--- Log opened Mon Nov 13 00:00:14 2017 00:05 -!- JackH [~laptop@91.189.61.70] has joined #bitcoin-wizards 00:10 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has quit [Ping timeout: 250 seconds] 00:12 -!- CubicEarth [~cubiceart@xdsl-31-164-62-119.adslplus.ch] has joined #bitcoin-wizards 00:12 -!- Dizzle [~Dizzle@cpe-70-114-199-124.austin.res.rr.com] has quit [Remote host closed the connection] 00:13 -!- CubicEarth [~cubiceart@xdsl-31-164-62-119.adslplus.ch] has quit [Remote host closed the connection] 00:13 -!- Dizzle [~Dizzle@2605:6000:1019:42b6:20b4:3752:2575:b796] has joined #bitcoin-wizards 00:13 -!- CubicEarth [~cubiceart@xdsl-31-164-62-119.adslplus.ch] has joined #bitcoin-wizards 00:13 -!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards 00:16 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has joined #bitcoin-wizards 00:16 -!- Dizzle_ [~Dizzle@2605:6000:1019:42b6:441c:1ce7:7962:1cae] has joined #bitcoin-wizards 00:18 -!- CubicEarth [~cubiceart@xdsl-31-164-62-119.adslplus.ch] has quit [Ping timeout: 268 seconds] 00:19 -!- Dizzle [~Dizzle@2605:6000:1019:42b6:20b4:3752:2575:b796] has quit [Ping timeout: 258 seconds] 00:23 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has quit [Ping timeout: 248 seconds] 00:29 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards 00:31 -!- go1111111 [~elliot@199.231.240.157] has joined #bitcoin-wizards 00:36 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards 00:41 -!- scratch_1 [~Mutter@141.22.240.205] has joined #bitcoin-wizards 00:44 -!- scratch_1 [~Mutter@141.22.240.205] has quit [Client Quit] 00:48 -!- CubicEarth [~cubiceart@xdsl-31-164-62-119.adslplus.ch] has joined #bitcoin-wizards 00:52 -!- Giszmo [~leo@pc-204-28-214-201.cm.vtr.net] has joined #bitcoin-wizards 00:56 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has quit [Quit: Leaving] 00:58 -!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has quit [Quit: Newyorkadam] 01:01 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards 01:02 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has quit [Remote host closed the connection] 01:06 -!- laurentmt [~Thunderbi@92.154.68.134] has joined #bitcoin-wizards 01:08 -!- scratch_1 [~Mutter@141.22.240.205] has joined #bitcoin-wizards 01:11 -!- scratch_1 [~Mutter@141.22.240.205] has quit [Client Quit] 01:35 -!- laurentmt1 [~Thunderbi@92.154.68.134] has joined #bitcoin-wizards 01:36 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards 01:37 -!- laurentmt [~Thunderbi@92.154.68.134] has quit [Ping timeout: 268 seconds] 01:37 -!- laurentmt1 is now known as laurentmt 01:38 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has quit [Client Quit] 01:38 -!- harrymm [~harrymm@85.203.47.130] has quit [Ping timeout: 248 seconds] 01:49 -!- Dizzle_ [~Dizzle@2605:6000:1019:42b6:441c:1ce7:7962:1cae] has quit [Quit: Leaving...] 01:50 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-rfxpalwyzkkbouqw] has quit [Quit: Connection closed for inactivity] 01:52 -!- harrymm [~harrymm@85.203.47.130] has joined #bitcoin-wizards 02:04 -!- roconnor [~roconnor@host-45-58-192-10.dyn.295.ca] has quit [Ping timeout: 248 seconds] 02:05 -!- airbreather [~airbreath@d149-67-99-43.nap.wideopenwest.com] has quit [Quit: Leaving] 02:07 -!- airbreather [~airbreath@d149-67-99-43.nap.wideopenwest.com] has joined #bitcoin-wizards 02:18 -!- snorkelsandfur [40b4933e@gateway/web/freenode/ip.64.180.147.62] has quit [Ping timeout: 260 seconds] 02:37 -!- dabura667 [~dabura667@p98110-ipngnfx01marunouchi.tokyo.ocn.ne.jp] has quit [Ping timeout: 248 seconds] 02:46 -!- scratch_1 [~Mutter@141.22.240.205] has joined #bitcoin-wizards 02:55 -!- scratch_1 [~Mutter@141.22.240.205] has quit [Ping timeout: 248 seconds] 03:18 -!- scratch_1 [~Mutter@x2f7f7e9.dyn.telefonica.de] has joined #bitcoin-wizards 03:23 -!- CubicEarth [~cubiceart@xdsl-31-164-62-119.adslplus.ch] has quit [] 03:34 -!- scratch_1 [~Mutter@x2f7f7e9.dyn.telefonica.de] has quit [Remote host closed the connection] 03:54 -!- scratch_1 [~Mutter@141.22.240.205] has joined #bitcoin-wizards 03:56 -!- scratch_1 [~Mutter@141.22.240.205] has quit [Client Quit] 03:56 -!- intcat [~zshlyk@gateway/tor-sasl/intcat] has quit [Ping timeout: 248 seconds] 03:59 -!- intcat [~zshlyk@gateway/tor-sasl/intcat] has joined #bitcoin-wizards 04:11 -!- wxss [~chatzilla@82.221.112.213] has quit [Ping timeout: 260 seconds] 04:12 -!- wxss [~chatzilla@82.221.112.213] has joined #bitcoin-wizards 04:13 -!- airbreather [~airbreath@d149-67-99-43.nap.wideopenwest.com] has quit [Quit: Leaving] 04:15 -!- airbreather [~airbreath@d149-67-99-43.nap.wideopenwest.com] has joined #bitcoin-wizards 04:16 -!- intcat [~zshlyk@gateway/tor-sasl/intcat] has quit [Remote host closed the connection] 04:16 -!- rmwb [~rmwb@2001:df0:ce:1080:1519:783:6193:83da] has joined #bitcoin-wizards 04:17 -!- rmwb [~rmwb@2001:df0:ce:1080:1519:783:6193:83da] has quit [Remote host closed the connection] 04:17 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 04:22 -!- deusexbeer [~deusexbee@080-250-077-176-dynamic-pool-adsl.wbt.ru] has quit [Ping timeout: 240 seconds] 04:23 -!- deusexbeer [~deusexbee@093-092-177-014-dynamic-pool-adsl.wbt.ru] has joined #bitcoin-wizards 04:23 -!- intcat [~zshlyk@gateway/tor-sasl/intcat] has joined #bitcoin-wizards 04:43 -!- dnaleor [~dnaleor@188.189.74.71] has joined #bitcoin-wizards 04:45 -!- marcoagner [~user@gateway/tor-sasl/marcoagner] has joined #bitcoin-wizards 04:57 -!- Chris_Stewart_5 [~chris@gateway/vpn/privateinternetaccess/chrisstewart5/x-62865615] has joined #bitcoin-wizards 05:06 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 250 seconds] 05:12 -!- dnaleor [~dnaleor@188.189.74.71] has quit [Ping timeout: 260 seconds] 05:17 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 05:24 -!- dnaleor [~dnaleor@host-im1adb.cbn1.zeelandnet.nl] has joined #bitcoin-wizards 05:24 -!- dnaleor [~dnaleor@host-im1adb.cbn1.zeelandnet.nl] has quit [Remote host closed the connection] 05:24 -!- ariard [~user@178.19.221.38] has joined #bitcoin-wizards 05:25 -!