2015-04-18.log

--- Log opened Sat Apr 18 00:00:56 2015
-!- nivah [~linker@113.161.87.238] has joined #bitcoin-wizards00:05
-!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards00:06
-!- hktud0 [wq@unaffiliated/fluffybunny] has quit [Read error: Connection reset by peer]00:06
--- Log opened Sat Apr 18 04:16:23 2015
-!- gnusha [~gnusha@unaffiliated/kanzure/bot/gnusha] has joined #bitcoin-wizards04:16
-!- Topic for #bitcoin-wizards: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja04:16
-!- Topic set by andytoshi [~andytoshi@unaffiliated/andytoshi] [Fri Aug 22 14:51:37 2014]04:16
[Users #bitcoin-wizards]04:16
[@ChanServ ] [ comboy ] [ go1111111 ] [ larraboj ] [ nickler ] [ sneak ] 04:16
[ [7] ] [ copumpkin ] [ Graet ] [ lclc ] [ nsh ] [ sparetire_ ] 04:16
[ [ace] ] [ cornus_ammonis ] [ grandmaster ] [ leakypat ] [ nuke1989 ] [ spinza ] 04:16
[ [d__d] ] [ Cory ] [ GreenIsMyPepper] [ lechuga__ ] [ null ] [ Sqt ] 04:16
[ a5m0 ] [ coryfields_ ] [ gribble ] [ LeMiner ] [ null_radix ] [ Starduster ] 04:16
[ aakselrod ] [ crescendo ] [ Guest4827 ] [ livegnik ] [ Oizopower ] [ starsoccer ] 04:16
[ adams_ ] [ CryptOprah ] [ guruvan ] [ lmacken ] [ OneFixt_ ] [ stonecoldpat ] 04:16
[ adlai ] [ cryptowest_ ] [ gwillen ] [ lnovy ] [ optimator ] [ STRML ] 04:16
[ AdrianG ] [ cursive ] [ harrigan ] [ Logicwax ] [ otoburb ] [ sturles ] 04:16
[ afdudley ] [ d9b4bef9 ] [ harrow ] [ luigi1111 ] [ p15 ] [ SubCreative ] 04:16
[ afk11 ] [ damethos ] [ hashtagg ] [ luigi1111w ] [ p15x_ ] [ SwedFTP ] 04:16
[ airbreather ] [ dansmith_btc ] [ helo ] [ Luke-Jr ] [ Pan0ram1x ] [ Taek ] 04:16
[ ajweiss ] [ dardasaba ] [ hguux___ ] [ luny ] [ PaulCapestany ] [ TD-Linux ] 04:16
[ Alanius ] [ dasource ] [ HostFat ] [ maaku ] [ paveljanik ] [ throughnothing_] 04:16
[ amiller ] [ davout ] [ hulkhogan42o ] [ Mably ] [ petertodd ] [ Tiraspol ] 04:16
[ Anduck ] [ dc17523be3 ] [ Hunger- ] [ Madars ] [ phantomcircuit] [ tjader ] 04:16
[ andy-logbot ] [ dEBRUYNE ] [ huseby ] [ manan19 ] [ phedny ] [ Tjopper ] 04:16
[ andytoshi ] [ devrandom ] [ indolering ] [ mappum ] [ pigeons ] [ Transisto ] 04:16
[ antgreen ] [ dgenr8 ] [ Iriez ] [ mariorz ] [ platinuum ] [ tromp ] 04:16
[ Apocalyptic ] [ DougieBot5000 ] [ isis ] [ Meeh ] [ poggy ] [ tromp_ ] 04:16
[ artifexd ] [ Dr-G ] [ jaromil ] [ melvster ] [ PRab ] [ unlord_ ] 04:16
[ arubi ] [ EasyAt_ ] [ jbenet ] [ merlincorey ] [ prodatalab ] [ veox ] 04:16
[ azariah ] [ ebfull ] [ jcorgan ] [ michagogo ] [ Quanttek ] [ vonzipper ] 04:16
[ b_lumenkraft ] [ Eliel ] [ jessepollak ] [ midnightmagic] [ Relos ] [ wallet42 ] 04:16
[ BananaLotus ] [ Emcy ] [ jhogan42 ] [ mikolalysenko] [ richardus ] [ warptangent ] 04:16
[ bedeho ] [ epscy ] [ jmaurice ] [ mkarrer_ ] [ roasbeef_ ] [ warren ] 04:16
[ berndj ] [ eric ] [ jonasschnelli ] [ mm_0 ] [ RoboTeddy ] [ waxwing ] 04:16
[ binaryatrocity ] [ espes__ ] [ jtimon_ ] [ moa ] [ runeks__ ] [ weex ] 04:16
[ bliljerk101 ] [ face ] [ justanotheruser] [ MoALTz ] [ rusty ] [ whale ] 04:16
[ BlueMatt ] [ Firescar96 ] [ K1773R ] [ morcos ] [ rustyn ] [ wizkid057 ] 04:16
[ BrainOverfl0w ] [ Fistful_of_coins] [ Keefe ] [ mr_burdell ] [ ryan-c ] [ wumpus ] 04:16
[ brand0 ] [ fluffypony ] [ kgk ] [ MRL-Relay ] [ ryanxcharles ] [ x98gvyn ] 04:16
[ bsm117532 ] [ forrestv ] [ kinlo ] [ Muis ] [ s1w ] [ xapp ] 04:16
[ c0rw1n ] [ GAit ] [ koshii ] [ nanotube ] [ sdaftuar ] [ Xzibit17 ] 04:16
[ catcow ] [ gavinandresen ] [ Krellan ] [ NeatBasisW ] [ SDCDev ] [ yoleaux ] 04:16
[ catlasshrugged_] [ gielbier ] [ kumavis ] [ nephyrin ] [ shesek ] [ yorick ] 04:16
[ cdecker ] [ gmaxwell ] [ Kwelstr ] [ nessence ] [ sl01 ] [ yrashk ] 04:16
[ cfields_ ] [ gnusha ] [ kyuupichan ] [ NewLiberty ] [ smooth ] [ Zouppen ] 04:16
-!- Irssi: #bitcoin-wizards: Total of 228 nicks [1 ops, 0 halfops, 0 voices, 227 normal]04:16
-!- Channel #bitcoin-wizards created Mon Feb 25 23:24:47 201304:16
-!- Irssi: Join to #bitcoin-wizards was synced in 14 secs04:16
-!- whale [~jinglebel@149.130.134.120] has quit [Remote host closed the connection]04:20
Elielfluffypony: is that an inside joke or are you serious? :P04:27
-!- jtimon_ [~quassel@41.Red-83-59-233.dynamicIP.rima-tde.net] has quit [Ping timeout: 256 seconds]04:34
-!- p15 [~p15@123.118.86.166] has quit [Max SendQ exceeded]04:35
-!- p15 [~p15@123.118.86.166] has joined #bitcoin-wizards04:40
-!- belcher [~belcher-s@unaffiliated/belcher] has joined #bitcoin-wizards04:41
-!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards04:42
-!- p15 [~p15@123.118.86.166] has quit [Max SendQ exceeded]04:43
-!- jhogan42 [~jhogan42@c-67-169-168-179.hsd1.ca.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]04:46
-!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Ping timeout: 245 seconds]04:46
-!- p15 [~p15@123.118.86.166] has joined #bitcoin-wizards04:49
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 264 seconds]04:51
-!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.]04:55
fluffyponyEliel: https://botbot.me/freenode/bitcoin-wizards/2015-04-18/?msg=36911496&page=104:57
-!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards05:06
-!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection]05:19
-!- xenog [~xenog@95.83.254.108] has joined #bitcoin-wizards05:28
-!- xenog [~xenog@95.83.254.108] has quit [Read error: Connection reset by peer]05:29
-!- xenog [~xenog@95.83.254.108] has joined #bitcoin-wizards05:29
-!- xenog [~xenog@95.83.254.108] has quit [Client Quit]05:32
-!- SDCDev [~quassel@unaffiliated/sdcdev] has quit [Ping timeout: 265 seconds]05:32
-!- SDCDev [~quassel@196-210-38-243.dynamic.isadsl.co.za] has joined #bitcoin-wizards05:33
-!- SDCDev [~quassel@196-210-38-243.dynamic.isadsl.co.za] has quit [Changing host]05:33
-!- SDCDev [~quassel@unaffiliated/sdcdev] has joined #bitcoin-wizards05:33
-!- mm_0 is now known as mm_105:35
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Read error: Connection reset by peer]05:37
-!- pavel_ [~paveljani@79-98-72-216.sys-data.com] has joined #bitcoin-wizards05:37
-!- pavel_ [~paveljani@79-98-72-216.sys-data.com] has quit [Client Quit]05:37
-!- cluckj [~cluckj@c-71-225-211-210.hsd1.pa.comcast.net] has joined #bitcoin-wizards05:38
-!- Rynomster [~quassel@unaffiliated/rynomster] has joined #bitcoin-wizards05:38
-!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards05:41
-!- SDCDev [~quassel@unaffiliated/sdcdev] has quit [Ping timeout: 256 seconds]05:41
-!- kanzure [~kanzure@unaffiliated/kanzure] has joined #bitcoin-wizards05:50
-!- wallet42 [~wallet42@78.189.29.215] has quit [Quit: Leaving.]05:51
-!- wallet42 [~wallet42@78.189.29.215] has joined #bitcoin-wizards05:53
-!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection]05:54
-!- jeremyrubin [~jeremyrub@jeremys-mbp.media.mit.edu] has joined #bitcoin-wizards06:01
-!- cbeams [~cbeams@chello084114181075.1.15.vie.surfer.at] has joined #bitcoin-wizards06:06
