whoami@praneeth ~ $

Community and Publications

 

Coinkite Tap Protocol library (Open-sourced - 2022)

  • Open sourced cktap, A React Native library/sdk to enable easy communication with TAPSIGNER™ and SATSCARD™ with React-Native, Python and Javascript  

Speaker @Bitcoin4India

  • Spoke about Securing Bitcoin with multisig with Bitcoin4India addressing a self-motivated crowd of about ~500.  

Hosting Meetups on Bitcoin

  • Hosting monthly meetups with Bitcoin4India with coffee and Bitcoin security

 

Projects

Aegis Wallet — Agentic Bitcoin Wallet (MIT Bitcoin Hackathon 2026)

  • Description: Seedless, self-custodial Bitcoin wallet where Claude (or Gemini) is the AI financial agent. Passkey authentication replaces seed phrases entirely — the WebAuthn PRF extension derives a BIP-32 master key from the device’s secure enclave, and recovery is just syncing the passkey to a new device. Two-layer custody: L1 is a standard Taproot (BIP-86) wallet with keys derived client-side, and all on-chain transactions are signed in the browser — the server has zero access to funding keys. L2 is a custodial Lightning spending layer where the agent operates under a scoped macaroon tied to a litd account, with budget ceilings enforced cryptographically by LND’s RPC middleware. When the agent exceeds its budget, the backend pushes an SSE notification to the dashboard and the user pays directly with one tap — sub-second latency, no polling. A Go sidecar handles LND gRPC via lndclient for proper protobuf handling. The backend has no database and no auth server — all state lives in litd accounts.
  • Tech Stack: Next.js 15, React, Tailwind CSS, motion/react, Node.js 22 + Express + SSE, Go gateway (lndclient), bitcoinjs-lib, bip39, tiny-secp256k1, @simplewebauthn/browser, LND v0.20-beta + litd v0.16-alpha, Docker Compose, Bitcoin mainnet
  • Year: 2026
  • Link: Aegis Wallet  

ln-mcp — Lightning Wallet MCP Server for AI Agents

  • Description: Open-source MCP (Model Context Protocol) server published to npm that gives any AI agent a Bitcoin Lightning wallet. One npx -y ln-mcp and Claude Desktop, Claude Code, Gemini CLI, or ChatGPT can pay Lightning invoices, consume L402-gated APIs, and discover paid services — all within a macaroon-enforced budget. 10 tools across payments, spending, and discovery (proxied from the 402 Index’s ~19,000 paid endpoints across L402, x402, and MPP protocols). The l402_fetch tool handles the full 402 → decode → pay → cache → retry loop in one call, with per-domain token caching. Deliberately minimal: 2 runtime dependencies, 4 source files, LND REST over gRPC. Deliberately omits get_balance and decode_invoice — agents used them to pre-check and refuse payments, defeating the approval flow. Distinguishes budget-exceeded failures from routing failures with explicit TELL_USER / SHOW_TO_USER response fields, after Gemini once invented a fake “Human-in-the-loop security policy” to explain a transient relay failure. Published via GitHub Actions OIDC trusted publishing with signed provenance via sigstore — zero long-lived npm credentials.
  • Tech Stack: Node.js 22, @modelcontextprotocol/sdk, zod, LND REST API, 402 Index API, SendPaymentV2 streaming, stdio + HTTP transports
  • Year: 2026
  • Link: ln-mcp | npm  

x402 — L402-Powered Feed Reader

  • Description: Pay-per-article feed reader where real RSS articles are gated behind HTTP 402 Payment Required. Readers connect their own Lightning node from the browser via LNC (Lightning Node Connect), pay a few sats, and read instantly. Features custom credential store fixing an upstream lnc-web reconnect bug, L402 token persistence, two-node payment architecture (provider + user), and a Go backend that fetches live feeds from Bitcoin Optech and Lightning Engineering with zero external dependencies.
  • Tech Stack: Next.js, MobX, Emotion, Go, LNC, Aperture (L402), lnd, litd (watch-only + remote signer), Neutrino, Docker
  • Year: 2026
  • Link: x402  

PolicyPulse — AI-Powered Policy Impact Analyzer (HooHacks 2026 @ UVA)

  • Description: Multi-agent AI system that analyzes how government policies personally impact you, backed by real government data. 7-agent pipeline across 4 stages — classification, research, parallel sector analysis (Labor, Housing, Consumer, Business), and synthesis. Features autonomous Lightning Network micropayments via L402 protocol: when free public data isn’t enough, agents pay fractional satoshis to access premium databases, visualized in real-time. Streaming UI with live agent activity feeds, payment animations, and animated Sankey diagrams.
  • Tech Stack: Next.js 16, React 19, Tailwind CSS 4, D3.js, FastAPI, Python, LangGraph, Google ADK, LND/Aperture (x402), Docker Compose
  • Year: 2026
  • Link: PolicyPulse  

