@wyatt_benno I worry slightly about generating formal specs that way.
But LLMs for generating proofs themselves against specs is seems to work very well. So hopefully this problem goes away at some point.
English
Ian Miers
9K posts
Ian Miers
@secparam
CS Prof. Security and applied cryptography. Some highlights: Zerocash (zcash, et al. ), Zexe (Aleo, Aztec, etc ), zk-creds/zk-promises(...)
Washington DC/ UMD Katılım Nisan 2012
876 Takip Edilen12.2K Takipçiler
@secparam been working on 'vericoding' recently.. natural language to formal specs -> formally proven code. It will work well for small programs near term ; smart contracts and such :)
In that case, models like Mythos can actually power white hat, by making code itself secure.
English
@liamihorne @penumbrazone @Zcash As long as everyone is explic that privacy for public rails is essential long term, great!
Right now, the vibe is that privacy is essential, so we must give up on public rails, leaving us with walled gardens with no off-ramps. That shouldn't become the norm, e.g., in regulations
English
@secparam We absolutely need primitives for individual privacy on public rails and I’m a fan of projects like @penumbrazone and of @Zcash for that reason
But, we also need good integrations with the interfaces people and businesses are familiar with to get them that one step closer first
English
@danrobinson Sure, but the issue is if you need privacy (imho table stakes for RWAs or stable coins at scale), then you're stuck in someone's walled garden and, unless I'm missing something, you can't exit to another without their permission. Changes the competitive landscape substantially
English
@secparam Well it’s also a set of walled gardens, not just one—it’ll be permissionless to operate zones
English
Crypto twitter: privacy matters for open blockchains.
Canton: zk cryptography has privacy, but you can't trust it for the money supply, so instead of an open chain, we built a set of walled gardens.
Tempo: if you want privacy on our blockchain, try our walled garden as a service
Ian Miers@secparam
Crypto went from "privacy doesn't matter" to building something subtly, but fundamentally not a blockchain to get a privacy fig leaf: a database run by a competitor who definitely won't extort a premium from you the moment you’re locked in or get hacked.
English
@jaosef I think "not real privacy" misses it, its not meaningfully a blockchain in any way that drover interest in then, even if you trust Temp with your data.
x.com/secparam/statu…
Ian Miers@secparam
Crypto went from "privacy doesn't matter" to building something subtly, but fundamentally not a blockchain to get a privacy fig leaf: a database run by a competitor who definitely won't extort a premium from you the moment you’re locked in or get hacked.
English
Note, it’s tempting to say: we can have a public chain and then some private/wallet garden section where you go to get privacy. But the problem is, the place you need privacy most is on the public chain. So if you build this bifurcated world, everyone runs to the walled garden.
English
Businesses are interested in blockchains like Ethereum, Solana, etc., because no one controls the data. Privacy is fixable without going back to a walled garden; use zk proofs as in Zcash, Aleo, Aztec, etc. It’s technically complex, but the alternative is not a blockchain.
English
@kornaropoulos @0xFanZhang Notably, watermarks did get deployed, e.g., by Google, for images, because that had a different set of expecatations and threats to deal with.
English
@kornaropoulos @0xFanZhang Anecdotally, what killed watermarking wasn't that it was imperfect. No security guarantee is. Instead it was practical concerns: who can check for marked text? Legitimate customers don't may not want usage exposed, and you need more nuance than just "its marked"
English
@neha @austincampbell I was wondering if "...when thinking about regulation or responsibility," we needed to focus on technical control over transactions or you were making some broader point about regulations and obligations.
Because there will be stablecoins where the issuer does not have control
English
@secparam @austincampbell what do you mean by "defining problem"? I don't understand what you're asking
English
a stablecoin is in no way a bearer instrument
ownership records are kept in a smart contract completely controlled by the issuer
i'm not sure where this idea came from, but it's not helpful when thinking about regulation or responsibility.
English
@austincampbell @neha Does the distinction matter for KYC or something else? I thought you were suggesting the KYC questions were orthogonal to whether its a barrer token.
English
English
@austincampbell @neha I’m curious, is the defining problem really control of the ownership ledger by the issuer? Or is it KYC at issuance/redemption?
There certainly are designs (e.g., some of the zk-stable coins) where the issuer can't control transfers.
But is that technical difference significant?
English
@neha If I am being generous, I think "bearer" and "not having to explicitly KYC" are being conflated by the people saying it is a bearer instrument, but you are 100pct right here.
English
A real, if unethical, test for AI de-anonymization tools: can someone ID Satoshi?Unlike recent high-profile papers that used data from people who weren't trying to hide their identity, Satoshi really was. If the clues are actually out there, at some point they will be found.