-!- cbeams [~cbeams@chello084114181075.1.15.vie.surfer.at] has quit [Changing host]06:06
-!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards06:06
-!- adam3us [~Adium@88-105-23-192.dynamic.dsl.as9105.com] has joined #bitcoin-wizards06:14
-!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection]06:22
-!- p15x_ [~p15x@123.118.86.166] has quit [Ping timeout: 250 seconds]06:23
-!- p15 [~p15@123.118.86.166] has quit [Ping timeout: 272 seconds]06:23
-!- p15_ [~p15@123.118.94.249] has joined #bitcoin-wizards06:23
-!- p15x [~p15x@182.50.108.72] has joined #bitcoin-wizards06:24
-!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards06:25
-!- p15_ [~p15@123.118.94.249] has quit [Max SendQ exceeded]06:27
-!- p15 [~p15@123.118.94.249] has joined #bitcoin-wizards06:28
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards06:28
-!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards06:28
-!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Ping timeout: 272 seconds]06:34
-!- p15 [~p15@123.118.94.249] has quit [Max SendQ exceeded]06:35
-!- Guest4827 is now known as HM206:35
-!- HM2 is now known as HM06:36
-!- p15 [~p15@123.118.94.249] has joined #bitcoin-wizards06:36
-!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Quit: Leaving.]06:39
-!- whale [~jinglebel@149.130.245.91] has joined #bitcoin-wizards06:40
-!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards06:41
-!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 248 seconds]06:42
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 256 seconds]06:43
-!- hashtag_ [~hashtag@81.0.80.12] has joined #bitcoin-wizards06:45
-!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye]06:51
-!- iddo [~idddo@unaffiliated/iddo] has joined #bitcoin-wizards06:52
-!- zooko [~user@c-67-176-52-224.hsd1.co.comcast.net] has joined #bitcoin-wizards06:53
-!- mm_1 is now known as mm_006:57
-!- p15 [~p15@123.118.94.249] has quit [Max SendQ exceeded]07:02
-!- p15 [~p15@123.118.94.249] has joined #bitcoin-wizards07:03
-!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards07:06
-!- mm_0 is now known as mm_107:22
-!- x98gvyn [~vfbtgn@188.27.90.84] has quit [Ping timeout: 246 seconds]07:36
-!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 255 seconds]07:42
-!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection]07:48
-!- mm_1 is now known as mm_007:48
-!- p15x_ [~p15x@182.50.108.36] has joined #bitcoin-wizards07:50
-!- p15 [~p15@123.118.94.249] has quit [Ping timeout: 245 seconds]07:51
-!- p15x [~p15x@182.50.108.72] has quit [Ping timeout: 245 seconds]07:51
-!- binaryatrocity [~atr0phy.n@unaffiliated/br4n] has quit [Read error: Connection reset by peer]07:51
-!- binaryatrocity [~atr0phy.n@69.85.87.117] has joined #bitcoin-wizards07:52
-!- binaryatrocity [~atr0phy.n@69.85.87.117] has quit [Changing host]07:52
-!- binaryatrocity [~atr0phy.n@unaffiliated/br4n] has joined #bitcoin-wizards07:52
-!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards07:53
-!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards07:58
-!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards08:05
-!- p15x_ [~p15x@182.50.108.36] has quit [Ping timeout: 245 seconds]08:06
-!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded]08:07
-!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Read error: Connection reset by peer]08:08
-!- melvster1 [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards08:08
-!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards08:08
-!- ryanxcharles [~ryan@2601:9:4680:dd0:dd6:4e1a:aaf4:ab72] has quit [Ping timeout: 245 seconds]08:09
-!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards08:09
-!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection]08:11
-!- satwo [~satwo@unaffiliated/satwo] has joined #bitcoin-wizards08:22
-!- lclc [~lucas@unaffiliated/lclc] has quit [Ping timeout: 248 seconds]08:24
-!- zmachine [uid53369@gateway/web/irccloud.com/x-hozgscmqnpqodpqr] has joined #bitcoin-wizards08:27
-!- delitzer [~delitzer@c-66-30-9-144.hsd1.ma.comcast.net] has joined #bitcoin-wizards08:31
-!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded]08:31
-!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards08:32
-!- whale [~jinglebel@149.130.245.91] has quit [Remote host closed the connection]08:37
-!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded]08:39
-!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 250 seconds]08:42
-!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards08:43
-!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded]08:43
-!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards08:44
-!- xenog [~xenog@46.7.118.40] has joined #bitcoin-wizards08:44
-!- zooko [~user@c-67-176-52-224.hsd1.co.comcast.net] has quit [Ping timeout: 250 seconds]08:47
-!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards08:48
-!- delitzer [~delitzer@c-66-30-9-144.hsd1.ma.comcast.net] has left #bitcoin-wizards []08:51
-!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded]08:54
-!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards08:55
-!- wallet42 [~wallet42@78.189.29.215] has quit [Quit: Leaving.]08:56
-!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards08:58
-!- dc17523be3 [unknown@gateway/vpn/mullvad/x-byszzurigaymlqbp] has quit [Ping timeout: 256 seconds]08:59
-!- dc17523be3 [unknown@gateway/vpn/mullvad/x-iuxjwcctcnkcemka] has joined #bitcoin-wizards09:01
-!- Emcy [~MC@unaffiliated/mc1984] has quit [Ping timeout: 272 seconds]09:02
-!- jeremyrubin [~jeremyrub@jeremys-mbp.media.mit.edu] has quit []09:05
-!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-zxuydnlizhevazpo] has joined #bitcoin-wizards09:10
-!- HostFat [~HostFat@adsl-ull-187-93.42-151.net24.it] has quit [Ping timeout: 276 seconds]09:10
-!- mm_0 is now known as mm_109:12
fluffyponySo just so we all know, Ethereum will be 100% safe to use, because it depends on Go code, not on correct maths: https://twitter.com/vitalikbuterin/status/58933793128383283209:17
fluffypony.title09:17
yoleauxVitalik Buterin auf Twitter: "@fluffyponyza @mperklin The safety of people's funds depends on the go code, not the math notation. And the go code is doing just fine."09:17
sturlesI believe it says "math notation", not maths.09:21
fluffyponysturles: you can't really separate the two; by definition maths requires precision09:21
fluffypony"Oh sorry guize, missed landing on Mars because sqrt not sqr, my bad lol"09:22
sturlesYes, you can.  There are several notations for may sub-diciplines in math.09:23
fluffyponyIt's basically one of those places where pedantry is a prerequisite:-P09:23
-!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded]09:23
sturlesE.g.: http://en.wikipedia.org/wiki/Notation_for_differentiation09:23