- dnaleor [~dnaleor@host-im1adb.cbn1.zeelandnet.nl] has joined #bitcoin-wizards 05:30 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards 05:40 -!- Chris_Stewart_5 [~chris@gateway/vpn/privateinternetaccess/chrisstewart5/x-62865615] has quit [Ping timeout: 258 seconds] 05:45 -!- dnaleor [~dnaleor@host-im1adb.cbn1.zeelandnet.nl] has quit [Quit: Leaving] 05:58 -!- dnaleor [~dnaleor@host-im1adb.cbn1.zeelandnet.nl] has joined #bitcoin-wizards 06:00 -!- Aaronvan_ [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards 06:02 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 240 seconds] 06:02 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 260 seconds] 06:03 -!- Chris_Stewart_5 [~chris@gateway/vpn/privateinternetaccess/chrisstewart5/x-62865615] has joined #bitcoin-wizards 06:05 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 06:08 -!- roconnor [~roconnor@host-45-78-197-59.dyn.295.ca] has joined #bitcoin-wizards 06:10 -!- roconnor is now known as roconnor_ 06:10 -!- meshcollider [uid246294@gateway/web/irccloud.com/x-emgpqgjuvncgwahu] has quit [Quit: Connection closed for inactivity] 06:15 -!- Chris_Stewart_5 [~chris@gateway/vpn/privateinternetaccess/chrisstewart5/x-62865615] has quit [Ping timeout: 260 seconds] 06:17 -!- marcoagner [~user@gateway/tor-sasl/marcoagner] has quit [Quit: WeeChat 1.0.1] 06:37 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 246 seconds] 06:41 < tromp> isn't Definition 8 equivalent to: forall in R: = 1 ? 06:50 < andytoshi> tromp: good catch on definition 4. for definition 8 the answer is yes but it's awkward to write that 06:50 < andytoshi> because (u, w) comes from the adversary 06:51 < andytoshi> well, i guess just add a third line on the rhs with "(s, u, w) in R" and remove the first line from the lhs. but that seems equally hard to read 06:52 < tromp> the point is that entire quantification over adversaries is redundant 06:53 < tromp> if my condition above holds, then your condition holds trivially for all adversaries, whether poly time onr not 06:53 < tromp> and if my condition above doesn't hold, then you can trivially make an adversary to fail your condition 06:59 < andytoshi> ah, yeah, i think you're right 07:00 < andytoshi> but using an adversary-less definition would require adding a bunch of lies to the proof of the forking lemma :P (which i guess is not in this paper..) 07:00 -!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds] 07:03 < andytoshi> actually no, it may be that there is a counterexample to your definition that no ppt adversary can find 07:03 < tromp> ok, just wanna make sure i'm not missing something 07:03 < tromp> oh really? 07:03 < tromp> that doesnt make sense to me 07:04 < andytoshi> yeah, like a hash preimage 07:04 < tromp> since only a single counterexample suffices 07:04 < tromp> which is by definition ppt 07:04 < tromp> the adversary would be constant time, to output that single counterexample 07:05 < andytoshi> no, there is a "single counterexample" of a collision on SHA2, which you can guarantee by counting 07:05 < andytoshi> but you can't define a ppt adversary that outputs it 07:05 < tromp> i can, just not constructively 07:05 < andytoshi> because it wouldn't be uniform (itself generated by a ppt algo that takes as input the security parameter) (ok, and you need to generalize sha2 to have a security parameter) 07:05 < andytoshi> right 07:06 < andytoshi> so there is an additional requirement for an algorithm to be polytime (or any time) which is "uniformity", to prevent exactly these shenanigans 07:06 < tromp> your qunatification over non-uniform adversaries includes all those outputting single counterexamples 07:06 < andytoshi> oh derp 07:06 -!- adiabat [~adiabat@45.63.20.152] has joined #bitcoin-wizards 07:07 < andytoshi> the word "non-uniform" is right there :P 07:07 < andytoshi> yeah you're right 07:07 -!- Chris_Stewart_5 [~chris@gateway/vpn/privateinternetaccess/chrisstewart5/x-62865615] has joined #bitcoin-wizards 07:07 < tromp> ok, there's another problem 07:07 < tromp> your definitions doesn't quantify over lambda 07:08 < tromp> is it supposed to say for all lambda? 07:10 < tromp> my counterexample adversary can ignore lambda and output the fixed counterexample that invalidates one lambda 07:11 < tromp> (i.e. ignore sigma too) 07:12 < andytoshi> yeah, it is implicitly over all lambda 07:13 < andytoshi> or maybe the definition is parameterized over lambda? like it can be "perfectly complete" for lambda=256 but not for others? that seems dumb, and nothing else in the paper restricts lambda, but it's one way to read the definition 07:14 -!- Chris_Stewart_5 [~chris@gateway/vpn/privateinternetaccess/chrisstewart5/x-62865615] has quit [Ping timeout: 240 seconds] 07:14 < tromp> def 9 also looks odd to me. how can one A have both sigma and trace as input? 07:16 < andytoshi> FYI def 8 is verbatim definition 6 from [1] (the bootle "zk arithmetic circuits from dl" paper which has passed peer review and also made quite a splash) 07:16 < andytoshi> it may itself have come from something earlier but i haven't traced back that far 07:17 < andytoshi> tromp: A is implicitly two algorithms here 07:17 < andytoshi> in older papers it was common to have two adversaries, one which generated challenges and one which verified traces, but IMO this way of writing is clearer 07:17 < tromp> peer review is not what it used to be:-( 07:17 < andytoshi> yes, very true, i have a rant about CS crypto peer review somewhere.. 07:17 < andytoshi> so i am glad that you're dissecting this 07:17 -!- Chris_Stewart_5 [~chris@gateway/vpn/privateinternetaccess/chrisstewart5/x-62865615] has joined #bitcoin-wizards 07:19 < tromp> what your definition of ~ (squigly equality) ? 07:19 < andytoshi> within a negilgible function 07:19 < andytoshi> where does it appear? 07:20 < andytoshi> negligible in lamda* 07:20 < tromp> it compares the probabilities in Def 9 07:20 < andytoshi> this also came from the bootle paper (def 7 there, except it's stastistical rather than computational). i agree that the squiggly line should be defined. 