Fundamentals. @Fundamentals21m
Book: https://zeuspay.com/btc-for-institutions
npub12eml5kmtrjmdt0h8shgg32gye5yqsf2jha6a70jrqt82q9d960sspky99g
AverageGary
npub160t5zfxalddaccdc7xx30sentwa5lrr3rq4rtm38x99ynf8t0vwsvzyjc9
Cryptography Wookbook: https://github.com/cryptography-camp/workbook
---- navigate to the current release on the right tab to download the workbook
---- DO NOT LISTEN TO THE EPISODE UNLESS YOU HAVE THE WORKBOOK HANDY
We’re back and recommitting to our North Star: getting comfortable with the math behind Bitcoin-grade cryptography. In this kickoff, we set the stage for a multi‑episode journey through a cryptography “workbook” on discrete‑log‑based multiparty signatures—using it as a scaffold to build real intuition for groups, fields, rigor, and proofs without being intimidated by jargon. We talk prerequisites (Z_p operations, cyclic groups, conditional probability, union bound, proof by contraposition), why rigor matters more than vibes, and how abstraction lets us reason cleanly about things like elliptic‑curve “addition” and key‑tweaking. We also peek at the table of contents we’ll tackle: negligible functions, games and asymptotic security, hash functions and collision resistance, commitments and accumulators (hello, Utreexo), one‑time and Lamport signatures, the discrete log problem, Pedersen commitments, DDH, ElGamal, the random‑oracle model and forking lemma, all the way to Schnorr signatures, key‑tweaks, and interactive aggregate signatures (e.g., DahLIAS). Expect a mix of precise definitions, worked examples, and occasional reinforcements from friends smarter than us—plus some probability detours like Monty Hall and Poisson to keep our statistical muscles warm.
- 'DahLIAS: Discrete Logarithm-Based Interactive Aggregate Signatures': https://eprint.iacr.org/2025/692
- 'BIP-340: Schnorr Signatures for secp256k1': https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
- 'Bitcoin Optech Topic: Schnorr Signatures': https://bitcoinops.org/en/topics/schnorr-signatures/
- 'Taproot (overview)': https://bitcoinops.org/en/topics/taproot/
- 'Utreexo: A dynamic hash-based accumulator optimized for the Bitcoin UTXO set (MIT DCI)': https://www.dci.mit.edu/utreexo
- 'Random Oracle Model (overview)': https://en.wikipedia.org/wiki/Random_oracle
- 'Forking Lemma (cryptography)': https://en.wikipedia.org/wiki/Forking_lemma
- 'Decisional Diffie–Hellman (DDH) assumption': https://en.wikipedia.org/wiki/Decisional_Diffie%E2%80%93Hellman_assumption
- 'Diffie–Hellman key exchange': https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
- 'ElGamal cryptosystem': https://en.wikipedia.org/wiki/ElGamal_encryption
- 'Pedersen commitment': https://en.wikipedia.org/wiki/Pedersen_commitment
- 'Lamport signature': https://en.wikipedia.org/wiki/Lamport_signature
- 'Discrete logarithm (background)': https://en.wikipedia.org/wiki/Discrete_logarithm
- 'Finite field (Z_p basics)': https://en.wikipedia.org/wiki/Finite_field
- 'Cyclic group': https://en.wikipedia.org/wiki/Cyclic_group
- 'Conditional probability': https://en.wikipedia.org/wiki/Conditional_probability
- 'Union bound': https://en.wikipedia.org/wiki/Union_bound
- 'Monty Hall problem': https://en.wikipedia.org/wiki/Monty_Hall_problem
- 'Poisson distribution': https://en.wikipedia.org/wiki/Poisson_distribution
- 'Contraposition (proof technique)': https://en.wikipedia.org/wiki/Contraposition
- 'Riverside (recording platform)': https://riverside.fm
- 'Nostr protocol (reference repo)': https://github.com/nostr-protocol/nostr
[00:00:02]
Unknown:
Stop. What's up, Gary? What's going on? I'm here to have my math motivated.
[00:00:34] Unknown:
Yeah. I'm here to motivate. I'm here to motivate some math. You ready to you you here to do that? It's been a little while. It's been, like, longer than usual. I don't know how long it's been, but a little bit longer than usual.
[00:00:47] Unknown:
I've been counting. It's, no. I haven't. Actually, I was gonna try to come up with a number of seconds, but not feeling it. It has been a while, but that that's okay. We've got we've got things that we've been doing, and we remain motivated
[00:01:00] Unknown:
because we're still here. The motivation will never ever stop. It may slow. It may speed up. It will never stop. But what what are we motivated to do today? That's the question. Well, first things first, man. I I'm I'm a little worried little worried about this recording actually happening. I got my last podcast didn't upload to Riverside. And I was saying, what's what are the chances that, they would screw me over again consecutive rips? I have no idea. I've never done the statistical math. Well, you should. Because we know how to do that. We we started talking about Poisson distribution on the last episode. I know it was a long time ago, but that's exactly that's exactly the distribution that would ask that question. Like, how many how many times am I gonna get fucked over in in in a small period of time?
[00:01:51] Unknown:
You've got me thinking about, like, engineering wise, how they would determine or detect this on the back end. And, it's not where my mind was planning on going. Yet here we are. That's okay. We can
[00:02:02] Unknown:
we can all go back and listen to the probability episode, and we'll have more about we'll have more in probability as things go. But what I I think we wanna refocus on cryptography. Right? Absolutely. Provable cryptography Yeah. For Bitcoin. The
[00:02:17] Unknown:
An introduction.
[00:02:18] Unknown:
Trademark, I guess.
[00:02:20] Unknown:
Not quite trademark. Creative condoms. Creative condoms. Public domain.
[00:02:24] Unknown:
But we're again, the North Star the North Star is understanding the math behind cryptography and becoming comfortable and not ever being intimidated by a person who claims to know it. And, you know, just getting on that road and what we you found a document that I think is interesting. I immediately said, let's spend the next x amount of episodes trying to go through it. And I hope we don't get I hope we don't get derailed on, like, in, like, two minutes because it's so, like, we just can't do it. We may have to recruit we might have to recruit some mathematicians
[00:03:01] Unknown:
to maybe help us get through some of these concepts possible. Get there. But I like, the the beautiful thing and and what struck me when I opened this document first of all, just credit to the authors, from blocks Jonas Nick from Blockchain Research. If you've followed any of the cryptography in the space or read any of the papers, that that's a name that you would probably
[00:03:21] Unknown:
Yes. Because by, like, Nickler on Twitter. Yeah. I think a Nick Jonas. And I'm like, oh, it's just last name Jonas Brothers. Last name last name comma first name. No. Jonas Nick. That's why I know that's like, oh, yeah. That's that guy.
[00:03:35] Unknown:
But the the introduction, like, just the first paragraph, and I'll I'll I'll read it verbatim because I think it beautifully captures, even the goal of this podcast. Right? So the the this workbook has two primary goals. First, it aims to provide sufficient background to understand state of the art papers on cryptographic signatures with a focus on discrete logarithm based multiparty signatures, including their security proofs.
[00:03:59] Unknown:
Second All things all things we've
[00:04:01] Unknown:
discussed a lot. Right? Here. Yeah. Second, it seeks to develop the skills needed to formalize security notations for cryptographic primitives. The skill is crucial for selecting appropriate primitives when proposing and reviewing cryptographic protocols and for defining precisely what a protocol aims to achieve.
[00:04:20] Unknown:
Yeah. So, actually, I will only correct myself. I'll be I don't you know, we didn't we don't do much on security proofs.
[00:04:27] Unknown:
No. In fact, I think I'm on record talking about, like, I don't know what a security proof is or proofs in general. I think we've touched briefly on proofs. But
[00:04:36] Unknown:
But it does motivate the math to say, shit. That sounds like something we should know how to do.
[00:04:41] Unknown:
Absolutely.
[00:04:43] Unknown:
Well, even though that first game Yeah. We're not gonna be like, oh, that that probably isn't very important. Let's not let's let's be done.
[00:04:50] Unknown:
Well, the cool thing about this is this was actually so this was drafted, and then they did, like, a pilot cohort of participants that went through this workbook. The participants, like, knowledgeable in cryptography already. So so I'm excited to see what develops or matures out of this workbook. And and, hopefully, one day, I can actually be a participant going through this workbook with people who have mastered or claimed mastery of cryptography.
[00:05:19] Unknown:
Yeah. I mean, the object here isn't necessarily mastery for ourselves. The object here is to have be able to have a functional conversation with masters, be able to learn from them, and then maybe they'll teach something to You want to understand a rigorous mathematical framework?
[00:05:35] Unknown:
Yeah. You could say that. Just quoting from the the paper here. Okay.
[00:05:41] Unknown:
Continue.
[00:05:42] Unknown:
No. It's just it talks about, like, abstraction in in the levels of abstraction that are important, which I think we've kinda covered as far as, math being a language and understanding these, like, high level concepts of of, you know, group theory, etcetera, allows you to drill down into the nitty gritty of this. Talks about in the workbook. There's algorithms to study. They're gonna you know, what you'll analyze the algorithms.
[00:06:10] Unknown:
Yeah. As an aside, my daughter who's the math student, she's an undergraduate pure math major. And, she is not she's she's been asked, like, for the first time to start looking at abstract algebra. And a lot of, like, people who listen to this podcast know more abstract algebra than she does because we cover because of group. Yeah. We we cover groups and rings a little bit in some fields. The anecdote is that she she said to me, oh my god. Abstract algebra feels like a conspiracy. Like, it feels like we're not supposed to be allowed to know it. Interesting. It yeah. Because she came to that conclusion. She's like, oh my god. This essay, what do you think I've been doing for the last two and a half years? Why do you think I've been locking myself?
I'm like, like, with the Pepe Silvia meme. That's how I've been with abstract algebra for the last two and a half years. Like, I know the answer is in here. It started like it just started with that cryptography book and, like, a means to an end. Like, that that cryptography book by Par and Basil that just happened to call the, they happened to call the finite fields Galois fields. And I looked up, well, how do I learn what a Galois field is field is? You have to study abstract algebra. Next thing you know, I am in a rabbit hole. And now she's kinda coming around and saying, oh my god. It feels like the answers are in here.
So maybe it's not an accident, but I'd share.
[00:07:40] Unknown:
Well, going back to the the paper and and quoting it, one of the things I just highlighted here is, you know, what you need to do is develop your own explanations while reading the mathematics very precisely. Because it talks about intuition and how intuition is inherently subjective. And so, like, the goal of this workbook as stated here is, like, to help build intuition step by step through the different exercises, which is pretty good. Right?
