--- robots: noindex, nofollow tags: tweets --- # Tweetstorms ## Gordian Seed Tool (posted https://twitter.com/ChristopherA/status/1754965702698840435) ## Yearly (2023) Report (posted at pinned at top of account) https://twitter.com/BlockchainComns/status/1749505317459911061 ## January Meeting [posted at https://twitter.com/ChristopherA/status/1745530134596345952 with changes] ## Brief CSR [Posted at https://twitter.com/ChristopherA/status/1717585590097781074) ## Schnorr [Posted at https://twitter.com/ChristopherA/status/1717010799477330243] ## Linkedin Version (posted with minor changes at https://www.linkedin.com/feed/update/urn:li:share:7122773827952001025/) ## Q3 Report (Posted at: https://twitter.com/ChristopherA/status/1709654548602814561) ## Least & Necessary The Principle of Least Privilege (or Least Authority) is a cornerstone principle for computer security. But how does it apply to data? That's what my newest Musings of Trust Architect discusses [1/9]. https://www.blockchaincommons.com/musings/Least-Necessary/ The Principle of Least Privilege says: give someone the least permissions they need to do their job. @marksammiller extended that to include transitive permissions, creating the Principle of Least Authority [2/9]. I extend that to data such as SSI and VCs with the Principle of Least Access: "In order to protect privacy, respect individual entitlements, and maintain human dignity, only the minimum amount of data access necessary to achieve a specific goal should be granted." [3/9] I consider this a design pattern like those famously created by Christopher Alexander for architecture. They're building blocks that can be used to create secure, trusted computing (and now data) systems [4/9]. https://www.designsystems.com/christopher-alexander-the-father-of-pattern-language/ When contemplating design patterns, I find it useful to twist them on their head, so the article also talks about the flipside: Principles of Necessary Privilege, Authority, and Access [5/9]. What can you do to ensure that each person has what they need to do their job, and is it a better pattern than the converse? Take a look at the article for the whole discussion [6/9]. https://www.blockchaincommons.com/musings/Least-Necessary/ I'd love to hear your thoughts on this and other design patterns for secure computing and secure usage of data such as that found in self-sovereign identities and verifiable credentials [7/9]. If you're interested in individual consulting on these topics, drop me a personal line [8/9]. If you're interested in supporting the continued development of trust architectures, become a patron for Blockchain Commons [9/9]. https://github.com/sponsors/BlockchainCommons ## Self-Sovereign Computing (https://twitter.com/ChristopherA/status/1699836667350380879) ## Envelope Attachments Interoperability is a crucial element to ensure a self-sovereign ecosystem of digital-asset ownership, and we need your feedback to get it right! [1/9] We've recently added "attachments" to Gordian Envelope, to allow vendors to incorporate their own specific, typed information. [2/9] https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2023-006-envelope-attachment.md We expect this will be used to store descriptors, sharded shares, backup words, and other specific content. The privacy-preserving elements of Gordian Envelope allow for the safe storage of this sort of sensitive data. [3/9] https://developer.blockchaincommons.com/envelope/ But, we need to know what else you might be storing (and how) so that we can help vendors to produce interoperable specifications for their content. [4/9] We want users to be able to recover their content without vendor lock-in, even if a vendor is gone many years in the future! We're sure you do too! [5/9] So please JOIN US at September's Gordian Developer Meeting on Wednesday September 6, 2023 at 10am PDT to talk about your needs for interoperable data storage and transmission. [6/9] We'll post specifics of the meeting including the Zoom link to our Signal channel and low-volume announcement list. Sign up today. [7/9] https://www.blockchaincommons.com/subscribe.html We've seen recent, big failures of backup-system designs. Working together we can create methodologies that are resilient, independent, and open! [8/9] If this work is important to you, please become a supporter of Blockchain Commons! [9/9] ## RWOT Paper My advance reading paper for RWOT12 is about the dangers of identity and how it led to a horrific genocide in The Netherlands in World War II. [1/10] https://github.com/WebOfTrustInfo/rwot12-cologne/blob/main/advance-readings/ssi-echoes-from-history.md 75% of the Jews in The Netherlands were murdered by Nazis, but only 23% in France. Why? The answer unfortunately lies in identity systems. [2/10] Both countries had identity pioneers working on national identity systems: Jacobus Lentz in The Netherlands and René Carmille in France. But only one of them was really aware of the dangers of identity. [3/10] In the Netherlands, the Nazi's used Lentz's excellent population records, initially intended to ensure people had the basic necessities during the Depression, for horrific results. 100,000 Jews were deported and murdered. [4/10] In France, Carmille was similarly told to catalogue Jews, but he actually programmed his tabulated machines *NOT* to punch the column that contained that religious data. Call it data minimization or selective disclosure. The result was useless to the Nazis. [5/10] The self-sovereign indentity systems we create today could create similar dangers in the future. We thus must make sure we know what we're revealing, what we're recording, and how it's protected before it's too late. [6/10] This is very relevant right now, not just because of the increasing number of companies focusing on SSI solutions, but also the governments, particular the EU and its eIDAS directives. [7/10] https://digital-strategy.ec.europa.eu/en/policies/eidas-regulation Once you read the article, I invite you to contact me directly about ways we can ensure the contruction of secure identity systems for the future. [8/10] https://github.com/WebOfTrustInfo/rwot12-cologne/blob/main/advance-readings/ssi-echoes-from-history.md I am also accepting new retainers if you have a company that is developing an SSI system and needs strategic insights into the pitfalls of identity. Message me directly [9/10]. If you have more general interest in ensuring the future of self-sovereign identity on the internet, become a patron of Blockchain Commons [10/10]. https://github.com/sponsors/BlockchainCommons ## SSI Origins (posted at https://twitter.com/ChristopherA/status/1689681780952203264) ## Q2 Report From @blockchaincomns Today's Q2 report talks about our work on Gordian Envelope, dCBOR, and more. https://www.blockchaincommons.com/quarterlies/Q2-2023/ From @ChristopherA (posted at https://twitter.com/ChristopherA/status/1681342204416237569) ## New Ledger Tweet https://twitter.com/ChristopherA/status/1672327512179847171 ## Wellness Tweetstorm (posted with minor changers to https://twitter.com/ChristopherA/status/1668654971817013253) ## Problem #1 (SE NOT SECP) (posted at https://twitter.com/ChristopherA/status/1659031686297042944) ## Problem #2: SHAMIR One of my concerns with the new Ledger Recover service is that it appears to be sharding via Shamir's Secret Sharing in a proprietary fashion. [1/11] RT: https://twitter.com/Ledger/status/1658518313083731974 Obviously, Shamir's Secret Sharing is widely used, but it also has real drawbacks. As we've written at @BlockchainComns, one of the biggest dangers comes in reconstruction. [2/11] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/SSKR-Dangers.md Eavesdropping, trojan-horsing, or just faking authentication for the seed holder can all lead to a stolen seed! The reconstruction site is a serious single point of compromise. And then there are concerns with how you distribute shares! [3/11] Casa's Jameson @lopp has written even more about a whole slew of other dangers. [4/11] https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/ As with concerns over the ability for a seed to leave a Ledger, this is a problem that isn't focused on Ledger. It just exposes a larger problem in the world of digital assets. [5/11] There are ways to mitigate problems with Shamir, such as using a multsig and then using Shamir to protect some of the keys. Even if your reconstruction is attacked, that's just one key! [6/11] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Scenario-Multisig.md The SSKR library at @BlockchainComns also supports multilevel sharding, which can offset some concerns about who you give shares to [7/11] https://github.com/BlockchainCommons/bc-sskr#-blockchain-commons-sskr Our "Design of SSKR Scenarios" doc talks more about distribution strategies, but even with good sharding strategies, Shamir's Secret Sharing can still be fraught with problems. [8/11] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/SSKR-Sharing.md Fundamentally, Shamir's Secret Sharing isn't bad, but there are definite limitations and concerns that must be mitigated. We'd love to see more discussion of that in a project like Ledger Recover (and more usage of those mitigation strategies). [9/11] Managing #SmartCustody so that digital assets remain safe is one of the major initiatives at @BlockchainComns. [10/11] https://www.smartcustody.com/index.html#the-articles Support SSKR, multilevel secret-sharing, and other #SmartCustody initiatives by becoming a Blockchain Commons patron [11/11] https://github.com/sponsors/BlockchainCommons ## PROBLEM #3: CSR (posted at https://twitter.com/ChristopherA/status/1659302287901335554) ## TWEET #4 (PERSONAL CHOICE) Perhaps the biggest problems with the Ledger Recover program as it's currently conceived are that it's not open and it's not independent. Users will be locked into decisions that Ledger made. [1/10] RT: again, which ?? The Gordian Principles from @BlockchainComns suggest that digital assets should be held in a way that's independent, private, resilient, and open. Ledger Recover increases resilience, but that's it. [2/10] https://github.com/BlockchainCommons/Gordian#gordian-principles From what we're heard, the Recover share holders will actually be doing KYC checks. That doesn't just go across our Principles, but also the general ethos of Bitcoin! [3/10] But the core issue here isn't necessarily those decisions, but the fact that Ledger is locking *you* into them. [4/10] The @BlockchainComns Collaborative Seed Recovery (CSR) system has some similar ideas to Ledger Recover, but it's founded on the principle that the asset holder gets to decide exactly how their key is protected. [5/10] https://github.com/BlockchainCommons/Gordian/blob/master/CSR/README.md You want to back up some of your shares on a metal plate, such as the innovative QR plates from @SeedHammer? That's OK! Your assets, your choice. [6/10] IMG: https://seedhammer.com/static/img/scan-sparrow.webp You decide your personal privacy needs. You decide your personal risk profile for working with third-parties. You decide. [7/10] We've worked with @Ledger before. They were one of our original sponsors for @BlockchainComn's #SmartCustody program. [8/10] We'd love to work with them again, so that the community can work through some of the problems with Ledger Recover. We have a Gordian Developers meeting the first Wednesday of every month as the center of our collaboration. Feel free to join us! [9/10] https://www.blockchaincommons.com/subscribe.html#gordian-developers Support our community work by becoming a patron of Blockchain Commons! [10/10] https://github.com/sponsors/BlockchainCommons ## EDUCATIONAL CREDENTIALS (https://twitter.com/ChristopherA/status/1656728898619707393) ## SS4 (posted at https://twitter.com/ChristopherA/status/1653949379718557696 ) ## Silicon Salon Tweets ### Final Tweetstorms (posted at https://twitter.com/ChristopherA/status/1653460856393564161) The @BlockchainComns Silicon Salon 4 event is this Wednesday at 9am PDT. We're bringing together wallet developers and semiconductor manufacturers to talk about the requirements for the next-gen of chips. You can still sign up! [1/5] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 (Do as QRT of https://twitter.com/ChristopherA/status/1651619704585490432 ) Andrew Poelstra will discuss the anti-exfil protocol, which can protect your hardware wallet from key leakage [2/5]. https://twitter.com/ChristopherA/status/1651308417187999745 Luke Leighton & David Calderwood will overview the missing RISC ISA instructions related to biginteger operations [3/5]. https://twitter.com/ChristopherA/status/1653075262026973184 Cramium Labs (@cramiumlabs) will talk about the challenges of merging open source with semiconductor development [2/5]. Join us to have your say in how the next generation of semiconductors is developed to serve the needs of hardware wallets & the rest of the cryptography field [5/5]. https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 ### BigInt Presentation Most RISC ISA chip designs are missing instructions allowing for chaining to create vector results for biginteger operation used in cryptography. @lkct & David Calderwood will be talking on this topic at Silicon Salon 4, hosted by @BlockchainComns. 🧵[1/9] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 Without these instructions, computing cryptographic hashes and signatures can be slow and resource-intensive, limiting their practical use in certain applications. [2/9] Luke Leighton @lkct is a leading figure in open-source hardware design and has been working on Libre-SOC, an open-source RISC-V-based system-on-chip. David Calderwood is a seasoned software developer with experience in high-performance computing. [3/9] At the first Silicon Salon, this team presented about Libre-SOC libre-soc.org project. It's an open-source RISC-V-based system-on-chip designed for efficiency and security. Learn more about their plans at: [4/9] https://www.siliconsalon.info/salon1/presentations/#libre-soc-video This is exactly the sort of problem that our Silicon Salons are meant to address: the interface between cryptography and hardware design. How can the next generation of semiconductors meet cryptographic needs? [5/8] Our previous three Silicon Salons have addressed a variety of semiconductor cryptography design and hardware issues, and all the presentations are available online. [6/9] https://www.siliconsalon.info/salons/ Silicon Salon 4 will also have presentation from Andrew Poelstra of @Blockstream on preventing key exfiltration and @cramiumlabs on challenges and best-practices of open and transparent chips, followed by a facilitated discussion. [7/9] Sign up now to attend the virtual salon on Wednesday, May 3rd, starting at 9am PDT until noon. To join our discussion of the topic. [8/9] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 Support future dicussions about the intersections of cryptography, secure chip design, and the requirements for secure wallet hardware by becoming a GitHub sponsor of @BlockchainComns. [9/9] https://github.com/sponsors/BlockchainCommons ### Final Tweetstorms The @BlockchainComns Silicon Salon 4 event is this Wednesday at 9am PDT. You can still sign up! [1/5] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 Cramium Labs (@cramiumlabs) will talk about the challenges of merging open source with semiconductor development [2/5]. [RT] Andrew Poelstra will discuss the anti-exfil protocol, which can protect your hardware wallet from key leakage [3/5]. [RT] Luke Leighton & David Calderwood will overview the missing RISC ISA instructions related to biginteger operations [4/5]. [RT] Join us to have your say in how the next generation of semiconductors is developed to serve the needs of hardware wallets & the rest of the cryptography field [5/5]. https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 ### Open Source Presentation One of the presentations at Silicon Salon 4 will be a talk by @cramiumlabs on "Pitfalls and Approaches to Open Source Security Semiconductor" [1/5] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 Figuring out how to turn open source into a better-supported open development movement is a critical topic, and how to integrate hardware has long been a question mark. [2/5] Sign up for Silicon Salon 4, which will run next Wednesday, May 3rd, starting at 9am PDT, to join our discussion of the topic. [3/5] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 We will also have presentations on preventing key exfiltration and on scalar and vector draft biginteger instructions for the Power ISA, with discussions of each. [4/5] Silicon Salon is about the intersections between cryptography and semiconductor design. Take a look at the presentations from our past events! [5/5] https://www.siliconsalon.info/salons/ # alt Trust in our tech infrastructure goes beyond software. Enter the world of open silicon for cryptographic semiconductors – fostering innovation and security. Join us at the Silicon Salon to dive deep into the foundations of trust!🧵 [1/10] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 Open silicon offers enhanced chip security, improved physical security, efficient hardware bug resolution, reduced software bugs, and faster innovation. I talk about this in my latest "Musing of a Trust Architect" [2/10] https://www.blockchaincommons.com/musings/musings-open-silicon/ Kerckhoffs' principle: a cryptographic system's security should rely solely on secret key secrecy, not on algorithm or implementation obscurity. Open silicon adheres to this, promoting trust & robust security. [3/10] https://en.wikipedia.org/wiki/Kerckhoffs's_principle Silicon Salon, hosted by @BlockchainComns, encourages cooperation and knowledge sharing among diverse stakeholders to drive open, secure cryptographic semiconductor development. Be part of the solution! Watch videos from previous events [4/10] https://www.siliconsalon.info/salons/ Don't miss next week's Silicon Salon 4 featuring Mark Davis of @cramiumlabs on “Pitfalls and Approaches to Open Source Security Semiconductor” exploring open silicon's history, challenges, and potential solutions. Let's shape best practices together! [5/10] We will also have presentations from Andrew Poelstra of @Blockstream on preventing key exfiltration and from Luke Leighton @lkct & David Calderwood on scalar and vector draft biginteger instructions for the Power ISA, with discussions of each. [6/9] To tackle these challenges, collaboration is key. Together, we can advance cryptographic security, foster innovation, and build a more secure, trustworthy tech infrastructure with open silicon. Let's make it happen! [7/9] Silicon Salon 4 is on May 3rd, 9am PT. Reserve your virtual seat at this groundbreaking event and contribute to the future of cryptographic security.[8/9] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 Support @BlockchainComns to continue this crucial work, enhancing cryptographic security through events like the Silicon Salon. Become a Github Sponsor today! [9/9] http://github.com/sponsors/BlockchainCommons ### Exfiltration Presentation We are thrilled to have Andrew Poelstra, Director of Research at @Blockstream, talking about the threat of key exfiltration at our upcoming Silicon Salon 4. [1/8] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 The problem is that if a hardware wallet doesn’t generate a nonce randomly, key leakage will occur! It can happen in as few as two signatures! Even worse, a compromised device could covertly do this without others knowing. [2/8] https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#alternative-signing How to solve the problem? Andrew will talk about “anti-exfil”, in which a hardware wallet and host computer engage in a 2-round interactive protocol to produce a signature. [3/8] Why are we discussing this in the Silicon Salon? As we design semiconductors for cryptographic use, we also need to make them trustless. This is one of a number of cryptographic techniques to verify that a chip doesn't cheat. We need to standardize it. [4/8] Sign up for Silicon Salon 4, which will run next Wednesday, May 3rd, starting at 9am PDT, to attend the presentation, and join in the conversation on the future requirements for chip transparency and open hardware. [5/8] https://www.eventbrite.com/e/silicon-salon-4-tickets-558196208887 We will also have presentations on open-source hardware challenges and on scalar and vector draft biginteger instructions for the Power ISA, with discussions of each. [6/8] Silicon Salon is about the intersections between cryptography, semiconductor design, and secure hardware wallets. All of our presentations are afterward uploaded to our Silicon Salon website. [7/8] https://www.siliconsalon.info/salons/ Support these Salons and our goal of bridging the cryptographic, secure chip design, and wallet communities by becoming a GitHub sponsor of @BlockchainComns. [8/8] https://github.com/sponsors/BlockchainCommons ## RWOT Tweetstorm RWOT has opened up ticket sales for RWOT12, which will occur this September in Cologne, Germany. Rebooting the Web of Trust is what helped us to found Blockchain Commons. [1/6] [RT] That's in part because RWOT has shown over the years that people can (and will) work together to create a heathy ecosystem. The collaboration has been astounding! [2/6] RWOT is also where I first advanced the ideas for self-sovereignty that are the heart of Blockchain Commons' principles for personal control of digital assets. [3/6] http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html RWOT has also provided crucial initial work on topics that we've since expanded up, most notably SSKR, our Sharded Secret Key Reconstruction System. [4/6] https://github.com/BlockchainCommons/bc-sskr#readme We're still working on a paper from RWOT11 called Selective Correlation, which has already provided us with crucial thought models about how correlation can be both beneficial and detrimental. [5/6] https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/draft-documents/selective-correlation.md We expect more great work of this sort at RWOT12 and hope to see you there! You have until July 7th to receive a substantial discount on Early Bird pricing with an Advance Reading. [6/6] https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/draft-documents/selective-correlation.md ## Q1 Report https://twitter.com/ChristopherA/status/1650533154355298306 ## Animated QRs Animated QRs were one of Blockchain Commons' first major innovations. A new article explains why they've been crucial to the advancement of Bitcoin wallets. [1/9] https://www.blockchaincommons.com/devs/animated-qrs.html > Animated QRs are one of Blockchain Commons' first notable successes in our mission to enhance wallet interoperability. They have become essential for Bitcoin's PSBTs (Partially Signed Bitcoin Transactions). 🧵… [1/10] https://www.blockchaincommons.com/devs/animated-qrs.html > > _Most people don't read past the first tweet, so it needed to mention bitcoin and PSBT in it so people would read it._ A very brief video also describes the problem that Animated QRs are solving and shows them in action. [2/9] https://www.youtube.com/watch?v=HsFF5HPKQIk > See Animated QRs in action and discover the problem they solve in this brief video: [2/10] https://www.youtube.com/watch?v=HsFF5HPKQIk > > I think tweets need a more active voice. "solving" is weaker than "solve". The problem in brief: PSBTs often grow too big to encode them in QRs, which makes signing across airgaps unreliable. Blockchain Commons solved the problem with Animated QRs. [3/9] Airgaps have become increasingly important for digital-asset security because they allow the storage of seeds and private keys on devices not connected to the internet. [4/9] PSBTs can then be created on the internet and handed off to the disconnected device for signing. QRs are the medium of communication: they’re displayed on one device and scanned by the other. [5/9] > Airgaps: By using QR codes to communicate with disconnected devices like hardware wallets, sensitive data (e.g., seeds, keys) are protected from most theft and hacking attempts. Security is greatly improved and exploits become less feasible. [3/10] > > Why Airgap PSBTs? Airgaps complement PSBTs as they allow transactions to be created on internet-connected devices but signed on airgapped ones. With multisigs gaining popularity, PSBTs enable individual key holders to sign with their own choice of signing devices. [4/10] > > The problem with QRs: Standard QRs have limited data capacity and large ones can become unreadable on consumer devices. Animated QRs solve this by transmitting several QR frames, enabling the conveyance of larger data sets like PSBTs. [5/9] {urdemo-animated.gif} > > We don't say early enough why PSBTs are important, and I think we have to define airgap sooner. PSBTs can then be created on the internet and handed off to the disconnected device for signing. QRs are the medium of communication: they're displayed on one device and scanned by the other. [5/9] To allow for the encoding of PSBTs into QRs, several frames are usually required. That's where Animated QRs come in. They're built on URs to support interoperability and they use fountain codes to allow redundant reading. [6/9] {urdemo-animated.gif} > > _Both Struck, a bit too detailed an now reduntant?_ > Broad Adoption: Blockchain Commons’ Animated QRs have already seen wide use in the Bitcoin wallet developer community, enabling reliable PSBT transmission via QR codes. Here are some of the key early adopters @FOUNDATIONdvcs @KeystoneWallet @SparrowWallet @FullyNoded [6/10] > > _Needed these to get more RTs > Some other Bitcoin wallets that are now supporting our Animated QRs are: @bluewalletio @CasaHODL @DIYbitcoin @Blockstream @SeedSigner. More are being added regularly to this list in the Gordian Developer Community: https://github.com/blockchaincommons/gordian-developer-community#urs [7/10] Read our QR page for the full details on how Blockchain Commons' Animated QRs enable airgapped wallets. [7/9] https://www.blockchaincommons.com/devs/animated-qrs.html > Read our Animated QR article for the full details on how Blockchain Commons' Animated QRs enable airgapped wallets, and their future beyond just PSBTs [8/10] https://www.blockchaincommons.com/devs/animated-qrs.html Sign up for our Gordian Developer list and Signal channel to learn about our continued interoperability work of this sort. [8/9] https://www.blockchaincommons.com/subscribe.html > Wallet Developers: Join the Gordian Developer list and Signal channel to stay updated on Blockchain Commons' continued meetings and offerings in support of interoperability. [8/10] https://www.blockchaincommons.com/subscribe.html Become a patron of Blockchain Commons to support this work! [9/9] https://github.com/sponsors/BlockchainCommons > Users: Demand support for interoperability in your wallets. Become a patron of Blockchain Commons to support this work to protect your digital assets' safety and reliability! [10/10] https://github.com/sponsors/BlockchainCommons ## Q1 Report From Blockchain Commons: Our Q1 report details our newest work on creating the foundations for self-sovereign control of assets and more. [LINK] From Christopher: Today, @BlockchainComns released its report on the most notable work that it did in the first three months of the year. [1/9] [RT] Much of it was firming up the foundations of the Commons, including our big push on dCBOR as an Internet-Draft and some major legislative victories in Wyoming. [2/9] https://www.blockchaincommons.com/news/PrivateKeyWRDABills/ My new "Musings of a Trust Architect" series also falls into that category, with its descriptions of the architectural and philosophical underpinnings of @BlockchainComns work. [3/9] https://www.blockchaincommons.com/musings.html We've also been working hard on adoption of our work this quarter. We're thrilled that we've already gotten ten different wallets who have joined us to work with Uniform Resources (URs). [4/9] https://github.com/BlockchainCommons/Gordian-Developer-Community#urs We've also produced an Internet-Draft on Google Envelope to give it wider attention. [5/9] https://blockchaincommons.github.io/WIPs-IETF-draft-envelope/draft-mcnally-envelope.html And we've produced an Internet-Draft on dCBOR, the deterministic version of CBOR, which has been only lightly supported to date (and which is crucial to our Envelope work.) [6/9] https://datatracker.ietf.org/doc/draft-mcnally-deterministic-cbor/ All of this work depends on community support, so we've not only continued our Silicon Salons this quarter, but also reinstated our Gordian Developer meetings. Sign up for our announcement lists to receive your invites! [7/9] https://www.blockchaincommons.com/subscribe.html What's next? More work on Internet-Drafts, a return to NFCs, Silicon Salon 4, IETF 117, Kotlin development, and lots more! Take a look at the newest quarterly report for everything. [8/9] [LINK] Support @BlockchainComns to ensure that this important development work to support self-sovereign control of assets and identity can continue. [9/9] https://github.com/sponsors/BlockchainCommons ## Legislative (At https://twitter.com/ChristopherA/status/1638980056713428993 with many changes, corrected to below. See also my replies to Bryan Bishops' QRT: https://twitter.com/kanzure/status/1638984721580412935) Victory! @GovernorGordon of #Wyoming recently signed into law two crucial digital-asset laws: one on private-key protection and another on digital-asset registration. @BlockchainComns played a key role in advocating for these new laws. 🧵… [1/11]. https://www.blockchaincommons.com/news/PrivateKeyWRDABills/ I've been fighting for special protection of private keys since 2018. The biggest problem? Courts were granting them in discovery for informational reasons, putting digital assets and digital identity at risk. [2/11] https://bitcoinmagazine.com/legal/saving-bitcoin-private-keys-from-courts This new Wyoming law HB86 grants strong protections to private keys, letting courts know their inappropriate usage isn't OK! [3/11] https://wyoleg.gov/Legislation/2023/HB0086 I presented the idea of WRDAs to Wyoming in 2022 because digital assets needed legal codification and judicial clarity. [4/11] https://wyoleg.gov/InterimCommittee/2022/S19-2022061408-03WyomingWRDASlides.pdf You want to "perfect" a digital asset so that you can use it as collateral? An prior amendment to Wyoming's digital assets laws in 2021-HB43 in §34‑29‑103 defines "perfection of a security interest in digital securities may be achieved by control". [5/11] https://wyoleg.gov/Legislation/2021/HB0043 However, this was only available for Wyoming residents and corporations. In this year's SF76, the "Wyoming Digital Asset Registration Act", gives non-residents, who can prove "control" of their digital assets, access to this judicial clarity! [6/11] https://wyoleg.gov/Legislation/2023/SF0076 Registering a digital asset in Wyoming also gives you access to their new Chancery Courts, offering resolution of commercial, business and trust cases, and now judicial clarity on digital assets, available on a more swift schedule than other courts. [7/11] https://www.wyomingnews.com/wyomingbusinessreport/industry_news/economy_and_labor/state-chancery-court-marks-one-year-of-handling-business-law/article_4d70ca70-7a48-11ed-9742-2feece272735.html