--- Log opened Wed Jan 30 00:00:36 2019
00:00 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
00:48 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
00:52 -!- schmidty_ [~schmidty@104-7-216-111.lightspeed.austtx.sbcglobal.net] has joined #bitcoin-wizards
00:52 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 245 seconds]
00:54 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #bitcoin-wizards
00:54 -!- schmidty_ [~schmidty@104-7-216-111.lightspeed.austtx.sbcglobal.net] has quit [Read error: Connection reset by peer]
01:01 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]
01:04 -!- setpill [~setpill@unaffiliated/setpill] has joined #bitcoin-wizards
01:06 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
01:10 -!- Krellan [~Krellan@2601:640:4000:a876:ac5e:6dfa:8077:7ec1] has joined #bitcoin-wizards
01:31 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
02:11 -!- wpaulino [~wpaulino@unaffiliated/wpaulino] has quit [Quit: leaving]
02:20 -!- jungly [~quassel@79.8.200.97] has joined #bitcoin-wizards
02:21 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
02:25 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
02:26 -!- root [~wpaulino@142.93.92.243] has joined #bitcoin-wizards
02:27 -!- root is now known as Guest94198
02:28 -!- Guest94198 [~wpaulino@142.93.92.243] has quit [Client Quit]
02:29 -!- root__ [~wpaulino@142.93.92.243] has joined #bitcoin-wizards
02:29 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Remote host closed the connection]
02:29 -!- root__ [~wpaulino@142.93.92.243] has quit [Client Quit]
02:37 -!- wpaulino [~wpaulino@unaffiliated/wpaulino] has joined #bitcoin-wizards
02:43 -!- enemabandit [~enemaband@185.227.37.188.rev.vodafone.pt] has joined #bitcoin-wizards
02:51 -!- Murch [~murch@c-73-223-113-121.hsd1.ca.comcast.net] has quit [Quit: Snoozing.]
03:02 -!- rh0nj [~rh0nj@88.99.167.175] has quit [Remote host closed the connection]
03:03 -!- rh0nj [~rh0nj@88.99.167.175] has joined #bitcoin-wizards
03:13 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
03:13 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
03:14 -!- TheoStorm [~TheoStorm@host-lzquwqj.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
03:17 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 245 seconds]
03:26 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has joined #bitcoin-wizards
03:27 -!- ghost43 [~daer@gateway/tor-sasl/daer] has quit [Remote host closed the connection]
03:28 -!- ghost43 [~daer@gateway/tor-sasl/daer] has joined #bitcoin-wizards
03:46 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
03:49 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
03:50 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
03:53 -!- drexl [~drexl@cpc130676-camd16-2-0-cust445.know.cable.virginm.net] has quit [Read error: Connection reset by peer]
03:54 -!- drexl [~drexl@cpc130676-camd16-2-0-cust445.know.cable.virginm.net] has joined #bitcoin-wizards
03:59 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
04:22 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 240 seconds]
04:27 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
04:38 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]
04:39 -!- CryptoDavid [uid14990@gateway/web/irccloud.com/x-xhwwvwdiorhhfmbb] has joined #bitcoin-wizards
04:43 -!- laurentmt [~Thunderbi@176.158.157.202] has joined #bitcoin-wizards
04:53 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
05:14 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
05:18 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 244 seconds]
05:25 < drexl> https://groups.google.com/a/list.nist.gov/forum/m/#!topic/pqc-forum/bBxcfFFUsxE
05:43 < cjd> so looks like the ones eliminatd are BIG QUAKE, CFPKM, Compact LWE, DAGS, Ding Key Exchange, DME, DRS, DualModeMS, EMBLEM, Giophantus, Gravity-SPHINCS, Guess Again, Gui, HiMQ-3, KCL, KINDI, LAKE, Lepton, LIMA, Lizard, LOCKER, LOTUS, McNie, Mersenne-756839, pqNTRUSign, Odd Manhattan, Post-quantum RSA-Encryption, Post-quantum RSA-Signature, pqsigRM, QC-MDPC KEM, RaCoSS, Ramstake, RLCE-KEM, Titanium, Wal
05:43 < cjd> nutDSA
05:43 < cjd> excluding the ones withdrawn or merged
06:14 -!- Aaaaand [~quassel@185.222.1.49] has joined #bitcoin-wizards
06:22 < Aaaaand> Can somebody direct me to good information on why bitcoin can stay secure and reliable when the block reward becomes negligible? (or how the future fee market can guarantee bitcoin's security?)
