What if the next Satoshi Nakamoto and rhe next Ross Ullbricht are not human?
waxwing
npub1vadc...nuu7
Bitcoin, cryptography, Joinmarket etc.
According to primal I have written 1.2K notes and 1.7K replies.
I wonder what an ideal ratio is for healthy discourse.
I mean obviously, literally do whatever the fuck you want, but if that ratio is 1:0.01 for everyone, I think that'd be worse, as an experience.
To the Lightning engineers: has anyone ever thought about crowd sourcing a payment? I'm specifically thinking, what if Alice has a secret that is valuable to the general populace of users; but any one person finds it too expensive. Say 100 people all "chip in": they pay to the secret with 1/100 of the amount. When Alice claims one she claims all if the preimage is the same across all. Does this make sense practically? It's easier to reason about directly onchain since the concept of "publishing" the secret is more unambiguous there. And with routing there can be failures which makes it messier, right.
Do you see any interplay or overlap with IPFS?
Trying primal. Quite like it, one thing I noticed: people posting youtube vid links that seem broken for me (i get a youtube error message). Is that normal?
Sitting here dumbfounded because Amir Taaki thinks it's fine that the first 1% of people get out with their money if massive inflation occurred ...
https://xcancel.com/lunardragon420/status/2062823337894514977#m
View quoted note β
Peter ( @Peter Todd ) was 1st on this from what I remember. From around the days of "cypherpunk desert bus" [1]
It explains why we L2. It explains why the otherwise idiotic "build privacy on top of transparency" is not, in fact, idiotic.
https://xcancel.com/peterktodd/status/2062809959138488502#m
[1] He participated in the original zcash trusted setup and blogged about it here:
Cypherpunk Desert Bus: My Role In The 2016 Zcash Trusted Setup Ceremony
Update: taking this down for now until some questions about the deterministicbuilds are answered; currently I do not believe the Zcash trusted setu...
This : is another example of the problem with obfuscation at the L1 blockchain layer. The Zcash incident from years ago was a more obvious one, this one is more subtle. The problem here actually manifested in mining and checking the validity of a peg-out from the mimblewimble extension block. So the bug itself was not cryptographic, it was a consensus bug. But the privacy feature (the obfuscation) made it a lot harder for the system to react to the failure mode. And they still have the unauditability problem, even now, I think.
Litecoin MWEB Security Incident Postmortem
Some pretty meaty Joinmarket anonymity set analysis here from @m0wer :
Haven't gone through it yet myself.
JoinMarket Maker Clustering and Taker Anonymity-Set Reduction
A new (or better, semi-new) idea: 'hodlchain' : if people timelock their coins, they're sacrificing value. that can be used to permissionlessly mint coins on an "L2". Semi-new because this is exactly Somsen's old spacechains idea, except, I think it's way more interesting if you don't *have* to burn your bitcoin (though, you can) to get the value. The meat of this was trying to find the logical way to modulate how much L2 coin can be minted by e.g. locking your bitcoin up for 1 month. There's also a POC code referenced, but it's vibe-coded; fun to play with but just a very basic illustration.
I called it 'hodlchain' because it amusingly answers the question of whether hodling is using. You're provably removing selling pressure from other bitcoiners *and* getting additional value in spendable L2 tokens -without selling your btc! π
https://github.com/AdamISZ/hodlchain-paper/blob/master/hodlchainv1.pdf
Honestly a really interesting argument going on in this thread.
View quoted note β
Am I right that we still don't know how the FBI got hold of the 127000 btc from the Prince Group (while they failed to extradite the guy, ofc, the CCP grabbed him)?
Same story for the 63(?) Btc from the Colonial pipeline ransomware from a few years back.
I guess it's about hacking, but if it's anything else, that could be interesting.
Citrea, which has been live on mainnet since January, uses basically the entire BitVM stack to create ~ trustless proof of a valid withdrawal.
But then it also lets N of N signers just sign off an exit unconditionally?. Section 8 of their Clementine bridge protocol paper:
"Optimistic Payout. The protocol we described above guarantees that any peg out is completed
even if all Signers are offline and all but one are malicious. However, if all Signers are honest and
online, they have some time (in Clementine, it is β 1 hour) to sign an issue a userβs peg out by
posting an OptimisticPayout transaction. This transaction resembles the Payout transaction, with
only two differences: (i) it spends the output of the MoveToVault transaction, so that the funds
given to the user do not come from the Operator, and (ii) there is no OP RETURN output. If no
OptimisticPayout transaction appears on-chain within some time, the peg out request is picked
up by the Operator and the Clementine continue as described in Section 5. To enable the optimistic
payout, Signers must not erase their keys, making the protocol secure against a non-adaptive adversary."
I've spent the last half hour trying to find any discussion of this. It looks like a very bizarre decision as it seems to throw away most advantages over multisig federation control. Notice how the signing keys have to remain essentially hot.

IACR Cryptology ePrint Archive
Clementine: A Collateral-Efficient, Trust-Minimized, and Scalable Bitcoin Bridge
This whitepaper introduces Clementine, a secure, collateral-efficient, trust-minimized, and scalable Bitcoin bridge based on BitVM2 that enables wi...