07:21 < tromp> if you're gonna use ~ then it shld also be used in Def 3 and 4 07:22 < tromp> def 3 can use ~ 1/2 and Def 4 can use ~ 0 07:22 < andytoshi> yeah, agreed. 07:22 < andytoshi> i'll forward these comments to benedikt (tho i think he can't update the paper at this point in the review process) 07:22 < tromp> by negligible do you mean inverse superpolynomial? 07:22 < sipa> andytoshi: where was the paper submitted to? 07:23 < andytoshi> tromp: yeah 07:25 < tromp> if in MW you use one aggregate rangeproof per tx, then that conflicts with tx aggregation? 07:25 < andytoshi> sipa: benedikt said "oakland" which i believe means http://www.ieee-security.org/TC/SP-Index.html ... which note is a security conference, not a crypto one, because the stanford folks were worried a pure crypto conf would think "rangeproofs with these asymptotics are solved" 07:25 < andytoshi> tromp: yes, i think for MW it doesn't make sense to use the aggregation 07:25 < andytoshi> even without aggregation this beats the pants off of our previous construction 07:26 < tromp> yes, i'm very happy with this work for that reason 07:26 < andytoshi> ditto 07:26 < tromp> gratz on your excellent results! 07:26 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 07:26 < sipa> andytoshi: oh yes, indeed 07:28 < andytoshi> heh, my main contribution was being discouraging about whether these results would be possible :) 07:28 < andytoshi> but i'll forward your congrats to benedikt who disagreed 07:51 -!- Murch [~murch@96-82-80-28-static.hfc.comcastbusiness.net] has joined #bitcoin-wizards 07:54 -!- JackH [~laptop@91.189.61.70] has quit [Ping timeout: 240 seconds] 07:57 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has joined #bitcoin-wizards 07:59 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 240 seconds] 07:59 -!- BashCo [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection] 08:00 -!- daszorz [~daszorz@188.94.18.118] has quit [Read error: Connection reset by peer] 08:00 -!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards 08:01 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has quit [Ping timeout: 240 seconds] 08:03 -!- jb55 [~jb55@70.36.49.138] has joined #bitcoin-wizards 08:05 -!- BashCo [~BashCo@unaffiliated/bashco] has quit [Ping timeout: 248 seconds] 08:05 -!- ftknox [~ftknox@fsf/member/ftknox] has joined #bitcoin-wizards 08:08 -!- jb55 [~jb55@70.36.49.138] has quit [Ping timeout: 268 seconds] 08:11 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 08:15 -!- dnaleor [~dnaleor@host-im1adb.cbn1.zeelandnet.nl] has quit [Quit: Leaving] 08:16 -!- leonidaz0r [~leonidaz0@2a02:aa16:3a81:7a80:a00:27ff:fe9f:b49] has quit [Ping timeout: 240 seconds] 08:17 -!- leonidaz0r [~leonidaz0@2a02:aa16:3a81:7a80:a00:27ff:fe9f:b49] has joined #bitcoin-wizards 08:19 -!- JackH [~laptop@alvira.static.korbank.pl] has joined #bitcoin-wizards 08:27 -!- scratch_1 [~Mutter@122-237-dsl.kielnet.net] has joined #bitcoin-wizards 08:28 < tromp> another concern: def 9 has order of quantification exists emulator forall adversaries, but informal statement at bottom of page has forall adversaries exists emulator ... 08:30 -!- scratch_1 [~Mutter@122-237-dsl.kielnet.net] has quit [Client Quit] 08:31 -!- thrmo [~thrmo@unaffiliated/thrmo] has joined #bitcoin-wizards 08:35 -!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards 08:39 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has joined #bitcoin-wizards 08:43 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 250 seconds] 08:55 -!- laurentmt [~Thunderbi@92.154.68.134] has quit [Quit: laurentmt] 08:56 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-oyaxlzisuwlaedia] has joined #bitcoin-wizards 09:06 -!- CheckDavid [uid14990@gateway/web/irccloud.com/x-qwbcjpdhushgdrlu] has joined #bitcoin-wizards 09:21 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has quit [Ping timeout: 248 seconds] 09:28 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 09:31 < andytoshi> i think def 9 says "forall adversaries exists emulator", which matches the text (and this is what's used in the forking lemma proof iirc) 09:31 < andytoshi> ah, no 09:32 < andytoshi> lemme check the proof in the bootle paper, the informal text might just be wrong.. 09:34 < andytoshi> yeah, the proof uses "there exists emulator forall adversaries", in the sense that it defines an emulator parameterized by the proof system which makes no reference whatsoever to the adversary itself 09:35 < andytoshi> so the informal text is wrong but it's not important to the results 09:41 -!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards 09:56 -!- Aaronvan_ is now known as AaronvanW 10:00 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 246 seconds] 10:04 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 10:09 -!- shesek [~shesek@unaffiliated/shesek] has quit [Ping timeout: 260 seconds] 10:13 -!- leonidaz0r [~leonidaz0@2a02:aa16:3a81:7a80:a00:27ff:fe9f:b49] has quit [Ping timeout: 240 seconds] 10:14 -!- leonidaz0r [~leonidaz0@2a02:aa16:3a81:7a80:a00:27ff:fe9f:b49] has joined #bitcoin-wizards 10:25 < tromp> ok, thx for checking 10:35 -!- akrmn [~akrmn@88.red-83-52-44.dynamicip.rima-tde.net] has joined #bitcoin-wizards 10:37 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 250 seconds] 10:39 < akrmn> Thinking a bit about scaling, and I wondering whether all this talk about drivechains (miners voting for validity of sidechain transactions) is needed if we just implement a new scripting language (like Simplicity). For example, you want to send some btc to a sidechain (like rootstock)...Can't you just make a smart contract that puts a specification of what chain to send to and conditions for getting money back, and the amount 10:40 < akrmn> You can specify the min amount of work on the sidechain, and put a hash of a block header of the sidechain for reference (into the smart contract specification) 10:41 < andytoshi> that's the dream 10:41 < andytoshi> in practice such a smart contract would be absurdly expensive to verify, even given known crypto techniques for compressing proofs 10:42 < sipa> the problem is that the only condition for moving money back is "the sidechain's consensus rules - which hopefully mean no inflation - were satisfied in its entire history" 10:42 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 10:42 < sipa> or rather, the condition you want ideally 10:42 < sipa> and verifying that condition, even if it can be written as a smart contract, involves redoing the entirety of validation work of the sidechain 10:42 < sipa> SNARKs one day... 10:43 < akrmn> thanks for the input. I feel like the verification can be done quite quickly with reasonable security, but I will think about it more 10:44 < sipa> how do you prove no double spending happened in the sidechain? 