06:24 < nsh> someone please correct me but i would venture that at the moment it's still a mixture of hope [economic arguments] and some empirical results which are slightly more promising than doomsaying
06:25 < nsh> it's a gradual transition to a game-theoretic equilibrium that is more complex and less supported by algorithmic driving than under the block reward. as a result it will required collective self-organisation which is difficult to reason about
06:25 < nsh> but maybe people have data from test models in other systems that can be brought to bear
06:25 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 272 seconds]
06:27 < Aaaaand> yeah, it looks a big transition for bitcoin and not much is written about it (or I am looking at the wrong places)
06:28 < nsh> it could be seen as a minting mining subsidy being replaced by an adoption-utility subsidy i suppose but then that puts a systemic constraint on a window in which adoption-utility must increase to pick up the slack, but this is automatically recompensated as miners drop out
06:28 < Aaaaand> It looks like there is no clear answer to it, and it looks like a dangerous gamble to me
06:28 < nsh> as the fee dividend is then split less to remaining miners
06:28 < nsh> so there's still an equilibrium-finding feedback in terms of voluntary participation
06:29 < nsh> well, permanent inflation is considered another dangerous gamble and the context in which bitcoin was created should be remembered
06:29 < cjd> when are we talking about ? 2050 ? 2100 ?
06:30 < cjd> I'm gonna throw my money on either singularity or nuclear winter before then
06:31 < Alanius> money denominated in what, cigarettes?
06:31 < Aaaaand> But I don't think there is a certain correlation between value of the bitcoin network and on-chain tx fees.
06:32 < Aaaaand> We're currently at the same block fees as in begin 2016
06:32 < Aaaaand> in terms of bitcoin
06:32 < Aaaaand> which is an issue if you want to prevent 51% attacks
06:32 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
06:33 < Aaaaand> and second layer tech might even make this worse
06:33 < Aaaaand> cjd: 10 years?
06:33 < Aaaaand> fixed mining reward is then 1.5 btc
06:34 < Aaaaand> It's coming fast
06:36 < cjd> hmm, 10 years is a bit close, but that's double it's current age... so I wouldn't be at all surprised to see a network of lightning nodes which look a lot like banks but with transparency... I could easily imagine them setting their nodes to reject deep reorgs
06:37 < Aaaaand> So you're moving away from total POW to determine the chain ?
06:38 < cjd> I'm sitting in an armchair predicting things
06:40 < nsh> holding my nose to say this, but it's worth remembering that 'society' (ie governments, banks, corps) subsisise the financial sector massively at present
06:40 < nsh> and this willingness to part with a fraction of wealth-generation/value to ensure the good running of an international settlements system is likely to endure
06:41 < nsh> but we'd prefer it to be written in somehow algorithmically and not dependent on politics
06:41 < cjd> transparency
06:41  * nsh nods
06:42 < cjd> If I could snap my fingers and blockchain would cease to exist, but the banks as we know them would all become completely transparent and electronically auditable, I would
06:43 < Aaaaand> Bitcoin was supposed to be a trustless system, but looks current implementation becomes flawed when miners have to rely on tx fees
06:43 < Aaaaand> Chance that governments will protect the bitcoin system is very low, def in a time span of 10 years
06:43 < Aaaaand> imo
06:44 < cjd> "trustless" -> bitcoin's a hack to bypass the fact that no such system can actually exist
06:44 < Aaaaand> I mean in 5 years, fixed reward is 3 BTC. Will it be enough? Hard to tell. You can 51% at any reward of course
06:44 < cjd> sort of a loophole in the rules
06:44 < Aaaaand> and it works when miners have guaranteed pay
06:44 < cjd> in any case, I'm not worried
06:44 < Aaaaand> but relying on a fee market becomes highly unreliable imo
06:45 < Aaaaand> what if there is a small period of low tx count?
