Stop trying to use dice-rolled seeds unless you're an expert ❌

Just had yet another person (hard to count the total now) reach out about a low-entropy seed they generated and were allowed to import into a certain hardware wallet. A lot of the blame for these lost funds falls on influencers who shill users on overly-complex security setups without properly explaining the massive risks and tradeoffs associated for the average user.

What happened:

Less than 10min after funds were sent to what they thought was secure storage, they were swept to an attackers address.

They used <10 dice rolls, meaning the private key had <25bits of entropy when the minimum for strong security is 50 dice rolls (128 bits of entropy). Wallets should not allow a user to import a seed that they know is completely insecure.

Staying safe:

As I have said many times, if you don't know the ins and outs of dice rolls, entropy, verification of the resulting seed offline, etc. please do not use dice rolls alone for seed generation. 99.99999% of users are better off allowing good, multi-source, open-source random number generation like we do on Passport.

To date I have heard of zero compromised seeds that were generated using on-board RNG due to entropy issues, while there are countless examples of users losing funds due to improper dice rolls.

Stay safe out there, folks. 

 **Yes, Citrea is actually real 🤯**

Citrea is a massive change to the Bitcoin ecosystem by allowing a massive increase in transaction throughput on Bitcoin as well as full EVM compatibility. Let's break down what that actually means in approachable language.

A lot of the terminology with things like "zk rollups" can be confusing, so I'll do my best to simplify things here.

**Zero-knowledge ("ZK") here isn't for privacy, it's for scaling/verification**

A lot of confusion comes from the term "zero-knowledge" often being conflated with privacy-preserving. In the case of zk here, it's being used for it's ability to succinctly (read: in a tiny amount of data) prove something is true and allow anyone to verify the claim without knowing every piece of data used in the proof.

**Citrea is a validity rollup that leverages zk proofs to reduce its on-chain footprint**

This means that the amount of data needing to be published to Bitcoin's base layer is miniscule (just a small zk proof) compared to the amount of data off-chain (the entire state of the Citrea blockchain), and is easily verified on almost any device.

Citrea validators "batch" transaction on the Citrea chain and publish a single, small proof that summarizes the change in Citrea chain state since the last published state and inscribes it into a Bitcoin transaction (yes, similar to those inscriptions). This proof will only verify properly if the validator is honest, allowing anyone on the network to prove whether or not the proof published is valid.

More on validity rollups here from @lightcoin:

[https://bitcoinrollups.org](https://bitcoinrollups.org/)

**Citrea enables EVM-style smart contracts w/o changes to Bitcoin**

While you may have a vitriolic hatred for all things Ethereum (for legitimate or illegitimate reasons), the ability to create complex, Turing-complete smart contracts on Bitcoin without needing the base layer to fully store, parse, and validate those smart contracts feels like the best of both worlds to me.

This can enable things like AMMs (think Uniswap) to function with actual Bitcoin as the currency involved. The possibilities are practically limitless.

**Citrea is "trust-minimized," not "trustless"**

While this may feel semantic, I think it's an important distinction to make. Citrea changes the trust model from a federated multisig (a la Liquid) where you have to trust that a majority of participants remain honest to one where as long as a single network participant is honest funds cannot be confiscated or frozen.

As long as one individual validator remains honest, no other validator can confiscate pegged-in funds or mess with them in any way. Additionally, any validator acting maliciously will be subject to slashing (losing their own Bitcoin via the challenge-response protocol in BitVM) and thus have a financial incentive to be honest unless they know for sure that every single validator on the network will allow them to be malicious.

**Citrea would be even better with covenants**

Yes, I'm going to mention covenants 😅 Part of the minor trust required in Citrea can be reduced even further with covenants in Bitcoin:

https://docs.citrea.xyz/future-research/trustless-settlement

Additionally an opcode that fully verifies zk proofs directly on Bitcoin (i.e. not via BitVM) would allow a completely trustless zk rollup, but deciding on a proof to enshrine in Bitcoin's consensus layer is very unlikely at this point.

**Conclusion**

I'm insanely excited for this to be fully open-sourced and usable on testnet, and will share updates as I see them along with testing this out ASAP.

Special thanks to @0x_orkun for giving me a sneak peak and letting me contribute to the docs, helped me have a much better understanding of what Citrea really is! I'd highly recommend reading through their docs if you want to better grasp all of the ins and outs:

https://docs.citrea.xyz/technical-specs/readme

If you see something that could be improved in the docs, be sure to open an issue or submit your own PR, as the docs are open source themselves!

https://github.com/chainwayxyz/citrea-docs 

 Bringing back #Bitcoin #SkepticismSundays 😎

One of the things that showed me the intellectual honesty of the Monero community and helped to force the community to stay grounded in reality and always laser focused on their core ethos was their weekly "Skepticism Sunday" Reddit threads. These threads allowed the community to come together, ask hard and skeptical questions about the design of Monero, the privacy provided, the economic approach, and much more.

In my time in Bitcoin I've never seen anything similar, but the nuanced and high-signal crowd on Nostr seems like a perfect fit to fire things up and see how it goes.

The goal of this thread (which I'll post weekly on Sunday's) is for discussing the uncertainties, shortcomings, and concerns some may have about Bitcoin. Things like what makes it difficult for you to use Bitcoin, what pain-points you have, etc.

NOT the positive aspects of it.

Discussing things with a critical thinking approach and level-headed discussion helps us learn where Bitcoin and its community can improve and go from there.

P.S. -- I try to take a break from social media on Sundays so I will follow up and reply whwre I can tomorrow! 

 NGL, loving the overall @primal experience so far!

Favorite client I've used to date. 

 This FUD is super confusing, literally no one has to KYC to use X, and you can easily use things like SMS verification services, email aliases, and crypto-funded debit cards to even have a blue check without giving personal info.

I understand people want X users to move to Nostr, but lying to them isnt a moral or effective strategy.

If that changes to require KYC, of course everyone sane should leave and invite every follower off to Nostr. 

But let's please not lie to try and bring people to Nostr.

nostr:note14w5nrlekkxnvk6lx3ctexjjqvg45kk8gppnd9e6xhzfx56rdnqfq8qk4ce 

 Is anyone building this?

nostr:note1vfrqrpjrvhfnmcntjjp0gx8hhxlhaz27386wtpprdfhzy0chsy2q382xny 

 💯

And that's something heavily underrated about Nostr that is usually an issue with centralized social media -- it is generally Tor/VPN friendly.

That could change if relay ops have issues with spam, but for now it's true at least.

nostr:note1ygvz5nmg7p4c9hxwxhyzrz93ylpskjx8t38maptq945pqrzwckjs759j7d 

 Two things can simultaneously be true:

1) I want Nostr to succeed.
2) I don't love what it is today.

Thankful for all those continuing to work on Nostr and the broader ecosystem 🫂

I only criticize out of love and to be sure that people understand that there are actually tradeoffs with Nostr! We need dissenting opinions on here. 

 Hilarious that no one on Nostr seems to know that pseudonymity != privacy and yet try to use Nostr being "private" to dunk on anyone who still uses other social media.

You're not going to want to hear this, but Nostr is VERY BAD for privacy, but great for pseudonymity.

For most people, Nostr directly ties their HOME IP ADDRESS to their nym and publishes this correlation to a dozen servers they don't control for all to see.

While being pseudonymous is pretty easy on Nostr, being private requires a good, always-on non-logging VPN, or even better connecting to relays only through Tor at a bare minimum.