10:44 < akrmn> well ya basically I am thinking of a smart contract that trusts the hashpower (miners) of the sidechain 10:45 < sipa> then drivechains is what you want 10:45 < akrmn> which should correlate to the users validation... 10:45 < sipa> but i don't think that's an interesting security model 10:45 < akrmn> but I thought drivechains needs the miners of the bitcoin chain to decide 10:45 < sipa> yes 10:45 < sipa> inevitabl 10:46 < sipa> at best, bitcoin's miners collectively have censorship rights 10:46 < sipa> so they can always choose to not accept the proof of double spending or something 10:48 < akrmn> well when you let the miners of the sidechain have the power, then at least you are not involving bitcoin miners in the process, and you let the user choose which miners to trust 10:48 < sipa> how can you let the sidechain miners have power? 10:48 < sipa> they not identifiable 10:48 < akrmn> but ya these are just inital thoughts, would be good to read more about it if you have references 10:49 < sipa> there is no way you can prevent bitcoin miners from stealing the sidechain's pegged funds 10:49 < andytoshi> i think drivechains (and the writing about that) is exacly the security model you're pursuing, and IIRC paul has made the attack model pretty clear 10:49 < sipa> unless you make validating the sidechain part of bitcoin's consensus rules 10:50 < sipa> and even then the risk of reorganizations remains 10:50 < akrmn> Well the requirement of the smart contract would be that you have a spendable output of some value on the sidechain that passed x amount of hashpower starting from block with hash h 10:50 < sipa> the smart contract can't observe the sidechain 10:50 < sipa> unless your bitcoin nodes are required to see it 10:51 < sipa> which undoes all flexibility advantages your sidechain approach would have 10:51 < akrmn> so there can be forks, but as long as you have a piece of the chain that passed the hashpower required. You just send the sequence of block headers or a short proof to show that the hashpower requirement was met 10:51 < kanzure> akrmn: sounds like you would prefer sign-off directly by miners 10:54 -!- gazab [~gazab@188.226.163.51] has quit [Ping timeout: 240 seconds] 10:54 -!- ariard [~user@178.19.221.38] has quit [Quit: Leaving] 10:54 -!- gazab [~gazab@188.226.163.51] has joined #bitcoin-wizards 11:02 < akrmn> ya I guess the problem is that each node would have to get block data from the sidechain...need a shorter way to prove it 11:02 * sipa does the SNARK song 11:05 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards 11:15 -!- daszorz [~daszorz@cpc106809-live29-2-0-cust896.17-2.cable.virginm.net] has joined #bitcoin-wizards 11:23 -!- grzs [~g@bsd.douchedata.com] has joined #bitcoin-wizards 11:26 -!- CheckDavid [uid14990@gateway/web/irccloud.com/x-qwbcjpdhushgdrlu] has quit [Quit: Connection closed for inactivity] 11:28 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 11:35 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has joined #bitcoin-wizards 11:48 -!- harrymm [~harrymm@85.203.47.130] has quit [Ping timeout: 248 seconds] 11:49 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Quit: oleganza] 11:50 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards 11:57 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Quit: oleganza] 11:57 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards 12:00 -!- daszorz [~daszorz@cpc106809-live29-2-0-cust896.17-2.cable.virginm.net] has quit [Read error: Connection reset by peer] 12:00 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 240 seconds] 12:01 -!- harrymm [~harrymm@85.203.47.130] has joined #bitcoin-wizards 12:05 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 12:07 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has quit [Read error: Connection reset by peer] 12:07 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has joined #bitcoin-wizards 12:09 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has quit [Read error: Connection reset by peer] 12:09 -!- PaulCape_ [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has joined #bitcoin-wizards 12:10 -!- PaulCape_ [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has quit [Read error: Connection reset by peer] 12:12 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has joined #bitcoin-wizards 12:14 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has quit [Read error: Connection reset by peer] 12:19 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has joined #bitcoin-wizards 12:19 -!- laurentmt [~Thunderbi@176.158.157.202] has joined #bitcoin-wizards 12:21 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has quit [Read error: Connection reset by peer] 12:21 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has joined #bitcoin-wizards 12:25 < JackH> what would be the consequences to have a difficulty adjustment to be more often? negative consequences I mean 12:25 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 246 seconds] 12:28 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 12:28 -!- reallll [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards 12:31 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 240 seconds] 12:31 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 248 seconds] 12:33 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Quit: Leaving.] 