06:45 < Aaaaand> for whatever reason
06:45 < Aaaaand> 51% attacks will become trivial
06:46 < cjd> doesn't make the first page of my list of concerns
06:46 < Aaaaand> not today no
06:46 < cjd> not in my list of concerns between now and singularity
06:46 < Aaaaand> but in 5 years, it will start to play I think, and it doesn't look like there is a clear solution for it
06:46 < Aaaaand> cjd: then what is top on your list?
06:47 < cjd> nuclear war
06:47 < Aaaaand> this is a bitcoin channel..
06:47 < cjd> you asked :)
06:47 < Aaaaand> I mean, regarding to bitcoin
06:48 < cjd> internet collapses and then people can't send blocks because of ^^
06:49 < Aaaaand> More talking about the protocol itself
06:49 < Aaaaand> there is always blockstream satellite cjd
06:49 < cjd> But if you want a concern which is narrowly related to bitcoin and not related to things other than bitcoin...   maybe quantum computers is an answer you prefer
06:50 < cjd> satellite is only as good as it's uplink
06:50 < Aaaaand> cjd: Difficulty will just increase? Or are you talking about finding the private keys of a bitcoin address ?
06:51 < Aaaaand> You can always add new address formats
06:51 < Aaaaand> don't think that's much of an issue
06:51 < Aaaaand> it will be for old coins of course
06:52 < cjd> What if cryptography stops working entirely ?   I don't think there is consensus on what quantum computers *definitely cannot* do
06:52 < nsh> was just thinking about that in ##crypto
06:53 < nsh> (settled that lamport sigs are robust afawk but raw asymmetric encryption/decryption is toast and everything will be done by [q]key-distribution and at least 2x keylength symmetric encryption primitives
06:53 < nsh> which isn't a really big difference from today really)
06:54 < nsh> otoh i occasionally habour ideas about post-[classical]-turing-computing which are far more scary than people's current understanding of immanent QC
06:54 < cjd> underpinning hashes is an implicit assumption that mixing + losing bits is something that cannot be preimaged...
06:55 < nsh> yes, well, exactly this
06:55 -!- TheoStorm [~TheoStorm@host-lzquwqj.cbn1.zeelandnet.nl] has quit [Ping timeout: 268 seconds]
06:55 < cjd> Also consider that your PRNG is losing bits all of the time, so how much entropy does it really have ?
06:56 < nsh> but i'm obliged to keep mum about some of my thoughts this direction until i can have confidence that the cat which might come out of the bag won't become a meowzilla and destroy civilisation as we know it
06:56 < cjd> every time you hash, you give a few bits up to make it irreversible...
06:56 < cjd> I wouldn't worry about it, 100 monkies, someone else is thinking what you're thinking
06:56 < nsh> there are confusing results here that i don't understand fully
06:57 < nsh> e.g. left-over hash lemma and things like tihs suggest you can stretch entropy
06:57 < nsh> but basic counting arguments suggest otherwise and i don't know how to settle the difference
06:57 < cjd> "stretch entropy" sounds like perpetual motion to me
06:57 < nsh> and worse in quantum information as we understand it nothing can be lost by diktat of unitarity and time-reversibility
06:58 < nsh> so kinda we have to hope that quantum mechanics is just a metaheuristic for some underlying physics which does involve convergence of histories (loss of information, time irreversibility)
06:58 < nsh> luckily there is some light in that direction
06:59 < nsh> it may turn out that there are quaint... physical solutions.  ie we send out some probe to far end of solar system and it has to physically house a bunch of dangerous entropy at some physical remove from earth systems that might be undone by its leaking
06:59 < nsh> but this is scifi :)
07:00 < nsh> 'Imagine that you have a secret key X that has n uniform random bits, and you would like to use this secret key to encrypt a message. Unfortunately, you were a bit careless with the key, and know that an adversary was able to learn about t < n bits of that key, but you do not know which. Can you still use your key, or do you have to throw it away and choose a new key? The leftover hash lemma tells us that we can produce a key of about n - t bits, over
07:00 < nsh> which the adversary has almost no knowledge. Since the adversary knows all but n - t bits, this is almost optimal. '
07:00 < cjd> if we get safely to singularity day, doesn't matter that much
07:00 < nsh> - https://en.wikipedia.org/wiki/Leftover_hash_lemma
07:00 < nsh> so, magic. gotcha...
