Ethan Heilman EthanHeilman

Rationale

Ethan Heilman's rationale for the current covenant proposals document on the Bitcoin wiki. This is likely to change over time.

My rationale is guided by the following principles:

I am not evaluating based on what I rate the consensus to be, but on what I think we should activate.
In cases where two proposals have roughly the same functionality, I do not pit them against each other. I ask, would I be conformable activating either one.

Currently my rationale focuses most heavily on CAT, as I am most familar with CAT. This is likely to change as I continue to update this document.

I, Ethan Heilman, am writing this in 2024.

OP_FFS was an idea written up by Jeremy Rubin in 2017, during an email conversation with Ethan Heilman about a streaming hash function bitcoin opcode. I am sharing it as it is sometimes referenced in public discussions but was not previously public and it felt like it should be public. For instance there was some discussion referring to OP_FFS on [the bitcoin-dev mailinglist in 2019] (https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-October/017355.html) and more recently on twitter in 2024.

This should not be read as a BIP proposal, BIP draft or endorsement, there are just notes written up during private correspondence. This is being published with Jeremy's express permission.

From Jeremy's email to me:

--------BEGIN BIP----------------

The following script allows everyone to spend; the shorter your signature the earlier you can spend.

OP_SIZE
OP_CHECKSEQUENCEVERIFY OP_DROP

OP_CHECKSIGVERIFY

The point R = 1/2 G has the smallest known x coordinate -- x = 0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63. If the public key is chosen P = 1 G then the ECDSA signature becomes s=2(H(m)+x). So, the smaller H(m) the smaller s (as long as it is bigger than x ~ 2^165). Thus, the above output is spendable by the miner mining the lowest TX hash.

FAQ on the xz-utils backdoor

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that gives developers lossless compression. This package is commonly used for compressing release tarballs, software packages, kernel images, and initramfs images. It is very widely distributed, statistically your average Linux or macOS system will have it installed for

	package pktoken_test

	import (
	"bytes"
	"crypto"
	"crypto/ecdsa"
	"crypto/rand"
	"crypto/sha256"
	_ "embed"
	"encoding/asn1"


	import (
	"testing"

	"github.com/stretchr/testify/require"
	)

	type Fruit interface {
	Size() string
	Look() string

	8th of September

	IOTA team has already responded to the paper published by Neha Narula.
	It was me who created Curl and IOTA signature scheme in those old days when there was no IOTA Foundation.
	I feel obliged to provide my own response, but it will take several days.
	To speed-up the process I'm publishing my letters sent to Neha's team, they contain a lot of technical details which will be helpful to those who understand IT and Cryptography.
	I've removed the words written by the others, so I don't need to ask them for a permission (which would take a lot of time to get).

	Spoiler for those who don't like reading walls of text:
	For more than a decade I have been working on techniques of open-source software protection.