Mark your calendars: the private-key protection act goes into effect on July 1st, the digital-asset registration act on December 1st. [8/11] Successes like this are why Blockchain Commons has advocated to various governments for over five years: we believe that it's crucial to create a new foundation for identity and property in the digital world that protects the rights of individuals. [9/11] https://advocacy.blockchaincommons.com/testimony/ Our respect & appreciation goes out to the legislators in #Wyoming who are shaping the future of digital assets, in particular co-chair @Rothfuss and the rest of the Select Committee members. They are creating a model for the rest of the world! [10/11] https://www.wyoleg.gov/Committees/2022/S19 Support @BlockchainComns to ensure that this critical advocacy work can continue! [11/11] https://github.com/sponsors/BlockchainCommons ## Letter for IETF List (done: https://mailarchive.ietf.org/arch/msg/cbor/7MWD3W496_8sDyk_ZMqznYj5kDQ/ ) I've finished the article I was working on talking about why we're restricting the use of cryptographic agility in Gordian Envelope: https://www.blockchaincommons.com/musings/musings-agility/ Basically, I believe there are fundamental flaws with the full-throated embrace of cryptographic agility, mainly: 1. High Costs 2. Bad Interactions 3. Downgrade Attacks Though there are obviously advantages to being able to nimbly switch to a new algorithm if a problem emerges with an old one, I think that switchover ability can be highly limited. For Gordian Envelope, I plan to include just two options for the hash algorithm we use: a current version and a version to switch to if/when problems arise. There are other alternatives that I talk about in the article, such as cipher suites, expiration dates, methods, and good usage of layering, but my general philosophy is the less, the better. The article goes into all of this in more depth. ## Letter to Follow-up To Manu ( https://lists.w3.org/Archives/Public/public-credentials/2023Mar/0036.html ) Manu's post on excessive cryptographic optionality in modern designs (a month and a half ago now!) inspired me to write an article that I've been considering for a while, on the problems of crypto agility: https://www.blockchaincommons.com/musings/musings-agility/ I outline some of the fundamental problems with crypto agility, such as high costs, bad interactions, and downgrade attacks, and also address some of the alternatives such as cipher suites, expiration dates, methods, and good usage of layering. I definitely agree that we need to get away from this failed philosophy of the '00s! The article goes into the topic in more depth. ## Agility Tweetstorm (posted at https://twitter.com/ChristopherA/status/1633416666137894919 after many changes, copied below.) My latest Musings of a Trust Architect post talks about the problems of cryptographic agility. In the 90's it was a solution for when weak algorithms like RC4 & MD5 caused vulnerabilities. But the legacy of this approach causes problems today! 🧵 [1/11] https://www.blockchaincommons.com/musings/musings-agility/ Many people still believe that cryptographic agility is still the preferred way to design software, and that it is the best solution for possible futures when an algorithm needs to be deprecated, such as when quantum computing arrives. But instead, it causes more problems! [2/11] The drawbacks of cryptographic agility include high implementation and support costs, bad interactions, and downgrade attacks. Each new cryptographic option explodes the cost of implementation, the attack surface, and ultimately the chance of some sort of problem. [3/11] If you have 5 different options, there might be as many as 125 different variants that need to be reviewed. With seven up to 5040! It is an n-factorial problem! You need to know how each work together, and that’s impossible! [4/11] In addition, cryptographic agility has often resulted in downgrade attacks. Hackers can force systems to use older cryptography, something we saw happen with the TLS Poodle attack. [5/11] https://www.cisa.gov/news-events/alerts/2014/10/17/ssl-30-protocol-vulnerability-and-poodle-attack Other approaches, such an "opinionated" crypto suite such as Wireguard offers, or restricting use to a single suite but having a 2nd one prepared and set aside for the future, can also be improvements over legacy cryptographic agility. [8/11] I believe that as new projects and standardization efforts emerge, we need to ensure that they're dealing with their cryptographic choices in a secure, forward-looking way. Limiting options can allow us to thoughtfully offer alternatives to full-on cryptographic agility. [9/11] The current practice of offering high numbers of crypto-agile options actually decreases our security in the name of improving it. My article talks about this all more. I'd love to hear your thoughts! [10/11] https://www.blockchaincommons.com/musings/musings-agility/ This is an example of the kind of design problems we strive to resolve at Blockchain Commons, as we work to create self-sovereign, interoperable infrastructures. If this is important to you, support us as Patrons. [11/11] https://github.com/sponsors/BlockchainCommons ## Data Minimization (sent twitter: https://twitter.com/ChristopherA/status/1620490824281907200) My latest Musings of a Trust Architect article covers #DataMinimization and #SelectiveDisclosure, both crucial privacy protecting data-management techniques: [1/9] https://www.blockchaincommons.com/musings/musings-data-minimization/ Data Minimization is the practice of limiting the amount of shared data to the minimum necessary: just enough to do what you need to do. A best-practice generally for security, but mandatory for #PersonalData under #GDPR. [2/9] I divide it into three parts: scope minimization, content minimization, and temporal minimization. You want to provide the minimal content for the minimal scope over the minimal amount of time. [3/9] Selective Disclosure is then the next step: how you share limited amounts of information while also minimizing risks of correlation. [4/9] My requirements for Selective Disclosure include: granularity, control, transparency, security, privacy, compliance, auditability, and flexibility [5/9]. I then share some brief details on three different Selective Disclosure cryptographic techniques: Hash-based Elision (or Redaction), Zero-Knowledge Proof (ZKP) and Blind Signature, and well some possible adjacent, less explored approaches. [6/9] Take a look at the full article on Data Minimization and Selective Disclosure for more details on all of this! Or my previous musing post on architectures for Progressive Trust. I'd love to hear your comments and thoughts! [7/9] https://www.blockchaincommons.com/musings.html These concepts are already influencing the @BlockchainComns work on Gordian Envelope. I hope they'll be a general building block for the next generation of private data storage. [8/9] https://www.blockchaincommons.com/introduction/Envelope-Intro/ Become a patron of Blockchain Commons if work of this sort is important to you! Or write to me directly if you'd like to become more involved as a contributor. [9/9] https://www.blockchaincommons.com/sponsors.html ## W3C Meeting This Tuesday at noon ET / 9am PT, @BlockchainComns is presenting on Gordian Envelope for the W3C Credentials Community Group. We'd love you to join us! [1/6] https://www.w3.org/events/meetings/80a1023e-569b-4714-8fab-d1b84f2c3478/20240604T120000 Gordian Envelope is Blockchain Commons' privacy-focused and structure-focused "Smart Document" that allows for the storage and transmission of sensitive information. [2/6] https://www.blockchaincommons.com/introduction/Envelope-Intro/ We've already submitted an IETF Draft of Envelope, so we're thrilled to also be able to present it to W3C and the CCG [3/6]. https://blockchaincommons.github.io/WIPs-IETF-draft-envelope/draft-mcnally-envelope.html It's an open meeting, so you can attend to listen to our short presentation and to participate in any Q&A that follows. [4/6] Watch our introductory video for an overview of Envelope, its structure, and what it can do! [5/6] https://www.youtube.com/watch?v=OcnpYqHn8NQ Then join us Tuesday morning to learn more! [6/6] https://www.w3.org/events/meetings/80a1023e-569b-4714-8fab-d1b84f2c3478/20240604T120000 ## SS3 from @BlockchainComns Thanks to all who attended Silicon Salon 3 on January 18th. All of the slideshows and videos are now online! https://www.siliconsalon.info/salon3/. from @ChristopherA (posted at https://twitter.com/ChristopherA/status/1620886704742891523 ) The recent Silicon Salon 3 continued to reveal the future of cryptography on semiconductors, and we've got all the slides and videos available for your viewing! 🧵 [1/9] Dr. Sung Hyun Jo of @cramiumlabs, a manufacturer producing the next generation of security chips, focused their talk on their silicon expertise & talked about the requirements for a future with #MPC (Multi-Party Computation). [2/9] https://www.youtube.com/watch?v=r4PxckECvpo Andrew "bunnie" Huang of @bunniestudios offers a harrowing tale of how you can never quite know that all of your hardware is safe… but offers that there is a cost-benefit analysis. [3/9] https://www.youtube.com/watch?v=JMOWU6pFflw Finally, cryptographer Kavya Sreedhar from @Stanford's VLSI Research Group (led by Mark Horowitz) presented “A Fast Large-Integer Extended GCD Algorithm” and offered related open-source semiconductor chip designs. [4/9] https://www.youtube.com/watch?v=liMA-8zmu1E We also had a lively discussion about hardware challenges, standards, collaboration, distributed key generation, and more. [5/9] https://www.siliconsalon.info/salon3/#additional-discussions Along with the videos, all of the slidedecks can also be found on the Silicon Salon III site. [6/9] https://www.siliconsalon.info/salon3/ We are seeking presenters for our next #SiliconSalon on May 3rd! Share your expertise on wallet hardware requirements & designs, open-source hardware & supply-chain security, and new semiconductor designs for secure cryptography or acceleration! [7/9] https://www.siliconsalon.info/contribute/ We are also seeking sponsors for these events! Demonstrate your company’s support for a future that includes better security through cryptography on chips! Mail us at team@blockchaincommons.com! [8/9] You can also show your support of the efforts by @BlockchainComns to bring together an interdisciplinary community to define the future of security & privacy through leveraging cryptography on silicon by becoming a monthly sponsor via @github. [9/9] https://github.com/sponsors/BlockchainCommons ## Yearly 2022 from @BlockchainComns https://twitter.com/BlockchainComns/status/1615743373201244161 Our yearly report for 2022 is now available, talking about progress at Blockchain Commons over the course of the last year, including #SiliconSalon, Collaborative Seed Recovery #CSR, #GordianEnvelope, advocacy in Wyoming for protecting keys, and more! https://www.blockchaincommons.com/quarterlies/Yearly-2022/ from @ChristopherA: https://twitter.com/ChristopherA/status/1615807455904288769 Blockchain Commons celebrates the new year with a report looking back at its considerable progress in 2022. Take a look at our new specifications, new architecture, and more! 