07:00 < nsh> well, my faith in singularity has improved recently. my faith in human culture is still catching up :)
07:02 < cjd> well, good news is culture gets erased so you don't need to have faith in it :)
07:04 -!- Aaaaand [~quassel@185.222.1.49] has quit [Ping timeout: 240 seconds]
07:04 < nsh> hah, any sources for this prognostication? :)
07:04 < nsh> MORE MAGIC: https://eprint.iacr.org/2011/088.pdf
07:05 < nsh> magic against quantum processing: https://arxiv.org/abs/1002.2436
07:05 < nsh> i am dubious about all of this tbh but i am not a professional/academic :)
07:06 < cjd> armchair prediction, but mostly imagining a larger scale version of brain development
07:10 -!- TheoStorm [~TheoStorm@host-lzquwqj.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
07:11 -!- Dyaheon [~Dya@dsl-trebng21-58c19a-191.dhcp.inet.fi] has quit [Ping timeout: 246 seconds]
07:11 < adlai> if Aaaaand wanders back to read the logs: see http://www.truthcoin.info/blog/mining-heart-attack/
07:16 -!- Dyaheon [~Dya@dsl-trebng21-58c19a-191.dhcp.inet.fi] has joined #bitcoin-wizards
07:25 -!- TheoStorm [~TheoStorm@host-lzquwqj.cbn1.zeelandnet.nl] has quit [Ping timeout: 240 seconds]
07:38 -!- TheoStorm [~TheoStorm@host-lzquwqj.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
07:49 -!- jtimon [~quassel@92.28.134.37.dynamic.jazztel.es] has joined #bitcoin-wizards
07:52 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
07:59 -!- Deinogalerix21 [~Deinogale@89.238.176.150] has joined #bitcoin-wizards
08:00 -!- Deinogalerix21 [~Deinogale@89.238.176.150] has quit [Client Quit]
08:02 -!- phwalkr [~phwalkr@192.32.61.94.rev.vodafone.pt] has joined #bitcoin-wizards
08:09 -!- apeng [~apeng@unaffiliated/apengdada] has joined #bitcoin-wizards
08:12 -!- setpill [~setpill@unaffiliated/setpill] has quit [Quit: o/]
08:50 -!- apeng [~apeng@unaffiliated/apengdada] has quit [Quit: leaving]
09:06 -!- laurentmt [~Thunderbi@176.158.157.202] has quit [Quit: laurentmt]
09:18 -!- brianhoffman [~brianhoff@pool-72-83-155-130.washdc.fios.verizon.net] has quit [Ping timeout: 240 seconds]
09:23 -!- brianhoffman [~brianhoff@pool-72-83-155-130.washdc.fios.verizon.net] has joined #bitcoin-wizards
09:26 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
09:28 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #bitcoin-wizards
09:31 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 240 seconds]
09:32 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 256 seconds]
09:33 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
09:34 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Read error: Connection reset by peer]
09:34 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
09:38 -!- enemabandit [~enemaband@185.227.37.188.rev.vodafone.pt] has quit [Ping timeout: 250 seconds]
09:40 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Quit: pinheadmz]
09:41 < nsh> ongoing: http://diyhpl.us/diyhpluswiki/transcripts/stanford-blockchain-conference/2019/building-mimblewimble-and-grin/
09:42 < nsh> (IOP = Interactive Oracle Proofs, wrt to RSA accumulators and 'stateless' blockchains: https://eprint.iacr.org/2018/1188.pdf)
09:44 < nsh> do bulletproofs vector commitments use merkle trees? i don't seem to recall this but i didn't grok to long term memory all of the details
09:48  * nsh rereads waxwing's notes
09:49 < waxwing> nsh, no vector pedersen commitments are just curve points (made by summing other curve points, of course)
09:49 < nsh> so it seems, by a cursory reading of the bohen et al paper above that two approaches are complementary
09:49 < nsh> multi-NUMS generators and merkelised vector commitments
09:50 < nsh> oh but actually the pederson approach may just be superior due to constantcy of membership proof size
09:50  * nsh shouldn't make comments on papers while half way down page 3 anyway
09:51 < nsh> of 49
09:53 < nsh> oh the paper is with Bünz anyway so there won't be reduplication
09:55 < nsh> yeah i just guessed badly. bulletproofy inner products here are being proposed to replace merkle trees
09:56 -!- jungly [~quassel@79.8.200.97] has quit [Remote host closed the connection]
10:01 < nsh> "In slight deviation from the soundness definition used in statistically sound proof systems, we do not universally quantify over the instance x (i.e.  we do not require security to hold for all input instances x).  This is due to the fact that in the computationally-sound setting the instance itself may encode a trapdoor of  the  crs pp (e.g.   the  order  of  a  group  of  unknown  order),  which  can  enable  the  adversary  to fool a verifier."