sturles"In differential calculus, there is no single uniform notation for differentiation. Instead, several different notations for the derivative of a function or variable have been proposed by different mathematicians. The usefulness of each notation varies with the context, and it is sometimes advantageous to use more than one notation in a given context. The most common notations for differentiation09:23
sturlesare listed below."09:23
fluffyponysturles: sure, but this is the specific case he's referring to - http://imgur.com/MPrtgdy09:24
fluffyponyTbh his use of "notation" is a red herring, this is more than just notation09:25
sturlesDid anyone find actual errors, or just awkward notation?  Of course using your own notation may make it very difficult for trained mathematicians to spot mistakes without cleaning it up first.09:26
sturlesWhich is bad.09:27
-!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards09:27
-!- Burrito [~Burrito@unaffiliated/burrito] has joined #bitcoin-wizards09:31
gmaxwellsturles: most of that paper just makes no sense.09:40
gmaxwellasking if there are errors is like asking if you found errors in beat poetry. The reason people are picking on the notation is because they feel it's the paper being intetionally obfscuated and putting on a show of sophication that doesn't actually fit.09:42
-!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 272 seconds]09:42
-!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded]09:43
-!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has quit [Read error: Connection reset by peer]09:46
-!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards09:48
-!- mm_1 is now known as mm_009:49
fluffyponysturles: the notation makes everything unclear, so it's impossible to determine validity or soundness; how do you forego that and then focus on the "concepts"?09:50
-!- AlienProject [~Alien_Pro@72.53.101.165] has joined #bitcoin-wizards09:51
fluffyponyput another way: if I told you that 10 minute blocks are way too long, and 8 second blocks are preferable, you'd undoubtedly ask me to provide evidence of that statement09:51
fluffyponyif my evidence is 3WAFFLE 8 X &@#)@#* = 7 what are you going to say?09:51
-!- Emcy [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has joined #bitcoin-wizards09:51
-!- Emcy [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has quit [Changing host]09:51
-!- Emcy [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards09:51
gmaxwellIt also fails to cite prior work, so it's unclear whats background and what they're claiming is concepts. The things like fraud proofs are an old idea.09:52
gmaxwellThe descriptions of things use symbology that is introduced nowhere before randomly, so you litterally cannot understand quite a few sentences;  beyond "I know this is talking about subject X, but I can't figure out what if anything of substance its saying about it.".09:53
jcorgani'll give him a small benefit of the doubt.  it seems like something a self-taught person would do, unaware of the typical academic conventions of notation, citing prior work, and extending existing conceptual frameworks.09:54
jcorganiow, young and naive.09:54
fluffyponyjcorgan: a self-taught person would tend to explain things a LOT more clearly, because they're had to learn from junk on the Interwebz and books written on a subject (rather than academic text books)09:55
gmaxwellIt's also unaware of the solutions that some of the prior work presents.  E.g. the problem with fraud proofs is that if no one can check the data, no one can produce the fraud proof.  It waxes on philosophically about this at length but never attempts and solutions or really points out how fatal it is for using fraud proofs for anything related to bandwidth scaling. (Part of the reason we've not09:56
gmaxwellimplemented them even though we proposed them in 2011/2012).09:56
gmaxwellThis is also sad because unawareness of other work means that they weren't aware that the community actually has an interesting and powerful improvment to fraud censorship:09:56
-!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards09:57
gmaxwellProblem there is: say a block contains an invalid spend; you're expecting people randomly checking parts to spot it (and have constructed the block so this is possible), once any participant finds fraud they can compactly prove it to everyone transitively connected to them. Hurray. But if no one will give them the fradulent data, they can't sample uniformly, and they just won't see it. Setting th10:00
gmaxwellings up so someone can prove their sampling is being blocked seems to be quite hard.10:00
-!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has joined #bitcoin-wizards10:01
gmaxwellThe improvement we have is this, a party offering a block to the network can be required to code it using a locally decodable rateless error correcting code.  So they virtually expand the block up to 'infinite' size, such that if you read approx. $blocksize worth of the the infinite space at random, you can recover the whole block.10:02
gmaxwellNow, when people fetch, they pick random parts to fetch, and check those parts.. but if the sever transmits more than the total block size in aggregate, the other nodes can colaborate to recover any censored parts. So the total amount transmitted must be limited.10:03
-!- whale [~jinglebel@149.130.224.66] has joined #bitcoin-wizards10:05
gmaxwellIt's not clear if this is actually useful --- it basically means that any block transmitted by an untrusted peer can only come from sources that have the whole block... which is less useful. But its an interesting area.. and the kind of stuff that anyone who would hope to make progress in this space should know about.10:05
-!- nuke1989 [~nuke@46-198-83-118.adsl.cyta.gr] has quit [Read error: Connection reset by peer]10:07
-!- nuke1989 [~nuke@46-198-83-118.adsl.cyta.gr] has joined #bitcoin-wizards10:08
-!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 244 seconds]10:12
fluffyponygmaxwell: wouldn't that be useful once blockchain pruning gets added, ie. for fetching pre-pruning block data from those peers that offer it?10:12
gmaxwellfluffypony: you don't need that for that.. in that case you just fetch it from whomever has it.  Thats all above about addressing a specific problem where: (1) Not everone will fetch everything, (2) people will fetch things at random and check and tell others if they find problems (3) the randomness in (2) is essential for security.10:14
gmaxwellone could use fec to make it harder to lose data completely, but the extra overhead of storing correction data could instead be used to just store more blocks. The correction data approach is slightly more powerful, but I don't see "can't find a block" as being a serious issue.10:16
gmaxwell(and has to be weighed against the FEC being slow)10:16