🧵 [1/9] (bc tweet) The biggest event was the maturation of our Commons from our initial Airgap Wallet community to a more diverse group, including hardware wallets, software designers, and semiconductor manufacturers alike. Welcome to Chia, CrossBar, and Proxy in 2022! [2/9] https://www.blockchaincommons.com/sponsors.html The creation of a large community has allowed us to work on some big interoperable projects. One was @SiliconSalon, a quarterly series of events where we bring together different parties to talk about the future of cryptographic semiconductor design. [3/9] https://www.siliconsalon.info/ Another is Collaborative Seed Recovery (aka CSR). @BitmarkInc, @foundationdvcs, and @proxy are all working with us to create a way to shard your digital assets and store the shares in multiple locations in an interoperable manner. [4/9] https://github.com/BlockchainCommons/Gordian/blob/master/CSR/README.md CSR is built atop perhaps our biggest initiative for the year: #GordianEnvelope, a new "Smart Documentation" specification for storing data in a privacy-preserving way. A high-level intro: [5/9] https://www.blockchaincommons.com/introduction/Envelope-Intro/ Or if you prefer video, here is a short 7-minute high-level "Introduction to Gordian Envelope": https://www.youtube.com/watch?v=OcnpYqHn8NQ&list=PLCkrqxOY1FbooYwJ7ZhpJ_QQk8Az1aCnG [6/9] Gordian Envelope is supported by a new CLI app, which lets you test out all of Envelope's privacy-focused features, such as elision and encryption, right now. [7/9] https://github.com/BlockchainCommons/envelope-cli-swift There was much more in 2022, including Seed Tool updates, server updates, more advocacy work in Wyoming & the EU, and updates to #SmartCustody. Read about that, and our plans for 2023. It's all in our yearly review. [8/9] https://www.blockchaincommons.com/quarterlies/Yearly-2022/ Become a sponsor to help us continue this development! A half-dozen companies have already joined us to create the self-sovereign generation of the internet! [9/9] https://github.com/sponsors/BlockchainCommons ## Silicon Salon 3 https://twitter.com/ChristopherA/status/1610568310839742465 https://mastodon.social/@ChristopherA/109630223553894879 Talk with cryptographers & semiconductor manufacturers about new silicon-based cryptographic functionality. Sign up now for our third virtual #SiliconSalon on January 18 at 9am PT. [1/7] https://www.eventbrite.com/e/silicon-salon-3-tickets-492802494527 If you have not seen the presentations and discussions from our last Silicon Salon, they are at https://www.siliconsalon.info/salon2/ We have three more presentations locked down for the 18th: [2/7] bunnie @bunniestudios will present "Toward a More Open Secure Element Chip"." What are the elements that make a semiconductor more or less “open”? How do you maintain openness in a proprietary ecosystem, and is there a purpose to secrecy in security? [3/7] Cramium @crossbarinc will discuss "Silicon & MPC", overviewing silicon architecture approaches that address concerns of security, performance and efficiency as well as economic concerns and flexibility, all to accommodate future improvements. [4/7] Finally, Kavya Sreedhar will present "A Fast Large-Integer Extended GCD Algorithm and Hardware Design for Verifiable Delay Functions and Modular Inversion". [5/7] https://t.co/i14EK1IVuN As usual, our feature presentations will be supplemented by discussions! https://www.siliconsalon.info/salon1/#discussions Join in to contribute your points of view and your requirements for cryptographic silicon! [6/7] We hope to see you all at Silicon Salon 3! [7/7] https://www.eventbrite.com/e/silicon-salon-3-tickets-492802494527 ## SS3 Follow-up for 1/9 (did a very different tweetstorm at: * https://twitter.com/ChristopherA/status/1612527727697088512 * https://mastodon.social/@ChristopherA/109660858717384790 ) Join cryptographers and semiconductor manufacturers next week to talk about the future of cryptographic semiconductor design at the virtual Silicon Salon 3! January 18th, 9am-noon PT. [1/4] https://www.eventbrite.com/e/silicon-salon-3-tickets-492802494527 There will be presentations from experts and academics alike, plus an opportunity to talk with them about the presentations. [2/4] Our feature presentations are: "Toward a More Open Secure Element Chip" by @bunniestudios, "Silicon & MPC" by @crossbarinc, and "A Fast Large-Integer Extended GCD Algorithm and Hardware Design for Verifiable Delay Functions and Modular Inversion" by Kavya Sreedhar. [3/4] Space is limited! Reserve your ticket now! [4/4] https://www.eventbrite.com/e/silicon-salon-3-tickets-492802494527 ## SS3 Follow-up for 1/16 Silicon Salon 3 is this Wednesday, from 9am-noon PT. Attend the virtual Salon to learn about the latest developments in cryptographic hardware security and collaborate with wallet developers, semiconductor manufacturers, and academics. [1/4] https://www.eventbrite.com/e/silicon-salon-3-tickets-492802494527 The goal of the Silicon Salons is to bridge the gap between semiconductor manufacture and wallet design, between academia and real-world usage. Take a look at our archives to see what we've done so far. [2/4] https://www.siliconsalon.info/ Then return for our new presentations: "Toward a More Open Secure Element Chip" by @bunniestudios, "Silicon & MPC" by @crossbarinc, and "A Fast Large-Integer Extended GCD Algorithm and Hardware Design for Verifiable Delay Functions and Modular Inversion" by Kavya Sreedhar. [3/4] They're all this Wednesday, in our virtual salon, from 9am-noon. Sign up at Eventbrite! [4/4] https://www.eventbrite.com/e/silicon-salon-3-tickets-492802494527 ## Envelope Use Cases Gordian Envelopes are a new "Smart Document" from @BlockchainComns. Different parties with different risk models and different requirements can exchange data in a regular, privacy-protecting way. [1/10] https://github.com/BlockchainCommons/Gordian/blob/master/Docs/Envelope-Intro.md Our new Use Cases documents details how Envelopes can be used in the Educational industry, Data Distibution, the Software industry, the Financial industry, and others. [2/10] https://www.blockchaincommons.com/introduction/Gordian-Envelope-Use-Cases/ One of our most interesting Educational use cases focuses on avoiding prejudice. Gordian Envelopes can elide specific information, such as a last name that might be prejudicial, while maintaining their validity. [3/10] https://github.com/BlockchainCommons/Gordian/blob/master/Docs/Envelope-Use-Cases-Educational.md#2-danika-restricts-her-revelations-elision We've also got an interesting educational use case involving how to use elision to avoid toxic data, while still transmitting information. It builds on the idea of "Selective Correlation" from @RWOTEvents. [4/10] https://github.com/BlockchainCommons/Gordian/blob/master/Docs/Envelope-Use-Cases-Educational.md#7-burton-bank-avoids-toxicity-herd-privacy-with-selective-disclosure Our data-distribution use cases focused on a new cryptographically enabled WebFinger-like protocol. Our most advanced case there used selective correlation to enable progressive trust. [5/10] https://github.com/BlockchainCommons/Gordian/blob/master/Docs/Envelope-Use-Cases-Data.md#6-carmen-makes-cryptfinger-progressive-progressive-trust One of our new software use cases talks about how to release software while maintaining anonymity, building on the famous Amira Engagement Model, also from @RWOTEvents. [6/10] https://github.com/BlockchainCommons/Gordian/blob/master/Docs/Envelope-Use-Cases-Software.md#anonymous-signing We've also got use cases for using Shamir's Secret Sharing and multiple permits to increase the resilience of financial asset storage. [7/10] https://github.com/BlockchainCommons/Gordian/blob/master/Docs/Envelope-Use-Cases-Assets.md#part-two-raising-resilience-of-restricted-results Gordian Envelopes can do a lot of things! They're a flexible privacy-enhancing data storage and transmission method built to support the diversity of needs in the world! [8/10] https://github.com/BlockchainCommons/Gordian/blob/master/Docs/Envelope-Use-Cases.md#the-common-thread-of-use-cases Read our Intro to learn more about Gordian Envelope. [9/10] https://github.com/BlockchainCommons/Gordian/blob/master/Docs/Envelope-Intro.md You can support the further development of this new privacy-supporting data methodology by becoming a patron of Blockchain Commons [10/10] https://github.com/sponsors/BlockchainCommons ## Envelope Diff Posted: * https://twitter.com/ChristopherA/status/1604966725476155393 * https://mastodon.social/@ChristopherA/109542700460019083 ## Musings #1: Progressive Trust (posted with minor changes and one image at https://twitter.com/ChristopherA/status/1602830931638685697 ) ## Envelopes for IIW Week (sent: https://twitter.com/ChristopherA/status/1593314201237233664 ) ## Intro to Gordian Envelopes Posted at https://twitter.com/BlockchainComns/status/1588245396932857857 & https://twitter.com/ChristopherA/status/1588257256826499072 -- ## Existence Proofs Posted at https://twitter.com/ChristopherA/status/1582054070637932545 ## Elision in Detail Posted at https://twitter.com/ChristopherA/status/1580945538060386304) ## Envelope-CLI demo. Posted at https://twitter.com/ChristopherA/status/1580273941184008192) ## Q3 Report ### From @BlockchainComns Posted https://twitter.com/BlockchainComns/status/1578068815610408960) ### From ChristopherA Posted at https://twitter.com/ChristopherA/status/1578095221283336192 ) ## RWOT11 Posted https://twitter.com/ChristopherA/status/1572284789763506178 ## SS2: The After Party Presentation videos, slides, and transcripts from last week's #SiliconSalon on