10:01 < nsh> Kurt Gödel purrs contently in his grave :)
10:02 < waxwing> kanzure, i enjoyed this transcript, in particular i enjoyed the section of the transcript about transcripts :) http://diyhpl.us/wiki/transcripts/stanford-blockchain-conference/2019/building-bulletproofs/
10:03 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Read error: Connection reset by peer]
10:04 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
10:04 < sarang> The cloak transaction flow was interesting due to its relative simplicity relative to range proofs alone, especially due to the verification scaling of Bulletproofs
10:05 < nsh> --
10:05 < nsh> Ed25519 has different behavior between single and batch verification. Two implementations are freely allowed to disagree about which signatures are valid, which might be a problem for some kind of blockchain.
10:05 < nsh> Tor had an issue like this, where onion service addreses in tor had to add extra validation, the cofactor problem had 8 addresses for the same server.
10:05 < nsh> Monero had a critical vulnerability due to cofactors where having a cofactor 8 meant that you could spend 8 times.
10:05 < nsh> -- references for all three of these would be heartily appreciated [by myself]
10:06 < nsh> sarang might graciously point me toward the lattermost
10:06 < sarang> Yes, I'll hunt down the announcement of that. It was quite fascinating (and, to be fair, before my time!)
10:06 < nsh> thank you kindly!
10:07 < sarang> Here was the "official" blag post: https://www.getmonero.org/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html
10:07 < waxwing> i'm pretty sure i saw at least one other similar cofactor fail, i think it might have been JWT or something.
10:07 < sarang> I don't particularly like the explanation FWIW
10:08 < waxwing> heh, "blag post" :) btw i think jonas nick nickler also did a write up of that monero problem. or am i getting confused with the other issue (the one that didn't make it to prod). maybe he did both actually.
10:08 < sarang> It affected all "standard" CryptoNote-based projects
10:08 < sarang> I believe he did one
10:08 < waxwing> ah yes, i remember now, bytecoin pumped 100% on the day the exploit was announced lol.
10:08 < nsh> ty again
10:09 < nsh> hah
10:09 < sarang> We skirted the issue with our ed25519 Bulletproofs implementation by having the prover do a 1/8-offset on points that's undone by the verifier
10:09 < nsh> well why shouldn't a minor cryptotragedy to some be a minor cryptowindfall to others... seems nicely symmetrical :)
10:10 < nsh> hmm
10:10 < nsh> interesting hack/mitigation
10:10 < nsh> is it annotated somewhere?
10:10 < sarang> Monero code is terribly commented
10:10 < waxwing> in short: DJB lied to us.
10:10 < nsh> someone should really make a short academic course lecture / talk series on bulletproof implementations from the trenches
10:10 < sarang> That's a great idea
10:10 < nsh> and make available online for housebound people like myself
10:11 < nsh> :)
10:11 < nsh> or countrybound
10:11 < sarang> Our goal was to avoid a full group-order scalarmult of course
10:13 -!- Murch [~murch@50-200-105-218-static.hfc.comcastbusiness.net] has joined #bitcoin-wizards
10:14 -!- theunderground [~theunderg@2607:fb90:9d5e:9b36:fdfb:a6c5:296a:3db2] has joined #bitcoin-wizards
10:15 < sarang> I know the dalek folks were interested in a Bulletproofs implementation modification to remove the power-of-2 requirement for the inner product proof... anyone know if that's happened?