gmaxwellFreenet uses FEC in that manner though.10:16
fluffyponyah makes sense10:16
-!- whale [~jinglebel@149.130.224.66] has quit [Remote host closed the connection]10:20
-!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards10:22
-!- whale [~jinglebel@149.130.224.66] has joined #bitcoin-wizards10:23
gmaxwell(For those not faimlar with how error correcting codes work, imagine instead of storing block 5 or block 500 you store block 5 xor block 500.. now later your data is helpful to _either_ someone who has 5 and wants 500 but can't find it, OR helpful to someone who has 500 and wants 5-- just as helpful as having the wanted block. But you didn't have to know in advance which of the two would go missi10:23
gmaxwellng. If 5 and 500 are both missing though, your data isn't helpful at all. There are more complex schemes that let you achieve coding groups of any N=data, K=redundancy, even efficient ones where K=infinity.10:23
-!- x98gvyn [~vfbtgn@82.77.167.173] has joined #bitcoin-wizards10:30
Taekif you're using fountain codes to request random parts of a block, how do you report that someone is refusing to send a particular piece without opening yourself to the attack were someone reports that every piece of every block can't be requested?10:32
-!- Firescar96 [~nchinda2@18.189.122.17] has quit [Ping timeout: 245 seconds]10:32
Taekalso does using fountain codes give you any sort of guarantee that the block is smaller than $size?10:32
-!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has quit [Ping timeout: 276 seconds]10:34
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:edd0:d1aa:cbe5:33b6] has quit [Ping timeout: 245 seconds]10:43
-!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards10:53
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 250 seconds]10:55
gmaxwellTaek: you don't report that, instead everyone selects totally seperate pieces (e.g. cryptographically random 128 bit indexes); the sender cannot emit more than a threshold of total output without allowing recovery; if they try to censor any piece that touches a segment of the block in question, they'll have to block almost everyone (basically everyone minus the overhead of the scheme).10:56
-!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has quit [Ping timeout: 264 seconds]10:58
gmaxwellyou can think of it interms that the probablity that they'll have to block a user to prevent possible recovery of the fradulent segment starts off at ~1/segments  and tends to 1 as the number of segements served goes to the blocksize+overhead.  As far as the size goes, you wouldn't be able to decode anything at all if the size was miststated.10:59
-!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has joined #bitcoin-wizards11:03
Taekok. So if I'm trying to decode and verify some subset of the block, I'm going to request cryptographically random coded pieces of the block until I've got enough data to decode some particular segment?11:05
Taekand if lots of people are doing this, eventually some of them will be able to recover the fraudulent segment?11:05
gmaxwellTaek: or the server will have to start rejecting virtually every request.11:05
gmaxwell(by the point where its given out roughly one copy worth in total)11:06
Taekthat's pretty neat11:07
gmaxwellthis may be more useful for something somewhat more centeralized than a blockchain cryptocurrency;  e.g. a opentransactions like private ledger, or a system like certificate transparency;  ... things where there is a 'well known server'.11:07
gmaxwellbut it's an interesting tool in the toolbelt.11:08
-!- Rynomster [~quassel@unaffiliated/rynomster] has quit [Ping timeout: 252 seconds]11:08
Taekwhy couldn't you apply it to lightweight Bitcoin nodes?11:09
kanzurewas there anything before loom and opentransactions that did similar cryptography things for signed receipts and balances?11:10
Taekit seems to me that you would need multiple parties trying to assemble and share a full block to prevent the server from selectively excluding people by always refusing their requests11:11
gmaxwellTaek: you can but the server in the scheme needs to have all the data.11:11
-!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Remote host closed the connection]11:11
gmaxwellwhich makes it somewhat less exciting when you want to imagine multiple servers.11:11
Taekright you still need full nodes, but it seems like an upgrade from SPV verification11:11
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards11:12
gmaxwellkanzure: digicash?11:12
-!- devrandom [~devrandom@unaffiliated/niftyzero1] has quit [Quit: leaving]11:13
kanzuredigicash doesn't count for what i have in mind11:13
gmaxwellTaek: sure, fraud proofs alone are an upgrade there (Even without the anti-censorship measures). (also, note that the bitcoin whitepaper admits spv nodes being able to detect fraud that way; it just doesn't mention compact fraud proofs; so it's unclear how you could detect fraud that way without it being a huge DOS vector).11:13
kanzuresurely there was an open-source "signed receipts" utility that existed backwhenever11:14
gmaxwellTaek: Another approach we had to the censorship problem was just, if you really cannot obtain a segment, you compute a costly hashcash proof "I cannot obtain segment X".  And nodes have some acceptable overhead they're willing to take for additional load for censorship proofs. e.g. they'll double their bandwidth by requesting an equal number of claimed censored segments to actual segements.  Then11:17
gmaxwell they take the censored claims they've heard and pick that many at random weighed by their amount of hashcash proof. If they also find it censored, they begin working on the hashcash to emit a stronger hashcash proof for censorship.11:17
gmaxwellkanzure: ask adam, nothing is coming to mind but that may be because I don't know precisely what you're referring to.  Does RPOW's tokens fit your criteria?11:18
amillerkanzure, maybe truledger?11:19
amillernvm that is loom11:19
kanzurerpow tokens might fit, but i just mean more general accounting software with issuances, receipts, transactions... surprisingly, gnucash might come close.11:19
amillerhrm maybe it's not loom... but came after?11:19
kanzurehttp://www.gnucash.org/features.phtml11:20
kanzurethis does not even look multi-user11:20
gmaxwellTaek: I suspect it may be possible that you can set that up so that a censor is unlikely to be successful (unlikely proportional to the overhead people take) when the attacker has a miniority hashpower; but I haven't chased that idea enough to work out the security argument for it.11:20
-!- cornus_ammonis [~Cornus@pool-173-73-140-137.washdc.fios.verizon.net] has quit [Ping timeout: 250 seconds]11:20
-!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded]11:28