12:33 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards 12:38 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 264 seconds] 12:53 -!- shesek [~shesek@bzq-84-110-56-179.red.bezeqint.net] has joined #bitcoin-wizards 12:53 -!- shesek [~shesek@bzq-84-110-56-179.red.bezeqint.net] has quit [Changing host] 12:53 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-wizards 12:59 -!- wxss_ [~chatzilla@82.221.112.213] has joined #bitcoin-wizards 13:01 -!- wxss [~chatzilla@82.221.112.213] has quit [Ping timeout: 240 seconds] 13:01 -!- wxss_ is now known as wxss 13:05 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has quit [Read error: Connection reset by peer] 13:06 -!- bill___ [5284e48b@gateway/web/freenode/ip.82.132.228.139] has joined #bitcoin-wizards 13:06 < bill___> hey anybody here able to help with a question? 13:08 < bill___> my bitchain is too large for my hard drive, if i delete and redownload the block chain wilthout deleting my wallet data will I be able to store the new file whilst retaining capital? 13:09 < sipa> #bitcoin 13:12 -!- bill___ [5284e48b@gateway/web/freenode/ip.82.132.228.139] has quit [Ping timeout: 260 seconds] 13:13 -!- PaulCape_ [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has joined #bitcoin-wizards 13:16 -!- PaulCape_ [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has quit [Read error: Connection reset by peer] 13:16 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has joined #bitcoin-wizards 13:19 < mlz> waxwing, yes there's a SNARK song, can't you hear sipa sing? :D 13:19 -!- meshcollider [uid246294@gateway/web/irccloud.com/x-xznhjyvkrcpngaii] has joined #bitcoin-wizards 13:23 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 13:24 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has quit [Ping timeout: 250 seconds] 13:25 -!- PaulCapestany [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has quit [Read error: Connection reset by peer] 13:28 -!- PaulCape_ [~PaulCapes@ip68-100-207-53.dc.dc.cox.net] has joined #bitcoin-wizards 13:29 -!- reallll [~belcher@unaffiliated/belcher] has quit [Quit: Leaving] 13:29 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards 13:43 -!- ftknox [~ftknox@fsf/member/ftknox] has quit [Ping timeout: 268 seconds] 13:51 -!- thom__ [xD@haxx.pw] has quit [Ping timeout: 255 seconds] 13:51 -!- aspect_ [sid151486@gateway/web/irccloud.com/x-euknljsolwpabxqn] has quit [Ping timeout: 255 seconds] 13:51 -!- nikuhodai [sid167432@ircpuzzles/2016/april-fools/second/nikuhodai] has quit [Ping timeout: 255 seconds] 13:51 -!- helo [~helo@unaffiliated/helo] has quit [Ping timeout: 255 seconds] 13:51 -!- Letze_ [~Letze@2a03:b0c0:3:d0::58a1:b001] has quit [Ping timeout: 255 seconds] 13:51 -!- cdecker [~cdecker@mail.snyke.net] has quit [Ping timeout: 255 seconds] 13:51 -!- Hunger- [~Hunger@zer0days.com] has quit [Ping timeout: 255 seconds] 13:51 -!- jbenet [sid17552@gateway/web/irccloud.com/x-slfbkosxyxaopfme] has quit [Ping timeout: 255 seconds] 13:51 -!- Letze__ [~Letze@2a03:b0c0:3:d0::58a1:b001] has joined #bitcoin-wizards 13:51 -!- nikuhodai_ [sid167432@ircpuzzles/2016/april-fools/second/nikuhodai] has joined #bitcoin-wizards 13:51 -!- aspect__ [sid151486@gateway/web/irccloud.com/x-rwashhaabydsevoj] has joined #bitcoin-wizards 13:51 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards 13:51 -!- jbenet_ [sid17552@gateway/web/irccloud.com/x-fxuzhiirawrrhirx] has joined #bitcoin-wizards 13:51 -!- scratch_1 [~Mutter@122-237-dsl.kielnet.net] has joined #bitcoin-wizards 13:51 -!- helo_ [~helo@unaffiliated/helo] has joined #bitcoin-wizards 13:51 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has quit [Client Quit] 13:51 -!- daszorz [~daszorz@cpc106809-live29-2-0-cust896.17-2.cable.virginm.net] has joined #bitcoin-wizards 13:51 -!- thom [xD@haxx.pw] has joined #bitcoin-wizards 13:51 -!- aspect__ is now known as aspect_ 13:51 -!- nikuhodai_ is now known as nikuhodai 13:52 -!- jbenet_ is now known as jbenet 13:52 -!- cdecker [~cdecker@mail.snyke.net] has joined #bitcoin-wizards 13:54 -!- jb55 [~jb55@24.87.206.252] has joined #bitcoin-wizards 13:54 -!- Yogh [~Yogh@92.110.183.153] has quit [Ping timeout: 260 seconds] 13:56 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Ping timeout: 240 seconds] 13:57 -!- scratch_1 [~Mutter@122-237-dsl.kielnet.net] has quit [Quit: Mutter: http://www.mutterirc.com] 13:59 -!- Yogh [~Yogh@92-110-183-153.cable.dynamic.v4.ziggo.nl] has joined #bitcoin-wizards 13:59 -!- augoeides[m] [augoeidesm@gateway/shell/matrix.org/x-yyaohtxyhotctljc] has quit [Ping timeout: 246 seconds] 13:59 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Quit: oleganza] 13:59 -!- herzmeister[m] [herzmeiste@gateway/shell/matrix.org/x-hrnuslwncopgugkq] has quit [Ping timeout: 250 seconds] 13:59 -!- kewde[m] [kewdematri@gateway/shell/matrix.org/x-nhjdgbkwyedqawkp] has quit [Ping timeout: 246 seconds] 14:00 -!- bjorn[m] [bjornwgnrm@gateway/shell/matrix.org/x-jokrzufbqbllgewk] has quit [Ping timeout: 250 seconds] 14:00 -!- Jeremy_Rand[m] [jeremyrand@gateway/shell/matrix.org/x-jkumspmugibskyzm] has quit [Ping timeout: 250 seconds] 14:00 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards 14:01 -!- rmwb [~rmwb@129.180.74.120] has joined #bitcoin-wizards 14:04 -!- jb55 [~jb55@24.87.206.252] has quit [Ping timeout: 240 seconds] 14:06 -!- bjorn[m] [bjornwgnrm@gateway/shell/matrix.org/x-wbplttcjsoonfccr] has joined #bitcoin-wizards 14:09 -!- jb55 [~jb55@24.87.206.252] has joined #bitcoin-wizards 14:11 -!- esotericnonsense [~esotericn@gateway/vpn/privateinternetaccess/esotericnonsense] has quit [Quit: esoteric nonsense] 14:12 -!- esotericnonsense [~esotericn@gateway/vpn/privateinternetaccess/esotericnonsense] has joined #bitcoin-wizards 14:15 -!- scratch_1 [~Mutter@122-237-dsl.kielnet.net] has joined #bitcoin-wizards 14:17 -!- rmwb [~rmwb@129.180.74.120] has quit [Remote host closed the connection] 14:17 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has joined #bitcoin-wizards 14:18 -!- JackH [~laptop@alvira.static.korbank.pl] has quit [Read error: Connection reset by peer] 14:18 -!