the topic of "Secure Boot, Supply-Chain Security & Firmware Upgrades" for future cryptographic ships are now available. https://twitter.com/ChristopherA/status/1571907511732797440?s=20&t=YroPVpXyYx8LZPu5L94umw] The second Silicon Salon organized & facilitated by @BlockchainComns occurred this Wednesday. You can now read all about it. [1/10] https://www.siliconsalon.info/salon2/ The object of Silicon Salon is to bring together people from blockchain & semiconductor communities, to plot out a next generation of crypto-chips. Our presenters this time included Bunnie Studios, Cramium Labs, Foundation, Proxy, and the VLS team. [2/10] https://www.siliconsalon.info/salon2/presentations/ The focus of this second Silicon Salon was on Secure Boot, Supply-Chain Security, and Firmware Upgrades. There's a lot more to working with semiconductors than just the chip itself! [3/10] The presentations offered a lot of depth on how people are currently overcoming these challenges. Our web pages include slide shows and transcripts from the presentations. [4/10] https://www.siliconsalon.info/salon2/presentations/ If you'd like, you can also watch all the presentation videos on our YouTube channel. [5/10] https://www.youtube.com/playlist?list=PLCkrqxOY1FbqacMfq755GNWs2sTmJpMHF We had lively Q&A on the presentations as well as some open discussions on all three topics. Take a look at our website for key quotes on boot, firmware, and supply chains. [6/10] https://www.siliconsalon.info/salon2/ And if you missed the first Silicon Salon, which provided an overview of the topic, we've collected all of the info from that event as well. [7/10] https://www.siliconsalon.info/salon1/ We are considering acceleration as a topic for our third Silicon Salon, either in Fall or Winter, depending on how the holidays affect everyone! [8/10] Thanks to all of our participants! They're the ones that make the Salons work, since they're all about bringing multiple parties together, into the Commons. [9/10] If you feel this sort of work is important, please consider becoming a sponsor of @BlockchainComns on GitHub. [10/10] https://github.com/sponsors/BlockchainCommons ## SS2: Second Take (posted at https://twitter.com/ChristopherA/status/1567272822795567104 ) You can now sign up for the Second Silicon Salon on September 14th. It focuses on secure boot, supply-chain security, and firmware upgrades. [1/10] https://www.eventbrite.com/e/silicon-salon-2-tickets-403779845387 Generally, the Silicon Salons discuss the interaction between the cryptography field and semiconductor manufacturer, but there are lots of details there, and we're going to be looking at some of those details next week! [2/10] https://www.siliconsalon.info/ The Second Salon Salon will be concentrating on some of the _foundational_ issues that are critical to hardware security. [3/10] We've talked about the chip, but how important is the supply chain for the rest of the board? [4/10] Are we thinking about input attacks where a PIN might be captured or output attacks where an incorrect address might be shown? [5/10] Are we thinking about which components actually need to be run by the MCU? [6/10] Moving forward in time brings us to the question of upgrades: how can we continue to trust hardware following firmware updates? [7/10] There's also the possibility of self-sovereign hardware. Can we take control of firmware from a vendor, and what does that ultimately mean? [8/10] This is still the beginning of the Silicon Salons. We've got many more interesting topics to talk about! We hope you'll join us for secure boot, supply-chain security, and firmware upgrades. September 14th: 9am PT. [9/10] https://www.eventbrite.com/e/silicon-salon-2-tickets-403779845387 See our archives of the first Salon for some of the in-depth discussions and presentations you can expect to participate in this time. [10/10] https://www.siliconsalon.info/salon1/ ## SS2 (posted with changes: https://twitter.com/ChristopherA/status/1563257982611103744) ## Private Keys (published with minor changes: https://twitter.com/ChristopherA/status/1558146722542469121) ## CSR (Sent with many changes at https://twitter.com/ChristopherA/status/1550125895918112771 ) ## DID Posted with many changes: https://twitter.com/ChristopherA/status/1549555601092460545 ## Quarterly ### Blockchain Commons Today’s Q2 report to our sponsors details our recent accomplishments (such as our recent #SiliconSalon) and offers some of our priorities for Q3 and important events for the remainder of this Summer or coming up this Fall. Join us as a sponsor now! https://www.blockchaincommons.com/quarterlies/Q2-2022/ [double check that URL after PR RELEASE] The newest quarterly report was just released by @BlockchainComns. [1/9] [RETWEET] Our most notable event was the Silicon Salon, where we brought together several different Blockchain Commons members to talk about the future of silicon design for cryptography. [2/9] https://www.siliconsalon.info/ The Silicon Salon showed the strength of the Commons. We've now got enough diverse experience that we can share our knowledge and our requirements and really innovate for the future! [3/9] We also continue to evolve our reference apps, which provide examples of our specifications and the Gordian Principles. Our biggest release this quarter was for Gordian Seed Tool 1.5. [4/9] https://github.com/BlockchainCommons/GordianSeedTool-iOS/releases/tag/releases%2Funiversal%2F1.5 For Smart Custody, we completed our draft of our multisig scenario. One of our final additions was a set of illustrations, because using multisigs is still harder than it should be! [5/9] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Scenario-Multisig.md We also did extensive work with the Wyoming legislature on e-residency, private key protection, and a new idea called WRDAS, which are registered digital assets. [6/9] The last was supported by our new coterie of interns, who are also working on projects such as BIP-322, Spotbit, and Learning Bitcoin. [7/9] Take a look at our quarterly report for all the specifics, and also for info on our big three future projects: CSR, a unified hardware API, and more reference upgrades. [8/9] https://www.blockchaincommons.com/quarterlies/Q2-2022/ [AGAIN, DOUBLE CHECK THE URL] If our various projects are important to you, please consider becoming a Blockchain Commons sponsor! Thank you! [9/9] https://github.com/sponsors/BlockchainCommons ## GST Sale (for posting July 2nd) ### Blockchain Commons It's Indepdence Weekend in the United States, and so we've put Gordian Seed Tool on sale through the 4th! https://apps.apple.com/us/app/gordian-seed-tool/id1545088229 ### Christopher Gordian Seed Tool is on sale from @BlockchainComns in honor of Independence Day in the United States [1/6]. QUOTE RETWEET Independence is actually the first of the Gordian Principles. The Gordian reference apps, such as Seed Tool, are meant to demonstrate how you can individually control your digital assets [2/6]. https://github.com/BlockchainCommons/Gordian#gordian-principles For Gordian Seed Tool, that means maintaining control of the seeds that you use as the foundation for your private keys [3/6]. Gordian Seed Tool will respond to requests for specific keys and even accept and sign PSBTs. But your seed need never leave the device that you personally control. [4/6] 246 years ago, the 13 colonies declared their indpendence from a distant government. Today, we are fighting for our independence in the digital space. Gordian Seed Tool depicts our model for the path forward. [5/6] You can also retrieve the source code directly from the Blockchain Commons repo, examine it, and compile it yourself, if you prefer. That's true independence. [6/6] https://github.com/BlockchainCommons/GordianSeedTool-iOS ## Silicon Salon Tweets ### CrossBar CrossBar spoke at our recent Silicon Salon on their own silicon development for cryptography. [1/3] https://www.youtube.com/watch?v=F6rjYPNE1-4 A key quote from the CrossBar presentation: "There are really quite different cultures here. In chips, it’s super expensive to develop a chip. Rather than thinking in terms of cost to acquire a customer, we think of the tooling cost and our key metric is gross margin." [2/3] Information on the entire Salon, including five presentations, is available at siliconsalon.info [3/3] https://www.siliconsalon.info/ #### Chris I was thrilled when CrossBar joined @BlockchainComns as a sustaining sponsor, because it allowed us to build new connections, from the airgap wallet creators who were many of our first supporters, to someone actually making the next generation of cryptographic hardware. ### Proxy Proxy's presentation at the Silicon Salon focused on the challenges of software and wearable hardware wallet design. [1/3] https://www.youtube.com/watch?v=A9QtdeWqC6U A key quote: "The vendor is not going to change something that will trigger re-certification unless they have a large commitment from a big player like a phone manufacturer that actually wants that functionality." [2/3] More key quotes and other output from the salon can all be found at siliconsalon.info. [3/3] https://www.siliconsalon.info/ #### Chris Proxy, another @BlockchainComns sponsor, is doing cutting-edge digital-asset work combining software with wearable hardware. The limited power, space, and I/O that result require new crypto-semiconductor manufacturers to take the next step forward, across the leading edge. ### Tropic Square Tropic Square gave a presentation at the first Silicon Salon detailing their fully transparent and auditable chip, creating a basis for better hardware security. [1/3] https://www.youtube.com/watch?v=g43vvXUw16Y A key quote, discussing the need for transparency: "There is a problem ... that you can’t buy a transparent chip, so you have to trust the vendor and you have little to no visibility on the implementation." [2/3] More key quotes, the original slides, and other presentations are available at the siliconsalon.info web site. [3/3] https://www.siliconsalon.info/ #### Chris The Gordian Principles of @BlockchainCmns require users to have openness and independence to control their digital assets. It's great to see a company like Tropic Square dedicating themselves to the transparency these principles require, as they discussed at the Silicon Salon. ### Libre-SOC The final presentation at the first Silicon Salon was from Libre-SOC, who is working on a Libre Vector-enhanced Power-ISA-compliant CPU that can handle supercomputing