--- Log opened Wed Mar 25 00:00:29 2020
--- Day changed Wed Mar 25 2020
00:00 -!- Kiminuo [~mix@141.98.103.238] has joined #bitcoin-wizards
00:14 -!- Kiminuo [~mix@141.98.103.238] has quit [Remote host closed the connection]
00:14 -!- Kiminuo [~mix@141.98.103.238] has joined #bitcoin-wizards
00:16 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has joined #bitcoin-wizards
00:22 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has quit [Ping timeout: 246 seconds]
00:25 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has quit [Remote host closed the connection]
00:26 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has joined #bitcoin-wizards
00:29 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has joined #bitcoin-wizards
00:30 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has quit [Ping timeout: 246 seconds]
00:37 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has joined #bitcoin-wizards
00:56 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
01:29 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 256 seconds]
01:52 -!- Apocalyptic [~Apocalypt@unaffiliated/apocalyptic] has quit [Quit: Quit]
01:53 -!- Apocalyptic [~Apocalypt@unaffiliated/apocalyptic] has joined #bitcoin-wizards
02:00 -!- voet [~voet@139.28.218.198] has quit []
02:01 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
02:19 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has joined #bitcoin-wizards
02:23 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has quit [Ping timeout: 260 seconds]
02:23 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
02:23 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
02:24 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has quit [Remote host closed the connection]
02:25 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has joined #bitcoin-wizards
02:29 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has quit [Ping timeout: 256 seconds]
02:30 -!- TheoStorm [~TheoStorm@host-p8vu8h.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
02:31 -!- marcoagner [~user@bl13-226-166.dsl.telepac.pt] has joined #bitcoin-wizards
02:39 -!- TheoStorm [~TheoStorm@host-p8vu8h.cbn1.zeelandnet.nl] has quit [Quit: Leaving]
02:55 -!- abian1 [~abian@84.39.117.57] has joined #bitcoin-wizards
03:19 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has joined #bitcoin-wizards
03:27 -!- harrow [~harrow@static.38.6.217.95.clients.your-server.de] has quit [Ping timeout: 250 seconds]
03:29 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has quit [Ping timeout: 240 seconds]
03:30 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has joined #bitcoin-wizards
03:30 -!- harrow [~harrow@static.38.6.217.95.clients.your-server.de] has joined #bitcoin-wizards
04:28 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit []
04:32 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
04:34 -!- roconnor [~roconnor@host-45-78-205-127.dyn.295.ca] has quit [Ping timeout: 256 seconds]
04:40 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has quit [Remote host closed the connection]
05:00 -!- abian1 [~abian@84.39.117.57] has quit []
05:22 -!- hali [~hali@195.206.183.79] has joined #bitcoin-wizards
05:23 -!- aupiff [~aupiff@172.58.228.243] has joined #bitcoin-wizards
05:32 -!- jb55 [~jb55@gateway/tor-sasl/jb55] has quit [Remote host closed the connection]
05:32 -!- jb55 [~jb55@gateway/tor-sasl/jb55] has joined #bitcoin-wizards
05:43 -!- slivera [~slivera@217.138.204.74] has quit [Remote host closed the connection]
05:51 -!- aupiff [~aupiff@172.58.228.243] has quit [Ping timeout: 240 seconds]
06:05 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has joined #bitcoin-wizards
06:06 -!- mdunnio [~mdunnio@208.59.170.5] has joined #bitcoin-wizards
06:11 -!- mdunnio [~mdunnio@208.59.170.5] has quit [Ping timeout: 256 seconds]
06:20 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has joined #bitcoin-wizards
06:21 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has quit [Read error: Connection reset by peer]
06:21 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has joined #bitcoin-wizards
06:26 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has quit [Ping timeout: 272 seconds]
06:34 -!- mdunnio [~mdunnio@208.59.170.5] has joined #bitcoin-wizards
06:36 -!- yanmaani [~yanmaani@gateway/tor-sasl/yanmaani] has quit [Ping timeout: 240 seconds]
06:49 -!- yanmaani [~yanmaani@gateway/tor-sasl/yanmaani] has joined #bitcoin-wizards
06:53 -!- aupiff [~aupiff@172.58.228.118] has joined #bitcoin-wizards
06:53 -!- roconnor [~roconnor@host-45-78-205-127.dyn.295.ca] has joined #bitcoin-wizards
06:56 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
07:22 < kanzure> "Zero-knowledge proofs of possession of digital signatures and its applications" http://diyhpl.us/~bryan/papers2/bitcoin/Zero-knowledge%20proofs%20of%20possession%20of%20digital%20signatures%20and%20its%20applications%20-%201999.pdf
07:23 -!- DeanWeen [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