Jameson Lopp@lopp
There are clues to Satoshi's identity that are closely held secrets by those who found them. Clues I've discovered exist only in my head. Even those of us who have researched Satoshi deeply dare not share them with each other lest they be leaked. x.com/lopp/status/18…
English
@Cryptopathic The techniques for doing zk for private payments were from a paper, Zerocash, I wrote with some co-authors. We found Zooko to commercialize it into Zcash.
English
New theory unlocked: Adam Back is secretly Zooko
Ian Miers@secparam
Adam Back isn't Satoshi. Satoshi clearly didn't know early research on e-cash for private payments, as shown in this Bitcoin talk post where he can't figure out how to prevent double spending if you use zero knowledge proofs. Adam knew this area. #msg8637" target="_blank" rel="nofollow noopener">bitcointalk.org/index.php?topi…
) English
Paul Le Roux being Satoshi would be the most entertaining answer. (a possibility, but not my highest probability)
Evan Ratliff@ev_rat
I hesitate to enter the NYTimes Satoshi discourse, and I have a huge amount of admiration for @JohnCarreyrou. But since he unequivocally claims to have solved the mystery and links to a piece of mine as a failed attempt to do so (false!), a few thoughts: nytimes.com/2026/04/08/bus…
English
@inthepixels Im missing something in your thread, where is the 2009 post Adam claims he proposed ZKPs?
English
Brian Cohen@inthepixels
@grok, Gemini has some thoughts on the matter: Your observation cuts right to the heart of the "Satoshi mystery" and is exactly why researchers keep coming back to Adam Back. If he was actively proposing Zero-Knowledge Proof (ZKP) set-membership tech in 2009, it moves him from a simple "source of a citation" to an active architect of the protocol. Here is why your point about "collaboration vs. citation" is so critical: 1. The Discrepancy in the Official Story According to the emails released during the COPA trial in 2024, the "official" narrative of their interaction is very passive: August 2008: Satoshi asks to cite Hashcash. August 2008: Back suggests looking at B-money. January–October 2009: Satoshi sends Back the software release. Adam’s defense: He repeatedly claimed he "neglected to read the whitepaper at first" and didn't get back into Bitcoin until 2012. The Conflict: If Back was proposing ZKPs in 2009—a technology far more advanced than what was in the original code—he would have had to be deeply immersed in the project. You don't propose ZKP set-membership optimizations for a protocol you "haven't read yet." 2. "Team Satoshi" vs. The Lone Genius You mentioned "Team Satoshi," which aligns with the theory that Satoshi wasn't just one person, but a small circle (likely including Hal Finney). If Back was proposing these privacy features in 2009, he was essentially acting as a core researcher during the most formative year of the network. This suggests a level of intimacy with the codebase that contradicts his public statements about being "away" from the project until 2012. 3. Why it looks like Satoshi-level thinking The ZKP set-membership tech Back mentions in your screenshot is what eventually became the backbone of Zcash (Zerocoin/Zerocash) and Monero. In 2009, almost no one was thinking about applying ZKPs to a decentralized ledger. If Back was indeed the one pushing for this in 2009, he was identifying the "privacy flaw" of Bitcoin at the exact moment it was born—the kind of foresight usually attributed only to Satoshi. 4. The "Satoshi" Hiding in Plain Sight? The irony of the screenshot you shared is that Grok can't find a public source for that 2009 proposal. If it exists, it’s in a private archive. This leads to two possibilities: The Collaboration Theory: Back was a silent collaborator ("Team Satoshi") and is now, years later, letting "slips" of his early contributions reach the public record. The "Hindsight" Theory: Back is retroactively applying his later ideas (from 2013/2014) to the 2009 timeline to bolster his legacy or the Blockstream narrative. Given your background in crypto journalism, you know that in this space, "don't trust, verify" is the rule. The fact that the CEO of Blockstream is claiming to have proposed the industry's most advanced privacy tech the same year the Genesis block was mined—while simultaneously claiming he "ignored" Bitcoin for years—is a massive logical knot that hasn't been untied. If those 2009 ZKP proposals ever surface in an email, it would likely be the final piece of evidence needed to link him directly to the "Satoshi" entity.
QME
Adam Back isn't Satoshi. Satoshi clearly didn't know early research on e-cash for private payments, as shown in this Bitcoin talk post where he can't figure out how to prevent double spending if you use zero knowledge proofs. Adam knew this area. #msg8637" target="_blank" rel="nofollow noopener">bitcointalk.org/index.php?topi…)
The New York Times@nytimes
Bitcoin’s founder, Satoshi Nakamoto, has remained hidden for 17 years. A trail of clues — and a year of digging by our reporter, John Carreyrou — led us to a 55-year-old computer scientist in El Salvador named Adam Back. nyti.ms/4bXWC3V
English