[00:08:11] Unknown:
Yeah. I'm I'm I'm, like, hesitating because in my head right now, like, I literally just got done. Shout out ape Mithrandir. Okay. Great. What what did you Great listener. So on Noster, he came he he basically I don't know. He he's, like, observes math conversation and then just comes in and just, like, gives haymakers. Okay. Because he's you know, which he did to us and all of our boosts. Right? This is essentially, like, a microcosm of what he does on Noster too. Right? Where he's like, oh, he sees a couple of larps having a math conversation. Let me come in and let him let you guys know who the real deal is here. But, he, he includes me sometimes on Noster where just so I could see, you know, I can see what the what he's doing.
And, it was some conversation about, like, oh, two plus two. You know, You see a lot of this two plus two equals four and people using this as, like, an argument. I don't I don't know the exact context of this particular argument. It's just that it was a big exhaustive argument about, like, two plus two being four as a, you you know, as a a logical, almost like axiomatic. Right?
[00:09:22] Unknown:
Yeah. Yeah. He basically As long as you're using base 10. Well, yeah.
[00:09:26] Unknown:
He came in and he basically said, oh, I guess nobody here has read Principia Mathematica, which spent, like, 300 pages proving one plus one equals two. And the insight so, basically, the the the guy responded, and he's like, well, you know, like a three year old could prob well, I think Ape said this. A three year old could intuit that one plus one equals two. Right? But there was a reason why mathematicians dedicated their entire life to proving it as much, like, in multitude in a multitude of different ways and tried to put a lot of rigor behind it. And my, like, my understanding is I think this is what I said was that intuiting, intuiting it versus actually knowing, right, is, like, the difference between knowing something's heavy and actually lifting it.
[00:10:22] Unknown:
Oh, yeah. Yeah. You can look at something and know it's heavy, but it might be made out of styrofoam and it's not or
[00:10:31] Unknown:
interesting. The rigor is so that you know you can lift it. Right. Everything I'm saying should have question marks. I'm not I know I sound like I'm saying it definitively.
[00:10:43] Unknown:
Well, the I mean, the the yeah. The rigor is knowing that you can lift it or or being able to demonstrate that you can lift it. In all situations,
[00:10:51] Unknown:
on fucking Mars, on Mercury. Right? Like, you know, in gravitational environment. I mean, that's why we when, like, when we do abstract algebra, it's really the question, like, what are the conditions by which the math really works? And that's where the rigor comes in because it you know, you if you're in if you're working with integers, it's different than when you're working with, irrational numbers
[00:11:19] Unknown:
per se. Right? I mean, it's so the math is different. Yeah. Well, and that's interesting. I like this this last highlight, this late the the last highlight that I have here on the on the shared screen is, you know, it says note that there is rarely a single standard definition for a concept in cryptography. And then it goes on to say, like, this is why a lot of papers will have preliminary sections that kind of like rigorously use that word defines the concept they use. Because it matters, you know, we're if we're talking about addition, it's like, okay. Well, addition of what? Using what base? Using you know, there's, like, all these other,
[00:11:55] Unknown:
Addition in what, like, in what domain? Right. Right. Right? Like, addition is just an operation
[00:12:04] Unknown:
part of the group. Or And we we saw this when we were exploring, like, the ECC in the fields and everything, right, where it's like, we call this addition and multiplication, but, like, it's not quite the same as, like, your standard arithmetic.
[00:12:17] Unknown:
Great call, dude. That's a great call. Like, some it's, dude, good on you for remembering that.
[00:12:26] Unknown:
Yeah. Yeah. I try to remember some of the conversations we have. But, yeah, it just it just I remember, like, that was one of the things that stood out to me when when talking about, like, addition and multiplication within, like, the the operation itself. Like, we had a word for it. However, the the actual rigor of of applying the operation with the numbers given varied vastly from what you would think when you're just doing base 10 arithmetic with, like, real numbers.
[00:12:57] Unknown:
Yeah. It's hard to answer the like, adding vectors. It's hard to answer without drawing it, and it's not as, you know, it's not as straightforward as just adding the values of numbers. Adding like, if you adding two points on an elliptic curve, what does that even mean?
[00:13:15] Unknown:
Right. Yeah.
[00:13:16] Unknown:
And that's why we learned what a group was with respect to an operation so that, you know, it's just the operation. It's just that operation, and this is how it works. It's like once you went through once we went through that, like, kinda gross, you know, that just had that that overdoing of the, of the rigor, it became easy to talk about elliptic curve addition. And just, oh, addition is just it's just the word. Right?
[00:13:47] Unknown:
Yeah. It's like the the word becomes a simplification of the concept or the idea, But that's why it's it's a it's a informational compression thing in speech.
[00:14:00] Unknown:
I think it would be good to read this so this now the next section is prerequisites. Obviously, this will be in the show notes. This should probably be sitting on the desktop on your desktop as we go through this. But, there's a prerequisite section, and it's literally, like, two and a half lines long. But it has an appendix has a link to an appendix. But why don't we read the two and a half lines?
[00:14:26] Unknown:
This workbook assumes familiarity with basic set notation operations in
[00:14:32] Unknown:
z p. That's how do you say that right? Call it that z sub p, which is the what we've talked about that. That's how you represent a finite field modulo a prime number p. The z is like a weird z where, like, the the dangels The z is little z that you would use to represent the integers and has a subscript of p. And when it's used that way, that's the what what we call the finite field. You remember if you guys remember and if you don't, go to the go to my YouTube that, I have the videos on. Just the finite remember the finite field modulo five and it contains the numbers one, two, three, and four.
And, you know, any two numbers you add or multiply to each other are gonna be in that right? Two times three is one in that finite field, which is also in the finite field. So that's what z sub p represents. Finite field
[00:15:26] Unknown:
modulo a prime number p. So operations in a finite field, cyclic groups,
[00:15:34] Unknown:
elementary probability theory Yep. Which we just did.
[00:15:37] Unknown:
Including conditional probability and the union bound and parentheses.
[00:15:41] Unknown:
No biggie. I don't know what conditional probability or union bound is. We we we can we can we we'll be able to do that, and we'll be able to build off of what we did last time. And proof by contraposition. Yes. That sounds hard, but it's not. So, like, we have to go we what we should do one episode is, a full a full episode on logic, you know, logic and proofs. And this is, maybe I'll see if I have a certain I have a certain special guest in mind who's an expert in this that would be great for this. But contrapositive is just a way so everything in, everything in, like, logic, it says, like, okay. If p then q.
Right? Okay. That's my statement. If p then q. Right. I think the contrapositive would be to say if not q then not p, and that would be equivalent. So you instead of saying instead of having to prove if p then q, that could be very hard to do. It could be much easier to just to find a contradiction that says if not q, then not p. It's a very powerful way to prove things that you don't have to prove every single instance. All you have to do is find a contradiction
[00:16:57] Unknown:
to Interesting. Yeah. Okay.
[00:17:00] Unknown:
So those are very reasonable prerequisites. I don't know that we're all experts in all of them, but those seem very, very reasonable.
[00:17:07] Unknown:
From our previous discussions, what what did we miss in these prerequisites?
[00:17:12] Unknown:
Because I think the set notation and the operations and and, that So first of all, they assume I'm I'm focusing on the word familiarity. So they don't assume mastery. They assume familiarity. Yeah. Yeah. So I would assume we have familiarity with basic set notation. If not, you know what? Maybe we'll I'm able to do a video for it. Up I we definitely have familiarity with operations in z sub b. I would agree. And cyclic groups. Cyclic groups are, like, part of that where if you recall, if I take that finite field, let's say z sub five, and I take the number I I, take the number two with a number one. Right?
And ask, does that generate the entire group? Like, if I multiply if I if I take multiples of a certain number, can I if a generator, can I we definitely cover this? Right? Elementary probability theories, I mean, familiarity, I think. We we developed familiarity last week, not much more, but not conditional probability, which is not difficult. Yeah. We can do a we can do a episode
[00:18:24] Unknown:
on Why don't you just explain at a high level what it is right now? Sounds like you're familiar enough with it. Conditional probability is, like, basically saying, okay.
[00:18:34] Unknown:
Take two events. I I found a number, you know, like, I found a nonce that gives me a number less that's less than a critical number. That's, like, event a. Right? And event b is that I I had the most work I I did the most hashing. And it's like, what's the probability of a given b? What's the probability of b given a? Like, these are these questions are the things you would ask. Right? Maybe better maybe better I was trying too hard to appeal to Bitcoiners. But, like Probability of an event a given that another b has already I was dealt a poker hand, and event a is that I had the, you know, I had a pair and event b is that I had a full house. What's the probability of that I had a pair given that I had a full house? That's not zero. It's not, you know, you that that there's a way to calculate that. What's the probability that I had a full house given that I had I knew I had a pair?
So and it's like so this relates to the Monty Hall problem. Have you ever heard of the Monty Hall problem?
[00:19:40] Unknown:
No. The rate if I have, it it didn't rate register.
[00:19:43] Unknown:
He was the old host of Let's Make a Deal and, like, there was always, like, door number one, door number two, door number three. And behind, like, two of the doors was a prize, and behind one of the doors was, like, a the goat was assumed to have no value, but yeah. Maybe they were probably wrong about that. Goat's got value. But the goat was like the booby prize. Right? So, like, they always had a booby prize and two, like, kick ass prizes. And what he used to do what he used to do on the show was he was to say, you know, like, do you want me to show you like, give you one of the doors?
Will it you know? And so, like, knowing what was behind one of the doors, right, changes the conditional probability for having the real prize. Right? Clearly, if you know if he if he pulls back door number one and you see a goat, then you have a 100% probability of getting a real prize. Right? You have two you have two choices and two prizes. If he shows you a door what what he would do is he would show you a door that had a prize. Right? And then you'd have to pick the but now you have a fifty fifty now you have a fifty fifty chance of getting a prize. So, like, that's sort of the ill that's the way that's the classic way conditional probability gets illustrated.
Okay. You see and, it's big this is big in machine learning, which I do think we should start focusing on at some point. Well, yeah. I mean, all the LLMs are based in, like, other machine learning stuff is based on
[00:21:14] Unknown:
like, looking at conditional probability is my understanding. Very, very, like, rudimentary level of, like,
[00:21:20] Unknown:
the first word is the. What comes next? Right? That's right. Like, well. So knowing that that word is the, what is the probab like, you know, what's the probability of or what is the range what is the now of the range of outcomes?
[00:21:33] Unknown:
Right. That's the biggest. If if the condition is the quick brown fox, what is the probability of the next word is, you know, jumped?