07:29 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
07:30 -!- karov [~karov@212.225.225.158] has quit [Ping timeout: 256 seconds]
07:31 -!- nuncanada [~dude@191.184.38.110] has joined #bitcoin-wizards
07:43 -!- bsm117532 [~bsm117532@unaffiliated/bsm117532] has quit [Quit: *burp*]
07:43 -!- nothingmuch [~nothingmu@unaffiliated/nothingmuch] has quit [Quit: ZNC - http://znc.in]
07:44 -!- karov [~karov@212.225.225.158] has joined #bitcoin-wizards
07:49 -!- justanotheruser [~justanoth@unaffiliated/justanotheruser] has quit [Ping timeout: 246 seconds]
07:52 -!- shush [~pawn@2605:e000:1c02:c564:491b:e430:a31d:35a8] has quit [Remote host closed the connection]
07:53 -!- shush [~pawn@2605:e000:1c02:c564:157:e4e6:d51b:6c00] has joined #bitcoin-wizards
07:54 -!- Kiminuo [~mix@141.98.103.238] has quit [Ping timeout: 240 seconds]
08:00 -!- hali [~hali@195.206.183.79] has quit []
08:05 -!- justanotheruser [~justanoth@unaffiliated/justanotheruser] has joined #bitcoin-wizards
08:06 -!- captjakk [~captjakk@75-166-188-3.hlrn.qwest.net] has joined #bitcoin-wizards
08:07 -!- captjakk [~captjakk@75-166-188-3.hlrn.qwest.net] has quit [Remote host closed the connection]
08:07 -!- aupiff [~aupiff@172.58.228.118] has quit [Ping timeout: 246 seconds]
08:08 -!- aupiff [~aupiff@172.58.228.118] has joined #bitcoin-wizards
08:22 -!- Snowstormer [~Snowstorm@184.75.221.163] has joined #bitcoin-wizards
08:22 -!- aupiff [~aupiff@172.58.228.118] has quit [Read error: Connection reset by peer]
08:24 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has joined #bitcoin-wizards
08:32 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
08:32 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
08:34 -!- aupiff [~aupiff@172.58.228.186] has joined #bitcoin-wizards
08:38 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
08:41 -!- TheoStorm [~TheoStorm@host-p8vu8h.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
08:46 -!- shush [~pawn@2605:e000:1c02:c564:157:e4e6:d51b:6c00] has quit [Remote host closed the connection]
08:49 -!- bsm117532 [~bsm117532@unaffiliated/bsm117532] has joined #bitcoin-wizards
08:55 -!- shush [~pawn@cpe-76-176-12-33.san.res.rr.com] has joined #bitcoin-wizards
08:56 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has quit [Ping timeout: 260 seconds]
08:56 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
08:58 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
09:00 -!- shush [~pawn@cpe-76-176-12-33.san.res.rr.com] has quit [Ping timeout: 258 seconds]
09:02 < bsm117532> instagibbs: can you elaborate? https://twitter.com/theinstagibbs/status/1242844017764773889?s=20
09:08 -!- shush [~pawn@cpe-76-176-12-33.san.res.rr.com] has joined #bitcoin-wizards
09:08 -!- shush [~pawn@cpe-76-176-12-33.san.res.rr.com] has quit [Client Quit]
09:10 < zmnscpxj> not instagibbs, but the core of statechains is basically to use a multiparty update mechanism, like Decker-Wattenhofer, Poon-Dryja, or Decker-Russell-Osuntokun
09:10 < zmnscpxj> the signing parties are trusted but auditable, and basically operate a custodial bank
09:11 < zmnscpxj> the details can vary significantly, including the use of OP_CHECKMULTISIGNATURE, or 2p-ECDSA, or (eventually) MuSig on top of Schnorr
09:11 < zmnscpxj> and it would still be approximately "statechain-like".
09:11 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
09:11 < zmnscpxj> Does that answer your question?
09:12 < bsm117532> I understand all that. I think instagibbs is referring to a CMS-based statechain that I haven't seen described...but I don't doubt it's possible.
09:13 < zmnscpxj> CMS=OP_CHECMULTISIGNATURE, from my understanding
09:13 < bsm117532> yes
09:13 < zmnscpxj> so what you are asking is...?
09:14 < bsm117532> Is there a written description anywhere of a CMS-based statechain?
09:14 < bsm117532> (thread confusion -- I didn't understand what instagibbs was saying was "incorrect" but anyway...)
09:15 < zmnscpxj> none, but I did discuss some time ago with RubenSomsen: basically, you can use any multiparty update mechanism
09:15 < bsm117532> Yes that seems clear
09:15 < zmnscpxj> his original article focused on Decker-Russell-Osuntokun aka "eltoo", but it would work just as effectively with Decker-Wattenhofer
09:16 < zmnscpxj> and you can use OP_CHECKMULTISIGNATURE just as effectively as a MuSig-based n-of-n or k-of-n VSSed key
09:16 < zmnscpxj> with any of the update mechanisms
09:16 < zmnscpxj> I think what instagibbs is saying as "incorrect" is the idea that the signing authority rotates keys
09:16 < zmnscpxj> it can rotate keys "inside" the statechain
09:17 < zmnscpxj> but the keys "outside" that will be on the blockchain remain the signing authority
09:17 < zmnscpxj> which is a fixed set, because you are not doing any updates on the blockchain
09:17 < bsm117532> I'm going to have to read and take some notes on these 3 update mechanisms. Do you know any talk or paper that discusses them side by side?