tasks. [1/3] https://www.youtube.com/watch?v=us061o4PBZs A key quote: "The challenges that a crypto-wallet ASIC faces is first and foremost that there is a massive industry-wide paranoid 5-layer-deep NDA chain." [2/3] More quotes, slides, and a transcript of the presentation can all be found at the siliconsalon.info website. [3/3] https://www.siliconsalon.info/ #### Chris As of today, no one has made a semiconductor chip specialized for cryptography, so it's great to have a number of different companies all working toward that goal today: Libre-SOC is focusing on a chip that is fast, safe, and trusted, as they discussed at the first Silicon Salon. ### Bonus Tweetstorm on NFC Tags & GST One of the major features of our new Gordian Seed Tool 1.5 release is the ability to read from and write to NFC Tags. [1/12] https://apps.apple.com/us/app/gordian-seed-tool/id1545088229 It's great to be able to write data from Gordian Seed Tool without the need for an accessory, but as I wrote in my announcement of GST 1.5, there are definite security concerns. [2/12] RT: #7 of previous storm. We suspect the write and read process is relatively secure; after all, Apple is able to use it for credit card numbers. [3/12] The security concerns arise when the data is at rest on the Tag itself. We don't currently encrypt the data, so if someone had a high-enough powered antenna, they could read the data off your Tag and you'd never know! [4/12] That's why this feature is mainly intended for developers. We'd love devs to test it out, and then to let us know what features (and what security) is important for NFC usage. [5/12] https://github.com/BlockchainCommons/Airgapped-Wallet-Community/discussions Mind you, NFC Tags for Gordian Seed Tool can still have good uses, if the security limitations are understood. [6/12] They may be great for writing SSKR shares. Even if someone read a Tag, they'd just have a single share. (But even more than usual, keep your shares separate!) [7/12] They can also be useful for transmitted non-secret information, such as signed PSBTs. [8/12] The best feature of NFC Tags is that they're easy. You just hover your phone near the Tag and it's read or written. That's the type of usability we need, in order to make cryptocurrency available to everyone! [9/12] If you'd like to pick up GST 1.5 for your own testing, you can purchase it from the Apple App Store, or compile it yourself from source. [10/12] https://github.com/BlockchainCommons/GordianSeedTool-iOS If you've a developer, please visit our Airgapped Wallet Community afterward to talk about your experiences and your own NFC requirements! [11/12] https://github.com/BlockchainCommons/Airgapped-Wallet-Community/discussions If you want to support continued experiments of this sort, with NFC Tags and with other new technology, please become a @BlockchainComns sponsor! [12/12] https://github.com/sponsors/BlockchainCommons ## #SC 2.0 Blockchain Commons is working on #SmartCustody 2.0, the next generation of protection for your digital assets. We've recently laid out our plans for the project. [1/8] https://github.com/BlockchainCommons/SmartCustodyBook/blob/master/TODO.md Why #SmartCustody? Because Blockchain Commons believes in independence, privacy, resilience, and openness for your digital assets. You should be in control, and you should feel that your assets are safe. #SmartCustody reveals how. [2/8] #SmartCustody 2.0 will expand our classic self-custody scenario with a new multisignature scenario and will include design principles for multisig and sharding schemes as well as our classic risk modeling methodology. [3/8] We've written preliminary documents on much of this material already, including the new multisig scenario, design methods, sharding dangers, and even a raw look at timelocks. [4/8] https://github.com/BlockchainCommons/SmartCustodyBook/blob/master/TODO.md#current-documents We'll also be describing a number of new adversaries, to help digital asset holders figure out what their own personal threats are. [5/8] https://github.com/BlockchainCommons/SmartCustodyBook/blob/master/TODO.md#chapter-eight-adversaries Because #SmartCustody isn't just about copying procedures, but about figuring out what's important to your own holdings! [6/8] The goal of #SmartCustody 2.0 is to bring together the work of the last few years and to incorporate all the great new functionality that's been brought into the Bitcoin ecosystem in that time. [7/8] Now we need to finalize that work, fill in the blanks, and standardize everything. For that we need your help as a patron or contributor. Please let us know that #SmartCustody is important to you! [8/8] https://github.com/sponsors/BlockchainCommons ======= ## Request/Response ** UNPOSTED?** At Blockchain Commons, we've recently released a new video, demonstrating how to use the UR specifications for request and response to send PSBTs. [1/10] https://youtu.be/W6h8z5VXsDU Traditionally, cryptomaterials have been sent around in freeform ways. We specified Uniform Resources for sending typed binaries, so you always know what you get. [2/10] https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-005-ur.md UR's request and response is the next step: it allows for the well-specified interactions required by multi-step, multi-person crypto interactions. [3/10] https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2021-001-request.md Our video shows the two-part process required to transact with a multisig PSBT. Each part requires a request and a response. [4/10] https://youtu.be/W6h8z5VXsDU First, you request a public key. This could be a known public key, or one that the responder prefers. The response is the key. [5/10] Later, you send a PSBT and request that the responder sign it. The response is the PSBT with additional signatures. [6/10] In this video, this is all done with Gordian Seed Tool, our reference app that shows you how to use URs and other Blockchain Commons specifications! [7/10] https://apps.apple.com/us/app/gordian-seed-tool/id1545088229 It's all well-specified, and it's got room for future expansions, such as encoding requirements for additional validation or business rules. Bare PSBTs can't do this! [8/10] Take a look at our video, and let us know how request/response would be useful in your crypto interactions. [9/10] https://youtu.be/W6h8z5VXsDU And if you'd like to support this work, improving the interoperability of the crypto-community, please consider becoming a patron. [10/10] https://github.com/sponsors/BlockchainCommons ## Efficient QRs ** UNPOSTED?** Blockchain Commons has released a Swift port of Project Nayuki, an efficient, tunable QR generation library. [1/8] https://github.com/blockchaincommons/QRCodeGenerator We feel that QRs are a vital technology for transmitting information, especially across Airgaps. One of the foundations of our Universal Resources work was better integration with QRs. [2/8] https://github.com/BlockchainCommons/crypto-commons/blob/master/Docs/ur-1-overview.md Unfortunately, the Apple-native Swift QR libraries aren't as good as we'd like. When we tried to re-encode Smart Health Cards (SHCs) they bloated in size and became unreadable on a phone! [3/8] The problem was that the SHCs depended on optimizing individual segments of a QR for best efficiency, and Apple doesn't support that. Our port of Nayuki resolves this problem. [4/8] Blockchain Commons has done a fair amount of work on QRs in the last few years, most notably using our UR specification to produce animated QRs for PSBTs and other larger data. This is another step along the way. [5/8] We've also produced a QR Tool for iOS devices, intended for the storage of QRs. We're looking forward to integrating our new Swift port with it! [6/8] https://www.blockchaincommons.com/projects/Releasing-QRTool/ If you'd like to discuss our work toward interoperable specifications, please join our Airgapped Wallet Community. [7/8] https://github.com/BlockchainCommons/Airgapped-Wallet-Community Also consider becoming a sponsor of Blockchain Commons, to support our continued work on specifications that help everyone. [8/8] https://github.com/sponsors/BlockchainCommons ## Secret Sharing **UNPOSTED?** SmartCustody has been one of Blockchain Commons' priorities since back in 2019, when we published our #SmartCustody book and ran our first in-person course. We've recently collected our #SmartCustody info in a new repo. [1/9] https://github.com/BlockchainCommons/SmartCustody When we talk about a focus on responsible key management, this is what we mean. We want people and companies alike to make sure their keys are resilient and secure. It's one of our Gordian principles. [2/9] https://github.com/BlockchainCommons/Gordian#gordian-principles Our initial SmartCustody book talked about how to risk-model and to use a simple cold-storage scenario to protect funds. However, tools are what can rarely make your custody smart, so this year we've expanded that with discussions of multisig, timelocks, and secret sharing. [3/9] The secret sharing articles are our newest content, just released this week. There are two of them, one on secret sharing scenarios, the other on secret sharing dangers. [4/9] The scenarios talk about standard ways to shard a secret, including 2-of-3, 3-of-5, and 4-of-9 scenarios. How do you divide up the shares? Who do you give them to? Our article offers ideas. [5/9] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/SSKR-Sharing.md We also discuss a 2-of-3 of two-of-three groups scenario, a multilevel option that's available using our SSKR specification. [6/9] https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-011-sskr.md The dangers article talks about how secret-sharing can compromise you in the authentication, transmission, or reconstruction of a secret. But, you can avoid it by also using a multisig. [7/9] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/SSKR-Dangers.md If you'd like to see more #SmartCustody work to support responsible key management, including more discussion of the newest tools to do so, please become a patron of Blockchain Commons. [8/9] https://github.com/sponsors/BlockchainCommons Also join us in our Airgapped Wallet Community to talk about the future of open, independent, resilient, and private specifications for digital assets. [9/9] https://github.com/BlockchainCommons/Airgapped-Wallet-Community ## Gordian **UNPOSTED?