[00:21:41] Unknown:
Yes. And so, like, these machine learning systems are constantly updating their kind of their parameter sets based on better a better knowledge of conditional probability.
[00:21:56] Unknown:
What about the union bound?
[00:21:58] Unknown:
The union bound is, I'm going to guess that it's these, like, okay. It's like, you you're familiar with the Venn diagram? So you have a set a and a set b and they intersect. Right? They're, like, kinda two circles that they're not on top of each other. They're not disjoint. They overlap a little bit. Right? And so you have this little intersection that's called the intersection, but then the union would be just the, the union would be, like, in a probability sense, the probability of a, plus the probability of b minus the probability of the intersection, so you're not double counting it, is the probability of the so in other words, that's, like, the probability of a or b.
Right? What's the probability I had a pair or a full house? Right? That that's a bad example because the pair intersects completely with the full. You can't, you know, you can't have one without the other. But, assuming they're not disjoint,
[00:23:01] Unknown:
the unit yeah. It's it's just it's a it's like an identity. Maybe the probability of a four of a kind in a full house if you have a pair or something.
[00:23:08] Unknown:
Yeah. Well, some yeah. So, like, if event a is a, if event event a is I got I had a jack, and event b is I had the ace of spades, or or I had a, I had a heart. Right? Event b is I had a heart. And so what's the probability of that I had a jack or a heart? Well, I would take the probability of a jack, which is one thirteenth. Right? Then because there's four jacks in the deck out of 52. And then the probability I have a heart is one fourth. Right? Mhmm. So I would add those. In my head, I'm coming up with, seventeen fifty seconds right now, but I have to subtract the intersection, the probability that I have the jack of hearts, which is one over 52. So that would be sixteen fifty seconds, which reduces to eight twenty six four thirteen four thirteenths.
Okay. If I did that right. But you get the gist. That's so I think that's what union bound refers to. I don't I could be wrong. It could be something else. There's this thing called the Movers laws, which also relate to this.
[00:24:24] Unknown:
Is something people can look up. And then we talked about the proof of contraposition. Yes. Proof by contra proof by contraposition,
[00:24:32] Unknown:
which is yeah. It's just like the in many con in many situations, there's no other way to actually do the proof.
[00:24:42] Unknown:
Because the proof is so vast.
[00:24:44] Unknown:
It's kinda like, yeah, it's like, it's just so hard to prove for every possible case when all you have to do is find a nonexample, right, and prove the contradict like, you know, find the contradiction, and that just becomes a much more powerful way to prove something. So in a lot of instances, that becomes really the best way. Well, then, I mean, the the last piece of, like, this prerequisite or whatever is, like, all this different notation, which actually would be a would have been a super helpful
[00:25:15] Unknown:
appendix to look at before we started diving into some of these other
[00:25:19] Unknown:
like, it's all those, like, little things to look at. It's already correcting me that z sub p is not like, they're saying it's just the set of integers modulo p. So it's not which are the members of the finite field. You don't have to know that it's a you know, you don't have that's how we that is how we denoted a fine and then, yeah, the big one here, like, everyone knows what n and z everyone knows n is the set of natural numbers, z is integers, and the like. They do if they're looking at this appendix. Having an asterisk usually also like, a z asterisk mean usually means that you exclude zero. So you see that a lot with the real numbers where you wanna exclude zero. You wanna the rational. I mean, now when you wanna deal with inverses, you wanna make sure you're not dividing by zero. So you stop a lot of times.
You add that ash break to indicate that. You'll you'll make sure the number system you're working with doesn't have the zero. Okay. So this is a useful thing. I mean, I think, like, a dot two is probably not that familiar to people. So,
[00:26:21] Unknown:
you know, that's probably something to look at. A dot three is is somewhat newer as well. There's, like, a little looking Lambda function, is it?
[00:26:30] Unknown:
Yeah. Whereas in Lambda, if all you if all you are is familiar with elementary probability, you would see Lambda as the, like, the mean of a Poisson distribution or the parameter of an exponential distribution. So you just mean parameter? It's usually yeah. Land is usually used as a parameter, a scaler, you know, like a number that otherwise doesn't mean anything necessarily. Like, not variable. It's an actual like, it's meant to know be like an actual number. Yeah. I guess, like, a parameter would would tell me that, like, it's a parameter. So, like, it's Now I don't know what security parameter means, and that is that is important here for cryptographic notation, and I guess we're gonna have to figure that out because I'm also seeing this function called negl, n e g l. Negligible function.
[00:27:22] Unknown:
So at least looking it up with the Internet, security parameters, a way of measuring how, quote, hard, end quote, it is for an adversary to break a cryptographic schema. There are two main types of security parameter, computational and statistical. Yeah. That makes sense.
[00:27:38] Unknown:
Right? That's like you that's your world. Crypto cryptological, you know, it's brute force versus can I Guess it? Do I know because there's a letter e in there that it Right. There's a good chance that it's you know, I can you know, I have more it's better than brute force now. Right? Yeah. Yeah. So I it's probably worth going so I see groups and fields. We don't I mean, my god. Like, there was no the groups and fields that we covered was painful enough, but we there was no way there's no way in a podcast to get notation across in a non horrible way.
[00:28:15] Unknown:
What do you mean? It's like a g with,
[00:28:19] Unknown:
not all a cup uppercase g. I mean, that's basically what it is. Yeah. No. I get it. It's like, we usually what in a group, you have two you have two elements in your, like, in your parentheses. You have the thing, like, the set of integers or the thing that is the the domain of the of the group, and then you have the operation.
[00:28:39] Unknown:
Well, here it's talking about there's there's a p variable and a g variable. One is the generator, which we've covered. So this is specifically for a cyclic group that has a generator.
[00:28:48] Unknown:
That's they'll be denoted with three parameters, g. Now you have a third parameter of generator. And then p is the order of the group. Yeah. P is
[00:28:57] Unknown:
prime numbers.
[00:28:58] Unknown:
The order of a group like that the order of a group that like, a cyclic group with a generator is how many time so the back to the generator concept is how many times does the generator need to, like, act before you get back to the identity? So, again, back to the the finite field modulo five, I go I can go if I start with one, the order of one is, five because I go one and then I add one, two, then I add three, four, and then I get to zero. Right? It takes five it takes five times to get to zero for that generator. Now if my generator is two, I'm going two, four, not six, but one. Right? Six becomes one. So I go two, four, one, three, five. So, again, it takes five times. So the order of one is five. The order of two is five.
[00:29:50] Unknown:
Right.
[00:29:51] Unknown:
The order of three, I go three, one, four, two, zero. So it's the order of three is five as well. See, when the prime number modulo is when the number of modulo is prime, that has this very kinda cool special prop.
[00:30:07] Unknown:
Well and that's, like, that's one of the special properties that we work with a lot. Right? Like, that's one of the special sauces that makes this cryptography work.
[00:30:17] Unknown:
Yes. It
[00:30:19] Unknown:
yes. That's right. It shows some logical operators too, basically, like, Boolean logic and or
[00:30:25] Unknown:
not XOR. No. Like, coders know this, and probably mathematicians know this. Maybe at least you know an x or, like, with that's the plus sign with a circle around it.
[00:30:37] Unknown:
Yeah. Like a crosshair. Right. And that's where you're just flipping ones to zeros and zeros to one. Yes. Bitwise. Concatenation.
[00:30:47] Unknown:
Other notation. Other notation. That's guaranteed to have some haymakers in it. Right? Denotes the cardinality of a set. Yeah. So the cardinality is not it's just the number of elements of the set. And so that it looks like absolute value. Right? It looks it that's the symbol is like I have two, vertical lines around my set name. It looks like the absolute value of s, which is a way to represent size. Right? Yeah. Yeah. Yeah. So that's how you do that, and that that's how you denote the cardinality. That's really the number of elements in a set.
[00:31:24] Unknown:
Upside down t is an error or undefined value.
[00:31:27] Unknown:
Right. Which in, like also denotes perpendicularity, but not in this context. Okay. Empty set is the zero with the slash, the old ghost buster.
[00:31:38] Unknown:
Yeah. Log subscript g parentheses h denotes the discrete logarithm of h with respect to base g. Yes. That takes that that's hard for new people.
[00:31:50] Unknown:
That's gonna take a like, that's gonna take doing a bunch of, like, exercises, but it is what it is. Sometimes notation is like you know? Well, there's a quote by Von Neumann, great mathematician, that you never really learn math. You just get used to it. Okay. Yeah. And a lot, yeah, a lot of it is notation, just getting used to the notation. Big o big o is a big one. Right? It's big in computer science thing. Yeah. I mean, big o is what is the same idea as they said before, which is, like, you know, you know, how hard
[00:32:26] Unknown:
Computational complexity is often what it's referred to as. Like, you in computer science, at least. And this is, like, things you have to learn for, like, doing, interviews for software engineering because they'll ask, like, what is the big no o notation of this algorithm? And, if you don't know that, or you at least can't explain it, which, like, it basically comes down at least in computer science, like, the big o thing, it's it's generally about time or space as in, like, I take up a lot of space in memory or on disk or whatever, or I take up a lot of time running the calculation. So if you think about, like, a lot of times, it's like four loops or iterators. You'll see
[00:33:07] Unknown:
things, talking about, like, big o notation. Yeah. And I'll really what it's I mean, what it's really explaining is, like, is this does my system hold up, like, on a linear basis, on a parabolic basis, on an exponential basis. It's like in other words, if it's if it's linear, it's gonna be you can crack it with a linear Right. Crack crack it with Throw more power at it. Scales linearly with time. Right. Exactly. Where, you know, exponential becomes harder Exhilariously. Yes. Yeah. That's a whole quantum thing. And then yeah. Exactly. I mean, well, that's big part of it. Right? Yeah. So okay. That's it.
That wasn't too bad, I don't think. I'm guessing people aren't that upset right now. I guess we'll find it. Hey. You know what? Shout out, Solex. He had a great idea for this podcast, which is if you're really really pissed off or you really wanted to tell us we did something good or bad, just boost, like, 10 sats and let us know. Yeah. You know, just but whatever so, you know, just boost something zap like. Just, you know, just boost a zap tiny, you know, whatever amount just so you can get your voice heard by us. Or boost, like, you know, a lot. Whatever. I don't care. Or come to my meetup.
Whatever. But boost, you know, if you wanna, you know, you wanna just make your voice heard, just send a little tiny you can it's it's a mechanism to do so where we definitely will see it. And we would like to know, is this painful as shit? Because this is the easy part. This was This is part of the easy part.