09:17 < zmnscpxj> none, sorry
09:18 < zmnscpxj> I just think about them all the time, so ---------------
09:18 < bsm117532> It's ok, I can read 3 papers ;-)
09:18 < zmnscpxj> You can rotate the signing authority by doing actions on the blockchain, i.e. spending the UTXO and then reassigning the value to a new pubkey/script/whatever
09:19 < zmnscpxj> But in any case, possibly the confusion arises due to how the original statechains article was presented
09:19 < zmnscpxj> Basically, the original statechains article suggested using the statechain to host one or more LN channels
09:19 < zmnscpxj> The LN channel signatories can be changed offchain, inside the statechain
09:19 < zmnscpxj> but the statechain signing authority remains the same
09:20 < zmnscpxj> you can think of it as a Channel Factory where the signing authority is a custodian, instead of the actual owners of the LN channels
09:20 < zmnscpxj> then you can manipulate channels inside the statechain
09:20 < zmnscpxj> but only if the signing authority allows it
09:20 < bsm117532> As I understand it, the statechain DOES rotate keys. With Schnorr it helps pass control of a UTXO signed by (p1+p2)*G where one of p1, p2 is held by the statechain. Tom's post rotates control of a UTXO signed by p1*p2*G, such that a new owner half-controls the UTXO, now signed by p3*p2_prime*G. (In Ruben's proposal, (p3+p2_prime)*G.
09:20 < bsm117532> Is that understanding incorrect?
09:21 < bsm117532> Where p1*p2*G = p3*p2_prime*G.
09:21 < bsm117532> And the statechain deletes p2 to prevent collusion with p1.
09:21 < zmnscpxj> from my understanding those rotations are "inside" the statechain
09:22 < bsm117532> What do you mean "inside"? It requires cooperation of both 1 and 3.
09:23 < zmnscpxj> The UTXO on the blockchain that anchors it will be released by a fixed signing set, the signing authority
09:23 < zmnscpxj> this is a fixed set of signers
09:23 < zmnscpxj> The statechain retains a Decker-Wattenhofer/Poon-Dryja/Decker-Russell-Osuntokun update/commitment/state transaction
09:24 < zmnscpxj> which pays to (p1 + p2) * G
09:24 < zmnscpxj> then when it rotates "inside" the statechain, it updates the update mechanism
09:24 < zmnscpxj> it does not update the blockchain
09:24 < bsm117532> Well that's the point of a statechain no? The set of signers isn't fixed and is transferrable. In the first state, p1 and p2 can collaborate to sign the UTXO. In the second, p3 and p2_prime can collaborate to sign it, and it's the SAME utxo since p1*p2*G = p3*p2_prime*G.
09:25 < zmnscpxj> I do not think it works that way
09:25 < zmnscpxj> Or possibly my understanding of RubenSomsen is wrong
09:25  * bsm117532 reads again.
09:26 < zmnscpxj> because of p1*p2*G == p3*p2'*G, then p1 and p2 can always fork the statechain at genesis
09:26 < zmnscpxj> so the entire point is to use an update mechanism to ensure that it is not possible to fork the statechain
09:27 < bsm117532> In other words, old holders and current holder can validly spend the UTXO, this is correct, and this is where Eltoo comes in.
09:27 < zmnscpxj> Yes
09:27 < zmnscpxj> you actually change the eltoo state, i.e. the "inside" of the statechain
09:27 < zmnscpxj> but the blockchain does not change its UTXO (because the point is to be off the chain)
09:27 < bsm117532> Can you define "inside"? We have 3 parties here, all holding signed transactions. I don't know where "inside" is.
09:27 < zmnscpxj> So on the blockchain, the *same* signer set still exists
09:28 < zmnscpxj> An update mechanism is a mechanism to defer the assignment of a UTXO, re-assigning the value of the UTXO to 1 or more new UTXOs
09:28 < zmnscpxj> do you agree?
09:28 < bsm117532> Yes, that's why the statechain description requires key deletion. If p1 or p2 is deleted, then the signer set has changed.
09:29 < zmnscpxj> This update mechanism has an "inside": i.e. the "latest state" that describes the current division of the fund
09:29 < zmnscpxj> you can change this "inside" by performing an update ritual, i.e. in  Poon-Dryja, you sign a new commitment, then exchange revocations for older commitments
09:29 < zmnscpxj> then the mechanism ensures that old state can no longer be replayed
09:30 < zmnscpxj> so the mechanism has an "inside", which is not *immediately* published "outside" on the blockchain
09:30 < zmnscpxj> does that make better sense?