10:15 < sarang> This becomes relevant in the constraint system case for large constraint sets
10:16 < nsh> i thought the theory wasn't filled on on that yet
10:16 < nsh> at least i seem to recall the paper saying power-of-2 isn't required but simplifies the proof
10:16 < nsh> and not elaborating especially or at all
10:16 < sarang> Earlier drafts didn't address it at all, IIRC
10:16 < nsh> i might be misremembering also
10:16 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
10:17 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Client Quit]
10:17 < nsh> there may be a 'traditional' mathsy result that applies
10:17 < nsh> i'm too ignorant to think of one
10:18 < sipa> sarang: afaik there is no known solution for the power-of-2 rounding
10:18 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]
10:18 < sarang> that's unfortunate
10:19 -!- laurentmt [~Thunderbi@176.158.157.202] has joined #bitcoin-wizards
10:20 < nsh> oh i read perhaps overgenerously "we assume without loss of generality that n is a power of two because g,h,a,b can be padded" [paraphrasing mildly]
10:20 < nsh> that's not the same as "this simplification can be removed"
10:20 -!- Murch [~murch@50-200-105-218-static.hfc.comcastbusiness.net] has quit [Quit: Snoozing.]
10:21 < sarang> Aha, this is what I was thinking of: https://github.com/dalek-cryptography/bulletproofs/issues/198
10:22 -!- antanst_ [~antanst@62.169.219.213] has quit [Quit: ZNC 1.7.1 - https://znc.in]
10:22 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
10:22 < nsh> "extending this work to something called bulletproofs by taking the existing Bootle 2016 inner product argument, simplifying it, the original Bootle paper allowed you to split a number into arbitrary factorizations and then you would use various polynomials based on the size of the different factors and it was quite an event to understand this... Anyway, they simplified this to only work with powers of 2, and they also made it smaller, in a way to drop
10:22 < nsh> it from group elements per bit, down to 2, so it was a 3x space savings."
10:22 -!- antanst [~antanst@62.169.219.213] has joined #bitcoin-wizards
10:22 < nsh> - https://diyhpl.us/wiki/transcripts/2018-02-02-andrew-poelstra-bulletproofs/
10:22 < nsh> the power-of-2 seems like a cost-of-doing-business to simplify the original bootle construction
10:23 < nsh> well, maybe if you switch to a higher or rather to multiple base systems then you can avoid it but at the cost of the complexity popping up in the rebasing
10:23 < nsh> might still yield savings for constrained systems idk
10:26 < nsh> okay oleganza's proposal is smarter than that, it seems
10:28 -!- pinheadmz [~matthewzi@198-27-221-97.fiber.dynamic.sonic.net] has joined #bitcoin-wizards
10:28 -!- TheoStorm [~TheoStorm@host-lzquwqj.cbn1.zeelandnet.nl] has quit [Quit: Leaving]
10:39 < kanzure> anonymity by public key updating http://diyhpl.us/wiki/transcripts/stanford-blockchain-conference/2019/quisquis/
10:39 < kanzure> waxwing: are you here?
10:40 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
10:41 < waxwing> pong
10:42 < waxwing> oh! i think you meant at stanford :) no.
10:50 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Remote host closed the connection]
10:51 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
10:51 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Client Quit]
10:51 -!- laurentmt [~Thunderbi@176.158.157.202] has quit [Quit: laurentmt]
10:51 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
10:56 -!- Zenton [~user@unaffiliated/vicenteh] has quit [Ping timeout: 246 seconds]
11:04 -!- rh0nj [~rh0nj@88.99.167.175] has quit [Remote host closed the connection]
11:05 -!- rh0nj [~rh0nj@88.99.167.175] has joined #bitcoin-wizards
11:06 -!- Murch [~murch@50-200-105-218-static.hfc.comcastbusiness.net] has joined #bitcoin-wizards
11:12 -!- Madars [~null@unaffiliated/madars] has quit [Quit: reboot]
11:12 < sarang> nsh: yeah, the oleganza proposal sounds quite interesting
11:13 < sarang> We weren't interested in it for our range proof application (the fee structure gets wonky) but for circuits it makes a lot of sense
11:19 -!- Madars [~null@unaffiliated/madars] has joined #bitcoin-wizards
11:26 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Remote host closed the connection]
11:34 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
12:08 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Quit: Lost terminal]
12:08 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
12:12 -!- keer4n_ [~keer4n@132.178.207.4] has quit [Ping timeout: 246 seconds]
12:16 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Quit: leaving]
12:16 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
12:18 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Client Quit]
12:19 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
12:22 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Client Quit]
12:22 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
12:30 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Remote host closed the connection]
12:33 -!- pinheadmz [~matthewzi@198-27-221-97.fiber.dynamic.sonic.net] has quit [Quit: pinheadmz]
12:34 -!- son0p [~ff@181.136.99.9] has joined #bitcoin-wizards
12:35 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
12:45 -!- nephyrin [~neph@2601:600:817f:a19a:a5cf:8446:c53:57b2] has quit [Ping timeout: 240 seconds]
12:49 -!- nephyrin [~neph@2601:600:817f:a19a:a5cf:8446:c53:57b2] has joined #bitcoin-wizards
12:52 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
12:57 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
13:25 -!- harrow [~harrow@149.56.14.68] has quit [Ping timeout: 245 seconds]
13:29 -!- harrow [~harrow@68.ip-149-56-14.net] has joined #bitcoin-wizards
13:30 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
13:34 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
13:38 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 240 seconds]
13:48 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
13:49 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
13:53 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 268 seconds]
13:56 -!- Murch [~murch@50-200-105-218-static.hfc.comcastbusiness.net] has quit [Quit: Snoozing.]