- scratch_1 [~Mutter@122-237-dsl.kielnet.net] has quit [Client Quit] 14:19 -!- JackH [~laptop@alvira.static.korbank.pl] has joined #bitcoin-wizards 14:37 -!- rmwb [~rmwb@2001:df0:ce:1601:1958:1c02:c6f1:dbdd] has quit [Remote host closed the connection] 14:38 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has joined #bitcoin-wizards 14:40 -!- augoeides[m] [augoeidesm@gateway/shell/matrix.org/x-fxjlilcrmhcdtknl] has joined #bitcoin-wizards 14:40 -!- Jeremy_Rand[m] [jeremyrand@gateway/shell/matrix.org/x-gigiyynqsqmdywxx] has joined #bitcoin-wizards 14:40 -!- kewde[m] [kewdematri@gateway/shell/matrix.org/x-yvcfubwysvydzuyy] has joined #bitcoin-wizards 14:40 -!- herzmeister[m] [herzmeiste@gateway/shell/matrix.org/x-cwkhkcenzpxqchnj] has joined #bitcoin-wizards 14:49 -!- jb55 [~jb55@24.87.206.252] has quit [Ping timeout: 248 seconds] 14:55 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Quit: oleganza] 14:56 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards 14:57 -!- Oizopower [uid19103@gateway/web/irccloud.com/x-ftauwmuyddyqgsqu] has joined #bitcoin-wizards 15:09 -!- Chris_Stewart_5 [~chris@gateway/vpn/privateinternetaccess/chrisstewart5/x-62865615] has quit [Ping timeout: 240 seconds] 15:21 -!- belcher [~belcher@unaffiliated/belcher] has quit [Quit: Leaving] 15:28 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 15:30 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has joined #bitcoin-wizards 15:34 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has quit [Remote host closed the connection] 15:37 -!- jephalien [~jephalien@CPE00fc8d947f53-CM00fc8d947f50.cpe.net.cable.rogers.com] has quit [Ping timeout: 248 seconds] 15:38 -!- jephalien [~jephalien@CPE00fc8d947f53-CM00fc8d947f50.cpe.net.cable.rogers.com] has joined #bitcoin-wizards 15:38 -!- laurentmt [~Thunderbi@176.158.157.202] has quit [Quit: laurentmt] 15:40 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has joined #bitcoin-wizards 15:51 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 248 seconds] 15:57 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has quit [Ping timeout: 248 seconds] 16:05 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards 16:05 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has quit [Remote host closed the connection] 16:08 -!- Noldorin [~noldorin@unaffiliated/noldorin] has joined #bitcoin-wizards 16:09 -!- go1111111 [~elliot@199.231.240.157] has quit [Ping timeout: 248 seconds] 16:11 -!- daszorz [~daszorz@cpc106809-live29-2-0-cust896.17-2.cable.virginm.net] has quit [Ping timeout: 240 seconds] 16:12 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 16:22 -!- coup [~coup_de_s@ic.tox.im] has quit [Quit: Like 3 fire emojis lit rn 🔥🔥🔥] 16:23 -!- coup [~coup_de_s@ic.tox.im] has joined #bitcoin-wizards 16:40 -!- rmwb [~rmwb@2001:df0:ce:1080:e89c:987c:509:5c92] has joined #bitcoin-wizards 16:40 -!- juscamarena_ [~justin@47.148.173.164] has joined #bitcoin-wizards 16:42 -!- rmwb [~rmwb@2001:df0:ce:1080:e89c:987c:509:5c92] has quit [Remote host closed the connection] 16:43 -!- rmwb [~rmwb@2001:df0:ce:1601:c519:495e:9159:cc01] has joined #bitcoin-wizards 16:48 -!- rmwb [~rmwb@2001:df0:ce:1601:c519:495e:9159:cc01] has quit [Remote host closed the connection] 16:48 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has joined #bitcoin-wizards 17:18 -!- tloriato [b1d01421@gateway/web/freenode/ip.177.208.20.33] has joined #bitcoin-wizards 17:18 < sipa> hi 17:18 < tloriato> hello! 17:18 < sipa> we're pretty close to writing up a proposal 17:18 < sipa> for aggregated signatures 17:18 < tloriato> i feel like everytime i have a doubt about bitcoin development you are here to help me, thanks buddy, for real 17:18 < tloriato> that's incredible 17:19 < sipa> there are two somewhat independent problems to solve here 17:19 < tloriato> i'm in first year of cs college myself, so i'm still trying to catch up on things, but schnorr signatures might be one of the most important updates for bitcoin ( even more than LN, for me) 17:20 < tloriato> alright, go ahead please, sorry 17:20 < sipa> one is the question of how to reduce the number of signatures per input to 1 17:20 < waxwing> sipa, you mean like a BIP for aggregated sigs? wouldn't it need a Schnorr BIP first or something? 17:20 < waxwing> sorry ignore me, i interrupted 17:21 < sipa> waxwing: yes, we'll probably write up two BIPs (one about the signature scheme itself), another about how to integrate it into opcodes etc 17:21 < sipa> and the other problem is how to reduce the number of signatures across multiple inputs to one 17:22 < sipa> for the first there are many solutions (if you accept complicated negotiations and proof protocols between the participants in a single input) 17:22 -!- Dizzle [~Dizzle@2605:6000:1019:42b6:7574:6b99:1508:e52f] has joined #bitcoin-wizards 17:22 < andytoshi> waxwing: to be clear: "aggregated sigs" and "schnorr" are the same thing. "schnorr signature" is not a super well-defined concept. aggregate signatures are a specific thing (that could be termed a 'schnorr signature', or rather a generalization of 'schnorr signature' to multiple signers) which has all the algebraic properties that our hearts desire from schnorr 17:23 < sipa> right, aggregated signature just means "a construction that allows multiple signers to jointly produce a single signature" 17:23 < waxwing> andytoshi, i'm surprised you put it like that .. the schnorr signature was patented after all :) 17:23 < sipa> schnorr signatures do permit this, but some serious caveats that actually make it (when used naively) insecure for the across-inputs case 17:24 < tloriato> waxwing: it expired in 2008 17:24 < andytoshi> waxwing: right, sure, there is a specific thing called a "schnorr signature" which was patented (tho it still did not specify e.g. what groups or hash function to use) and that thing was crappy 17:24 < sipa> however, it turns out there is a generalization of Schnorr signature for multiple parties that remains secure under very wide assumptions, called Bellare-Neven from 2006 17:24 < andytoshi> later there was a generalization by