[00:34:45] Unknown:
Chapter one setup, and the next section is algorithms, talking about what an algorithm is.
[00:34:51] Unknown:
Okay. And now just for context, one thing I really like to do when I, start a new book or start a new piece, how long is this and how many sections are there? Well, in the table of contents, it looks like we have 34 PDF pages
[00:35:08] Unknown:
k. With 12 sections.
[00:35:11] Unknown:
Not including the appendices, though. And so if you exclude the appendix, we have
[00:35:16] Unknown:
33 pages.
[00:35:18] Unknown:
33 p and we just basically got through a good portion of the appendix anyway. So 33 pages, and we went through three lines, but that's okay. Seven no. Sorry. How many sections are there? There's 12 kind of sections they're trying to introduce. Now here's the Do you wanna go over those? Like, should we go over those and then we then we can wrap this up? That's what we'll do for this time. Go over the table of contents. We'll talk about, like, we'll we'll probably maybe Gary and I will play the game, know it well, heard of it, or no clue.
Okay. Right? And then First, you guys Love it. Let's do it. And if, you know, if you guys if there's somebody if we both say we have no fucking clue what this means, you know, I'm I'm gonna set out to try to learn it, but, like, if you're out there and you can help, let us know.
[00:36:00] Unknown:
Yeah. Yeah. I mean, section one is an introduction. Right? We just went through prerequisites. We kinda touched on what we know. The next thing is algorithms. It's gonna define algorithms. Yes. Heard of it. Heard of it. Negligible functions? No idea.
[00:36:14] Unknown:
Heard of it when we heard of it only from this paper. Yeah. There it it does look like I kinda understand the the group theory it's trying to harness, but, otherwise, pretty much unknowledgeable of these things. Next is games and ace asymptotic
[00:36:30] Unknown:
security.
[00:36:31] Unknown:
Do we know what the word asymptotic means, Gary? Okay. It's so you will in a second. That this is this is easy. Asymptote is, it's like a theoretical limit. Right? Okay. So, like, the function one over x is going to Yeah. Like, we asymptotically
[00:36:50] Unknown:
approach
[00:36:51] Unknown:
zero sets. It's also gonna oh, yes. We asymptotically having. Yes. But it's more theoretical because we go to infinity. An asymptote a true asymptote, right, is it like, you know, it's like imagine
[00:37:04] Unknown:
at infinity. Pi an asymptote?
[00:37:06] Unknown:
No. It's an asymptote for rational for it's like an asymptote maybe for the rational numbers, but it's not you know what I mean? It's not
[00:37:14] Unknown:
I'm talking out of my ass here. We'll figure it out. The next one is hash functions. Definitely familiar. Heard them.
[00:37:20] Unknown:
Yeah. Gnome, okay, Would, you know, probably have coded a little bit of them. Right? It looks like each of these sections also ends with an exercise, so we'll skip that. Done them. Done some exercises. Know what those are. I exercise regularly unless I'm sick. Now exercises are the really bring to bear can you lift. Right? Can you do the lift? Yeah. Yeah.
[00:37:40] Unknown:
They're good.
[00:37:41] Unknown:
Okay. Section two? Reductions. Reductions, and that I don't know, but I do know there's only one section, and it's called collision resistance. And I feel like I can intuit what that means. Yeah. I don't know. Collision resistance would be like how right? That's that would be how susceptible is your cryptosystem to accidentally guessing someone's key or accidentally creating two of the same keys. Right?
[00:38:07] Unknown:
Yeah. Commitments are next. That's that that I under I've heard of that one. I generally understand it would be hash commitments. Subsections are syntax and security, so that's interesting. I'm assuming it's gonna be a lot about hashes, but I'm curious what the other commitments are as well. Math might be easy. Who knows? Might be.
[00:38:30] Unknown:
Those are the worst. When the math is easy, those are the worst because then there's just like, you know, that you it's like these exhaustive Alice and Bob scenarios.
[00:38:41] Unknown:
Bring it. Let's do it. Accumulators are next. I've heard of these. This is like a UTXO is a hash based accumulator for the Bitcoin UTXO set. Heard of it.
[00:38:53] Unknown:
Well, okay. That's just what is an accumulator? Sounds like a function
[00:38:58] Unknown:
that Yeah. It's like some Counter function. Do that can, like, condense a bunch of stuff,
[00:39:05] Unknown:
which might not be I guess we'll find out. I'll say never heard of it. Yeah. Yeah. I I've heard about it only in reading about UtreXO. I read about UtreXO, but that was a while ago.
[00:39:17] Unknown:
Ensure sections there, syntax and correctness. It it also looks like there's, like, syntax and correctness is also the and security are, like, subsections of a lot of these. The next one is one time signatures.
[00:39:29] Unknown:
One time signatures. I've heard of it.
[00:39:31] Unknown:
I don't know what one time signature is. I know what a signature is. I'm assuming the one time maybe, like, don't reuse the same nonce because then you leak your private key sort of thing. Probably. It calls out Lamport signatures in here. Yeah. That I'd never heard of. Okay.
[00:39:46] Unknown:
Lamport.
[00:39:48] Unknown:
I feel like I've seen Lamport before, but I don't know it. Discrete logarithm.
[00:39:54] Unknown:
K. I know that. I'm good. I feel like a feel like I know that, except now I'm looking at these
[00:39:59] Unknown:
these subsections. I'm like, yeah. Yeah. I know. Subsection one, discrete logarithm problem. That's probably more familiar with. Peterson commitments. I've heard of that, and I but I can't explain it off top of my head if I Peterson.
[00:40:11] Unknown:
Sorry. That's Ferris Bueller's day offer. If you're a Gen Xer or Peterson.
[00:40:17] Unknown:
Got it, boomer. The DDH assumption. I don't I don't know what the DDH is. Sounds like Diffie Hellman, maybe? Let's click on it. Oh. Oh, decisional Diffie Hellman assumption. Nailed it. Good for you. I I do know that Diffie Hellman is, Yes. It's like a way of sharing something without sharing something. Elgamal,
[00:40:40] Unknown:
e l g a m a l, Elgamal. It should've been Diffie and Hellman that got the love and not Black and Scholes, and we might not be in the situation. I don't know what that's alluding to. Diffie and Hellman were like, they should've like, they could've been like, Black and Scholes were like the the Poor Black and Scholes. Yeah. That's what I don't understand. They they they published a paper in 1974, I think, or '76. They won the Nobel Prize and all of, like, the derivatives all the derivatives pricing is based on their work that essentially pretended you could have a closed form solution for derivatives.
Finance stuff. And that and yeah. And and get 50 bailouts later, we we're here. We're we're trying to learn Diffie Hellman assumption is.
[00:41:25] Unknown:
I also don't know what this is.
[00:41:27] Unknown:
Just use the cryptography. Fuck all that shit. Okay. There's the Elgamal. Elgamal? Elgamal? Yeah. You know what that is? I do know what Elgamal is, or I believe I think I know what Elgamal. That's that's like, it's more like the crypto system. It's more like what we use than what, than, like, RSA, I think. Right? We'll find out. It's not on the tip of my tongue, but, like, Elgamal is really the closest probably crypto system to what Interesting. Well, it's talking about commitments in the context of No. Sorry. That's like what Schnorr uses, I think. It's more like the Elgamal. It uses like that closed it's like closed signatures and yeah. Anyway We'll find out. I could be wrong about all this. OMDL
[00:42:10] Unknown:
and AOMDL products. Heard of it. Heard of it. Heard of Alglamont. Studied it a little bit. Never heard of it. OMDL, AOMDL?
[00:42:19] Unknown:
OMDL, AOMDL, what? Something discrete logarithm. Oh, yeah. Dude, you're good at this.
[00:42:26] Unknown:
One more. Algebraic one more. Never heard of it. Okay. Have you heard of it? Nope. Never. Alright. Random oracle model is the next section, chapter sec chapter seven, random oracle model. Random oracle models, ROM, which I'm assuming is just random oracle models, hash commitments, tap root commitments.
[00:42:45] Unknown:
Is this, like, the idea here is that you can make an oracle not needed to be trusted, that it could be random randomized? Is that the idea, do you think? That's a great question.
[00:42:54] Unknown:
I don't know. I I've I've heard of it, but I don't know. Like
[00:42:58] Unknown:
Yeah. I get it. So Yeah. This is okay. And then we have a recap quiz
[00:43:02] Unknown:
at this point in time. Model. Yeah. Chapter eight is a recap after you get through some other commitments.
[00:43:08] Unknown:
Oh, and then we get into things I've heard of from you on the show. What? Forking lemma. Right? Didn't we do didn't that come up? Didn't the forking lemma come up here?
[00:43:19] Unknown:
Well, hold on. Chapter nine is programmable RAM, random oracle models, and forking lemma. It might have it's just slipping my mind, and it could just be the, the state of my mind this week. But,
[00:43:32] Unknown:
Well, we do that. We do the forking limo, then we get chapter 10 signatures with, I I e, Schnorr signatures.
[00:43:40] Unknown:
Syntax correctness, security, Schnorr signatures. And then signatures with key tweaking. That's fun. Key tweaking is just like you just add
[00:43:48] Unknown:
things. Those are things I found out about here, key tweaking.
[00:43:53] Unknown:
It goes into security with tweak keys, ignore signature tweak keys.
[00:43:59] Unknown:
So maybe we get I mean, it's like the the the likelihood we get all the way over here by the way. We're on page we're at the end of the document practically. We have one more section, interactive aggregate signatures. This
[00:44:12] Unknown:
is cross input input cross input signature aggregation. This is that DALIAS paper. Oh, yeah. Yeah. Yeah. Okay. Yeah. The DALIAS paper is defines a full aggregation schema for SHOR Schnorr signatures.
[00:44:28] Unknown:
Yeah. Yeah. So it's it's distinct from Schnorr, but it's related.
[00:44:33] Unknown:
Wonder if it talks about it in there. But, yeah, that's and then that's it. That's the chapter 12. Like, that's the end of the book.
[00:44:41] Unknown:
That's it? That's it. Now do we get all the way there? I don't know. We may I maybe not without help
[00:44:47] Unknown:
is my guess. We'll definitely need help. That's I mean, that's probably the one the greatest thing I learned in the navy is I got a I I was force fed a slice of humble pie, and I and I was bawling my eyes out, admitting that I needed others help to accomplish things. And it was the best thing that ever happened to me.
