Here you can find some examples of things that I made and am proud of.
My main guiding principle is to make something that I can watch 1000s of times and don’t get bored of.
Why would you work with me?
Well, when is the last time you meet someone that has a deep technical understanding of Bitcoin, is visually literate, and good at communicating complex concepts?
In this video, waxwing explains what are the good proprieties of a signature scheme and why Schnorr Signatures are almost an inevitable design choice.
I directed this video and also took care of the cinematography and editing.
The intro was created by me.
Chaumian mints in Bitcoin
This is a recording of waxwing presentation about Chaumian Cash at our meetup.
He starts off with the history pre-Bitcoin, goes through the math/cryptography behind this, and then we take a look at projects using Chaumian things in Bitcoin today.
I felt the presentation is the perfect Bitcoin content, according to my standards, so I just had to make a trailer for it.
I, of course, filmed and main the video, but really here I am trying to show off my editing skills.
CoinJoin Expert reacts to Twitter comments
I’ve always found interesting the difference in the perception of the crowd of a certain subject and what the “experts” think.
So I went on Twitter and asked people what is a CoinJoin?.
After that, I showed the tweets to waxwing and started filming.
Even though the tone of the video was pretty lighthearted, there it’s full of interesting nuances, the most jaw-dropping being “Satoshis don’t exist.”
I directed, filmed, and edited the video.
If you follow me on Twitter, you know I am very interested in the topic of Entropy.
The main reason is that it is very relevant for Cryptography, and besides the fact that Bitcoin uses a LOT of cryptography, so does almost everything else that has to do with computers.
After spending 3 months digging into the topic and running experiments, I put together this talk to present my results.
In the talk I cover:
- Entropy attacks on specialized Bitcoin Hardware
- History of backdoors
- Multiple ways to generate your own entropy
- My experiments for testing entropy(measuring coin-tose and dice)
- Entropy loss is logarithmic
Everything you see in the video and the presentation was done by me.
I am a big fan of Twitter threads.
I really like that they force you to communicate ideas in interesting ways.
Also considering that most of the Bitcoin drama takes place on Twitter, the viewer does not have to live on the website to be entertained.
These are threads I spent quite some time on and carefully crafted.
Bitcoin Difficulty Adjustment
While scrolling through Twitter I notice that someone miscalculated the chance of a hash being valid .0000000000000000000000798% by one “0“.
Someone was wrong on the internet!
Of course, I corrected them, but I just got stuck on the topic and started reading old snippets of the Satoshi code.
One week later the thread was out.
In this thread I cover:
- Difficulty adjustment vs. Target
- 3 rules Bitcoin has for timekeeping
- The famous Satoshi off-by-1 bug
- Time warp attack, enabled by the bug
- The retargeting period is actually 2 weeks, 20 minutes, 1.191658 seconds
- Old comments in the code that shows Satoshi’s intention
While exploring the topic of Entropy, I came to the realization that there is only 1 thing in the universe that is truly random – Nuclear Radiation.
But radio-active material is hard to get a hold of and its dangerous!
After realizing I can get some from a fire alarm, I just had to use this for Bitcoin BIP39 seeds.
In case is not obvious, I managed to map the time between radio-active particles decaying to a Bitcoin seed, using household items!
This is the project I am the proudest of.
After seeing my thread Arceris made his own version.
I have always maintained that general hardware is better for generating Bitcoin seeds because it’s way harder to target.
After diving into the SeedSigner project, I fell in love and had to do a thread about it.
The thread covers everything from assembly to signing transactions.
You can also find the thread in article form published in Bitcoin Magazine.
Bitcoin Core entropy handling
While exploring the topic I naturally wondered how Bitcoin Core handles the incredibly sensitive and seminal operation of key generation.
After asking everyone that I know no one could offer me a good answer.
I even asked on Twitter.
After 1 month of reading the undocumented code, I had this diagram.
Naturally, I had to make a thread about it. 🙂
How Random Number Generators can be compromised
While listening to the Citadel Dispatch e0.3.3 I heard Odell say “One of the big conspiracy theories is that those Random Number Generators are compromised by Intel and stuff“.
Someone on the internet was wrong!
I put my tinfoil hat on and made a thread.
The thread goes over multiple examples of how various entities inserted entropy backdoors(software and hardware) and how current devices are vulnerable to entropy attacks.
From entropy to a Bitcoin Address
I found this very cool website that shows you in real time how entropy is transformed in an address.
Besides the fact that this is an incredibly useful pedagogical tool, it’s one of the coolest things I ever came across.
I followed with a thread where I explain each step in the process.
How to get the message engraved by Satoshi in the blockchain
I am sure everyone is familiar with the “Chancellor on brink of second bailout for banks” newspaper headline that Satoshi engraved in the genesis block.
The thread showcases a bit of CLI-fu on how to get the message from your own Umbrel node.
Threads made on the spot
These threads were written on the spot and are things I felt I had some interesting insight on.
So no pretty pictures here.
I have just pasted the content here for easier reading.
Casino dices are superstition
It is a well-known fact, that I get triggered when people say you need to use casino dice for your Bitcoin seeds.
In the following thread, I mathematically prove that even the most crooked dice would still end up generating a secure Bitcoin seed.
Casino dice for #Bitcoin keys or BIP39 seeds(ONLY for these) are superstition.
Entropy loss is logarithmic.
In the 1st page of his seminal paper “A Mathematical Theory of Communication” he ponders over what would be a good function to measure entropy.
Intuitively this means that even if your coins or dice would be deformed( not more than observable with the naked eye) the biases or entropy loses counts less.
Let’s take the example of a coin and a dice with SEVERLY EXTREME biases.