bellare-neven (which is what we're calling "aggregated signatures") which is also a specific thing 17:25 < sipa> in particular, the issue is that it remains secure even when all but one participant can choose their public keys in function of other participants 17:25 < andytoshi> but when we say "schnorr signature" in casual conversation this might refer to schnorr's scheme, schnorr's scheme + a pubkey commitment, bellare-neven, etc., sometmise i even use that term to refer to rangeproofs or ring signatures 17:26 < waxwing> tloriato, sure i know :) andytoshi i'm curious now, given that details like hash function and group weren't defined, in what sense was it crappy? i'm guessing you mean it doesn't consider pubkey commitment then. 17:26 < andytoshi> as a result we're trying to avoid using the term in anything we propose, to avoid confusion 17:26 < waxwing> hmm yes i can see how you'd end up in that situation now, thanks. 17:26 < andytoshi> waxwing: yes. and it looks tantalizingly like it'd give easy multisigs but actually it doesn't 17:26 < sipa> it gives easy multisigs under the assumption that all public keys are certified 17:27 < andytoshi> (i have also used "schorr signatures" to refer to many different multisignature schemes, some of which are broken) 17:27 < andytoshi> right 17:27 < sipa> as in: there is some magic involved that makes you believe that all participants actually have the keys they claim to have 17:27 < sipa> and in a blockchain setting, that assumption can't exist 17:27 -!- akrmn [~akrmn@88.red-83-52-44.dynamicip.rima-tde.net] has quit [Ping timeout: 248 seconds] 17:27 < sipa> the verifiers (=every full node) can't know who has which public key - that's exactly the problem it's trying to solve 17:27 < waxwing> well i can only earnestly wish you guys luck in shifting the language here :) 17:29 < sipa> anyway, Bellare-Neven is a trivial extension of Schnorr 17:29 < waxwing> this is the part where i say a schnorr sig is just a zkpok of the private key and then run away before gmaxwell finds me :) 17:31 -!- StopAndDecrypt [~StopAndDe@c-73-248-248-9.hsd1.nj.comcast.net] has quit [Remote host closed the connection] 17:31 -!- blockchain [~linux@178.237.154.22] has joined #bitcoin-wizards 17:32 < andytoshi> heh, that is usually but not always what i mean by the term 17:33 < waxwing> (just jk about how it isn't if the pubkey isn't fixed in advance, i.e. the stuff you were already mentioning) 17:33 -!- StopAndDecrypt [~StopAndDe@c-73-248-248-9.hsd1.nj.comcast.net] has joined #bitcoin-wizards 17:34 < waxwing> hmm although it's in the weeds, it is kinda interesting since if a learner goes to wikipedia to read about Schnorr signatures they aren't going to see mention of this issue iirc 17:34 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-oyaxlzisuwlaedia] has quit [Quit: Connection closed for inactivity] 17:35 < sipa> well the problem is really one of setting assumptions 17:35 < sipa> this idea that with schnorr you can "just" add up multiple signatures and you get a valid signature for the sum of the public key is true, but the normal schnorr security proof in no extends to that 17:36 < sipa> *in no way 17:37 < sipa> this is the paper that describes the Bellare-Neven scheme: https://cseweb.ucsd.edu/~mihir/papers/multisignatures-ccs.pdf 17:38 < sipa> (they call their own scheme MS-BN in the paper) 17:39 < waxwing> thanks. 17:40 < sipa> where Schnorr's validation equation is s*G = R + H(R,m)*X (with (R,s) the sig, m the message, X the pubkey) 17:41 < sipa> Bellare-Neven's equation is s*G = R + H(R,m,P1,P2,...,Pn,1)*P1 + H(R,m,P1,P2,...,Pn,2)*P2 + ... + H(R,m,P1,P2,...,Pn,n)*Pn 17:41 < sipa> with P1...Pn the pubkeys 17:42 -!- blockchain [~linux@178.237.154.22] has quit [Quit: Verlassend] 17:47 < waxwing> hmm that looks simpler than the construction you guys came up with? 17:47 < sipa> it is 17:47 < sipa> however, it doesn't permit key aggregation - the verifier needs to know all the public keys 17:47 < waxwing> so the wagner thing doesn't apply? 17:47 < sipa> no, wagner is not a concern here 17:49 < sipa> our construction uses s*G = H(R,m,Q)*H(P1,P2,...,Pn,1)*P1 + H(R,m,Q)*H(P1,P2,...,Pn,2)*P2 + ... + H(R,m,Q)*H(P1,P2,...,Pn,n)*Pn, where Q = H(P1,P2,...,Pn,1)*P1 + ... + H(P1,P2,...,Pn,n)*Pn 17:50 < sipa> which can be rewritten as s*G = R + H(R,m,Q)*Q, which is just the normal Schnorr verification equation 17:51 < sipa> oops, missing "R +" two lines up ^ 17:51 < waxwing> ah so only one thing is hashed there 17:54 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has quit [Ping timeout: 268 seconds] 17:54 -!- Belkaar [~Belkaar@xdsl-87-79-147-210.netcologne.de] has joined #bitcoin-wizards 17:54 -!- Belkaar [~Belkaar@xdsl-87-79-147-210.netcologne.de] has quit [Changing host] 17:54 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has joined #bitcoin-wizards 18:01 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Quit: oleganza] 18:02 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has quit [Remote host closed the connection] 18:03 < kanzure> "Updates on Confidential Transactions efficiency" https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-November/015283.html 18:06 -!- tloriato [b1d01421@gateway/web/freenode/ip.177.208.20.33] has quit [Quit: Page closed] 18:07 < waxwing> yeah just saw that, great, succinct and to the point 18:14 -!- nickler [~nickler@185.12.46.130] has quit [Ping timeout: 248 seconds] 18:19 -!- Murch [~murch@96-82-80-28-static.hfc.comcastbusiness.net] has quit [Quit: Snoozing.] 18:20 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Read error: Connection reset by peer] 18:21 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards 18:21 -!- nickler [~nickler@185.12.46.130] has joined #bitcoin-wizards 18:25 < waxwing> (that was *not* an attempt at a joke ("succinct")) 18:27 -!- Oizopower [uid19103@gateway/web/irccloud.com/x-ftauwmuyddyqgsqu] has quit [Quit: Connection closed for inactivity] 18:27 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [] 18:34 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards 18:37 -!