post describing the bug and prevention methods: https://paulmillr.com/posts/deterministic-signatures/
2 replies
11 recasts
53 reactions
Paul Miller pfp
Paul Miller
@paulm
Updated the 2020 article about building an elliptic curve library from scratch. We need more implementations, in different languages. It’s really easy. Check it out: https://paulmillr.com/posts/noble-secp256k1-fast-ecc/
3 replies
20 recasts
82 reactions
Paul Miller pfp
Paul Miller
@paulm
Done.
0 reply
0 recast
0 reaction
Paul Miller pfp
Paul Miller
@paulm
Been working for the last 5 years on this. Specifically, no-deps JS cryptography. Low-deps eth libraries. Etc. noble cryptography on github.
0 reply
0 recast
3 reactions
Paul Miller pfp
Paul Miller
@paulm
A few updates: - Repos are now deployed to JSR.io and work in Deno / Bun. JSR auto-generates docs! - Tests run 5x faster with “micro-should” (400-line parallel ESM replacement for Jest) - A server is fuzzing noble for 8 hours every day. Code coverage stats have been added
4 replies
7 recasts
50 reactions
Paul Miller pfp
Paul Miller
@paulm
Url?
1 reply
0 recast
0 reaction
Paul Miller pfp
Paul Miller
@paulm
Some thoughts on how ETH can become quantum-resistant. There are lots of small tasks, but it seems quite doable. https://ethresear.ch/t/tidbits-of-post-quantum-eth/21296
2 replies
12 recasts
87 reactions
Paul Miller pfp
Paul Miller
@paulm
Correct
0 reply
0 recast
1 reaction
Paul Miller pfp
Paul Miller
@paulm
Fresh drop from australian NSA: “taking into account projected technological advances in quantum computing” - DH / ECDH / ECDSA will not be approved for use beyond 2030 - Also AES-128 and AES-192 - Also SHA-256 (!) - Also ML-KEM-768 / ML-DSA-65 (!!) https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography
3 replies
13 recasts
117 reactions
Paul Miller pfp
Paul Miller
@paulm
This is not true anymore since p2tr was added. P2tr has unhashed addreses which are raw public keys.
2 replies
0 recast
4 reactions
Paul Miller pfp
Paul Miller
@paulm
There are challenges in upgrading blockchains to be post-quantum safe, however, some of them seem easy. Most keys these days are generated from BIP39 mnemonics. Bip39 is pq-safe. We freeze all balances. To unfreeze, we ask users to generate a STARK proof which shows seedphrase is related to their address. After that funds are moved to a new system. Done. (https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901)
6 replies
39 recasts
206 reactions
Paul Miller pfp
Paul Miller
@paulm
What about his bsky censorship claims? Surely doesn’t look like something great.
0 reply
0 recast
1 reaction
sudo rm -rf --no-preserve-root / pfp
sudo rm -rf --no-preserve-root /
@pcaversaccio
For those who want to exercise their privacy rights and want to use an uncompromised Tornado Cash interface, here are some secure IPFS hashes: - bafybeicu2anhh7cxbeeakzqjfy3pisok2nakyiemm3jxd66ng35ib6y5ri - bafybeia7cu2axyyxsarmaemvlpdpofa4q23lzpltbl4jbrnfixdn573h4y - bafybeiduouhoquhndpzlqrhcfb7wt2jme7qdp4omldal3kulbx63dsrigq - bafybeiguelxw5aanwnhvaea5vjhknmcdmwvujne36wgabnkmcbt3563toa - bafybeiezldbnvyjgwevp4cdpu44xwsxxas56jz763jmicojsa6hm3l3rum https://x.com/iampaulgrewal/status/1861549058797772874
6 replies
12 recasts
59 reactions
Paul Miller pfp
Paul Miller
@paulm
Why 5 hashes? Shouldn’t it be just one?
1 reply
3 recasts
13 reactions
Paul Miller pfp
Paul Miller
@paulm
I am not an expert on post-quantum stuff. Hard to tell.
0 reply
0 recast
0 reaction
Paul Miller pfp
Paul Miller
@paulm
NIST wants to ban ECDSA in 2035. It is tight. HTTPS, messengers, cryptocurrencies and everyone else will need to move to new algorithms. Not all functionality is currently feasible in pq setting. Here’s an excerpt from noble-post-quantum on speed & key size in JS implementations.
7 replies
100 recasts
144 reactions
Paul Miller pfp
Paul Miller
@paulm
I complain about war on cash. It’s already useless in many countries with bans on large (10k+) transactions. Like, you can buy groceries and stuff, ok. The trend doesn’t seem to be reversible.
0 reply
0 recast
1 reaction