1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
Return-Path: <AdamISZ@protonmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 72149C0011
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2022 21:50:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 5AB4040AC2
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2022 21:50:33 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 5AB4040AC2
Authentication-Results: smtp2.osuosl.org;
dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
header.a=rsa-sha256 header.s=protonmail3 header.b=kLRTa6qc
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id NPBK10mZ0s9a
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2022 21:50:32 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 92049404A0
Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16])
by smtp2.osuosl.org (Postfix) with ESMTPS id 92049404A0
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2022 21:50:31 +0000 (UTC)
Date: Thu, 30 Jun 2022 21:50:20 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1656625829; x=1656885029;
bh=uaZKboZB9maKRe7PmLHqwWpGDFtzFIGhTvU1+CynSoE=;
h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References:
Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
Message-ID;
b=kLRTa6qcLb64D0dCNU5SwvcJmBnEDk7LDmjEFYS19EmCd8zwsaKueME4NnhvNzOuW
/LVwRpQRCFuM03e+OmsgGM7rYI/2l5FSlfoN2N1vY0vwe0k+qAT9TNBAghy53rchou
SrPWPwZuIIAbnxgkw2PPBtIOfRr9oDaBkzVf+dGNBaeM668fDE2B1cBqOUqdyrttK6
x6pW/3WyH4ybxc8VfPYP1ltksqeo4KTyC3kBZQqEotgpkKE05XcO4PMAqBGbDJ9VOp
aVrFzzG+8AfT0OvtPhsjcsiUvRkl9YBx7Q0cwUEAQsWOTLyI/ecjhkZ3eD9tou7JtD
CiQBFmilfLHkQ==
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: AdamISZ <AdamISZ@protonmail.com>
Reply-To: AdamISZ <AdamISZ@protonmail.com>
Message-ID: <HT3SgKh3WjJhJz9ozfy8E0MuGveya8Grb3SYrmYShZcHTQOPKpIBfArFupyAVV44k3XHNjSaKHmimqX_BCrUsXm5QvadXK5Z_24uGL60KWg=@protonmail.com>
In-Reply-To: <Kq8x6RTAGitSLOir_j1JcWHxTODreQpRTtqfW0NCTrrwTJBHQ9smptiZA1rIbh6aJl9wc_Ca6DvQr7xrMSate62s4r9nmQSypugYYKJXEZY=@protonmail.com>
References: <Kq8x6RTAGitSLOir_j1JcWHxTODreQpRTtqfW0NCTrrwTJBHQ9smptiZA1rIbh6aJl9wc_Ca6DvQr7xrMSate62s4r9nmQSypugYYKJXEZY=@protonmail.com>
Feedback-ID: 11565511:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Thu, 30 Jun 2022 22:04:29 +0000
Subject: Re: [bitcoin-dev] RIDDLE: Lightweight anti-Sybil with anonymity in
Bitcoin
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2022 21:50:33 -0000
Just a small update to those interested:
I migrated the gist due to failures of github's new equation formatting fea=
ture (which unfortunately started just when I published this gist!), to [1]=
(but comments still on the gist please, or here).
Secondly, I did some research (including toy code) into sublinear ring sign=
atures and Groth/Kohlweiss 2014 can give logarithmic scaled ring signatures=
, whose security is reducible to that of the Pedersen commitments (essentia=
lly ECDLP). I made a note on what this looks like concretely here [2], TLDR=
1 o 2 KB for 256-1024 keys. Open question how much the computational load =
matters. (Ring sig + key image I think is effected via ring sig + "spend a =
coin" part of "how to leak a secret and spend a coin", in the language of t=
he paper).
The above paragraph is mentioned of course to address the question of how p=
ractical it might be to get genuinely big anonymity sets. In short, it migh=
t be practical. Again to mention: though bilinear pairings crypto could giv=
e substantially more efficient constructions, that would not work on 'bare'=
secp256k1, though there might be a sensible way of 'transferring' over to =
other curves (I'll leave that to others to figure out!).
[1] https://reyify.com/blog/riddle
[2] https://gist.github.com/AdamISZ/51349418be08be22aa2b4b469e3be92f?permal=
ink_comment_id=3D4210892#gistcomment-4210892
Cheers,
AdamISZ/waxwing
Sent with Proton Mail secure email.
------- Original Message -------
On Sunday, June 12th, 2022 at 18:04, AdamISZ via bitcoin-dev <bitcoin-dev@l=
ists.linuxfoundation.org> wrote:
> List denizens,
>
> As per the title, a suggested protocol for doing anti-Sybil that isn't to=
o demanding for the users, but actually keeps a decent level of privacy.
>
> Notice how it's mostly focused on a user/customer of a service/product/we=
bsite, but it could conceivably useful in e.g. anti-Sybil in things like Li=
ghtning.
>
> Sorry that as usual I write rather long but there are several convenientl=
y arranged sections you can click on :)
>
> https://gist.github.com/AdamISZ/51349418be08be22aa2b4b469e3be92f
>
> (with apologies for my backronym-ing sins)
>
> Cheers,
> waxwing/AdamISZ
>
>
>
> Sent with Proton Mail secure email.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
|
