nostrgram
Iris
snort
A few browsers.
I don't spam, but without a delete button, how do we correct our posted errors?
Can you see me on the private relay?
Post the relay, please.
This is what you guys need to worry about instead of ordinals (cc: #[3] #[6] #[4] #[1] #[2] #[7] ) 😉
"The private key
* MUST be set before generating the signature itself, but message
* data can be input before setting the key.
*
* Instances are NOT thread-safe. However, once a signature has
* been generated, the same instance can be used again for another
* signature; {@link #setPrivateKey} need not be called again if the
* private key has not changed. {@link #reset} can also be called to
* cancel previously input data. Generating a signature with {@link
* #sign} (not {@link #signHash}) also implicitly causes a
* reset.
*
* Redistribution and use in source and binary forms, with or without
* modification, is permitted pursuant to, and subject to the license
* terms contained in, the Simplified BSD License set forth in Section
* 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents
* (http://trustee.ietf.org/license-info)."
https://www.rfc-editor.org/rfc/rfc6979
A.3. Sample Code
We include here a sample implementation of deterministic DSA. It is
meant for illustration purposes; for instance, this code makes no
attempt at avoiding side-channel leakage of the private key. It is
written in the Java programming language. The actual generation of
the "random" value k is done in the computek() method. The Java
virtual machine (JVM) is assumed to provide the implementation of the
hash function and of HMAC.
// ==================================================================
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
/**
* Deterministic DSA signature generation. This is a sample
* implementation designed to illustrate how deterministic DSA
* chooses the pseudorandom value k when signing a given message.
* This implementation was NOT optimized or hardened against
* side-channel leaks.
*
* An instance is created with a hash function name, which must be
* supported by the underlying Java virtual machine ("SHA-1" and
* "SHA-256" should work everywhere). The data to sign is input
* through the {@code update()} methods. The private key is set with
* {@link #setPrivateKey}. The signature is obtained by calling
* {@link #sign}; alternatively, {@link #signHash} can be used to
* sign some data that has been externally hashed. The private key
* MUST be set before generating the signature itself, but message
* data can be input before setting the key.
*
* Instances are NOT thread-safe. However, once a signature has
* been generated, the same instance can be used again for another
* signature; {@link #setPrivateKey} need not be called again if the
* private key has not changed. {@link #reset} can also be called to
* cancel previously input data. Generating a signature with {@link
* #sign} (not {@link #signHash}) also implicitly causes a
* reset.
*
* ------------------------------------------------------------------
* Copyright (c) 2013 IETF Trust and the persons identified as
* authors of the code. All rights reserved.
*
Pornin Informational [Page 70]
RFC 6979 Deterministic DSA and ECDSA August 2013
* Redistribution and use in source and binary forms, with or without
* modification, is permitted pursuant to, and subject to the license
* terms contained in, the Simplified BSD License set forth in Section
* 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents
* (http://trustee.ietf.org/license-info).
*
* Technical remarks and questions can be addressed to:
* pornin@bolet.org
* ------------------------------------------------------------------
*/
public class DeterministicDSA {
private String macName;
private MessageDigest dig;
private Mac hmac;
private BigInteger p, q, g, x;
private int qlen, rlen, rolen, holen;
private byte[] bx;
/**
* Create an instance, using the specified hash function.
* The name is used to obtain from the JVM an implementation
* of the hash function and an implementation of HMAC.
*
* @param hashName the hash function name
* @throws IllegalArgumentException on unsupported name
*/
public DeterministicDSA(String hashName)
{
try {
dig = MessageDigest.getInstance(hashName);
} catch (NoSuchAlgorithmException nsae) {
throw new IllegalArgumentException(nsae);
}
if (hashName.indexOf('-') < 0) {
macName = "Hmac" + hashName;
} else {
StringBuilder sb = new StringBuilder();
sb.append("Hmac");
int n = hashName.length();
for (int i = 0; i < n; i ++) {
char c = hashName.charAt(i);
if (c != '-') {
sb.append(c);
}
}
macName = sb.toString();
Pornin Informational [Page 71]
RFC 6979 Deterministic DSA and ECDSA August 2013
}
try {
hmac = Mac.getInstance(macName);
} catch (NoSuchAlgorithmException nsae) {
throw new IllegalArgumentException(nsae);
}
holen = hmac.getMacLength();
}
/**
* Set the private key.
*
* @param p key parameter: field modulus
* @param q key parameter: subgroup order
* @param g key parameter: generator
* @param x private key
*/
public void setPrivateKey(BigInteger p, BigInteger q,
BigInteger g, BigInteger x)
{
/*
* Perform some basic sanity checks. We do not
* check primality of p or q because that would
* be too expensive.
*
* We reject keys where q is longer than 999 bits,
* because it would complicate signature encoding.