-!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards11:31
-!- whale [~jinglebel@149.130.224.66] has quit [Remote host closed the connection]11:47
-!- whale [~jinglebel@149.130.224.66] has joined #bitcoin-wizards11:47
-!- whale [~jinglebel@149.130.224.66] has quit [Remote host closed the connection]11:48
-!- xcthulhu [~mpwd@pine.noqsi.com] has joined #bitcoin-wizards11:58
jcorgani'm not sure whatever happened to the project, but last year there was a group that was going to broadcast new blocks in a data sub-channel of a DVB-T station in Finland.  IIRC they were going to use a fountain code to continually send encoded parts of the latest block so that receivers could start decoding at any point in time until they heard enough to reassemble the block locally.12:01
-!- AlienProject [~Alien_Pro@72.53.101.165] has quit [Ping timeout: 248 seconds]12:04
-!- xenog [~xenog@46.7.118.40] has quit [Ping timeout: 240 seconds]12:06
-!- xenog [~xenog@46.7.118.40] has joined #bitcoin-wizards12:08
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards12:12
-!- pollux-bts [uid52270@gateway/web/irccloud.com/x-lpqdbsguixvhuinm] has joined #bitcoin-wizards12:13
-!- afk11 [~thomas@89.100.72.184] has quit [Quit: Leaving.]12:20
pigeonstruledger can act as a loom client and was inspired by loom, but the actual truledger system uses cryptogrphy instead of loom's "big numbers"12:21
pigeonstruledger server and client agree on signed balances yes12:24
-!- zmachine [uid53369@gateway/web/irccloud.com/x-hozgscmqnpqodpqr] has quit [Quit: Connection closed for inactivity]12:36
-!- satwo_ [~satwo@unaffiliated/satwo] has joined #bitcoin-wizards12:39
-!- satwo [~satwo@unaffiliated/satwo] has quit [Ping timeout: 245 seconds]12:40
-!- SDCDev [~quassel@unaffiliated/sdcdev] has joined #bitcoin-wizards12:43
-!- AlienProject [~Alien_Pro@72.53.101.165] has joined #bitcoin-wizards12:49
-!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded]12:49
-!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards12:54
-!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Read error: Connection reset by peer]13:07
-!- sparetire [~sparetire@unaffiliated/sparetire] has joined #bitcoin-wizards13:09
-!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-zxuydnlizhevazpo] has quit [Quit: Connection closed for inactivity]13:16
-!- dryhopper [18b63105@gateway/web/freenode/ip.24.182.49.5] has joined #bitcoin-wizards13:17
-!- dignork [~dignork@unaffiliated/dignork] has joined #bitcoin-wizards13:21
-!- dryhopper [18b63105@gateway/web/freenode/ip.24.182.49.5] has quit [Ping timeout: 246 seconds]13:22
-!- hulkhogan42o [~WW@unaffiliated/loteriety] has quit [Ping timeout: 245 seconds]13:33
-!- hulkhogan42o [WW@gateway/vpn/mullvad/x-vjacinagruirdptd] has joined #bitcoin-wizards13:36
-!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-jntcyljmroftseyt] has joined #bitcoin-wizards13:37
-!- Rynomster [~quassel@unaffiliated/rynomster] has joined #bitcoin-wizards13:46
-!- SDCDev [~quassel@unaffiliated/sdcdev] has quit [Ping timeout: 245 seconds]13:48
-!- zooko [~user@174-16-215-53.hlrn.qwest.net] has joined #bitcoin-wizards13:51
-!- xenog [~xenog@46.7.118.40] has quit [Quit: Leaving.]14:14
-!- nessence [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has quit [Remote host closed the connection]14:16
-!- [d__d] [~d__d]@ec2-54-85-45-223.compute-1.amazonaws.com] has quit [Ping timeout: 250 seconds]14:17
-!- [d__d] [~d__d]@ec2-54-85-45-223.compute-1.amazonaws.com] has joined #bitcoin-wizards14:18
-!- hashtagg [~hashtagg_@cpe-69-23-213-3.ma.res.rr.com] has quit [Ping timeout: 255 seconds]14:28
-!- hashtagg [~hashtagg_@cpe-69-23-213-3.ma.res.rr.com] has joined #bitcoin-wizards14:29
-!- tjader [~tjader@179.210.108.36] has quit [Ping timeout: 256 seconds]14:30
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards14:33
-!- Tjopper [~Jop@dhcp-077-249-237-229.chello.nl] has quit [Read error: Connection reset by peer]14:35
-!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has quit [Remote host closed the connection]14:40
-!- xcthulhu [~mpwd@pine.noqsi.com] has quit [Quit: xcthulhu]14:41
-!- Firescar96 [~nchinda2@18.189.125.28] has joined #bitcoin-wizards14:48
-!- tryout123 [d92ae275@gateway/web/cgi-irc/kiwiirc.com/ip.217.42.226.117] has joined #bitcoin-wizards14:50
-!- b_lumenkraft [~b_lumenkr@unaffiliated/b-lumenkraft/x-4457406] has quit [Quit: b_lumenkraft]14:50
-!- tryout123 [d92ae275@gateway/web/cgi-irc/kiwiirc.com/ip.217.42.226.117] has quit [Client Quit]14:51
-!- zooko [~user@174-16-215-53.hlrn.qwest.net] has quit [Ping timeout: 276 seconds]15:13
-!- x98gvyn [~vfbtgn@82.77.167.173] has quit [Ping timeout: 245 seconds]15:20
-!- dansmith_btc [~dansmith@unaffiliated/dansmith-btc/x-0355117] has quit [Ping timeout: 246 seconds]15:30
-!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has joined #bitcoin-wizards15:36
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds]15:40
-!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards15:41
-!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Read error: Connection reset by peer]15:42
-!- RoboTed__ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards15:42
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 276 seconds]15:45
-!- whale [~jinglebel@184-209-8-30.pools.spcsdns.net] has joined #bitcoin-wizards15:47
-!- RoboTed__ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 246 seconds]15:47
-!- mm_0 is now known as mm_115:47
-!- mm_1 is now known as mm_015:47
-!- xcthulhu [~mpwd@pine.noqsi.com] has joined #bitcoin-wizards15:48
-!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has quit [Ping timeout: 248 seconds]15:53
-!- whale [~jinglebel@184-209-8-30.pools.spcsdns.net] has quit [Read error: Connection reset by peer]15:54
-!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has joined #bitcoin-wizards15:56
-!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards16:00
-!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has quit [Ping timeout: 256 seconds]16:01
-!- whale [~jinglebel@184.209.8.30] has joined #bitcoin-wizards16:02
-!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has joined #bitcoin-wizards16:03
-!- jtimon [~quassel@41.Red-83-59-233.dynamicIP.rima-tde.net] has joined #bitcoin-wizards16:03
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Quit: :)]16:05
-!- whale [~jinglebel@184.209.8.30] has quit [Remote host closed the connection]16:09
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards16:12
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]16:17
-!- sparetire [~sparetire@unaffiliated/sparetire] has quit [Quit: sparetire]16:18
-!- xcthulhu [~mpwd@pine.noqsi.com] has quit [Quit: xcthulhu]16:25
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards16:29
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 255 seconds]16:38