[00:45:08] Unknown:
So we'll definitely need help. How much? This is crazy. This is a 32 page document, but, like, it's like they do this thing on negligible functions. It's half a page. It's gonna take it's gonna take me, like, literally a week of nothing but thinking about this, and then it moves right onto another topic, like, that is totally unrelated. And it's like, oh my god. This is going this ain't gonna be easy. We may not there if we do get to the end, it'll be because we just choose to not do certain things justice because we can't.
[00:45:41] Unknown:
So bear with us. We we earmark them.
[00:45:43] Unknown:
Yes. We earmark them for for help. Yeah. But we will do we'll do the old, dropped out of college
[00:45:55] Unknown:
try because college didn't teach us what we needed to for this. I didn't go to any college, though. Yes. I agree. I concur. But, thanks, dude. I think I think we can wrap it here. Yeah. Okay. It's been a week. I'm glad that we got this done. We got it in. We got it in. We
[00:46:10] Unknown:
we're a little bit accountable now to at least give this a a go. I like that. Yeah. So thank you for reaching out and motivating my math. We're back. I don't know what episode the number this was, but, it's all good. Any parting thoughts? Gary?
[00:46:28] Unknown:
Oh, nothing relevant to math right now. No. No no parting thoughts.
[00:46:33] Unknown:
Anything relevant to anything? Excuse me. You wanna say whatsoever. Ehash is happening.
[00:46:39] Unknown:
Ehash is happening. Blinded signatures for mining shares is happening. So I'm excited for that.
[00:46:47] Unknown:
Awesome. Alright, guys. Great app. See you.
[00:47:08] Unknown:
Where is my mind? Where is my mind? Where is my mind?
Stop. What's up, Gary? What's going on? I'm here to have my math motivated.
[00:00:34] Unknown:
Yeah. I'm here to motivate. I'm here to motivate some math. You ready to you you here to do that? It's been a little while. It's been, like, longer than usual. I don't know how long it's been, but a little bit longer than usual.
[00:00:47] Unknown:
I've been counting. It's, no. I haven't. Actually, I was gonna try to come up with a number of seconds, but not feeling it. It has been a while, but that that's okay. We've got we've got things that we've been doing, and we remain motivated
[00:01:00] Unknown:
because we're still here. The motivation will never ever stop. It may slow. It may speed up. It will never stop. But what what are we motivated to do today? That's the question. Well, first things first, man. I I'm I'm a little worried little worried about this recording actually happening. I got my last podcast didn't upload to Riverside. And I was saying, what's what are the chances that, they would screw me over again consecutive rips? I have no idea. I've never done the statistical math. Well, you should. Because we know how to do that. We we started talking about Poisson distribution on the last episode. I know it was a long time ago, but that's exactly that's exactly the distribution that would ask that question. Like, how many how many times am I gonna get fucked over in in in a small period of time?
[00:01:51] Unknown:
You've got me thinking about, like, engineering wise, how they would determine or detect this on the back end. And, it's not where my mind was planning on going. Yet here we are. That's okay. We can
[00:02:02] Unknown:
we can all go back and listen to the probability episode, and we'll have more about we'll have more in probability as things go. But what I I think we wanna refocus on cryptography. Right? Absolutely. Provable cryptography Yeah. For Bitcoin. The
[00:02:17] Unknown:
An introduction.
[00:02:18] Unknown:
Trademark, I guess.
[00:02:20] Unknown:
Not quite trademark. Creative condoms. Creative condoms. Public domain.
[00:02:24] Unknown:
But we're again, the North Star the North Star is understanding the math behind cryptography and becoming comfortable and not ever being intimidated by a person who claims to know it. And, you know, just getting on that road and what we you found a document that I think is interesting. I immediately said, let's spend the next x amount of episodes trying to go through it. And I hope we don't get I hope we don't get derailed on, like, in, like, two minutes because it's so, like, we just can't do it. We may have to recruit we might have to recruit some mathematicians
[00:03:01] Unknown:
to maybe help us get through some of these concepts possible. Get there. But I like, the the beautiful thing and and what struck me when I opened this document first of all, just credit to the authors, from blocks Jonas Nick from Blockchain Research. If you've followed any of the cryptography in the space or read any of the papers, that that's a name that you would probably
[00:03:21] Unknown:
Yes. Because by, like, Nickler on Twitter. Yeah. I think a Nick Jonas. And I'm like, oh, it's just last name Jonas Brothers. Last name last name comma first name. No. Jonas Nick. That's why I know that's like, oh, yeah. That's that guy.
[00:03:35] Unknown:
But the the introduction, like, just the first paragraph, and I'll I'll I'll read it verbatim because I think it beautifully captures, even the goal of this podcast. Right? So the the this workbook has two primary goals. First, it aims to provide sufficient background to understand state of the art papers on cryptographic signatures with a focus on discrete logarithm based multiparty signatures, including their security proofs.
[00:03:59] Unknown:
Second All things all things we've
[00:04:01] Unknown:
discussed a lot. Right? Here. Yeah. Second, it seeks to develop the skills needed to formalize security notations for cryptographic primitives. The skill is crucial for selecting appropriate primitives when proposing and reviewing cryptographic protocols and for defining precisely what a protocol aims to achieve.
[00:04:20] Unknown:
Yeah. So, actually, I will only correct myself. I'll be I don't you know, we didn't we don't do much on security proofs.
[00:04:27] Unknown:
No. In fact, I think I'm on record talking about, like, I don't know what a security proof is or proofs in general. I think we've touched briefly on proofs. But
[00:04:36] Unknown:
But it does motivate the math to say, shit. That sounds like something we should know how to do.
[00:04:41] Unknown:
Absolutely.
[00:04:43] Unknown:
Well, even though that first game Yeah. We're not gonna be like, oh, that that probably isn't very important. Let's not let's let's be done.
[00:04:50] Unknown:
Well, the cool thing about this is this was actually so this was drafted, and then they did, like, a pilot cohort of participants that went through this workbook. The participants, like, knowledgeable in cryptography already. So so I'm excited to see what develops or matures out of this workbook. And and, hopefully, one day, I can actually be a participant going through this workbook with people who have mastered or claimed mastery of cryptography.
[00:05:19] Unknown:
Yeah. I mean, the object here isn't necessarily mastery for ourselves. The object here is to have be able to have a functional conversation with masters, be able to learn from them, and then maybe they'll teach something to You want to understand a rigorous mathematical framework?
[00:05:35] Unknown:
Yeah. You could say that. Just quoting from the the paper here. Okay.
[00:05:41] Unknown:
Continue.
[00:05:42] Unknown:
No. It's just it talks about, like, abstraction in in the levels of abstraction that are important, which I think we've kinda covered as far as, math being a language and understanding these, like, high level concepts of of, you know, group theory, etcetera, allows you to drill down into the nitty gritty of this. Talks about in the workbook. There's algorithms to study. They're gonna you know, what you'll analyze the algorithms.
[00:06:10] Unknown:
Yeah. As an aside, my daughter who's the math student, she's an undergraduate pure math major. And, she is not she's she's been asked, like, for the first time to start looking at abstract algebra. And a lot of, like, people who listen to this podcast know more abstract algebra than she does because we cover because of group. Yeah. We we cover groups and rings a little bit in some fields. The anecdote is that she she said to me, oh my god. Abstract algebra feels like a conspiracy. Like, it feels like we're not supposed to be allowed to know it. Interesting. It yeah. Because she came to that conclusion. She's like, oh my god. This essay, what do you think I've been doing for the last two and a half years? Why do you think I've been locking myself?
I'm like, like, with the Pepe Silvia meme. That's how I've been with abstract algebra for the last two and a half years. Like, I know the answer is in here. It started like it just started with that cryptography book and, like, a means to an end. Like, that that cryptography book by Par and Basil that just happened to call the, they happened to call the finite fields Galois fields. And I looked up, well, how do I learn what a Galois field is field is? You have to study abstract algebra. Next thing you know, I am in a rabbit hole. And now she's kinda coming around and saying, oh my god. It feels like the answers are in here.
So maybe it's not an accident, but I'd share.
[00:07:40] Unknown:
Well, going back to the the paper and and quoting it, one of the things I just highlighted here is, you know, what you need to do is develop your own explanations while reading the mathematics very precisely. Because it talks about intuition and how intuition is inherently subjective. And so, like, the goal of this workbook as stated here is, like, to help build intuition step by step through the different exercises, which is pretty good. Right?
[00:08:11] Unknown:
Yeah. I'm I'm I'm, like, hesitating because in my head right now, like, I literally just got done. Shout out ape Mithrandir. Okay. Great. What what did you Great listener. So on Noster, he came he he basically I don't know. He he's, like, observes math conversation and then just comes in and just, like, gives haymakers. Okay. Because he's you know, which he did to us and all of our boosts. Right? This is essentially, like, a microcosm of what he does on Noster too. Right? Where he's like, oh, he sees a couple of larps having a math conversation. Let me come in and let him let you guys know who the real deal is here. But, he, he includes me sometimes on Noster where just so I could see, you know, I can see what the what he's doing.
And, it was some conversation about, like, oh, two plus two. You know, You see a lot of this two plus two equals four and people using this as, like, an argument. I don't I don't know the exact context of this particular argument. It's just that it was a big exhaustive argument about, like, two plus two being four as a, you you know, as a a logical, almost like axiomatic. Right?
[00:09:22] Unknown:
Yeah. Yeah. He basically As long as you're using base 10. Well, yeah.
[00:09:26] Unknown:
He came in and he basically said, oh, I guess nobody here has read Principia Mathematica, which spent, like, 300 pages proving one plus one equals two. And the insight so, basically, the the the guy responded, and he's like, well, you know, like a three year old could prob well, I think Ape said this. A three year old could intuit that one plus one equals two. Right? But there was a reason why mathematicians dedicated their entire life to proving it as much, like, in multitude in a multitude of different ways and tried to put a lot of rigor behind it. And my, like, my understanding is I think this is what I said was that intuiting, intuiting it versus actually knowing, right, is, like, the difference between knowing something's heavy and actually lifting it.
[00:10:22] Unknown:
Oh, yeah. Yeah. You can look at something and know it's heavy, but it might be made out of styrofoam and it's not or
[00:10:31] Unknown:
interesting. The rigor is so that you know you can lift it. Right. Everything I'm saying should have question marks. I'm not I know I sound like I'm saying it definitively.