09:30 < bsm117532> So "inside" is any set of offline valid broadcastable signed transactions?
09:30 < zmnscpxj> yes
09:30 < zmnscpxj> So suppose I want to reassign a UTXO "inside" the mechanism from A to B
09:31 < zmnscpxj> Then I ask the signing authorities to update the update mechanism, invalidating the old state where the UTXO goes to A and creating a new state where the same UTXO goes to B
09:31 < zmnscpxj> That is statechains
09:31 < zmnscpxj> as I understood them
09:32 < zmnscpxj> But A != B mathematically
09:32 < zmnscpxj> Of course, this is not visible onchain
09:32 < zmnscpxj> onchain, the funding UTXO that contains the sum total of all the UTXOs of the statechain
09:32 < zmnscpxj> are still "owned" by the custodial signing authorities
09:33 < zmnscpxj> Then, when we want to close the statechain we publish the last valid transaction onchain
09:33 < zmnscpxj> which now exposes that the UTXO is now owned by B
09:33 < zmnscpxj> as far as the blockchain (the "outside") it was owned by the SE, now it is owned by B.
09:34 < bsm117532> But statechains are non-custodial...the original funding entity loses control when the statechain signs it over.
09:34 < zmnscpxj> It never saw it as being owned by A, because that was a state that has been elided
09:34 < zmnscpxj> ......nope
09:34 < zmnscpxj> statechains are custodial
09:34 < bsm117532> Uh...no.
09:34 < zmnscpxj> They have to be, because the only way for them to be noncustodial is to have an onchain action at each update
09:34 < bsm117532> It's even in the title. :-P https://medium.com/@RubenSomsen/statechains-non-custodial-off-chain-bitcoin-transfer-1ae4845a4a39
09:35 < zmnscpxj> I have a box labelled "cookies", it does not contain cookies
09:35 < bsm117532> The SE never has full control of the UTXO. In that sense it's non-custodial.
09:35 < bsm117532> Neither do any of the outputs pay the SE.
09:35 -!- aupiff [~aupiff@172.58.228.186] has quit [Ping timeout: 240 seconds]
09:35 < zmnscpxj> yes, but the owners of the coins inside the statechain do not have full control of the UTXO either.  In that sense it is NOT non-custodial
09:36 < bsm117532> Joint custody...
09:36 < zmnscpxj> which does not make it non-custodial
09:36 < bsm117532> Ok we're bickering over semantics... the SE cannot be hacked to steal funds, and is only responsible to co-sign transfers.
09:36 < zmnscpxj> assumed to be so, yes
09:37 < zmnscpxj> but the signing authority is still a fixed set
09:37 -!- aupiff [~aupiff@172.58.227.64] has joined #bitcoin-wizards
09:37 < zmnscpxj> so if you assume the signing authority / SE is honest, then it is "noncustodial" in that sense
09:37 < bsm117532> Well the signing authority is (p1 and p2) or (p3 and p2_prime) or (p4 and p2_primeprime) or ...
09:37 < zmnscpxj> yes
09:37 < zmnscpxj> since they are the same mathematically
09:38 < bsm117532> We agree. Definition of "custody" aside ;-)
09:38 < zmnscpxj> and as an optimization it could, you know, just not change any of the numbers
09:38 < sipa> fwiw the us regulator gave some advisory a while ago (i don't remember which agency...) about what counts as custodial (and thus has stronger regulations attached) for cryptocurrenfies, and i believe (but IANAL) it would only treat a party as a custodian if that party could unilaterally spend the funds (however, a party which can prevent another from spending their coins on itself is not enough)
09:38 < zmnscpxj> well, there is that
09:39 < zmnscpxj> but "the power to destroy a thing, is the ultimate power over that thing"
09:39 < kanzure> there are recent updates to the universal commercial code regarding property, possession, and ownership of digital assets for custodians -- at least for wyoming
09:39 < bsm117532> Well, SE can prevent further transfer, but cannot destroy the coins.
09:39 < zmnscpxj> "prevent further transfer" *is* destruction, or else 1BitcoinEater... is not destruction
09:40 < zmnscpxj> but semantics
09:40 < bsm117532> sipa: that's my understanding too. Custody, legally, means unilateral control. Multilateral control is a scenario the law is not prepared for.
09:40 < zmnscpxj> assuming the SE works correctly, then it is noncustodial
09:40 < sipa> zmnscpxj: haha
09:40 < zmnscpxj> but it is helpful to remember that key rotation exists "inside" the statechain, and not outside it
09:40 < sipa> according to that definition banks are not custodians either
09:41 < bsm117532> sipa: They are not. But banking regulations are a different can of worms.
09:41 < zmnscpxj> Yes, I can always bomb the bank if they do not release my money
09:41 < bsm117532> zmnscpxj: your money was loaned out. They only have a 10% reserve requirement.