-!- HostFat [~HostFat@adsl-ull-187-93.42-151.net24.it] has joined #bitcoin-wizards16:50
-!- satwo_ [~satwo@unaffiliated/satwo] has quit []16:52
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:8c74:47b4:6891:1826] has joined #bitcoin-wizards16:59
-!- x98gvyn [~vfbtgn@86.126.0.70] has joined #bitcoin-wizards17:02
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards17:13
-!- nessence [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has joined #bitcoin-wizards17:13
-!- Kwelstr [~rex@2602:306:cd77:1d10:c9e7:1b25:aa23:e7f7] has quit [Quit: Leaving]17:13
-!- AlienProject [~Alien_Pro@72.53.101.165] has quit [Ping timeout: 256 seconds]17:14
-!- Kwelstr [~rex@2602:306:cd77:1d10:646e:36a:1eb8:4a5] has joined #bitcoin-wizards17:15
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 246 seconds]17:17
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards17:20
-!- sparetire [~sparetire@unaffiliated/sparetire] has joined #bitcoin-wizards17:21
-!- PaulCapestany [~PaulCapes@204.28.124.82] has quit [Read error: Connection reset by peer]17:23
-!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards17:23
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards17:27
-!- Mably [~Mably@unaffiliated/mably] has quit [Ping timeout: 240 seconds]17:29
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Remote host closed the connection]17:36
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards17:42
-!- mkarrer_ [~mkarrer@46.Red-79-154-251.dynamicIP.rima-tde.net] has quit []17:42
-!- mkarrer [~mkarrer@46.Red-79-154-251.dynamicIP.rima-tde.net] has joined #bitcoin-wizards17:44
-!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 255 seconds]18:01
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:8c74:47b4:6891:1826] has quit [Ping timeout: 245 seconds]18:09
-!- coinrookie [~c0inr00ki@c-68-53-21-189.hsd1.tn.comcast.net] has joined #bitcoin-wizards18:24
-!- Dr-G2 [~Dr-G@x4d08aa2e.dyn.telefonica.de] has joined #bitcoin-wizards18:34
-!- Dr-G [~Dr-G@unaffiliated/dr-g] has quit [Disconnected by services]18:34
-!- c0rw1n is now known as c0rw|sleep18:39
-!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards18:39
-!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has joined #bitcoin-wizards18:50
-!- xcthulhu [~mpwd@pine.noqsi.com] has joined #bitcoin-wizards18:50
-!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has quit [Client Quit]18:51
-!- zooko` [~user@174-16-95-68.hlrn.qwest.net] has joined #bitcoin-wizards18:52
-!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 245 seconds]18:52
-!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Ping timeout: 248 seconds]18:54
-!- HostFat [~HostFat@adsl-ull-187-93.42-151.net24.it] has quit [Ping timeout: 245 seconds]19:00
-!- melvster1 [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Read error: Connection reset by peer]19:00
-!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards19:01
-!- metamarc [~snizysnaz@97.95.172.50] has joined #bitcoin-wizards19:05
-!- metamarc [~snizysnaz@97.95.172.50] has quit [Changing host]19:05
-!- metamarc [~snizysnaz@unaffiliated/agorist000] has joined #bitcoin-wizards19:05
-!- fanquake [~fanquake@unaffiliated/fanquake] has joined #bitcoin-wizards19:10
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 250 seconds]19:11
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards19:12
-!- blablaa [~z@unaffiliated/blablaa] has joined #bitcoin-wizards19:14
blablaawhat do people here think about PoS? i'm thinking the savings in costs of maintaining network can be so huge, it's worth investigating...19:15
-!- belcher [~belcher-s@unaffiliated/belcher] has quit [Quit: Leaving]19:16
phantomcircuitblablaa, doesn't work19:16
bsm117532Yes, failing to achieve consensus is cheap.19:16
phantomcircuithttps://download.wpsoftware.net/bitcoin/pos.pdf19:16
blablaaphantomcircuit, reading19:17
phantomcircuitblablaa, there was a lot of hope that it would work early19:17
phantomcircuitbut sadly no19:17
blablaaphantomcircuit, i was thinking about punishing double signers, i see it's dealt in your paper, reading it19:19
phantomcircuitblablaa, thats from andytoshi btw19:19
-!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards19:20
-!- Burrito [~Burrito@unaffiliated/burrito] has quit [Quit: Leaving]19:22
blablaaphantomcircuit, stake-grinding just gives some more revenues to people with more computational power, no? doesn't seem fatal...19:25
phantomcircuitblablaa, it's just one of many issues19:25
blablaabut the problem of people selling their "stake" before messing up the network indeed seems a solid...19:25
blablaaa solid problem, even if maybe more theoretical than practical19:25
kanzurealso https://download.wpsoftware.net/bitcoin/alts.pdf19:27
justanotheruserblablaa: a practical problem as well https://bitcointalk.org/index.php?topic=131901.019:27
phantomcircuitjustanotheruser, that's stake grinding i believe19:28
justanotheruseryes19:29
justanotheruseroh, he wasn't speaking of NaS in general19:29
phantomcircuitthe conclusion section notes that you can grind in such a way as to get yourself more stake in the future as well19:29
phantomcircuitit's a powerful attack19:29
phantomcircuitthe only "solution" i've seen is limiting timestamp drift19:30
phantomcircuitwhich doesn't work19:30
blablaaphantomcircuit, timestamp is very ugly theoretically, maybe something like asking every block to be signed by 50% of coins would be more sensible19:33
blablaait would also kill stake grinding of any kind19:33
phantomcircuitblablaa, doesn't work19:34
blablaawhy?19:35
phantomcircuitbecause you cant get 50% of anybody to do anything in real time19:35
blablaahehe then make it 10%19:36
blablaabut there is still the more general "stake" problem19:37
blablaawell in this case there would be a battle for low delay19:37
justanotheruserblablaa: that still leaves you open to other attacks, however that means an attacker needs 10% of the stake to grind19:40
justanotheruserand your blocks will be *massive*19:40
blablaahehe yes i know19:40
phantomcircuitalso i (without thinking too hard) there's probably some speed of light issues with that19:41
-!- zooko` is now known as zooko19:41
-!- fanquake [~fanquake@unaffiliated/fanquake] has left #bitcoin-wizards []19:41
-!- hashtag_ [~hashtag@81.0.80.12] has quit [Ping timeout: 255 seconds]19:44
-!- PRab [~chatzilla@2601:4:400:2105:a1de:ce13:2b47:7635] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 37.0.1/20150402191859]]19:50
blablaaphantomcircuit, i don't understand why long range attacks would still be possible. Can't we still choose longest chain, and still choose the "true" one in this way? Because the one signed by more people will be longer, no?19:57
blablaaso it seems to me the "long-range" attack is feasible only if one really has largest "stake"19:57
kanzure"more people" no.. that's not how it works. you can't count people.19:57