[00:10:43] Unknown:
Well, the I mean, the the yeah. The rigor is knowing that you can lift it or or being able to demonstrate that you can lift it. In all situations,
[00:10:51] Unknown:
on fucking Mars, on Mercury. Right? Like, you know, in gravitational environment. I mean, that's why we when, like, when we do abstract algebra, it's really the question, like, what are the conditions by which the math really works? And that's where the rigor comes in because it you know, you if you're in if you're working with integers, it's different than when you're working with, irrational numbers
[00:11:19] Unknown:
per se. Right? I mean, it's so the math is different. Yeah. Well, and that's interesting. I like this this last highlight, this late the the last highlight that I have here on the on the shared screen is, you know, it says note that there is rarely a single standard definition for a concept in cryptography. And then it goes on to say, like, this is why a lot of papers will have preliminary sections that kind of like rigorously use that word defines the concept they use. Because it matters, you know, we're if we're talking about addition, it's like, okay. Well, addition of what? Using what base? Using you know, there's, like, all these other,
[00:11:55] Unknown:
Addition in what, like, in what domain? Right. Right. Right? Like, addition is just an operation
[00:12:04] Unknown:
part of the group. Or And we we saw this when we were exploring, like, the ECC in the fields and everything, right, where it's like, we call this addition and multiplication, but, like, it's not quite the same as, like, your standard arithmetic.
[00:12:17] Unknown:
Great call, dude. That's a great call. Like, some it's, dude, good on you for remembering that.
[00:12:26] Unknown:
Yeah. Yeah. I try to remember some of the conversations we have. But, yeah, it just it just I remember, like, that was one of the things that stood out to me when when talking about, like, addition and multiplication within, like, the the operation itself. Like, we had a word for it. However, the the actual rigor of of applying the operation with the numbers given varied vastly from what you would think when you're just doing base 10 arithmetic with, like, real numbers.
[00:12:57] Unknown:
Yeah. It's hard to answer the like, adding vectors. It's hard to answer without drawing it, and it's not as, you know, it's not as straightforward as just adding the values of numbers. Adding like, if you adding two points on an elliptic curve, what does that even mean?
[00:13:15] Unknown:
Right. Yeah.
[00:13:16] Unknown:
And that's why we learned what a group was with respect to an operation so that, you know, it's just the operation. It's just that operation, and this is how it works. It's like once you went through once we went through that, like, kinda gross, you know, that just had that that overdoing of the, of the rigor, it became easy to talk about elliptic curve addition. And just, oh, addition is just it's just the word. Right?
[00:13:47] Unknown:
Yeah. It's like the the word becomes a simplification of the concept or the idea, But that's why it's it's a it's a informational compression thing in speech.
[00:14:00] Unknown:
I think it would be good to read this so this now the next section is prerequisites. Obviously, this will be in the show notes. This should probably be sitting on the desktop on your desktop as we go through this. But, there's a prerequisite section, and it's literally, like, two and a half lines long. But it has an appendix has a link to an appendix. But why don't we read the two and a half lines?
[00:14:26] Unknown:
This workbook assumes familiarity with basic set notation operations in
[00:14:32] Unknown:
z p. That's how do you say that right? Call it that z sub p, which is the what we've talked about that. That's how you represent a finite field modulo a prime number p. The z is like a weird z where, like, the the dangels The z is little z that you would use to represent the integers and has a subscript of p. And when it's used that way, that's the what what we call the finite field. You remember if you guys remember and if you don't, go to the go to my YouTube that, I have the videos on. Just the finite remember the finite field modulo five and it contains the numbers one, two, three, and four.
And, you know, any two numbers you add or multiply to each other are gonna be in that right? Two times three is one in that finite field, which is also in the finite field. So that's what z sub p represents. Finite field
[00:15:26] Unknown:
modulo a prime number p. So operations in a finite field, cyclic groups,
[00:15:34] Unknown:
elementary probability theory Yep. Which we just did.
[00:15:37] Unknown:
Including conditional probability and the union bound and parentheses.
[00:15:41] Unknown:
No biggie. I don't know what conditional probability or union bound is. We we we can we can we we'll be able to do that, and we'll be able to build off of what we did last time. And proof by contraposition. Yes. That sounds hard, but it's not. So, like, we have to go we what we should do one episode is, a full a full episode on logic, you know, logic and proofs. And this is, maybe I'll see if I have a certain I have a certain special guest in mind who's an expert in this that would be great for this. But contrapositive is just a way so everything in, everything in, like, logic, it says, like, okay. If p then q.
Right? Okay. That's my statement. If p then q. Right. I think the contrapositive would be to say if not q then not p, and that would be equivalent. So you instead of saying instead of having to prove if p then q, that could be very hard to do. It could be much easier to just to find a contradiction that says if not q, then not p. It's a very powerful way to prove things that you don't have to prove every single instance. All you have to do is find a contradiction
[00:16:57] Unknown:
to Interesting. Yeah. Okay.
[00:17:00] Unknown:
So those are very reasonable prerequisites. I don't know that we're all experts in all of them, but those seem very, very reasonable.
[00:17:07] Unknown:
From our previous discussions, what what did we miss in these prerequisites?
[00:17:12] Unknown:
Because I think the set notation and the operations and and, that So first of all, they assume I'm I'm focusing on the word familiarity. So they don't assume mastery. They assume familiarity. Yeah. Yeah. So I would assume we have familiarity with basic set notation. If not, you know what? Maybe we'll I'm able to do a video for it. Up I we definitely have familiarity with operations in z sub b. I would agree. And cyclic groups. Cyclic groups are, like, part of that where if you recall, if I take that finite field, let's say z sub five, and I take the number I I, take the number two with a number one. Right?
And ask, does that generate the entire group? Like, if I multiply if I if I take multiples of a certain number, can I if a generator, can I we definitely cover this? Right? Elementary probability theories, I mean, familiarity, I think. We we developed familiarity last week, not much more, but not conditional probability, which is not difficult. Yeah. We can do a we can do a episode
[00:18:24] Unknown:
on Why don't you just explain at a high level what it is right now? Sounds like you're familiar enough with it. Conditional probability is, like, basically saying, okay.
[00:18:34] Unknown:
Take two events. I I found a number, you know, like, I found a nonce that gives me a number less that's less than a critical number. That's, like, event a. Right? And event b is that I I had the most work I I did the most hashing. And it's like, what's the probability of a given b? What's the probability of b given a? Like, these are these questions are the things you would ask. Right? Maybe better maybe better I was trying too hard to appeal to Bitcoiners. But, like Probability of an event a given that another b has already I was dealt a poker hand, and event a is that I had the, you know, I had a pair and event b is that I had a full house. What's the probability of that I had a pair given that I had a full house? That's not zero. It's not, you know, you that that there's a way to calculate that. What's the probability that I had a full house given that I had I knew I had a pair?
So and it's like so this relates to the Monty Hall problem. Have you ever heard of the Monty Hall problem?
[00:19:40] Unknown:
No. The rate if I have, it it didn't rate register.
[00:19:43] Unknown:
He was the old host of Let's Make a Deal and, like, there was always, like, door number one, door number two, door number three. And behind, like, two of the doors was a prize, and behind one of the doors was, like, a the goat was assumed to have no value, but yeah. Maybe they were probably wrong about that. Goat's got value. But the goat was like the booby prize. Right? So, like, they always had a booby prize and two, like, kick ass prizes. And what he used to do what he used to do on the show was he was to say, you know, like, do you want me to show you like, give you one of the doors?
Will it you know? And so, like, knowing what was behind one of the doors, right, changes the conditional probability for having the real prize. Right? Clearly, if you know if he if he pulls back door number one and you see a goat, then you have a 100% probability of getting a real prize. Right? You have two you have two choices and two prizes. If he shows you a door what what he would do is he would show you a door that had a prize. Right? And then you'd have to pick the but now you have a fifty fifty now you have a fifty fifty chance of getting a prize. So, like, that's sort of the ill that's the way that's the classic way conditional probability gets illustrated.
Okay. You see and, it's big this is big in machine learning, which I do think we should start focusing on at some point. Well, yeah. I mean, all the LLMs are based in, like, other machine learning stuff is based on
[00:21:14] Unknown:
like, looking at conditional probability is my understanding. Very, very, like, rudimentary level of, like,
[00:21:20] Unknown:
the first word is the. What comes next? Right? That's right. Like, well. So knowing that that word is the, what is the probab like, you know, what's the probability of or what is the range what is the now of the range of outcomes?
[00:21:33] Unknown:
Right. That's the biggest. If if the condition is the quick brown fox, what is the probability of the next word is, you know, jumped?
[00:21:41] Unknown:
Yes. And so, like, these machine learning systems are constantly updating their kind of their parameter sets based on better a better knowledge of conditional probability.
[00:21:56] Unknown:
What about the union bound?
[00:21:58] Unknown:
The union bound is, I'm going to guess that it's these, like, okay. It's like, you you're familiar with the Venn diagram? So you have a set a and a set b and they intersect. Right? They're, like, kinda two circles that they're not on top of each other. They're not disjoint. They overlap a little bit. Right? And so you have this little intersection that's called the intersection, but then the union would be just the, the union would be, like, in a probability sense, the probability of a, plus the probability of b minus the probability of the intersection, so you're not double counting it, is the probability of the so in other words, that's, like, the probability of a or b.
Right? What's the probability I had a pair or a full house? Right? That that's a bad example because the pair intersects completely with the full. You can't, you know, you can't have one without the other. But, assuming they're not disjoint,
[00:23:01] Unknown:
the unit yeah. It's it's just it's a it's like an identity. Maybe the probability of a four of a kind in a full house if you have a pair or something.
[00:23:08] Unknown:
Yeah. Well, some yeah. So, like, if event a is a, if event event a is I got I had a jack, and event b is I had the ace of spades, or or I had a, I had a heart. Right? Event b is I had a heart. And so what's the probability of that I had a jack or a heart? Well, I would take the probability of a jack, which is one thirteenth. Right? Then because there's four jacks in the deck out of 52. And then the probability I have a heart is one fourth. Right? Mhmm. So I would add those. In my head, I'm coming up with, seventeen fifty seconds right now, but I have to subtract the intersection, the probability that I have the jack of hearts, which is one over 52. So that would be sixteen fifty seconds, which reduces to eight twenty six four thirteen four thirteenths.
Okay. If I did that right. But you get the gist. That's so I think that's what union bound refers to. I don't I could be wrong. It could be something else. There's this thing called the Movers laws, which also relate to this.
[00:24:24] Unknown:
Is something people can look up. And then we talked about the proof of contraposition. Yes. Proof by contra proof by contraposition,
[00:24:32] Unknown:
which is yeah. It's just like the in many con in many situations, there's no other way to actually do the proof.
[00:24:42] Unknown:
Because the proof is so vast.