* Normal DSA keys do not have a q longer than 256
* bits anyway.
*/
if (p == null || q == null || g == null || x == null
|| p.signum() <= 0 || q.signum() <= 0
|| g.signum() <= 0 || x.signum() <= 0
|| x.compareTo(q) >= 0 || q.compareTo(p) >= 0
|| q.bitLength() > 999
|| g.compareTo(p) >= 0 || g.bitLength() == 1
|| g.modPow(q, p).bitLength() != 1) {
throw new IllegalArgumentException(
"invalid DSA private key");
}
this.p = p;
this.q = q;
this.g = g;
this.x = x;
qlen = q.bitLength();
if (q.signum() <= 0 || qlen < 8) {
throw new IllegalArgumentException(
"bad group order: " + q);
Pornin Informational [Page 72]
RFC 6979 Deterministic DSA and ECDSA August 2013
}
rolen = (qlen + 7) >>> 3;
rlen = rolen * 8;
/*
* Convert the private exponent (x) into a sequence
* of octets.
*/
bx = int2octets(x);
}
private BigInteger bits2int(byte[] in)
{
BigInteger v = new BigInteger(1, in);
int vlen = in.length * 8;
if (vlen > qlen) {
v = v.shiftRight(vlen - qlen);
}
return v;
}
private byte[] int2octets(BigInteger v)
{
byte[] out = v.toByteArray();
if (out.length < rolen) {
byte[] out2 = new byte[rolen];
System.arraycopy(out, 0,
out2, rolen - out.length,
out.length);
return out2;
} else if (out.length > rolen) {
byte[] out2 = new byte[rolen];
System.arraycopy(out, out.length - rolen,
out2, 0, rolen);
return out2;
} else {
return out;
}
}
private byte[] bits2octets(byte[] in)
{
BigInteger z1 = bits2int(in);
BigInteger z2 = z1.subtract(q);
return int2octets(z2.signum() < 0 ? z1 : z2);
}
/**
Pornin Informational [Page 73]
RFC 6979 Deterministic DSA and ECDSA August 2013
* Set (or reset) the secret key used for HMAC.
*
* @param K the new secret key
*/
private void setHmacKey(byte[] K)
{
try {
hmac.init(new SecretKeySpec(K, macName));
} catch (InvalidKeyException ike) {
throw new IllegalArgumentException(ike);
}
}
/**
* Compute the pseudorandom k for signature generation,
* using the process specified for deterministic DSA.
*
* @param h1 the hashed message
* @return the pseudorandom k to use
*/
private BigInteger computek(byte[] h1)
{
/*
* Convert hash value into an appropriately truncated
* and/or expanded sequence of octets. The private
* key was already processed (into field bx[]).
*/
byte[] bh = bits2octets(h1);
/*
* HMAC is always used with K as key.
* Whenever K is updated, we reset the
* current HMAC key.
*/
/* step b. */
byte[] V = new byte[holen];
for (int i = 0; i < holen; i ++) {
V[i] = 0x01;
}
/* step c. */
byte[] K = new byte[holen];
setHmacKey(K);
/* step d. */
hmac.update(V);
hmac.update((byte)0x00);
Pornin Informational [Page 74]
RFC 6979 Deterministic DSA and ECDSA August 2013
hmac.update(bx);
hmac.update(bh);
K = hmac.doFinal();
setHmacKey(K);
/* step e. */
hmac.update(V);
V = hmac.doFinal();
/* step f. */
hmac.update(V);
hmac.update((byte)0x01);
hmac.update(bx);
hmac.update(bh);
K = hmac.doFinal();
setHmacKey(K);
/* step g. */
hmac.update(V);
V = hmac.doFinal();
/* step h. */
byte[] T = new byte[rolen];
for (;;) {
/*
* We want qlen bits, but we support only
* hash functions with an output length
* multiple of 8;acd hence, we will gather
* rlen bits, i.e., rolen octets.
*/
int toff = 0;
while (toff < rolen) {
hmac.update(V);
V = hmac.doFinal();
int cc = Math.min(V.length,
T.length - toff);
System.arraycopy(V, 0, T, toff, cc);
toff += cc;
}
BigInteger k = bits2int(T);
if (k.signum() > 0 && k.compareTo(q) < 0) {
return k;
}
/*
* k is not in the proper range; update
* K and V, and loop.
*/
Pornin Informational [Page 75]
RFC 6979 Deterministic DSA and ECDSA August 2013
hmac.update(V);
hmac.update((byte)0x00);
K = hmac.doFinal();
setHmacKey(K);
hmac.update(V);
V = hmac.doFinal();
}
}
/**
* Process one more byte of input data (message to sign).