blablaakanzure, people weighted by (not recently moved) coins they have19:58
gmaxwellYou can count keys, and the attacker gets lots of keys with coins as a product of their attack, so it self amplifies.19:58
kanzureuh what is your definition of a person?19:58
blablaakanzure, damn i mean just count the "stake"19:59
blablaagmaxwell, the idea is to only consider the coins held for some blocks when "stake" is needed19:59
gmaxwellyou should visualize a ouroboros-- you can't build a consensus system outside of itself, it's tautological.20:00
blablaahehe20:00
kanzurewhat i'm really confused about is why you don't think pos.pdf covers these objections already---- maybe it doesn't, and i'm remembering phantom text?20:00
gmaxwellblablaa: yes and? so I go and obtain old no longer useful keys from people who've left the system, I fork using their ability to create blocks back then, and play forward. My alternative looks just as good -- it _is_ just as good, if the real network could have done it the fake one can too.20:01
gmaxwellThis is all described in the writeup, indeed.20:01
kanzureperhaps those sentences need to be repeated twice in a row for emphasis in the doc20:02
gmaxwellmaybe a latex macro that makes flaming text.20:02
blablaagmaxwell, ok, right, i was just confused20:02
kanzureis there a way the document could be made more clear to you?20:03
kanzureand, which aspects are confusing?20:03
blablaagmaxwell, even if your attack is not entirely trivial, you've to obtain enough useful keys20:03
kanzureyou are missing a verb20:03
gmaxwellit's okay, so this subject confused us for a long time.  PoS was invented by the bitcoin tech community and most of us that were around then were super psyched about it for a couple months until we really started to understand all the subtle implications.20:03
kanzureoh, excess abbreviation20:03
blablaagmaxwell, that at some point in the past were a large stake20:03
kanzurethe only safe operation of that would be to never have any private keys to begin with, to guard against the accumulation of private keys by any single person20:04
gmaxwellblablaa: thats just one example; so don't fall into a trap of confusing a _specific_ set of operations that were used to illustrate a fundimental limitation as being the thing that must be prevented;  the error that leads to is 'patching' around it (which usually then introduces new and potentially worse vulnerabilityies) and exhausting the cryptoanaylsis resources and patience. :)20:05
blablaahehe20:05
-!- GAit [~lnahum@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]20:05
blablaagmaxwell, it's just that for ALL fake chains you need to have them "nested" on a block where you had a large stake20:06
kanzure"fake"20:06
-!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Ping timeout: 240 seconds]20:06
gmaxwellThe point is that there is a fundimental issue there which results in many different attacks; and really should be addressed _in general_; otherwise you just get a system which is patchy and vulerable but too much of a PITA to analyize until it's really profitable to rip it off. (also the more complex the attack needed, the slower people are to respond to it; you can see an example with that with20:06
gmaxwell pool hopping earlier in bitcoin's life)20:06
-!- GAit [~lnahum@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards20:06
kanzurethere's no such thing as fake in these systems20:07
kanzurethere's no "fake history"... if a history validates then it is impossible to determine whether it was "fake" without resorting to a cetnral party.20:07
kanzure(well, this could probably be tightened up to be more clear...)20:08
gmaxwellblablaa: where collaborating attackers had enough stake to continue the system if the other users went away (in their alternative universe they'll expand their position thereafter). Also, in all these systems there is non-determinstic inputs, so you can 'boost' your apparent stake by trying over and over again. (often they delay the non-determinstic influence to make them not _instantly_ fail to20:08
gmaxwellstake grinding, but they all have it for sufficiently large reorgs)20:09
blablaagmaxwell, the PoS i have in mind has no timestamp but many signatures per block20:10
blablaaso there should be no grinding used for "boosting" your stake20:10
blablaahmm well but then it's entirely different, sorry20:10
blablaain the thing i've in mind, you can't mine not even a block without 10% stake20:11
gmaxwellI do hope you've read alts.pdf; anyone can build a cryptosystem they themselves cannot break. It's really astonishingly hard to do anything in this space that doesn't just shatter.20:11
gmaxwellblablaa: so if something like mtgox happened where ~10% of the coins were 'lost' at once the system cannot continue?20:12
blablaagmaxwell, indeed20:13
blablaagmaxwell, but agreed, the problem is people may still retain key even after having no longer the "stake"20:13
blablaaso, in general, you're right20:13
blablaasomeone could buy these keys theoretically20:14
-!- instagibbs [60ff5d39@gateway/web/freenode/ip.96.255.93.57] has joined #bitcoin-wizards20:14
instagibbsI'm sure the mtgox "hackers" would gladly mint some blocks for you ;)20:14
gmaxwellblablaa: yea, and you can probably even automate selling them! e.g. having a smart contract that trustlessly buys them from people.20:15
gmaxwellI mean, basically any such system _instantly_ fails on an incentives basis since the rational thing for a non-participant to do is to immeidately join in a costless attack with the prior participants; ... but maybe thats not a concern because of activiation energy; ... but the activiation energy from 'sell your key, get funds' is pretty darn low.20:16
blablaagmaxwell, i think this sell your key is the only problem. otherwise it would work.20:17
blablaabut it's not a solvable problem20:17
gmaxwellblablaa: I actually don't think its the root issue, it's an example of the more fundimental issue, which is the circular relationship, that everything in the system is defined in the system; so attacks cost nothing external.20:18
blablaagmaxwell, i think it's root issue. attacks require stake, and you can't have stake without keys, and you can't have someone else keys unless he gives them to you.20:19
gmaxwellEven if there were some magical edict that prevented selling; it would still be in the rational interest for all participants who've exited to to participate in attacks. (keep in mind, it's not required that there be a single 'attacker'; it can just be the selfsame past users that create an alternative history)20:19
gmaxwellYou don't need someone elses keys though.20:19
instagibbsblablaa: the original Master Stakeholders will always control the system, followed by the 2nd most powerful stakeholder in history, followed by the 3rd....20:20
