Accidentally wandered into the WMD aisle of the farmer's market

[advertisement for teething infants]: have you been sleeping through the night? are you not riddled with guilt wondering whether you're a good parent? well check this out!

Watched the U.S. presidential debate last week between Trump and Biden. Watching the Iranian presidential debate between Pezeshkian and Jalili now. All the "this is fine" dog in burning house memes ever made aren't enough to convey what I'm feeling.

Sigbash update: Making progress on the REST API! Hoping it'll be ready for testing white labeling in Two Weeks ™️

I just run realized Van Morrison has two songs about the exact same thing - 'Dancing In The Moonlight' and also 'Moondance' - and they're both absolute bangers gm

"Building and deploying something unstoppable is also a decision" is deffo going on a t-shirt.

Everybody was hyping me up for a possible Carrington Event and in the endI didn't even get to see any pretty lights ;(

Sigbash update: Passkeys, Price Feeds, and PSBT introspection! Original beta announcement Xitter thread here:

X (formerly Twitter)

arbed_out (@arbedout) on X

Techie mumbo jumbo: when a user requests an xpub, Sigbash sends one to the client browser, and then on the client the WebCrypto API is used to choo...

Six weeks of beta testing and I can separate out the feedback I've gotten into two broad categories: 1) The oracle is useless (because I don't really need it) and 2) The oracle is useless (because it doesn't do what I really need) For 1) - I definitely didn't appreciate how many users just wanted to submit a form to get an xpub / have an xpub signed without any conditions. That's great! But also Sigbash v1 was kind of terrible for that - without any conditions, every xpub is effectively an xprv, since you can just present it to the signing server and we'll happily assume that your ownership of the key is enough proof that we should sign for you. Since everyone in your multisig quorum can theoretically see your xpub, that means everyone has your xprv. Not ideal! I thought about this for a bit and settled on implementing passkey authorization - now you can associate a passkey with an xpub when you first request it, and we'll only sign for that xpub if the passkey is presented at signing time. Givs your xpub to whoever you like; we won't sign requests for it unless you present your Apple FaceID, or fingerprint TouchID, or Yubikey, etc. (Side note: This is the first Bitcoin-y thing I've built that I've had my mom test on her phone. Wild feeling watching her authenticate with her FaceID to make a signing request.) For 2): The original oracle could only check three conditions - the bitcoin network hashrate, or the balance of a given Bitcoin address, or the BTC/USD exchange rate. All conditions were evaluatedaft signing time. I got a *ton* of requests for new conditions to commit to, so many that I refactored the entire oracle UI and backend. Now you can restrict Sigbash from signing a request for an xpub based on: *the price of 170+ fiat currencies, precious metals, or crude oil; *Treasury yields, SOFR or the Fed Funds rate; *hashrate for a given mining pool or the entire network; *daily Bitcoin transaction fees in USD; *the balance of a Bitcoin address Instead of just checking the value for the condition at the time a signing request is submitted, you can now specify values for a given date - e.g. "Sign if Luxor's hashrate on May 6 is greater than 100 EH/s" or "Sign if the exchange rate of Bulgarian Lev to USD on April 27 is above $.010/USD". This radically changes the value proposition of the oracle; you can now build incredibly complex conditional contracts from these basic building blocks. Finally, and also to address 2) - I added PSBT introspection, which is a fancy way of saying you can restrict an xpub to only sign for a request if the sum of the inputs, outputs or transaction fees in the PSBT you submit for signing are above or below a certain value in satoshis. The combination of these features - being able to build addresses with spending conditions dependent on price feeds, or hashrate, or the value of a given Bitcoin address, or the inputs and outputs of the spending transaction - are what I'm hoping will be available to Bitcoin users when there's widespread adoption and support for discreet log contracts and a soft fork that enables some form of covenants. Since we aren't there yet, my hope is that we can start building and testing the UX out for that future and progressively upgrade the Sigbash backend to provide users more sovereignty as new soft forks are activated and DLC oracles get better tooling and wallet support. (And if covenants are never activated and DLCs never get much traction? We'll still have this imperfect-but-good-enough implementation to get the job done.) Give it a spin at https://www.sigbash.com, use code BETATEST to grab an xpub, and again please remember this could break at any time until we're out of beta. Thanks y'all, onward!

Putting the finishing touches on a new Sigbash release based on all the feedback I've gotten over the past month. Definitely announcing all the changes here first instead of Xitter. (Maybe I can just screenshot the note and post it there?)