09:41 < zmnscpxj> then I suppose I can reduce the bomb payload by 10%
09:42 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
09:42 < zmnscpxj> this is a joke, by the way, and not any kind of incitement to actually bomb banks
09:44 < sipa> a slowly exploding bomb is really the only way to reach MOON
09:44 < zmnscpxj> sipa: agreed
09:46 < zmnscpxj> But basically, that is the entirety of statechains: the changes in signers is implemented by being inside an update mechanism
09:46 -!- mael-rolland[m] [mael-rolla@gateway/shell/matrix.org/x-pljpvfzlmzotalil] has quit [Ping timeout: 240 seconds]
09:46 < zmnscpxj> and the signers of the update mechanism is a k-of-n of "Secure Elements"
09:46 -!- michaelfolkson [~textual@2a00:23c5:be01:b201:a860:d354:f894:e7e6] has joined #bitcoin-wizards
09:46 < zmnscpxj> That we assume for some reason to work honestly, because we regularly open the packaging and inspect them with microscopes and etc
09:47 -!- dl3br[m] [dlebrechtm@gateway/shell/matrix.org/x-hyavhrhdlucozkbj] has quit [Ping timeout: 256 seconds]
09:47 < zmnscpxj> the signers of the update mechanism, i.e. the "SEs", live "outside" the update mechanism
09:48 < zmnscpxj> since they are the ones who are operating the update mechanism.
09:48 < zmnscpxj> the users of the statechain live inside the update mechanism
09:48 -!- mael-rolland[m] [mael-rolla@gateway/shell/matrix.org/x-pxcerygkfheobusb] has joined #bitcoin-wizards
09:49 < zmnscpxj> it is similar to a federated blockchain in that respect, except the users can destroy the statechain at any time and recover the latest signed state of the statechain
09:52 < zmnscpxj> But in theory, if I manage to pass my custom ASIC off as a "Secure Element" that actually duplicates a bunch of privkeys I have in my vault in the Sahara dessert
09:52 < zmnscpxj> I could steal the funds in any statechains that use my custom ASIC as "Secure Element"
09:53 < zmnscpxj> so you need a good way to audit the "Secure Element", which is what I think is difficult in practice
09:53 < zmnscpxj> but yeah
09:53 < zmnscpxj> stuff
09:54 < zmnscpxj> (I do not own a vault in the Sahara dessert; it is stored in a quantum space beyond the edge of human-known science)
09:57 -!- michaelfolkson [~textual@2a00:23c5:be01:b201:a860:d354:f894:e7e6] has quit [Quit: Sleep mode]
09:58 -!- rid3 [rap3@tunnel85240-pt.tunnel.tserv13.ash1.ipv6.he.net] has quit [Ping timeout: 272 seconds]
09:58 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 246 seconds]
09:59 -!- zmnscpxj [~zmnscpxj@gateway/tor-sasl/zmnscpxj] has quit [Quit: Leaving]
10:01 -!- michaelfolkson [~textual@2a00:23c5:be01:b201:a860:d354:f894:e7e6] has joined #bitcoin-wizards
10:03 < bsm117532> zmnscpxj: that SE stuff is just "deletion of the last state's privkey". It's a trust assumption. I'm not a fan of SE's but you could provide remote attestation to deletion of the key material, in principle.
10:04 -!- aupiff [~aupiff@172.58.227.64] has quit [Ping timeout: 258 seconds]
10:04 -!- aupiff [~aupiff@172.58.228.186] has joined #bitcoin-wizards
10:04 -!- rid3 [rap3@us.shells.centralhosts.net] has joined #bitcoin-wizards
10:05 -!- dl3br[m] [dlebrechtm@gateway/shell/matrix.org/x-punhqwxappcjocvh] has joined #bitcoin-wizards
10:06 -!- Kiminuo [~mix@141.98.103.78] has joined #bitcoin-wizards
10:09 -!- aupiff [~aupiff@172.58.228.186] has quit [Ping timeout: 264 seconds]
10:18 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
10:26 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
10:28 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
10:30 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
10:39 < RubenSomsen> bsm117532: zmnscpxj: The novel thing that the post by Tom adds is a way to redistribute the shares of the shared secret that the UTXO is locked with. If the statechain entity throws away their old shares, then the secrets held by prior owners can no longer do any harm (e.g. when hacking occurs). A slight security improvement.
10:41 < RubenSomsen> instagibbs was arguing that it's not worth the added complexity of needing 2p ecdsa, but when we have schnorr it'll definitely be worth it
10:47 < bsm117532> RubenSomsen: maybe I misunderstood but I thought that was part of your Schnorr-based proposal too. In any case there's nothing unique about 2p-ECDSA there, it could be done with Schnorr too. (as I described above)
10:52 < RubenSomsen> It wasn't, I hadn't thought of it.
11:00 -!- Snowstormer [~Snowstorm@184.75.221.163] has quit []
11:00 -!- bitcoin-wizards0 [52120c8f@gateway/web/cgi-irc/kiwiirc.com/ip.82.18.12.143] has joined #bitcoin-wizards
11:01 -!- bitcoin-wizards0 [52120c8f@gateway/web/cgi-irc/kiwiirc.com/ip.82.18.12.143] has quit [Client Quit]
11:05 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
11:10 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 240 seconds]
11:22 -!- them_ [~them_@84.39.117.57] has joined #bitcoin-wizards
11:28 -!- Guyver2_ [~Guyver@guyver2.xs4all.nl] has joined #bitcoin-wizards
11:31 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has quit [Ping timeout: 256 seconds]
11:31 -!- Guyver2_ is now known as Guyver2
11:37 -!- michaelfolkson [~textual@2a00:23c5:be01:b201:a860:d354:f894:e7e6] has quit [Quit: Sleep mode]
11:40 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
11:42 -!- michaelfolkson [~textual@2a00:23c5:be01:b201:a860:d354:f894:e7e6] has joined #bitcoin-wizards
11:42 -!- michaelfolkson [~textual@2a00:23c5:be01:b201:a860:d354:f894:e7e6] has quit [Client Quit]
11:51 -!- michaelfolkson [~textual@2a00:23c5:be01:b201:a860:d354:f894:e7e6] has joined #bitcoin-wizards
11:52 -!- michaelfolkson [~textual@2a00:23c5:be01:b201:a860:d354:f894:e7e6] has quit [Client Quit]
11:58 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
12:01 -!- DeanWeen [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
12:01 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 240 seconds]
12:04 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 240 seconds]
12:07 -!- Guest79 [~textual@181.57.194.26] has joined #bitcoin-wizards
12:14 -!- aupiff [~aupiff@172.58.230.129] has joined #bitcoin-wizards
12:15 -!- Krellan_ [~Krellan@c-24-130-205-67.hsd1.ca.comcast.net] has joined #bitcoin-wizards
12:16 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
12:19 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
12:19 -!- DeanWeen [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 240 seconds]
12:22 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 240 seconds]
12:24 -!- aupiff [~aupiff@172.58.230.129] has quit [Ping timeout: 240 seconds]
12:28 -!- Guest79 [~textual@181.57.194.26] has quit [Remote host closed the connection]
12:37 -!- dllud [~dllud@unaffiliated/dllud] has quit [Ping timeout: 240 seconds]
12:44 -!- dllud [~dllud@unaffiliated/dllud] has joined #bitcoin-wizards
12:48 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 264 seconds]
12:50 -!- roconnor [~roconnor@host-45-78-205-127.dyn.295.ca] has quit [Ping timeout: 260 seconds]
12:52 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards
12:57 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
13:02 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has quit [Remote host closed the connection]
13:19 -!- Krellan_ [~Krellan@c-24-130-205-67.hsd1.ca.comcast.net] has quit [Ping timeout: 256 seconds]
13:22 -!- aupiff [~aupiff@172.58.228.234] has joined #bitcoin-wizards
13:28 -!- captjakk [~captjakk@75-166-188-3.hlrn.qwest.net] has joined #bitcoin-wizards
13:30 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has joined #bitcoin-wizards
13:39 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
13:42 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has quit [Ping timeout: 256 seconds]
14:00 -!- them_ [~them_@84.39.117.57] has quit []
14:14 -!- captjakk [~captjakk@75-166-188-3.hlrn.qwest.net] has quit [Remote host closed the connection]
14:17 -!- slivera [~slivera@217.138.204.73] has joined #bitcoin-wizards
14:21 -!- kutio [~kutio@184.75.221.163] has joined #bitcoin-wizards
14:35 -!- aupiff [~aupiff@172.58.228.234] has quit [Ping timeout: 240 seconds]
14:35 -!- captjakk [~captjakk@75-166-188-3.hlrn.qwest.net] has joined #bitcoin-wizards
14:38 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 240 seconds]
14:52 -!- jb55 [~jb55@gateway/tor-sasl/jb55] has quit [Quit: jb55]
14:56 < bsm117532> The keyshare computations involved in the transfer (Tom's ECDSA statechain) are occurring in Z_p. So the SE knows an equation in Z_p that gives both owner's private keys.
14:56 < bsm117532> s1_inv * s2 = o2_inv*o1 such that s1 * o1 = P.
14:57 < bsm117532> Given that the SE entity knows both s1 and s2, can this equation be efficiently solved? Or does this reduce to ECDLP?
15:05 < sipa> which of those variables are points and which are scalars?
15:06 < bsm117532> lower case are scalars. only P is an EC point (P = s1.o1.G)
15:06 < sipa> ah, i was confused by your s1*o1=P
15:06 < bsm117532> aaaahhhhh I'm so lazy...
15:07 < sipa> so the attacker knows s1, s2, and tries to find out o1 and o2?
15:07 < bsm117532> Yes.
15:07 < sipa> and/or x (where P=x*G)
15:08 < bsm117532> The attacker also knows P = o1.o2.G and P1 = o1.G and P2 = o2.G.
15:08 < sipa> that's not useful
15:08 < bsm117532> The attacker also knows P = s1.o1.G and P1 = o1.G and P2 = o2.G. <<< correction
15:08 < bsm117532> yeah.
15:09 < sipa> one equation, two unknowns.
15:09 < sipa> or if you include x; two equations, three unknown
15:10 < bsm117532> I mean, there should be sqrt(p) possible pairs no? So at the very least it reduces your search space by sqrt, and then you have to check them all by EC mult...
15:10 -!- mdunnio [~mdunnio@208.59.170.5] has quit [Remote host closed the connection]
15:10 < sipa> why only sqrt(p) ?
15:11 < sipa> so call c = s2/s1, which is known to the attacker
15:11 -!- mdunnio [~mdunnio@208.59.170.5] has joined #bitcoin-wizards
15:11 < sipa> c = o1/o2, or o1 = c*o2
15:14 < sipa> and x = s1*o1 = s1*c*o2... so instead of iterating over x you iterate over o2
15:15 < bsm117532> Yep. I think you're right, no sqrt.
15:16 < bsm117532> So then passing around products of private keys is secure? I would have thought this would push its security up to RSA-levels and require a larger prime...
15:16 -!- mdunnio [~mdunnio@208.59.170.5] has quit [Ping timeout: 250 seconds]
15:16 < sipa> in GF(p), every number can be written as a product of (anything)*(something)
15:17 < sipa> factorization is not relevant, because every element is invertible
15:17 < bsm117532> yep
15:18 < sipa> or put otherwise: private_key*uniformly_random = uniformly_random
15:22 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Ping timeout: 260 seconds]
15:31 -!- jonatack [~jon@37.172.90.77] has joined #bitcoin-wizards
15:39 -!- Krellan_ [~Krellan@c-24-130-205-67.hsd1.ca.comcast.net] has joined #bitcoin-wizards
15:42 -!- Guyver2 [~Guyver@guyver2.xs4all.nl] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
15:43 -!- Krellan_ [~Krellan@c-24-130-205-67.hsd1.ca.comcast.net] has quit [Ping timeout: 240 seconds]
15:51 -!- mdunnio [~mdunnio@208.59.170.5] has joined #bitcoin-wizards
15:55 -!- mdunnio [~mdunnio@208.59.170.5] has quit [Ping timeout: 240 seconds]
15:58 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
15:58 -!- nuncanada2 [~dude@191.184.38.110] has joined #bitcoin-wizards
15:59 -!- nuncanada2 [~dude@191.184.38.110] has quit [Read error: Connection reset by peer]
16:00 -!- nuncanada2 [~dude@191.184.38.110] has joined #bitcoin-wizards
16:01 -!- nuncanada [~dude@191.184.38.110] has quit [Read error: Connection reset by peer]
16:03 -!- nuncanada2 [~dude@191.184.38.110] has quit [Read error: Connection reset by peer]
16:21 -!- justanotheruser [~justanoth@unaffiliated/justanotheruser] has quit [Ping timeout: 250 seconds]
16:29 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]
16:30 -!- mdunnio [~mdunnio@208.59.170.5] has joined #bitcoin-wizards
16:34 -!- mdunnio [~mdunnio@208.59.170.5] has quit [Ping timeout: 240 seconds]
16:45 -!- marcoagner [~user@bl13-226-166.dsl.telepac.pt] has quit [Ping timeout: 250 seconds]
16:51 -!- gleb [~gleb@cpe-67-244-100-77.nyc.res.rr.com] has quit [Read error: Connection reset by peer]
16:51 -!- gleb [~gleb@cpe-67-244-100-77.nyc.res.rr.com] has joined #bitcoin-wizards
16:55 -!- justanotheruser [~justanoth@unaffiliated/justanotheruser] has joined #bitcoin-wizards
16:56 -!- gleb [~gleb@cpe-67-244-100-77.nyc.res.rr.com] has quit [Ping timeout: 256 seconds]
16:57 -!- gleb [~gleb@cpe-67-244-100-77.nyc.res.rr.com] has joined #bitcoin-wizards
17:00 -!- kutio [~kutio@184.75.221.163] has quit []
17:04 -!- gleb1 [~gleb@cpe-67-244-100-77.nyc.res.rr.com] has joined #bitcoin-wizards
17:06 -!- gleb [~gleb@cpe-67-244-100-77.nyc.res.rr.com] has quit [Ping timeout: 250 seconds]
17:07 -!- gleb [~gleb@cpe-67-244-100-77.nyc.res.rr.com] has joined #bitcoin-wizards
17:09 -!- gleb1 [~gleb@cpe-67-244-100-77.nyc.res.rr.com] has quit [Ping timeout: 256 seconds]
17:20 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
17:22 -!- zigapeda1 [~zigapeda@84.39.117.57] has joined #bitcoin-wizards
17:31 -!- jonatack_ [~jon@37.167.7.26] has joined #bitcoin-wizards
17:34 -!- jonatack [~jon@37.172.90.77] has quit [Ping timeout: 240 seconds]
17:39 -!- seddd [~user@gateway/tor-sasl/seddd] has joined #bitcoin-wizards
17:50 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 260 seconds]
17:59 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has joined #bitcoin-wizards
18:01 -!- slivera_ [~slivera@181.215.46.112] has joined #bitcoin-wizards
18:04 -!- slivera [~slivera@217.138.204.73] has quit [Ping timeout: 240 seconds]
18:23 -!- Krellan_ [~Krellan@2601:640:4100:e:8453:2472:8414:d108] has quit [Ping timeout: 256 seconds]
18:25 -!- TurquoiseEvents [~textual@2600:1700:fc60:2d30:c131:b7c2:be1d:3685] has joined #bitcoin-wizards
18:37 -!- slivera__ [~slivera@217.138.204.72] has joined #bitcoin-wizards
18:39 -!- slivera_ [~slivera@181.215.46.112] has quit [Ping timeout: 240 seconds]
18:41 -!- TurquoiseEvents [~textual@2600:1700:fc60:2d30:c131:b7c2:be1d:3685] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
18:44 -!- captjakk_ [~captjakk@174-29-9-247.hlrn.qwest.net] has joined #bitcoin-wizards
18:45 -!- captjakk [~captjakk@75-166-188-3.hlrn.qwest.net] has quit [Ping timeout: 240 seconds]
18:51 -!- smk [5cdf598e@unaffiliated/smk] has joined #bitcoin-wizards
18:52 -!- seddd [~user@gateway/tor-sasl/seddd] has quit [Remote host closed the connection]
18:52 -!- seddd [~user@gateway/tor-sasl/seddd] has joined #bitcoin-wizards
18:53 -!- seddd [~user@gateway/tor-sasl/seddd] has quit [Client Quit]
18:54 -!- seddd [~user@gateway/tor-sasl/seddd] has joined #bitcoin-wizards
19:05 -!- TurquoiseEvents [~textual@108-67-14-35.lightspeed.wepbfl.sbcglobal.net] has joined #bitcoin-wizards
19:14 -!- aupiff [~aupiff@172.58.228.73] has joined #bitcoin-wizards
19:34 -!- TheoStorm [~TheoStorm@host-p8vu8h.cbn1.zeelandnet.nl] has quit [Quit: Leaving]
19:36 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
19:42 -!- TurquoiseEvents [~textual@108-67-14-35.lightspeed.wepbfl.sbcglobal.net] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
19:46 -!- smk [5cdf598e@unaffiliated/smk] has quit [Ping timeout: 240 seconds]
19:47 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
19:52 -!- slivera__ [~slivera@217.138.204.72] has quit [Ping timeout: 256 seconds]
20:00 -!- zigapeda1 [~zigapeda@84.39.117.57] has quit []
20:15 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
20:15 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has quit [Ping timeout: 240 seconds]
20:16 -!- Belkaar [~Belkaar@xdsl-87-78-183-104.nc.de] has joined #bitcoin-wizards
20:16 -!- Belkaar [~Belkaar@xdsl-87-78-183-104.nc.de] has quit [Changing host]
20:16 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has joined #bitcoin-wizards
20:20 -!- xrogaan [~xrogaan@37.120.217.243] has joined #bitcoin-wizards
20:20 -!- xrogaan is now known as Guest46948
20:21 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 250 seconds]
20:23 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
21:03 -!- guest534543 [~mix@141.98.103.78] has joined #bitcoin-wizards
21:03 -!- Krellan_ [~Krellan@c-24-130-205-67.hsd1.ca.comcast.net] has joined #bitcoin-wizards
21:03 -!- Kiminuo [~mix@141.98.103.78] has quit [Ping timeout: 240 seconds]
21:10 -!- Krellan_ [~Krellan@c-24-130-205-67.hsd1.ca.comcast.net] has quit [Ping timeout: 250 seconds]
21:30 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
21:37 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 256 seconds]
21:40 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
21:40 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
21:49 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
22:18 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
22:51 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 264 seconds]
23:00 -!- Guest46948 [~xrogaan@37.120.217.243] has quit []
23:06 -!- Krellan_ [~Krellan@c-24-130-205-67.hsd1.ca.comcast.net] has joined #bitcoin-wizards
23:18 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Quit: ZNC - http://znc.sourceforge.net]
23:20 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards
23:22 -!- mYk1 [~mYk@139.28.218.198] has joined #bitcoin-wizards
23:24 -!- guest534543 [~mix@141.98.103.78] has quit [Ping timeout: 256 seconds]
23:40 -!- Krellan_ [~Krellan@c-24-130-205-67.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]
23:43 -!- jungly [~jungly@host73-184-dynamic.250-95-r.retail.telecomitalia.it] has joined #bitcoin-wizards
--- Log closed Thu Mar 26 00:00:34 2020