The Cost of Custody — Bitcoin Covenant Vault Research

  • Description: First peer-reviewable empirical comparison of four active Bitcoin covenant proposals — CTV (BIP-119), CCV (BIP-443), OP_VAULT (BIP-345), and CAT+CSFS (BIP-347 + BIP-348). Ran 15 on-chain experiments on regtest covering the full vault lifecycle and a structured attack catalog across 11 threat models (fee pinning via CPFP anchor chains, watchtower fee exhaustion, keyless recovery griefing, trigger-key theft, cold-key theft, hot-key compromise, sighash-preimage tampering). Core contribution is a four-axis security framework (fee model, amount flexibility, recovery gating, recovery binding) that deterministically maps each design choice to its attack surface — any new BIP can be placed in the lattice and its vulnerability profile read off without running new measurements. Key findings: a critical covenant-bypass in CCV where undefined mode bytes trigger OP_SUCCESS and silently disable all vault protections; a batched-defender ordering flip where CCV and OP_VAULT swap safety rankings (66 vs 59 sat/vB unbatched, 119 vs 159 sat/vB batched) depending on the watchtower’s recovery strategy; a griefing–safety incompatibility proving no covenant vault can simultaneously achieve permissionless recovery and griefing resistance.
  • Tech Stack: Python (≈15K LOC framework), Bitcoin Core (Bitcoin Inquisition, Merkleize CCV, jamesob OP_VAULT), Docker Compose, pytest, LaTeX
  • Year: 2026
  • Link: Research Site | Framework  

simple-cat-csfs-vault — CAT+CSFS Bitcoin Vault

  • Description: Standalone open-source Bitcoin vault using OP_CAT (BIP-347) for on-stack transaction introspection and OP_CHECKSIGFROMSTACK (BIP-348) for dual-key output binding. Runs on Bitcoin Inquisition signet. Dual-verification hot leaf (hot key + output binding via CSFS) resists hot-key compromise better than any other covenant in the comparison — an attacker can trigger but cannot redirect funds. Included as one of the four covenants in the thesis comparison framework.
  • Tech Stack: Python, Schnorr Signatures, Taproot, Bitcoin Inquisition, OP_CAT, OP_CHECKSIGFROMSTACK, SIGHASH variants
  • Year: 2026
  • Link: CAT+CSFS Vault  

simple-simplicity-vault — Simplicity Vault on Elements

  • Description: Full Bitcoin vault lifecycle (create, trigger, withdraw, recover) implemented in Simplicity — Blockstream’s functional combinator script language that provides native transaction introspection without a soft-fork dependency. Runs on Elements (the Liquid Network’s substrate) via Blockstream’s Simplex SDK. Serves as a cross-substrate reference point in my thesis comparison — Simplicity’s combinator calculus enables the full introspection power that the four Bitcoin covenant proposals each approximate via different constrained mechanisms.
  • Tech Stack: Rust, Simplicity, Simplex SDK, Elements (elementsd, electrs), Bitcoin-style Taproot
  • Year: 2026
  • Link: Simplicity Vault  

Liquid Network Mnemonic Recovery Tool

  • Description: BIP39 mnemonic recovery tool for the Liquid Network. Brute-forces the last 2 missing words using a local Elements node at ~2,600 addr/s with no API rate limits.
  • Tech Stack: Python, Elements (Liquid Network)
  • Year: 2026
  • Link: Liquid Recovery  

Bitcoin Multisig Key Recovery Tool

  • Description: A Rust-based CLI tool for key recovery in m-of-n Bitcoin multisig schemes. Addresses the vulnerability where loss of a single public key prevents recovery even with all private keys. Enables recovery with only ’m’ keys using OP_RETURN.
  • Tech Stack: Rust, Bitcoin Core
  • Year: 2025
  • Link: Multisig Recovery  

Command & Control over DNS Tunneling

  • Description: This project demonstrates a DNS Tunneling-based HTTP Proxy, allowing a client behind a firewall to send HTTP requests over DNS queries. This is useful in environments where internet access is blocked but DNS queries are allowed.
  • Tech Stack: Python (dnscat2, iodine), Rust, Wireshark
  • Year: 2025
  • Link: DNS Tunneling Attack  

Bitcoin Docker Dev Environments

  • Description: Docker Compose setups for spinning up Blockstream’s Elements (Liquid Network) and Bitcoin Inquisition (Bitcoin Core fork with OP_CAT, OP_CTV, etc. activated on signet) for research and development.
  • Tech Stack: Shell, Docker Compose, Dockerfile, Bitcoin Core
  • Year: 2025
  • Link: Elements Docker | Inquisition Docker  

TLS 1.3 0-RTT replay-attack vulnerability check

  • Description: A network vulnerability experiment that exploits reply attack on TLS 1.3’s 0-RTT early data
  • Tech Stack: Rust, Openssl, Wireshark, Scapy, Python
  • Year: 2024
  • Link: TLS 0-RTT reply  

Pictionary

  • Description: A live socket-based interactive pictionary game for Android and iOS
  • Tech Stack: React-Native, Typescript, Socket.io, Realm (MongoDB)
  • Year: 2020
  • Link: Pictionary App  

Bitify (Decentralised Spotify)

  • Description: A decentralised music streaming platform built on Ethereum where artists publish directly and listeners pay per stream via smart contracts.
  • Tech Stack: Solidity, Javascript, React, Firebase, Truffle suite (Ganache, web3)
  • Year: 2020
  • Link: Bitify