[00:24:44] Unknown:
It's kinda like, yeah, it's like, it's just so hard to prove for every possible case when all you have to do is find a nonexample, right, and prove the contradict like, you know, find the contradiction, and that just becomes a much more powerful way to prove something. So in a lot of instances, that becomes really the best way. Well, then, I mean, the the last piece of, like, this prerequisite or whatever is, like, all this different notation, which actually would be a would have been a super helpful
[00:25:15] Unknown:
appendix to look at before we started diving into some of these other
[00:25:19] Unknown:
like, it's all those, like, little things to look at. It's already correcting me that z sub p is not like, they're saying it's just the set of integers modulo p. So it's not which are the members of the finite field. You don't have to know that it's a you know, you don't have that's how we that is how we denoted a fine and then, yeah, the big one here, like, everyone knows what n and z everyone knows n is the set of natural numbers, z is integers, and the like. They do if they're looking at this appendix. Having an asterisk usually also like, a z asterisk mean usually means that you exclude zero. So you see that a lot with the real numbers where you wanna exclude zero. You wanna the rational. I mean, now when you wanna deal with inverses, you wanna make sure you're not dividing by zero. So you stop a lot of times.
You add that ash break to indicate that. You'll you'll make sure the number system you're working with doesn't have the zero. Okay. So this is a useful thing. I mean, I think, like, a dot two is probably not that familiar to people. So,
[00:26:21] Unknown:
you know, that's probably something to look at. A dot three is is somewhat newer as well. There's, like, a little looking Lambda function, is it?
[00:26:30] Unknown:
Yeah. Whereas in Lambda, if all you if all you are is familiar with elementary probability, you would see Lambda as the, like, the mean of a Poisson distribution or the parameter of an exponential distribution. So you just mean parameter? It's usually yeah. Land is usually used as a parameter, a scaler, you know, like a number that otherwise doesn't mean anything necessarily. Like, not variable. It's an actual like, it's meant to know be like an actual number. Yeah. I guess, like, a parameter would would tell me that, like, it's a parameter. So, like, it's Now I don't know what security parameter means, and that is that is important here for cryptographic notation, and I guess we're gonna have to figure that out because I'm also seeing this function called negl, n e g l. Negligible function.
[00:27:22] Unknown:
So at least looking it up with the Internet, security parameters, a way of measuring how, quote, hard, end quote, it is for an adversary to break a cryptographic schema. There are two main types of security parameter, computational and statistical. Yeah. That makes sense.
[00:27:38] Unknown:
Right? That's like you that's your world. Crypto cryptological, you know, it's brute force versus can I Guess it? Do I know because there's a letter e in there that it Right. There's a good chance that it's you know, I can you know, I have more it's better than brute force now. Right? Yeah. Yeah. So I it's probably worth going so I see groups and fields. We don't I mean, my god. Like, there was no the groups and fields that we covered was painful enough, but we there was no way there's no way in a podcast to get notation across in a non horrible way.
[00:28:15] Unknown:
What do you mean? It's like a g with,
[00:28:19] Unknown:
not all a cup uppercase g. I mean, that's basically what it is. Yeah. No. I get it. It's like, we usually what in a group, you have two you have two elements in your, like, in your parentheses. You have the thing, like, the set of integers or the thing that is the the domain of the of the group, and then you have the operation.
[00:28:39] Unknown:
Well, here it's talking about there's there's a p variable and a g variable. One is the generator, which we've covered. So this is specifically for a cyclic group that has a generator.
[00:28:48] Unknown:
That's they'll be denoted with three parameters, g. Now you have a third parameter of generator. And then p is the order of the group. Yeah. P is
[00:28:57] Unknown:
prime numbers.
[00:28:58] Unknown:
The order of a group like that the order of a group that like, a cyclic group with a generator is how many time so the back to the generator concept is how many times does the generator need to, like, act before you get back to the identity? So, again, back to the the finite field modulo five, I go I can go if I start with one, the order of one is, five because I go one and then I add one, two, then I add three, four, and then I get to zero. Right? It takes five it takes five times to get to zero for that generator. Now if my generator is two, I'm going two, four, not six, but one. Right? Six becomes one. So I go two, four, one, three, five. So, again, it takes five times. So the order of one is five. The order of two is five.
[00:29:50] Unknown:
Right.
[00:29:51] Unknown:
The order of three, I go three, one, four, two, zero. So it's the order of three is five as well. See, when the prime number modulo is when the number of modulo is prime, that has this very kinda cool special prop.
[00:30:07] Unknown:
Well and that's, like, that's one of the special properties that we work with a lot. Right? Like, that's one of the special sauces that makes this cryptography work.
[00:30:17] Unknown:
Yes. It
[00:30:19] Unknown:
yes. That's right. It shows some logical operators too, basically, like, Boolean logic and or
[00:30:25] Unknown:
not XOR. No. Like, coders know this, and probably mathematicians know this. Maybe at least you know an x or, like, with that's the plus sign with a circle around it.
[00:30:37] Unknown:
Yeah. Like a crosshair. Right. And that's where you're just flipping ones to zeros and zeros to one. Yes. Bitwise. Concatenation.
[00:30:47] Unknown:
Other notation. Other notation. That's guaranteed to have some haymakers in it. Right? Denotes the cardinality of a set. Yeah. So the cardinality is not it's just the number of elements of the set. And so that it looks like absolute value. Right? It looks it that's the symbol is like I have two, vertical lines around my set name. It looks like the absolute value of s, which is a way to represent size. Right? Yeah. Yeah. Yeah. So that's how you do that, and that that's how you denote the cardinality. That's really the number of elements in a set.
[00:31:24] Unknown:
Upside down t is an error or undefined value.
[00:31:27] Unknown:
Right. Which in, like also denotes perpendicularity, but not in this context. Okay. Empty set is the zero with the slash, the old ghost buster.
[00:31:38] Unknown:
Yeah. Log subscript g parentheses h denotes the discrete logarithm of h with respect to base g. Yes. That takes that that's hard for new people.
[00:31:50] Unknown:
That's gonna take a like, that's gonna take doing a bunch of, like, exercises, but it is what it is. Sometimes notation is like you know? Well, there's a quote by Von Neumann, great mathematician, that you never really learn math. You just get used to it. Okay. Yeah. And a lot, yeah, a lot of it is notation, just getting used to the notation. Big o big o is a big one. Right? It's big in computer science thing. Yeah. I mean, big o is what is the same idea as they said before, which is, like, you know, you know, how hard
[00:32:26] Unknown:
Computational complexity is often what it's referred to as. Like, you in computer science, at least. And this is, like, things you have to learn for, like, doing, interviews for software engineering because they'll ask, like, what is the big no o notation of this algorithm? And, if you don't know that, or you at least can't explain it, which, like, it basically comes down at least in computer science, like, the big o thing, it's it's generally about time or space as in, like, I take up a lot of space in memory or on disk or whatever, or I take up a lot of time running the calculation. So if you think about, like, a lot of times, it's like four loops or iterators. You'll see
[00:33:07] Unknown:
things, talking about, like, big o notation. Yeah. And I'll really what it's I mean, what it's really explaining is, like, is this does my system hold up, like, on a linear basis, on a parabolic basis, on an exponential basis. It's like in other words, if it's if it's linear, it's gonna be you can crack it with a linear Right. Crack crack it with Throw more power at it. Scales linearly with time. Right. Exactly. Where, you know, exponential becomes harder Exhilariously. Yes. Yeah. That's a whole quantum thing. And then yeah. Exactly. I mean, well, that's big part of it. Right? Yeah. So okay. That's it.
That wasn't too bad, I don't think. I'm guessing people aren't that upset right now. I guess we'll find it. Hey. You know what? Shout out, Solex. He had a great idea for this podcast, which is if you're really really pissed off or you really wanted to tell us we did something good or bad, just boost, like, 10 sats and let us know. Yeah. You know, just but whatever so, you know, just boost something zap like. Just, you know, just boost a zap tiny, you know, whatever amount just so you can get your voice heard by us. Or boost, like, you know, a lot. Whatever. I don't care. Or come to my meetup.
Whatever. But boost, you know, if you wanna, you know, you wanna just make your voice heard, just send a little tiny you can it's it's a mechanism to do so where we definitely will see it. And we would like to know, is this painful as shit? Because this is the easy part. This was This is part of the easy part.
[00:34:45] Unknown:
Chapter one setup, and the next section is algorithms, talking about what an algorithm is.
[00:34:51] Unknown:
Okay. And now just for context, one thing I really like to do when I, start a new book or start a new piece, how long is this and how many sections are there? Well, in the table of contents, it looks like we have 34 PDF pages
[00:35:08] Unknown:
k. With 12 sections.
[00:35:11] Unknown:
Not including the appendices, though. And so if you exclude the appendix, we have
[00:35:16] Unknown:
33 pages.
[00:35:18] Unknown:
33 p and we just basically got through a good portion of the appendix anyway. So 33 pages, and we went through three lines, but that's okay. Seven no. Sorry. How many sections are there? There's 12 kind of sections they're trying to introduce. Now here's the Do you wanna go over those? Like, should we go over those and then we then we can wrap this up? That's what we'll do for this time. Go over the table of contents. We'll talk about, like, we'll we'll probably maybe Gary and I will play the game, know it well, heard of it, or no clue.
Okay. Right? And then First, you guys Love it. Let's do it. And if, you know, if you guys if there's somebody if we both say we have no fucking clue what this means, you know, I'm I'm gonna set out to try to learn it, but, like, if you're out there and you can help, let us know.
[00:36:00] Unknown:
Yeah. Yeah. I mean, section one is an introduction. Right? We just went through prerequisites. We kinda touched on what we know. The next thing is algorithms. It's gonna define algorithms. Yes. Heard of it. Heard of it. Negligible functions? No idea.
[00:36:14] Unknown:
Heard of it when we heard of it only from this paper. Yeah. There it it does look like I kinda understand the the group theory it's trying to harness, but, otherwise, pretty much unknowledgeable of these things. Next is games and ace asymptotic
[00:36:30] Unknown:
security.
[00:36:31] Unknown:
Do we know what the word asymptotic means, Gary? Okay. It's so you will in a second. That this is this is easy. Asymptote is, it's like a theoretical limit. Right? Okay. So, like, the function one over x is going to Yeah. Like, we asymptotically
[00:36:50] Unknown:
approach
[00:36:51] Unknown:
zero sets. It's also gonna oh, yes. We asymptotically having. Yes. But it's more theoretical because we go to infinity. An asymptote a true asymptote, right, is it like, you know, it's like imagine
[00:37:04] Unknown:
at infinity. Pi an asymptote?
