From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 72149C0011 for ; Thu, 30 Jun 2022 21:50:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 5AB4040AC2 for ; Thu, 30 Jun 2022 21:50:33 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 5AB4040AC2 Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=kLRTa6qc X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NPBK10mZ0s9a for ; Thu, 30 Jun 2022 21:50:32 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 92049404A0 Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) by smtp2.osuosl.org (Postfix) with ESMTPS id 92049404A0 for ; Thu, 30 Jun 2022 21:50:31 +0000 (UTC) Date: Thu, 30 Jun 2022 21:50:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1656625829; x=1656885029; bh=uaZKboZB9maKRe7PmLHqwWpGDFtzFIGhTvU1+CynSoE=; h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=kLRTa6qcLb64D0dCNU5SwvcJmBnEDk7LDmjEFYS19EmCd8zwsaKueME4NnhvNzOuW /LVwRpQRCFuM03e+OmsgGM7rYI/2l5FSlfoN2N1vY0vwe0k+qAT9TNBAghy53rchou SrPWPwZuIIAbnxgkw2PPBtIOfRr9oDaBkzVf+dGNBaeM668fDE2B1cBqOUqdyrttK6 x6pW/3WyH4ybxc8VfPYP1ltksqeo4KTyC3kBZQqEotgpkKE05XcO4PMAqBGbDJ9VOp aVrFzzG+8AfT0OvtPhsjcsiUvRkl9YBx7Q0cwUEAQsWOTLyI/ecjhkZ3eD9tou7JtD CiQBFmilfLHkQ== To: Bitcoin Protocol Discussion From: AdamISZ Reply-To: AdamISZ Message-ID: In-Reply-To: References: Feedback-ID: 11565511:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 30 Jun 2022 22:04:29 +0000 Subject: Re: [bitcoin-dev] RIDDLE: Lightweight anti-Sybil with anonymity in Bitcoin X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2022 21:50:33 -0000 Just a small update to those interested: I migrated the gist due to failures of github's new equation formatting fea= ture (which unfortunately started just when I published this gist!), to [1]= (but comments still on the gist please, or here). Secondly, I did some research (including toy code) into sublinear ring sign= atures and Groth/Kohlweiss 2014 can give logarithmic scaled ring signatures= , whose security is reducible to that of the Pedersen commitments (essentia= lly ECDLP). I made a note on what this looks like concretely here [2], TLDR= 1 o 2 KB for 256-1024 keys. Open question how much the computational load = matters. (Ring sig + key image I think is effected via ring sig + "spend a = coin" part of "how to leak a secret and spend a coin", in the language of t= he paper). The above paragraph is mentioned of course to address the question of how p= ractical it might be to get genuinely big anonymity sets. In short, it migh= t be practical. Again to mention: though bilinear pairings crypto could giv= e substantially more efficient constructions, that would not work on 'bare'= secp256k1, though there might be a sensible way of 'transferring' over to = other curves (I'll leave that to others to figure out!). [1] https://reyify.com/blog/riddle [2] https://gist.github.com/AdamISZ/51349418be08be22aa2b4b469e3be92f?permal= ink_comment_id=3D4210892#gistcomment-4210892 Cheers, AdamISZ/waxwing Sent with Proton Mail secure email. ------- Original Message ------- On Sunday, June 12th, 2022 at 18:04, AdamISZ via bitcoin-dev wrote: > List denizens, > > As per the title, a suggested protocol for doing anti-Sybil that isn't to= o demanding for the users, but actually keeps a decent level of privacy. > > Notice how it's mostly focused on a user/customer of a service/product/we= bsite, but it could conceivably useful in e.g. anti-Sybil in things like Li= ghtning. > > Sorry that as usual I write rather long but there are several convenientl= y arranged sections you can click on :) > > https://gist.github.com/AdamISZ/51349418be08be22aa2b4b469e3be92f > > (with apologies for my backronym-ing sins) > > Cheers, > waxwing/AdamISZ > > > > Sent with Proton Mail secure email. > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev