P2P or NGMI

His nostr profile btw:

npub1ur8m24ya8nmakn38xmuwr0yy7cjgdtm6gy54mpnudgcngkgyy55qxc58yl

🔥

https://fountain.fm/show/lMPJwZjJkDlElgdx8sxY

nostr:nevent1qvzqqqpxquqzpkdh05t9tkl33kg5x6489mndep0lzgqanwhxu27y7hy07jx9vamxlq9ddx

Add me please

https://gist.github.com/jaonoctus/ec40e7b8ecdf77918281f07ef147ac28

Cashu is simple. Don't trust, verify:

MATH TIME LFG

Alice generate random values x, and r.

She then calculate public keys from this secrets

Y=h'(x)

R=rG

Now she do a aggregate public key, by adding the previous two public keys together. x is the secret and r is called private blinding factor.

T = Y + R

Then she sends T to Bob, the mint. He cannot tell how T was generated because he doesn't know the other values and multiplication in a elliptic curve is what we call "a random walk". This mathematical puzzle is known as Discrete Logarithm Problem (DLP).

Bob has a special keyring, holding private and public key pairs, one for each amount power of 2. Let's say Alice is minting 1 sat so than Bob pick the 1-sat-key-pair.

B=bG

Now he mix his private key with the public key he just received.

Q = bT

And then he sends back to Alice this new point on the curve.

But look! She knows T already, right? She can do a process that we call unbliding, by subtracting the mix of the little r and Bob's public key.

Z = Q - rB

Let's replace the variables here to know what the result of this means:

Z = bT - rB

Z = bT - rbG

Z = b(Y + R) - rbG

Z = bY + bR - rbG

Z = bY + brG - rbG

So, we actually have the same number here, brG equals rbG, cancelling each other. So then

Z = bY

Now Alice holds a value that means Y multiplied by Bob's private key. Alice have no idea what little b is and Bob have never seen Y!!! B.D.H.K.E. is really cool, huh?

How Alice knows for sure that Y is mixed with bob's private key tho, because she can't see little b, remember, DLP?

Bob will also send a fiat-shammir commitment for Alice, that is a schnorr signature.

---

Pause to talk about schnorr signatures.

signature = private nonce + commitment * private key.

P = dG

Where little d is the private key, P is the public key

J = jG

Where little j is the private nonce, J is the public nonce

So we have

s = j + ed

Where little e is the hash of the stuff we want to "prove" against our private key

e = h(J|P|m)

Where m would be any message.

How do we verify that is is a valid signature? We know that the public key is the little private key d times the generator point G.

P = dG

So, what if the verifier do the same math but with the public key instead? Let's multiply everything by G then.

sG = jG + edG

sG = J + eP

If the left side of the equation is equal to the right side, everything is good. You just did the same math that the signer did, but with public information!

---

Back to Bob now!

He wants to prove to Alice that he actually did Q = bT, without showing to her his private key, little b. What if he do a signature?

s = j + eb

mmmmm 🤔 this proves shit, nothing. BUT WAIT. do you see that little b is in the formula? And we want bT. Right? What if we multiply everything by T then?

sT = jT + ebT

sT = jT - eQ

Cool. Let's call J1 = jG and J2 = jT

Could Alice recompute both values with public information? Yes!

if J1 is j multiplied by G, then

s = j + eb

- j = -s + eb

j = s - eb

jG = sG - ebG

J1 = sG - eB

What about J2? Same as above, but multiplying everything for T.

j = s - eb

jT = sT - ebT

J2 = sT - eQ

Now, if

sG = J1 + e(J1|J2|B|Q)Q

Then she knows that Bob indeed used his private key little b. This is a zero knowledge proof, DLEQ (BIP374), because Bob was able to show to Alice he used the private key b without showing it to her.

Now the final piece. If she wants to spend the token or sended to someone.. The person needs to show to Bob (x, Z)

Bob will verify the following, does this value, used in the hash_to_curve function, combined with my private key, equals the proof Z?

h'(x) * b = Z

Yb = Z

If so, I've mixed this value I've never seen with my private key?? Yes. Wuuut.

So Bob will accept this as a valid token, marking it as spend (or, now seen). He has no idea that the T has any relation with this (x, Z)

e-Cash solves privacy, not custody/trust.

Math is beautiful and privacy is not a crime.

How do I join

cc nostr:nprofile1qqsgdp0taan9xwxadyc79nxl8svanu895yr8eyv0ytnss8p9tru047qpp4mhxue69uhkummn9ekx7mqprpmhxue69uhkummnw3ezuumswfhhvmm0wd6zumnvzhv2s3

Reworked https://bitcoin-snapshots.jaonoctus.dev into a torrent-based site.

No direct downloads — just clean, decentralized distribution.

Ideal if you're spinning up nodes fast, hacking on bitcoin core, or just sick of syncing from block 0.

Seed if you can 🙏

#bitcoin #assumeutxo

GM

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

Date: May 12, 2025

Chaintip: 000000000000000000020f4edda4f3360a96d80c49e2c8590dadd02f8808a432

For a number of reasons, I have recently set up a new OpenPGP key,

and will be transitioning away from my old one.

The old key will continue to be valid for some time, but I prefer all

future correspondence to come to the new one. I would also like this

new key to be re-integrated into the web of trust. This message is

signed by both keys to certify the transition.

The old key was:

pub rsa4096/0x782C165A293D6E18 2022-04-05

Key fingerprint = 6B45 7D06 0ACE 363C 9D67 D8E6 782C 165A 293D 6E18

And the new key is:

pub ed25519/0xD8F31505B581D617 2025-05-06

Key fingerprint = 7B69 6A61 6F73 1337 520B 8A19 D8F3 1505 B581 D617

To fetch the full keys, you can simply do:

curl -fsSL https://github.com/jaonoctus.gpg | gpg --import

If you already know my old key, you can verify that the new key is

signed by the old one:

gpg --check-sigs 0xD8F31505B581D617

If you don't already know my old key, or you just want to be double

extra paranoid, you can check the fingerprint against the one above:

gpg --fingerprint 0xD8F31505B581D617

If you are satisfied that you've got the right key, and the UIDs match

what you expect, I'd appreciate it if you would sign my key:

gpg --sign-key 0xD8F31505B581D617

Lastly, if you could upload these signatures, i would appreciate it.

You can either send me an e-mail with the new signatures: (if you have

a functional MTA on your system):

gpg --armor --export 0xD8F31505B581D617 | mail -s 'OpenPGP Signatures' jaonoctus@protonmail.com

Or you can just upload the signatures to a public keyserver directly:

gpg --keyserver keyserver.ubuntu.com --send-key 0xD8F31505B581D617

Please let me know if there is any trouble, and sorry for the

inconvenience.

Best,

jaonoctus

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEa0V9BgrONjydZ9jmeCwWWik9bhgFAmgiSbAACgkQeCwWWik9

bhiJzg/9G65gEpwKung9DYzY/dkTyHl6dplnDxx7PNvr1EkoElC/QdXZO/Kx6mMv

rGHZYhEDzSL9vM1zkaBjDCBuSp9ameCHBorfCwabjsz4CHmxr/ubdC02B4idpli2

7ONSGUuzbEHsDbpY20I7mH9WsUsbmO+wyjUUqUuKmWZsjndpZ2ZrqwLbCYnjOoxK

qM+w8x+ShuiZ+awoNTDCXVJ4vD2JlOGrDRiFuDkysOxQ7SBMJDdXbCNOtDM6rMzF

Y8JZYR+VawkGh0ra/hzeaoKUECUWVmDS4wiFBxOEdU/CApMfsdcdqlBAs2vQ0Uim

HA90cFFNNWTqqJgOgo5+5rK19N1drnrNYkdiilsfJIkg/kiEp6AWzFCjP0td4URK

jAb57TxdU6iQ9tMMTP4Y2WVfMx5TgKn8asIi4sQ+PG9IBtLqnlp48l0y/V+kCUbs

L3+lZD3dA5MU3lclM1J6273co2oCedCTQH2JS6bnkRvVUf6JuKXCHYe1Gi/2uigg

Pd9hhuxv73eKEBl9+k2upyR7ICzwrWKsRnDlG6TJ1922PyX7hzv4iGnNAAxP758V

ynICmaBIlrC6ADpgfvTxkHUDpRMoIJOm+dWBi469LC6xac+15S0+PH5ue6BpjA1I

QMf3foM3sc92QoE8asdlp1+9Zgyx3jY0s7Tu6pJ/+Kst+iEeZv2IdQQBFgoAHRYh

BHtpamFvcxM3UguKGdjzFQW1gdYXBQJoIkm1AAoJENjzFQW1gdYX46wA/2Mul4NG

/bvzXx6IC5PNX/tlBwBxGR6JvDn2bESKpgr4AQDH/LQx2RXec9To8kY/Hd/qfvig

mTnXlsx2pv6LNwQ1Aw==

=U4KC

-----END PGP SIGNATURE-----

🤘

GM

F1rst qualifying of the year LFG

Buenas!

Buying some coffee and chocolate at Beats Coffee with nostr:nprofile1qqsv73e7h6tndwngn3ccmc74auufpx722ldncw8rl8087hddljyw6mcpzfmhxue69uhkummnw3ezu7nzvshxweccprsge⚡🤙

📍 https://www.instagram.com/beatscoffeeshop

https://m.primal.net/PdSG.mp4

GM nostr:nprofile1qqsrhuxx8l9ex335q7he0f09aej04zpazpl0ne2cgukyawd24mayt8gprfmhxue69uhkcmmrdd3x77pwve5kzar2v9nzucm0d5hszxnhwden5te0wpuhyctdd9jzuenfv96x5ctx9e3k7mf0rr5cq2

Santa Ana, El Salvador

🫡