[00:37:06] Unknown:
No. It's an asymptote for rational for it's like an asymptote maybe for the rational numbers, but it's not you know what I mean? It's not
[00:37:14] Unknown:
I'm talking out of my ass here. We'll figure it out. The next one is hash functions. Definitely familiar. Heard them.
[00:37:20] Unknown:
Yeah. Gnome, okay, Would, you know, probably have coded a little bit of them. Right? It looks like each of these sections also ends with an exercise, so we'll skip that. Done them. Done some exercises. Know what those are. I exercise regularly unless I'm sick. Now exercises are the really bring to bear can you lift. Right? Can you do the lift? Yeah. Yeah.
[00:37:40] Unknown:
They're good.
[00:37:41] Unknown:
Okay. Section two? Reductions. Reductions, and that I don't know, but I do know there's only one section, and it's called collision resistance. And I feel like I can intuit what that means. Yeah. I don't know. Collision resistance would be like how right? That's that would be how susceptible is your cryptosystem to accidentally guessing someone's key or accidentally creating two of the same keys. Right?
[00:38:07] Unknown:
Yeah. Commitments are next. That's that that I under I've heard of that one. I generally understand it would be hash commitments. Subsections are syntax and security, so that's interesting. I'm assuming it's gonna be a lot about hashes, but I'm curious what the other commitments are as well. Math might be easy. Who knows? Might be.
[00:38:30] Unknown:
Those are the worst. When the math is easy, those are the worst because then there's just like, you know, that you it's like these exhaustive Alice and Bob scenarios.
[00:38:41] Unknown:
Bring it. Let's do it. Accumulators are next. I've heard of these. This is like a UTXO is a hash based accumulator for the Bitcoin UTXO set. Heard of it.
[00:38:53] Unknown:
Well, okay. That's just what is an accumulator? Sounds like a function
[00:38:58] Unknown:
that Yeah. It's like some Counter function. Do that can, like, condense a bunch of stuff,
[00:39:05] Unknown:
which might not be I guess we'll find out. I'll say never heard of it. Yeah. Yeah. I I've heard about it only in reading about UtreXO. I read about UtreXO, but that was a while ago.
[00:39:17] Unknown:
Ensure sections there, syntax and correctness. It it also looks like there's, like, syntax and correctness is also the and security are, like, subsections of a lot of these. The next one is one time signatures.
[00:39:29] Unknown:
One time signatures. I've heard of it.
[00:39:31] Unknown:
I don't know what one time signature is. I know what a signature is. I'm assuming the one time maybe, like, don't reuse the same nonce because then you leak your private key sort of thing. Probably. It calls out Lamport signatures in here. Yeah. That I'd never heard of. Okay.
[00:39:46] Unknown:
Lamport.
[00:39:48] Unknown:
I feel like I've seen Lamport before, but I don't know it. Discrete logarithm.
[00:39:54] Unknown:
K. I know that. I'm good. I feel like a feel like I know that, except now I'm looking at these
[00:39:59] Unknown:
these subsections. I'm like, yeah. Yeah. I know. Subsection one, discrete logarithm problem. That's probably more familiar with. Peterson commitments. I've heard of that, and I but I can't explain it off top of my head if I Peterson.
[00:40:11] Unknown:
Sorry. That's Ferris Bueller's day offer. If you're a Gen Xer or Peterson.
[00:40:17] Unknown:
Got it, boomer. The DDH assumption. I don't I don't know what the DDH is. Sounds like Diffie Hellman, maybe? Let's click on it. Oh. Oh, decisional Diffie Hellman assumption. Nailed it. Good for you. I I do know that Diffie Hellman is, Yes. It's like a way of sharing something without sharing something. Elgamal,
[00:40:40] Unknown:
e l g a m a l, Elgamal. It should've been Diffie and Hellman that got the love and not Black and Scholes, and we might not be in the situation. I don't know what that's alluding to. Diffie and Hellman were like, they should've like, they could've been like, Black and Scholes were like the the Poor Black and Scholes. Yeah. That's what I don't understand. They they they published a paper in 1974, I think, or '76. They won the Nobel Prize and all of, like, the derivatives all the derivatives pricing is based on their work that essentially pretended you could have a closed form solution for derivatives.
Finance stuff. And that and yeah. And and get 50 bailouts later, we we're here. We're we're trying to learn Diffie Hellman assumption is.
[00:41:25] Unknown:
I also don't know what this is.
[00:41:27] Unknown:
Just use the cryptography. Fuck all that shit. Okay. There's the Elgamal. Elgamal? Elgamal? Yeah. You know what that is? I do know what Elgamal is, or I believe I think I know what Elgamal. That's that's like, it's more like the crypto system. It's more like what we use than what, than, like, RSA, I think. Right? We'll find out. It's not on the tip of my tongue, but, like, Elgamal is really the closest probably crypto system to what Interesting. Well, it's talking about commitments in the context of No. Sorry. That's like what Schnorr uses, I think. It's more like the Elgamal. It uses like that closed it's like closed signatures and yeah. Anyway We'll find out. I could be wrong about all this. OMDL
[00:42:10] Unknown:
and AOMDL products. Heard of it. Heard of it. Heard of Alglamont. Studied it a little bit. Never heard of it. OMDL, AOMDL?
[00:42:19] Unknown:
OMDL, AOMDL, what? Something discrete logarithm. Oh, yeah. Dude, you're good at this.
[00:42:26] Unknown:
One more. Algebraic one more. Never heard of it. Okay. Have you heard of it? Nope. Never. Alright. Random oracle model is the next section, chapter sec chapter seven, random oracle model. Random oracle models, ROM, which I'm assuming is just random oracle models, hash commitments, tap root commitments.
[00:42:45] Unknown:
Is this, like, the idea here is that you can make an oracle not needed to be trusted, that it could be random randomized? Is that the idea, do you think? That's a great question.
[00:42:54] Unknown:
I don't know. I I've I've heard of it, but I don't know. Like
[00:42:58] Unknown:
Yeah. I get it. So Yeah. This is okay. And then we have a recap quiz
[00:43:02] Unknown:
at this point in time. Model. Yeah. Chapter eight is a recap after you get through some other commitments.
[00:43:08] Unknown:
Oh, and then we get into things I've heard of from you on the show. What? Forking lemma. Right? Didn't we do didn't that come up? Didn't the forking lemma come up here?
[00:43:19] Unknown:
Well, hold on. Chapter nine is programmable RAM, random oracle models, and forking lemma. It might have it's just slipping my mind, and it could just be the, the state of my mind this week. But,
[00:43:32] Unknown:
Well, we do that. We do the forking limo, then we get chapter 10 signatures with, I I e, Schnorr signatures.
[00:43:40] Unknown:
Syntax correctness, security, Schnorr signatures. And then signatures with key tweaking. That's fun. Key tweaking is just like you just add
[00:43:48] Unknown:
things. Those are things I found out about here, key tweaking.
[00:43:53] Unknown:
It goes into security with tweak keys, ignore signature tweak keys.
[00:43:59] Unknown:
So maybe we get I mean, it's like the the the likelihood we get all the way over here by the way. We're on page we're at the end of the document practically. We have one more section, interactive aggregate signatures. This
[00:44:12] Unknown:
is cross input input cross input signature aggregation. This is that DALIAS paper. Oh, yeah. Yeah. Yeah. Okay. Yeah. The DALIAS paper is defines a full aggregation schema for SHOR Schnorr signatures.
[00:44:28] Unknown:
Yeah. Yeah. So it's it's distinct from Schnorr, but it's related.
[00:44:33] Unknown:
Wonder if it talks about it in there. But, yeah, that's and then that's it. That's the chapter 12. Like, that's the end of the book.
[00:44:41] Unknown:
That's it? That's it. Now do we get all the way there? I don't know. We may I maybe not without help
[00:44:47] Unknown:
is my guess. We'll definitely need help. That's I mean, that's probably the one the greatest thing I learned in the navy is I got a I I was force fed a slice of humble pie, and I and I was bawling my eyes out, admitting that I needed others help to accomplish things. And it was the best thing that ever happened to me.
[00:45:08] Unknown:
So we'll definitely need help. How much? This is crazy. This is a 32 page document, but, like, it's like they do this thing on negligible functions. It's half a page. It's gonna take it's gonna take me, like, literally a week of nothing but thinking about this, and then it moves right onto another topic, like, that is totally unrelated. And it's like, oh my god. This is going this ain't gonna be easy. We may not there if we do get to the end, it'll be because we just choose to not do certain things justice because we can't.
[00:45:41] Unknown:
So bear with us. We we earmark them.
[00:45:43] Unknown:
Yes. We earmark them for for help. Yeah. But we will do we'll do the old, dropped out of college
[00:45:55] Unknown:
try because college didn't teach us what we needed to for this. I didn't go to any college, though. Yes. I agree. I concur. But, thanks, dude. I think I think we can wrap it here. Yeah. Okay. It's been a week. I'm glad that we got this done. We got it in. We got it in. We
[00:46:10] Unknown:
we're a little bit accountable now to at least give this a a go. I like that. Yeah. So thank you for reaching out and motivating my math. We're back. I don't know what episode the number this was, but, it's all good. Any parting thoughts? Gary?
[00:46:28] Unknown:
Oh, nothing relevant to math right now. No. No no parting thoughts.
[00:46:33] Unknown:
Anything relevant to anything? Excuse me. You wanna say whatsoever. Ehash is happening.
[00:46:39] Unknown:
Ehash is happening. Blinded signatures for mining shares is happening. So I'm excited for that.
[00:46:47] Unknown:
Awesome. Alright, guys. Great app. See you.
[00:47:08] Unknown:
Where is my mind? Where is my mind? Where is my mind?
Opening banter and recording woes
Probability chat and Poisson throwback
Refocusing on provable cryptography for Bitcoin
Workbook intro and goals: signatures and security
Abstraction, algorithms, and study approach
Abstract algebra feels like a conspiracy
Rigor vs intuition: why proofs matter
Prerequisites overview: sets, Z_p, groups
Conditional probability and the Monty Hall detour
Union bound with card examples
Notation tour: symbols, lambda, security parameter
Groups, generators, and orders in cyclic settings
Big-O and computational complexity
Community feedback and moving into algorithms
Table of contents tour: sections and plan
Hash functions, reductions, commitments
Accumulators and one-time signatures
Discrete log, DDH, and ElGamal preview
Random oracle model and recap plans
Forking lemma and Schnorr signatures ahead
Aggregate signatures and cross-input ideas
Reality check: pace, help, and expectations
Wrap-up and shout on blinded mining shares