*
* @param in the extra input byte
*/
public void update(byte in)
{
dig.update(in);
}
/**
* Process some extra bytes of input data (message to sign).
*
* @param in the extra input bytes
*/
public void update(byte[] in)
{
dig.update(in, 0, in.length);
}
/**
* Process some extra bytes of input data (message to sign).
*
* @param in the extra input buffer
* @param off the extra input offset
* @param len the extra input length (in bytes)
*/
public void update(byte[] in, int off, int len)
{
dig.update(in, off, len);
}
/**
* Produce the signature. {@link #setPrivateKey} MUST have
* been called. The signature is computed over the data
* that was input through the {@code update*()} methods.
* This engine is then reset (made ready for a new
* signature generation).
*
Pornin Informational [Page 76]
RFC 6979 Deterministic DSA and ECDSA August 2013
* @return the signature
*/
public byte[] sign()
{
return signHash(dig.digest());
}
/**
* Produce the signature. {@link #setPrivateKey} MUST
* have been called. The signature is computed over the
* provided hash value (data is assumed to have been hashed
* externally). The data that was input through the
* {@code update*()} methods is ignored, but kept.
*
* If the hash output is longer than the subgroup order
* (the length of q, in bits, denoted 'qlen'), then the
* provided value {@code h1} can be truncated, provided that
* at least qlen leading bits are preserved. In other words,
* bit values in {@code h1} beyond the first qlen bits are
* ignored.
*
* @param h1 the hash value
* @return the signature
*/
public byte[] signHash(byte[] h1)
{
if (p == null) {
throw new IllegalStateException(
"no private key set");
}
try {
BigInteger k = computek(h1);
BigInteger r = g.modPow(k, p).mod(q);
BigInteger s = k.modInverse(q).multiply(
bits2int(h1).add(x.multiply(r)))
.mod(q);
/*
* Signature encoding: ASN.1 SEQUENCE of
* two INTEGERs. The conditions on q
* imply that the encoded version of r and
* s is no longer than 127 bytes for each,
* including DER tag and length.
*/
byte[] br = r.toByteArray();
byte[] bs = s.toByteArray();
int ulen = br.length + bs.length + 4;
int slen = ulen + (ulen >= 128 ? 3 : 2);
Pornin Informational [Page 77]
RFC 6979 Deterministic DSA and ECDSA August 2013
byte[] sig = new byte[slen];
int i = 0;
sig[i ++] = 0x30;
if (ulen >= 128) {
sig[i ++] = (byte)0x81;
sig[i ++] = (byte)ulen;
} else {
sig[i ++] = (byte)ulen;
}
sig[i ++] = 0x02;
sig[i ++] = (byte)br.length;
System.arraycopy(br, 0, sig, i, br.length);
i += br.length;
sig[i ++] = 0x02;
sig[i ++] = (byte)bs.length;
System.arraycopy(bs, 0, sig, i, bs.length);
return sig;
} catch (ArithmeticException ae) {
throw new IllegalArgumentException(
"DSA error (bad key ?)", ae);
}
}
/**
* Reset this engine. Data input through the {@code
* update*()} methods is discarded. The current private key,
* if one was set, is kept unchanged.
*/
public void reset()
{
dig.reset();
}
}
// ==================================================================
Pornin Informational [Page 78]
RFC 6979 Deterministic DSA and ECDSA August 2013
Author's Address
Thomas Pornin
Quebec, QC
Canada
EMail: pornin@bolet.org
I see it differently #[0] #[1] .
(1) Miners arw being paid for a block size whether its full or empty, a block is a block,
(2) sats are a legitimate form of payment the same as "This Note is legal tender for all debts public or private" listed on cash bills and used the smae as an exchange of funds between individuals outside of the banking network, and
(3) sats are now a form of "cash."
cc: #[2] #[3]
Come listen to #[0] and others on nostr users on https://spaces.nostrplebs.com/general and post your feedback on #nostrplebs.
I don't the Nostrgram layout because I like smooth scrolling. Tumblr has the option for multi column or single colum. It should have the option.
If you say so, I'll check it out.
THE NOSTR REPORT
The Great Firewall of China
Feb 2, 2023
Block Height:
774,777
Moscow Time
4,224
⚡/ $
—--------------------------
🎙Quote of the Day🎙️
—--------------------------
#[0] “The whole point of nostr is that it can't be stopped simply by taking an app off the app store.
If the CCP or Charlie Munger want it banned you're probably doing something right.”
#[1]
—--------------------------
🚨Headline Nostr News🚨
—--------------------------
Damus App approval brings on tsunami 🌊 of new users and reaches 56k app store downloads and steadily climbs up charts of most popular app. #[2] #[3]
#[4] notes that most of these users appear to be from China according to his relay data #[5]
Unfortunately, Damus was quickly 👀banned from the China App Store with the Cyberspace Administration of China 👀citing illegal content. Good thing Damus didn’t get put on the China app store on 🍆D-Day🍆.