** Blockchain Commons wrote the book on maintaining #SmartCustody of your digital assets. What's next? The Gordian system. It's a real-world implementation of #SmartCustody ideas. [1/9] [include https://github.com/BlockchainCommons/SmartCustodyBook/blob/master/images/logos/smartcustody-logo.png] Gordian is a set of principles and best practices for the creation of cryptocurrency and digital-asset wallets. [2/9] https://github.com/BlockchainCommons/Gordian Gordian means independence: you control your wallet, you decide your node, and you choose how you connect to other decentralized microservices. It's a step toward self-sovereign identity. [3/9] http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html Gordian also means resilience. Our reference architecture ensures that services are discrete and protected by torgaps, creating security for your funds and privacy for yourself. [4/9] https://github.com/BlockchainCommons/torgap Finally, Gordian means openness. Blockchain Commons is dedicated to open infrastructure, so Gordian supports competitiveness, interoperability, and survivability. We want competitors to jointly make the wallet ecosystem better. [5/9] Gordian's best practices suggest balancing independence and resilience through use of multisigs. We recently wrote about how to design multisigs, highlighting the Gordian approach to the technology. [6/9] https://github.com/BlockchainCommons/Gordian/blob/master/Docs/Multisig.md Gordian reference applications such as LetheKit, Cosigner & Guardian demonstrate how open infrastructure works and can provide a fully airgapped solution for your cryptographic seeds if need be. The idea that you get to decide which services to use is the heart of Gordian. [7/9] [include https://raw.githubusercontent.com/BlockchainCommons/Gordian/master/Images/appmap.jpg] If you'd like to learn more about Gordian and its interoperable specifications for the next generation of wallets, please join us & many other wallet developers in our Airgapped Wallet Community. [8/9] https://github.com/BlockchainCommons/Airgapped-Wallet-Community/discussions To support the creation of these principles, best practices, and specifications for digital-asset wallets, built on independence, resilience, and openness, please consider supporting Blockchain Commons at GitHub. [9/9] https://github.com/sponsors/BlockchainCommons ## Tweetstorm on Keytool State Diagram > [name=Christopher Allen (Target audience is bitcoin developers that want do investigate various key derivations. Storm needs major work. The diagram may need to be broken into parts. )] Keytool is a CLI tool that implements a data flow graph for deriving cryptocurrency keys and addresses, and signing transactions. Keytool can be supplied with any of the attributes for the nodes, can be asked for any of the attributes of the existing or derivable nodes. In this way, Keytool can implement a very short derivation such as "Derive a master HD key from a seed," or a long sequence of derivations from a seed all the way to a payment address, also outputting any of the intermediate steps along the way. Each node in the illustration is a specific attribute that can be supplied directly on the command line, or derived from its predecessors. Two or more arrows entering a node indicate more than one possible set of inputs can be used to derive it. AND junctors indicate that all predecessor attributes must be supplied, unless a predecessor is marked optional. ## Beancounter **UNPOSTED?** As we approach the season to file taxes (next week for US corporations and next moth for individual) the challenges of properly doing tax accounting for Bitcoin & other digital assets is frustrastring many of us. Blockchain Commons has some advice, plus we could do more! 1/** If your digital assets are mostly for speculation or HODL of Bitcoin, or are largely in & out of a single exchange, services like @Bear_Tax @CoinTracker @CryptoTraderTax @LukkaTech @TaxBit @TokenTax don't do a bad job, but you do have to share a lot of sensitive data. 2/** (5 chars left) However, if you are an active self-sovereign holder of digital assets, or a business like we are (@BlockchainComns mostly receives #BTC from Patrons & pays developers with it) these tax services don't deal easily with our complexities. 3/** In particular, in the US if you are a purchaser of goods & services, you may be subject to a taxable "unrealized capital gain" on each purchase. And there is no minimum amount, you may have to pay capital gains taxes on a cup of coffee. 4/** Thus for a digital asset centric business in US, you want to minimize capital gains taxes, which requires careful "inventory lot" handling. Other jurisdictions have the same problem. The above tax service companies have difficulty here. Since Blockchain Commons has been tussling with these challenges this year as we become more successful. As we believe in open source and given our mission to support open infrastructure, we are sharing how we do our bitcoin accounting. First off, we are using some open source tools, starting with what is known as "command line account" software. After trying several of these, the combination of Beancount, Fava, and some plugins seem to do the job. There are some other benefits — as Blockchain Commons is a "public benefit corporation" we want to be transparent to our stakeholders how our money is spent. One of the strengths of command line accounting is that everything is text or web, so we can save use source control tools like git and make our files available on github. To use Beancount you basically use simply formatted text files for your accounting journals. In this example, we converted $10,000 to bitcoin on April 1, 2018. The purchase price was $6,996.81/BTC and the fee was $146.812. This meant that after deducting the Coinbase fee, we had $9,853.188 remaining to purchase 1.40824004 bitcoin. Fortunately back then we were not charged by Coinbase to transfer this bitcoin to our self-sovereign cold account. The text below illustrates how the journal entry appears, had a fee been charged. ``` 2018-04-01 * "Purchased 1.40824004 BTC" ; for 10,000.00 USD at spot price of 9853.188 BTC/USD Assets:Cash:CoinbaseAccount ;**This entry is self balancing so a figure can be omitted** Assets:Investments:Bitcoin 1.40824004 BTC {3868.90 USD, 2018-01-01, "20180101a"} Assets:Investments:Bitcoin -0.00005000 BTC {15,000.00 USD, "20180115a"} Assets:Investments:BitcoinCostBase 0.00005000 BTC {15,000.00 USD, "20180115a"} ``` Thanks to Sam Accetta @soundmoney6 for help puzzling this out # LetheKit Tweet Storm (currently tested that these fit) We are pleased to announce #LetheKit, the newest project from @BlockchainComns. It is a #DIY platform & SDK for developing sensitive crypto apps on an offline/airgapped device without WiFi, Bluetooth, or local storage, which could leak information. https://github.com/blockchainCommons/bc-lethekit Without local storage, when you turn #LetheKit off it forgets any sensitive data stored in RAM. Thus the name Lethe ("lee-thee") from the mythological river of forgetfulness and oblivion. (Thank you to @eordano for suggesting the name!). (add photo of lethe alaska river canyon) Led by software engineer and hardware hacker Ken Sedgwick @ksedgwic, #LetheKit leverages a ASMD51 “SparkFun Thing Plus” board with an AMD ATSAMD51J20 32-bit ARM Cortex-M4 processor, printable 3D CAD and assembly instructions & an example seedtool application. (photo of ASMD51 https://github.com/BlockchainCommons/bc-lethekit/blob/master/doc/images/assembled.jpg?raw=true) The example seedtool app leverages other libraries under development at @BlockchainComns to help with #SmartCustody. It allows you to create a master cryptographic seed from dice, save or restore it from offline using #BIP39 words or shards of multiple #SLIP39 words using Shamir. (photos from seedtool) One of the goals of #LetheKit is that all of its functionality is completely inspectable & auditable. You can enter the same dice used for randomness into IanColeman's popular javascript tools, or our forthcoming CLI tools, and compare the results. (? screenshot of randomness screen and IanColeman's page) #LetheKit leverages a number of new cryptographic libraries by BlockchainCommons, including bc-shamir & bc-slip39, C implementations of the #SLIP39 shamir secret sharing standard. They currently conform to the @Trezor reference code. https://github.com/satoshilabs/slips/blob/master/slip-0039.md This is a late alpha of #LetheKit v0, so it should not be used for production tasks until it has had further testing and auditing. (more text, what image?) Future plans for v0 of the seedtool include #BIP32 xprv, xpub & digital asset key derivation, output of QR codes to ease input into other devices, and other useful tools for an airgapped device. Other apps might include #zkproof support. Based on the reactions to #LetheKit hardware, we are considering improvements beyond v0 to include various approaches of hardening the software, making the hardware tamper evident, adding a auto-focusing camera for reading dice or QR codes, new motherboards with HSM support, etc. (link?) We would like to thank our financial contributors, project sponsors, sustaining patrons, and of course our volunteers for helping @BlockchainComns to be able do these kinds of blockchain and security infrastructure projects… #LetheKit Blockchain Commons Sustaining Patrons: Sean Moss-Pultz @moskovitch of https://bitmark.com & Digital Contract Design. Project Sponsors: TBA. Individual Financial Sponsors: @aantonop @gwillen Alexandre Linhares @DarioUTXO @__B__T__C__ Anonymous x4 #LetheKit is a project by @BlockchainComns, a not-for-profit benefit organization supporting the open web. Our work is funded entirely by donations from people like you. Every donation will be spent on building open tools & technology for blockchain & security infrastructure. To financially support further development of LetheKit# & our other projects, please consider becoming a ongoing patron of Blockchain Commons by sponsoring us through GitHub; currently, they are matching the first $5k so please do consider this option. https://github.com/sponsors/BlockchainCommons You can also support our projects by contributing Bitcoin to Blockchain Commons via our BTCPay Server: https://btcpay.blockchaincommons.com Please share with us on Twitter your progress on making your own #DIY #LetheKit! Share photos of your experience! We welcome issues (even basic questions) and pull requests at our GitHub repository. https://github.com/blockchainCommons/bc-lethekit