Notes
Notes from the library.
Written for protocol engineers and reviewers. Plain prose, real code, no marketing.
- N° 01
Commit-reveal vs VRF: when each is the right primitive
Both produce unmanipulable hidden values that get revealed later, but the trust model, interaction pattern, and failure mode are different. A short guide for protocol engineers picking between them.
primitivesdesign - N° 02
Why zero dependencies is a security property in cryptographic libraries
Supply chain attacks are now the dominant compromise vector for Python packages. A library whose pyproject.toml lists only the language version itself is structurally immune to a class of attacks that depend on installing something. Here is the longer argument.
securitysupply-chain - N° 03
Implementing a sealed-bid auction with commit-reveal
A worked example: the two-phase auction pattern with this library, using commitments to bind bids, optional Schnorr ZKPs to prove bidder identity, and explicit handling of bidders who refuse to reveal. Code-first.
use-caseauctions