We roll a coin 128 times for a 12 word seed – 128bits
Bias: 20% – heads 80% – tails
entropy = -128[0.2*log2(0.2) + 0.8*log(0.8)] = 92.4 bits.
Anything over 80 bits is considered secure.
So the limit of security is 80/128 = 0.626
A perfect dice has entropy = log2(6) = 2.59
0.626 x 2.59 = 1.61 bits per dice.
Even if a dice has
25% prob for 1,2,3,4
0% prob for 5,6
This means 2 bits of entropy for the dice.
When used 128 times -> 99 bits of entropy.
Interesting fact about coins.
They can not be loaded by changing the weight of each side.
So any coin you will ever get its fair for crypto purpose, as long as you catch it in your hand.
Leaving a coin to spin on a surface can introduce biases up to 80/20.
A VERY important fact is that this is only true for Bitcoin private keys and BIP39 seeds.
This is NOT true when it comes to entropy in other paces.
For example in signatures like ECDSA or Schnorr, even 1 single bit of bias can expose your private key.
Who created secp256k1(Elliptic Curve used by Bitcoin)
The security of all Bitcoins is based(mainly) on this formula y² = x³+7, which Satoshi chose out of multiple formulas.
This formula is an unusual choice, considering is not used anywhere else except Bitcoin.
This of course led to multiple speculations of backdoors and other conspiracy theories.
In this thread, I go over what data is publicly available to provide an answer to the question “Who is the creator of secp256k1?”
Standards for Efficient Cryptography Group – Certicom Corp.
Regarding what person personally came up with the parameters, it COULD be Minghua Qu.
In ’13 some people tried digging up the answer and contacted the person listed on the pdf.
Dan Brown responded to the inquiry and said that he does not honestly know, but will try to find out.
He also explains that there should not be reasons to worry about backdoors, and gives some reasons, some people were skeptical.
Digging through the thread most of the parameters were explained.
p is the smallest prime that satisfies
p = 2^256 - 2^32 - t where
t < 1024
With this, we look for the smallest a,b that result in an elliptic curve, hence
a = 0, b = 7.
Apparently, if the a & b are small you can get some efficiencies when you implement operations.
And the last part is the G, which I think it was concluded that it was random, or some kind of nothing-up-my-sleeve-number with some personal symbolism to the author.
Ok, but where did I get that name?😏
Dan, was kind enough to dig deeper and while looking through the LaTex source he found 22 seeds, which are commented in the above pdf.
And “Twelve seeds contain the ASCII string “MinghuaQu”
I think this is him? Idk, maybe I’m trying too hard.
Dlog vs. SHA256
The subject of quantum computing posing a threat to Bitcoin has almost become cliche and quite passé, but I found Vitalik posing a very interesting question.
Out of 2 main cryptographic primitives(Discrete Logarithms on secp256k1 & SHA256) used in Bitcoin, in the case of having a breakthrough in Quantum Computing, which one would break?
In the thread, I explain how attacking both of these primitives is actually really on the Birthday Paradox, and what are the similarities between them.
The thread is a reply to
Assuming quantum computers turn out to be impractical, which security assumption do you think is more likely to still hold in the year 3000?
(By “hold”, let’s say I mean “takes more than 2^100 computational steps to crack”)
– SHA256 collision resist
– DLOG over secp256k1 curve
– wtf are these words lol
This is an interesting question. I’d say SHA256 will last longer because it’s “more chaotic”.
Both of these primitives seem to be 2 very different things, but when you think about it they do the same thing.
And both have a 2^128 security limit because of birthday attacks.
Both map 1 thing on the right with another thing on the right uniquely.
Both promise irreversibility.
Both are deterministic.
Both have the same security guarantee ~ 2^128 steps of security
Both have uniformly distributed outputs. Both have 256 in their name 😛
However, the mixing/jumbling/mapping methods are different.
In secp256k1 you cycle through the order P of the group.
Or you “jump around the curve”
In SHA256 you XOR the inputs of the compression function in “creative ways”
SHA256 can take the whole world as input and map it to a 2^256 space, which in effect means that there is a 100% chance we will get a collision. (pigeon hole principle)
We should find a collision if we calculate 2^128 hashes(one average). (because birthday attack)
For perspective, the #Bitcoin network calculated ~ 1.62562×10^28 hashes and this would render a 1.5×10^-26 chance of finding a collision.
However, a collision may have occurred but we would have not known, considering no one is looking for them when mining.
Funny enough secp2561 is also set to have 2^128 steps of computation before breaking, but why?
Well if you would want to find out someone’s private key from their public key, you just have to go through all the possibilities until you find the right one.
~2^256 – m steps
Turns out that the lad called John Pollard came up with their algorithm for factorizing composite numbers in sqrt(N).
And now you are thinking, hold on, we are using elliptic curves here and discrete logs, well it works pretty much the same.
And the reduction in search space comes from the same reason we got it in the SHA256 – the birthday problem.
This for me was very surprising as they are different primitives but make sense.
There are other alogs and variations, and some perform better than others.
There are of course a LOT of nuances and breaking the 2 can mean a lot of things, but I though it was interesting to point out the similarities.
If we go on historical data, hash functions have always broken, but so did all our old tech.
What’s your answer?
Even though I film with digital cameras, I want to emulate the film look.
Because the soft and organic look of the film(celluloid) is closer to how the human eye perceives visuals and most people got used to the “film” look, from watching movies all their life.
So I went to Wolverhampton and filmed stuff that I think looked interesting.
Even though I’ve been bitcoining for 11 years, I have been filmmaking for barely 2 years, so I try to practice framing things every day.
Here is a selection of my photos
You can find more on my Instagram: https://www.instagram.com/alex_something_7/