Paul Miller (paulm)

Paul Miller

Security, noble cryptography (js), austrian school of econ.

14605 Followers

Recent casts

Things which could help against NPM supply chain attacks similar to one which happened today: - prefer specific pkg versions instead of ranges (2.0.0 not ^2.0.0) - prefer rare dep updates (once per 3mo or so) For pkg authors: - publish from github ci - do not store npm tokens on a dev machine - while publishing from github ci, enable provenance for transparency & pin workflow hashes (fresh policy)

  • 6 replies
  • 7 recasts
  • 54 reactions

Releasing noble cryptography v2. Time to make JS ecosystem safer once again. Lots of changes. Details below👇

  • 5 replies
  • 13 recasts
  • 62 reactions

Releasing micro-zk-proofs: JS library to create and verify zk-SNARK proofs. Proofs are created in parallel using Web Workers. Noble cryptography is utilized underneath. During development of zkp, a vulnerability was found in wasmsnark, alternative proof generation library.

  • 6 replies
  • 14 recasts
  • 76 reactions

Top casts

Human Rights Foundation (hrf.org) awarded us some money for nip44 encrypted chat spec. Looks like we’ll be having an audit of noble-ciphers and remaining parts of curves later in the summer!

  • 1 reply
  • 59 recasts
  • 260 reactions

Releasing ESPLR - a local ETH block explorer. Big problem of ecosystem is reliance on 3rd party RPCs (infura, alchemy, quicknode). Also reliance on 3rd party explorers (etherscan). They track users: it makes system one big panopticon. Local nodes can make the situation better! PC with an archive node only costs $40/mo or $500 one-time. Esplr only needs RPC URL of an archive node. It can view transactions, account balances and token transfer history (unique feature). https://github.com/paulmillr/esplr

  • 24 replies
  • 51 recasts
  • 220 reactions

The new ETH client by @gakonst and @paradigm is live. All historical transactions (aka “archive node”) fit in just 2.3TB. Full node is 1.2TB. Syncing from genesis takes 50 hours. Can be ran on a cheap pc: no need to pay for 3rd party RPC which tracks users. https://www.paradigm.xyz/2024/06/reth-prod

  • 9 replies
  • 41 recasts
  • 135 reactions

NIST wants to ban ECDSA in 2035. It is tight. HTTPS, messengers, cryptocurrencies and everyone else will need to move to new algorithms. Not all functionality is currently feasible in pq setting. Here’s an excerpt from noble-post-quantum on speed & key size in JS implementations.

  • 7 replies
  • 12 recasts
  • 103 reactions

Onchain profile

Ethereum addresses