dgtl_assets 🔍

Counterparty Core v11.1.0 is activating in less than 3 days (952500)! 🎉Upgrade your node ASAP! ⚙️ (It should be completely straightforward.) Headline features: - AMM liquidity pools - Indefinite DEX orders - Better Ordinals inscription metadata support - More robust UTXO selection for compose API - Tons of bugfixes and QoL improvements Release notes https://t.co/rQjhcZ6kMQ

Happy to announce another paper accepted to Crypto '26- our work on impossibility results on adaptive security for a wide class of threshold signature schemes. Our results apply to NIST efforts for standardization of threshold signatures, and give bounds on the conditions which threshold signatures can be proven adaptively secure. This is joint work with Elizabeth Crites, Mary Maller, and Michele Ciampi. https://t.co/t3MWYHtejr In this work, we develop impossibility results that classify the conditions under which threshold signature schemes can achieve non-trivial adaptive security. As a reminder, adaptive security models an adversary that can adaptively corrupt threshold signature participants throughout the lifetime of the protocol, instead of artificially fixing the set of corrupted parties at the "beginning of time." We introduce the notion of a "key-unique" threshold signature, and show that this classification is fundamental in determining the assumptions under which adaptive security can be proved. We give two results, one for any key-unique threshold signatures in general (including BLS, ECDSA, and EdDSA), and the second for threshold Schnorr signature schemes, and we show how our results apply to a wide range of existing threshold signature schemes. Our first result shows that no key-unique threshold signatures scheme can be proven secure under computational or decisional non-interactive assumptions. Our second result shows that for key-unique threshold Schnorr signatures, reductions must be straight-line (i.e., common rewinding techniques are not possible to prove security). This was a fun paper to work on, and I feel lucky to have had such excellent co-authors in this effort!

New post on https://t.co/j5UaKGaEf3! RANDAO Breaks at L*: A Post-Quantum VRF for Ethereum By: - arianaraghi 🔗 https://t.co/vcWZn45R4t Highlights: - EIP-7998’s BLS-based VRF-style RANDAO upgrade will fail at milestone L* because BLS keys are retired and there is no replacement for `randao_reveal`; a migration is required, not optional. - The most dangerous period is the hybrid I*→L* window: BLS public keys are already on-chain, so a cryptographically relevant quantum computer could recover BLS private keys (via Shor) and bias today’s RANDAO unless a post-quantum contribution is added earlier than L*. - Prior XMSS/WOTS+-based “X-VRF” approaches are fundamentally broken (FC 2024 shows WOTS+ is not unique-signature in the needed sense), and using leanSig signatures directly does not provide VRF uniqueness; uniqueness must not depend on WOTS+ chain behavior. - The proposed fix is a PRF-commitment VRF: derive `vrf_sk` from the validator’s leanSig seed via domain-separated Poseidon, compute output `y = H(vrf_sk, x)`, and include a standalone WHIR proof in the block that `pk_vrf` and `y` were computed correctly—uniqueness reduces to Poseidon collision resistance, not signature uniqueness. - Protocol plan: activate at I* with a 3-phase `process_randao`—(0) pre-I* unchanged, (1) I*→L* XOR BLS contribution with PQ VRF contribution (secure if either is secure), and (2) post-L* PQ-only; costs are ~81 ms proving for proposer, ~19 ms verification per block, and ~116 KB proof size added to `BeaconBlockBody`. ELI5: Ethereum needs a fair “random number” each block (RANDAO) for things like choosing who gets to propose blocks. Today that randomness relies on BLS cryptography, but Ethereum plans to retire BLS at a future milestone (L*), and also BLS could be broken by future quantum computers. This post proposes a new way to generate and prove the randomness using only hash functions (which are believed to be safer against quantum attacks) plus a zero-knowledge proof that shows the proposer computed the value correctly. During a transition period (I* to L*), Ethereum would combine (XOR) the old BLS-based contribution and the new post-quantum contribution so randomness stays secure even if BLS gets compromised.