13:57 -!- son0p [~ff@181.136.99.9] has quit [Remote host closed the connection]
14:05 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Quit: pinheadmz]
14:06 -!- TheoStorm [~TheoStorm@host-lzquwqj.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
14:13 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
14:13 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
14:37 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
14:38 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
14:41 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Quit: pinheadmz]
14:43 -!- pinheadmz [~matthewzi@209.209.238.182] has joined #bitcoin-wizards
15:03 -!- pinheadmz [~matthewzi@209.209.238.182] has quit [Quit: pinheadmz]
15:03 -!- theunderground [~theunderg@2607:fb90:9d5e:9b36:fdfb:a6c5:296a:3db2] has quit [Ping timeout: 240 seconds]
15:05 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
15:05 -!- theunderground [~theunderg@2607:fb90:3614:faad:5909:9827:3d7a:2d10] has joined #bitcoin-wizards
15:11 < kanzure> http://diyhpl.us/wiki/transcripts/stanford-blockchain-conference/2019/accumulators/
15:30 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Ping timeout: 245 seconds]
15:32 < sarang> "Someday we can use class groups, we hope!"
15:36 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Remote host closed the connection]
15:37 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
15:39 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
15:39 -!- theunderground [~theunderg@2607:fb90:3614:faad:5909:9827:3d7a:2d10] has quit [Ping timeout: 240 seconds]
15:46 -!- theunderground [~theunderg@2607:fb90:3614:faad:5909:9827:3d7a:2d10] has joined #bitcoin-wizards
15:57 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Quit: pinheadmz]
15:58 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
16:05 -!- nephyrin [~neph@2601:600:817f:a19a:a5cf:8446:c53:57b2] has quit [Ping timeout: 240 seconds]
16:07 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #bitcoin-wizards
16:09 -!- nephyrin [~neph@2601:600:817f:a19a:a5cf:8446:c53:57b2] has joined #bitcoin-wizards
16:12 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Ping timeout: 245 seconds]
16:29 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Quit: pinheadmz]
17:24 -!- apeng [~apeng@unaffiliated/apengdada] has joined #bitcoin-wizards
17:25 -!- kristofferR [~kristoffe@cm-84.211.224.107.getinternet.no] has joined #bitcoin-wizards
17:26 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
17:33 -!- mn3monic [jsz@unaffiliated/mn3monic] has quit [Ping timeout: 252 seconds]
17:33 -!- mn3monic [jsz@unaffiliated/mn3monic] has joined #bitcoin-wizards
17:33 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 245 seconds]
17:56 -!- mn3monic [jsz@unaffiliated/mn3monic] has quit [Ping timeout: 250 seconds]
17:57 -!- mn3monic [jsz@unaffiliated/mn3monic] has joined #bitcoin-wizards
18:04 -!- mn3monic [jsz@unaffiliated/mn3monic] has quit [Ping timeout: 250 seconds]
18:04 -!- CryptoDavid [uid14990@gateway/web/irccloud.com/x-xhwwvwdiorhhfmbb] has quit [Quit: Connection closed for inactivity]
18:04 -!- mn3monic [jsz@unaffiliated/mn3monic] has joined #bitcoin-wizards
18:09 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit []
18:12 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
18:15 -!- drexl [~drexl@cpc130676-camd16-2-0-cust445.know.cable.virginm.net] has quit [Quit: drexl]
18:22 -!- mn3monic [jsz@unaffiliated/mn3monic] has quit [Ping timeout: 252 seconds]
18:22 -!- mn3monic [jsz@unaffiliated/mn3monic] has joined #bitcoin-wizards
18:32 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has quit [Ping timeout: 240 seconds]
18:32 -!- Belkaar [~Belkaar@xdsl-87-78-139-159.nc.de] has joined #bitcoin-wizards
18:32 -!- Belkaar [~Belkaar@xdsl-87-78-139-159.nc.de] has quit [Changing host]
18:32 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has joined #bitcoin-wizards
18:33 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
18:35 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Quit: pinheadmz]
18:49 -!- phwalkr_ [~phwalkr@192.32.61.94.rev.vodafone.pt] has joined #bitcoin-wizards
18:50 -!- phwalkr [~phwalkr@192.32.61.94.rev.vodafone.pt] has quit [Ping timeout: 268 seconds]
18:52 -!- theunderground [~theunderg@2607:fb90:3614:faad:5909:9827:3d7a:2d10] has quit [Quit: Quit]
19:10 -!- phwalkr_ [~phwalkr@192.32.61.94.rev.vodafone.pt] has quit [Ping timeout: 245 seconds]
19:21 -!- mn3monic [jsz@unaffiliated/mn3monic] has quit [Ping timeout: 250 seconds]
19:22 -!- mn3monic [jsz@unaffiliated/mn3monic] has joined #bitcoin-wizards
19:26 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards
19:26 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 256 seconds]
19:36 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #bitcoin-wizards
19:40 -!- TheoStorm [~TheoStorm@host-lzquwqj.cbn1.zeelandnet.nl] has quit [Quit: Leaving]
19:40 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Ping timeout: 240 seconds]
20:02 -!- mn3monic [jsz@unaffiliated/mn3monic] has quit [Ping timeout: 250 seconds]
20:04 -!- mn3monic [jsz@unaffiliated/mn3monic] has joined #bitcoin-wizards
20:05 -!- apeng [~apeng@unaffiliated/apengdada] has quit [Ping timeout: 246 seconds]
20:36 -!- apeng [~apeng@unaffiliated/apengdada] has joined #bitcoin-wizards
20:38 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 240 seconds]
20:39 -!- vtnerd [~Lee@173-23-103-30.client.mchsi.com] has quit [Ping timeout: 246 seconds]
20:40 -!- vtnerd [~Lee@173-23-103-30.client.mchsi.com] has joined #bitcoin-wizards
20:48 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #bitcoin-wizards
20:49 -!- apeng [~apeng@unaffiliated/apengdada] has quit [Quit: leaving]
20:52 -!- kristofferR [~kristoffe@cm-84.211.224.107.getinternet.no] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:52 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Ping timeout: 246 seconds]
21:11 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
21:18 -!- thomasan_ [~thomasand@136.52.18.22] has joined #bitcoin-wizards
21:23 -!- thomasan_ [~thomasand@136.52.18.22] has quit [Remote host closed the connection]
21:26 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
21:52 -!- jtimon [~quassel@92.28.134.37.dynamic.jazztel.es] has quit [Ping timeout: 246 seconds]
22:00 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Quit: pinheadmz]
22:15 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
23:14 -!- rh0nj [~rh0nj@88.99.167.175] has quit [Remote host closed the connection]
23:15 -!- rh0nj [~rh0nj@88.99.167.175] has joined #bitcoin-wizards
23:22 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Quit: pinheadmz]
23:24 -!- vtnerd [~Lee@173-23-103-30.client.mchsi.com] has quit [Ping timeout: 246 seconds]
23:26 -!- vtnerd [~Lee@173-23-103-30.client.mchsi.com] has joined #bitcoin-wizards
23:49 -!- kristofferR [~kristoffe@cm-84.211.224.107.getinternet.no] has joined #bitcoin-wizards
--- Log closed Thu Jan 31 00:00:36 2019