#[6]
Even though Damus App is now banned in China, it appears that some relays are still able to service Chinese clients.
#[7]
Speaking of relays, the surge in popularity of nostr has caused relays to be overwhelmed with record number of clients connecting. Eden relays hit with 800k new requests from China and 600k from US clients. Cameri and FiatJaf think scaling horizontally is the only solution.
#[8]
#[9] reminds us that GitHub is a centralized service subject to US sanctions and can be blocked by the Great Firewall, increasing the utility for a Nostr GitHub replacement. FOSS is incredible but needs to be hosted on a decentralized service to reach its full potential.
#[10]
#[11] poses the question: “are ordinals an ⚔️attack⚔️ on #Bitcoin?” Luxor mining admits to stealing pool contributors hash in order to pull off the 4MB jpeg stunt with Udi and Eric Wahl.
#[13]
—--------------------------
🏝️Nostrica Update🏝️
—--------------------------
#[14] notes that 360 virtual participants have signed up so far!
#[15]
—--------------------------
🖥️nostr Tech🖥️
—--------------------------
#[16] and #[17] collaborate on wss://puravida.nostr.land, the first ♀️female-run♀️ paid relay, to the family of nostr.land relays!
#[18]
#[19] Damus is 2nd most popular social network app in Hong Kong on the App Store.
#[20]
#[21] ⚠️EU bans Linux OS⚠️!!
#[22]
#[23] reiterates the “dumb relay” / “smart client” ethos of nostr and says that clients should be able to find people on different relays.
#[24]
#[25] NVK reports stats from BRB.io
#[26]
#[27] Terry Yiu implores developers to use open source translators rather than centralized platforms like Google Translate.
#[28]
#[29] The Rise of Paid Nostr Relays
#[30]
—--------------------------
⚡nostr Business⚡
—--------------------------
#[31] 🤡⚠️Charlie Munger (99) gives policy and investing advice⚠️🤡.
#[32]
#[33] Don’t get scammed by Damus tokens being sold on shitcoin exchanges.
#[34]
#[35] ⚡Zeus⚡ wallet has POS at Pubkey bar in 🗽NYC🗽 all “yous” NYC nostriches should check it out. https://pubkey.bar/
#[36]
—--------------------------
🎩nostr Lifestyle🎩
—--------------------------
#[37] becomes a 📖book🔥 burner and claims books are useless because all knowledge comes from wisdom which is learned in the streets. Wu Tang Clan was not available for comment.
#[38]
#[39] has some deep thoughts on horizontal and vertical scaling issues of relays running the Nostr protocol.
#[40]
—--------------------------
🩺Nostr Health of the Network🩺
pubkeys
403,092
events
1,704,223
relays
272
Source nostr.io/stats
—--------------------------
🔥🔥Meme of the Day🔥🔥
—--------------------------
#[41] Morpheus knows You can’t ban nostr 🟣💊!
#[42]
—--------------------------
Stay Classy Nostr.
Bookmark
lnbc31700n1p3amzwppp5djs64atw5nagt7fx05acfmmr46y8lykveye3a3396wfsrk9tcc3sdqu2askcmr9wssx7e3q2dshgmmndp5scqzpgxqyz5vqsp5mzwgavq8sr4uttcsmwa64959lp7adlktatplvvnkl2zmp23drmrq9qyyssq98u9jfpey8pspvw3v07saf7f87w5rj7qhlhxy7x0tna80x8e9sy97xty4llwwx5gnujr5hvw98ahkhjy6x4klndaqsylf6c6va845hcpnd4uqn
It must be in Damus because I don't see a button in iris.
China is using the andriod apk's, working on an apple sideload, and sharing the app they already downloaded 😜.
No. If the device has it, the device would have to delete it. And China is a running a back already and opened a second group in wechat a couple of hours ago.
Chinese 🇨🇳 have learned that the CCP may stop the client from being downloaded, but users can still sideload the app and the CCP cannot stop the protocol.
Welcome new Nostr users! We call ourselves Nostriches around here. It's a long story 😂 If you want to get a shiny check mark for your name, head on over to the most popular and best NIP-05 ID provider around! Visit https://nostrplebs.com to get an identity for your public key. These IDs are a nice human readable format for your hard to remember public key. We also provide a wide variety of Nostr related services that you won't find elsewhere. And the best part? We are constantly adding new services! Just yesterday we added vanity profiles for our users. 🤙
❗ (So expensive). I cannot even get free tip of sats and all I have is AMEX Centurion Black to buy in but the bottom has not hit, yet. 😉
Now, if someone will tip me, the valuation may increase?