- Aaronvan_ [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards 18:40 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 240 seconds] 18:43 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards 18:47 -!- Aaronvan_ [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection] 18:48 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards 18:52 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 260 seconds] 18:57 -!- licnep [uid4387@gateway/web/irccloud.com/x-tuanldgkkusnsjaw] has joined #bitcoin-wizards 18:58 -!- Dizzle [~Dizzle@2605:6000:1019:42b6:7574:6b99:1508:e52f] has quit [Remote host closed the connection] 19:00 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has quit [Quit: WeeChat 1.9] 19:04 -!- Dizzle [~Dizzle@2605:6000:1019:42b6:e9f2:d066:ebf5:1833] has joined #bitcoin-wizards 19:05 -!- rmwb [~rmwb@129.180.84.236] has joined #bitcoin-wizards 19:06 -!- Guest10 [~textual@96-82-67-197-static.hfc.comcastbusiness.net] has joined #bitcoin-wizards 19:07 -!- Guest10 [~textual@96-82-67-197-static.hfc.comcastbusiness.net] has quit [Client Quit] 19:09 -!- rmwb_ [~rmwb@2001:df0:ce:1080:b5d5:4350:1c13:7d48] has joined #bitcoin-wizards 19:09 -!- rmwb [~rmwb@129.180.84.236] has quit [Ping timeout: 248 seconds] 19:10 -!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has quit [Quit: Leaving] 19:37 -!- rmwb_ [~rmwb@2001:df0:ce:1080:b5d5:4350:1c13:7d48] has quit [Remote host closed the connection] 19:46 -!- rmwb [~rmwb@2001:df0:ce:1080:e0f6:5b71:4697:4078] has joined #bitcoin-wizards 19:47 -!- rmwb [~rmwb@2001:df0:ce:1080:e0f6:5b71:4697:4078] has quit [Remote host closed the connection] 19:47 -!- rmwb [~rmwb@2001:df0:ce:1601:d9b1:69cd:50e7:be89] has joined #bitcoin-wizards 19:50 -!- AlineGomes [uid198215@gateway/web/irccloud.com/x-sbexbdxlgtkietrb] has joined #bitcoin-wizards 20:07 -!- jrayhawk_ is now known as jrayhawk 20:17 -!- rmwb [~rmwb@2001:df0:ce:1601:d9b1:69cd:50e7:be89] has quit [Remote host closed the connection] 20:17 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has joined #bitcoin-wizards 20:29 -!- dabura667 [~dabura667@p98110-ipngnfx01marunouchi.tokyo.ocn.ne.jp] has joined #bitcoin-wizards 20:38 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Quit: Leaving.] 20:45 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has quit [Remote host closed the connection] 20:53 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has joined #bitcoin-wizards 20:58 -!- rmwb [~rmwb@2001:df0:ce:1080:9c89:c8d8:f2f2:9f72] has joined #bitcoin-wizards 20:59 -!- rmwb [~rmwb@2001:df0:ce:1080:9c89:c8d8:f2f2:9f72] has quit [Remote host closed the connection] 20:59 -!- rmwb [~rmwb@2001:df0:ce:1601:19cd:a07c:c556:71b0] has joined #bitcoin-wizards 21:00 -!- legogris [~legogris@128.199.205.238] has quit [Remote host closed the connection] 21:00 -!- legogris [~legogris@128.199.205.238] has joined #bitcoin-wizards 21:01 -!- execute [~execute@52.68.0.151] has joined #bitcoin-wizards 21:05 -!- [7] [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 240 seconds] 21:10 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards 21:29 -!- anon616 [~anon616@ec2-34-229-210-26.compute-1.amazonaws.com] has quit [Remote host closed the connection] 21:30 -!- Azamat [ca156a9f@gateway/web/freenode/ip.202.21.106.159] has joined #bitcoin-wizards 21:30 -!- anon616 [~anon616@ec2-34-229-210-26.compute-1.amazonaws.com] has joined #bitcoin-wizards 21:30 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 258 seconds] 21:31 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards 21:36 -!- licnep [uid4387@gateway/web/irccloud.com/x-tuanldgkkusnsjaw] has quit [Quit: Connection closed for inactivity] 21:37 -!- anon616 [~anon616@ec2-34-229-210-26.compute-1.amazonaws.com] has left #bitcoin-wizards [] 21:38 -!- anon616 [~anon616@ec2-34-229-210-26.compute-1.amazonaws.com] has joined #bitcoin-wizards 21:39 -!- oleganza [~oleganza@c-76-103-74-240.hsd1.ca.comcast.net] has joined #bitcoin-wizards 21:44 -!- Noldorin [~noldorin@unaffiliated/noldorin] has quit [Ping timeout: 258 seconds] 21:49 -!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has quit [Ping timeout: 268 seconds] 21:50 -!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has joined #bitcoin-wizards 21:50 -!- Azamat [ca156a9f@gateway/web/freenode/ip.202.21.106.159] has quit [Quit: Page closed] 21:51 -!- anon616 [~anon616@ec2-34-229-210-26.compute-1.amazonaws.com] has quit [Remote host closed the connection] 21:58 -!- anon616 [~anon616@ec2-34-229-210-26.compute-1.amazonaws.com] has joined #bitcoin-wizards 22:05 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 268 seconds] 22:12 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards 22:18 -!- oleganza [~oleganza@c-76-103-74-240.hsd1.ca.comcast.net] has quit [Quit: oleganza] 22:30 -!- poppingtonic [~brian@unaffiliated/poppingtonic] has joined #bitcoin-wizards 22:32 -!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds] 22:32 -!- rmwb [~rmwb@2001:df0:ce:1601:19cd:a07c:c556:71b0] has quit [Remote host closed the connection] 22:36 -!- leonidaz0r [~leonidaz0@2a02:aa16:3a81:7a80:a00:27ff:fe9f:b49] has quit [Ping timeout: 240 seconds] 22:37 -!- leonidaz0r [~leonidaz0@2a02:aa16:3a81:7a80:a00:27ff:fe9f:b49] has joined #bitcoin-wizards 22:46 -!- daszorz [~daszorz@cpc106809-live29-2-0-cust896.17-2.cable.virginm.net] has joined #bitcoin-wizards 23:02 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-hzaictgpvrotdsow] has joined #bitcoin-wizards 23:05 -!- daszorz [~daszorz@cpc106809-live29-2-0-cust896.17-2.cable.virginm.net] has quit [Read error: Connection reset by peer] 23:05 -!- BashCo [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection] 23:24 -!- jb55 [~jb55@70-36-49-138.dyn.novuscom.net] has quit [Ping timeout: 248 seconds] 23:44 -!- Dizzle [~Dizzle@2605:6000:1019:42b6:e9f2:d066:ebf5:1833] has quit [Quit: Leaving...] 23:46 -!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards 23:49 -!- AlineGomes [uid198215@gateway/web/irccloud.com/x-sbexbdxlgtkietrb] has quit [Quit: Connection closed for inactivity] --- Log closed Tue Nov 14 00:00:14 2017