There's a Craig Wright joke here somewhere

Parenting tip: you don't have to sing baby lullabies or play baby songs to your newborn. They will happily rock out to The Sisters Of Mercy and Prince if you offer it to them, no matter how off key you are.

The fact that your timeline isn't flooded with influencers proclaiming they stand with the students, chanting "Universities! Life! Freedom!", is something worth spending a few cyles thinking about.

Current mood

My unsolicited Hot Take on the Current Thing is that you should maybe stockpile a spare laptop or two and grab some Bitcoin while it's on sale. If the US isn't intervening here, China's taking Taiwan without any kinetic intervention, and getting their dollar assets frozen the same day.

Wrapping this up now. Excellent framing, contrasting Tim May's vision of crypto anarchy with Julian Assange's idea of 'crypto justice', exploring what 'privacy for the weak, transparency for the powerful' means in practice.

New version of Mutiny has me wanting to send friends money just for funsies. Such a slick UI.

>reading up on the Lightspark-Coinbase partnership

Implemented QR codes at a beta tester's request, now importing sigbash keys into nunchuk.io is a breeze :)

Reposted from Xitter: Bear markets are for building, bull markets are for... beta testing? I've been working on an automated multisig key agent I'm calling Sigbash (website:

Sigbash - Welcome to Oblivious Signing

- use code BETATEST if you want to help kick the tires on it). Sigbash implements browser-side xpub blinding, which is a fancy way of saying that, from the time a user is issued a key, right up until the key agent is asked to sign a transaction, the key agent *doesn't actually know anything about the key it issued* This means that if the signing server is ever compromised or a bad actor somehow gets a hold of the seed phrase, they won't be able to discover anything about what it protects (!) Quick 🧵 below: Techie mumbo jumbo: when a user requests an xpub, Sigbash sends one to the client browser, and then on the client the WebCrypto API is used to choose a random derivation path to generate a new child xpub. A SHA256 hash of this xpub is sent to the Sigbash server; the hash is the only information the server has about the key until a request is made to sign a PSBT. When it's time to sign, the user submits the PSBT along with their xpub; the signing server takes the SHA256 hash of the submitted xpub and check whether there's a record of it, and if so returns a signed PSBT. Instead of having a human in the loop to confirm a signing request, a user can instead attach signing conditions to a key when it's issued- e.g. "sign transactions submitted with this key immediately", or "only sign after a certain date", or "only after a certain block height" along with "sign only if this Bitcoin address has a balance greater or less than a certain number of satoshis" or "sign only if the global network hashrate is greater or less than a certain number of Terahash", or "sign only if the BTC/USD exchange rate is above or below a certain number" I've tried to square the circle of making this as private as a multisig key agent can be while still being supported by as much of today's wallet software as possible - there are no trackers on the site, no accounts to set up or email addresses that can be harvested, no credit cards to bill (thanks @BtcpayServer !), and it's available over Tor to avoid leaking your IP address. There's absolutely more that can be done here with e.g. Taproot key paths, Musig2, hopefully even OP_CHECKSIGFROMSTACK one day - but for now I wanted to focus on the existing wallet ecosystem ("meet your users where they are" and all that) Instead of implementing some sort of slashing mechanism or fidelity bonds to ensure the signer doesn't go rogue, Sigbash makes use of what Mircea Popescu would have called a 'GPG contract' (https://nakamotoinstitute.org/mempool/gpg-contracts) - every xpub purchased comes with a PGP signed receipt that includes the hash, the signing conditions and an OpenTimestamp file attesting to when it was created. If the signer either fails to sign when it should (or signs when it shouldn't), users can post the receipt and effectively burn the key agent's reputation. If you want to give it a try: a) check the FAQ at

Sigbash - Welcome to Oblivious Signing

and in particular the compatibility chart - not all wallets support non-standard derivation paths! and b) use the checkout code BETATEST to get a free xpub to play with - which I plan on disabling when the in a few weeks when the halving comes, just as a heads up ;) Thanks to everyone who helped to test this over the past few months, I couldn't have done it without you. A very special thanks to @Rob1Ham and @SahilCO for their early feedback and uncovering the nastiest of bugs, and @mflaxman for coming up with the idea for blinded xpubs back in 2020 (https://github.com/mflaxman/blind-xpub) Back to your regularly scheduled shitposting ASAP, I promise :)