gmaxwellYou're adopting a mental model of a singular attacker; thats over constraining it.  It's perfectly possible for people to collectively act in self interest-- even without explicit coordination, it happens in markets every day... and not just for wholesome purposes.20:20
instagibbsrelated: one big problem with Vitalik's recent work, from someone who actually read the whole thing(not me), was that he was modeling attackers non-cooperatively.20:21
blablaagmaxwell, well that is just selling your key to some virtual group that will do the attack instead of selling to an individual. it's basically identical.20:22
gmaxwellunderimagination about attackers is one of the hardest things to deal with in cryptography.20:22
kanzureyou also don't have to sell your private key, people can just post them or derive them from faulty pseudorandom number ists20:23
kanzure*number lists20:23
gmaxwellblablaa: there is no virtual anything required! you keep it yourself, and you just have software that does whatever is most profitable for you; supporting the honest network is not profitable (as you have no coins in it), someone else shows up with a fork where you have coins... sign away baby!20:23
instagibbsgmaxwell: but I'll just phone the Bitcoin CEO and figure out the true chain20:24
blablaagmaxwell, in game theory it's called a coalition :)20:24
gmaxwellit's not hard to write mining software that does a straight expected value calculation and does all the profitable things; signing is cheap.20:24
gmaxwellwriting the software takes work, but its one time.20:24
blablaagmaxwell, indeed this is also what i had concluded at the first analysis of this issue (that the attack is valid but not so practical because u need large coalition).. then somewhat forgot it while thinking about it.20:25
gmaxwell"The security of my system depends on no one being non-lazy enough to write a code that maximizes profits, or everyone being too lazy to run it" is kinda fragile! :P20:25
blablaagmaxwell, and large coalition is practical indeed, via market mechanism of selling keys20:26
gmaxwellblablaa: well count yourself ahead a little bit then, as there are people out selling a lot of dreams without ever thinking of that much.20:26
blablaagmaxwell, i appreciated your help, sorry if questions were too stupid.20:27
gmaxwellI still think you're overestimating the requirement level for selling; its an example; but "software that just automatically does whatever is in the owners interest; even 'rule breaking' things" is another.20:27
gmaxwellThere are no stupid questions, only stupid people.20:27
gmaxwell:P20:27
blablaagmaxwell, ok... probably this stupid people was confused by bitcoin way of thinking... and didn't think about the "old" keys that no longer have coins... despite i had just read of this generalized "stake" problem so should have thought about it.20:29
blablaagmaxwell, i was too lazy to think and just asked for a stupid example to get it faster20:29
kanzurehe was not calling you stupid20:29
gmaxwellthats why I call the circularity the fundimental problem, if not for it the key would not longer be useful.20:29
gmaxwellI was not calling you stupid, indeed!20:29
instagibbsit was a joke, I think ganked from a demotivational poster20:29
instagibbshttp://www.despair.com/cluelessness.html20:30
-!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds]20:30
kanzurewhat a wonderful domain name20:30
gmaxwellthis stuff is really hard, and require unusual ways of thinking. Even after working for years on distributed system with no uniform view of time or events in large routing networks cryptocurrency still trips me up from time to time.20:31
blablaagmaxwell, is there something that has some chance in your most optimist dreams to replace PoW?20:32
-!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards20:32
gmaxwellkanzure: so many moons ago when that site was new, I worked for a municipality in the IT department, which was in the grips of some consultants that had us put up a bunch of posters of the style being mocked there (some stock art and some pithy meaningless statement), and one of my employees replaced them; and no one noticed for roughly a year. :P20:33
gmaxwellblablaa: Hard to say; I've learned my lesson with claims of impossiblity; but I've seen a lot of failed things.  I suspect that any replacement wouldn't be as attractive as you'd hope.  POW works because there is an external cost; it also is what makes it fair and inclusive (anyone who can work can participate; which is another whole area where POS fails: existing majority of stake holders can ex20:35
gmaxwellclude participants or censor transactions); but thats also 90% of the what anyone would have to complain about it!20:35
instagibbsassuming the long-term economics of ASIC production/use aren't completely centralizing. Wonder what that landscape will look like in 5 years.20:37
blablaagmaxwell, problem i see with these "external costs" is that they're basically unlimited20:37
andytoshiblablaa: they are limited by the landauer limit20:37
kanzureasics can be produced outside of billion dollar fabs but it will require education and tooling (i estimate <$50k in parts)20:37
blablaaandytoshi, i can't understand20:38
kanzure.wik landauer limit20:38
yoleaux"Landauer's principle, first argued in 1961 by Rolf Landauer of IBM, is a physical principle pertaining to the lower theoretical limit of energy consumption of computation." — http://en.wikipedia.org/wiki/Landauer_limit20:38
andytoshiblablaa: sorry, that was a bit of a hit-and-run comment..20:39
andytoshiblablaa: there is a physical bound on how many joules are required to flip a bit20:39
andytoshiblablaa: you can get a swag on how many bits are required to be flipped to compute a block..20:39
gmaxwellinstagibbs: right well-- thats one of the allowed areas for improvement; really you can say what we use is "Proof of Resources Expended" and for our PoRE we use hashcash. You can ask how good a PoRE a given hashcash is, and things like control of semiconductor fabrication are a consideration.  (some other hashcash implementations are worse on PoRE, e.g. a hashcash which requires a much more compl20:39
gmaxwellex design or patent licensing for the design is a much less decenteralized PoRE)20:40
andytoshioh, actually this is irrelevant, what matters is that ~25BTC of energy will get expended20:40
blablaaandytoshi, yeah nothing to do with what i was saying :P20:40
blablaaandytoshi, i was saying it's hard to put a bound on the rewards that have to be given to miners so that there are enough miners.20:40
gmaxwellthe construction costs are already small compared to operating costs though; for bitcoin's hashcash; so I don't know how much of a consideration any of that is.20:40
andytoshiblablaa: oh, i see, that's fair20:41
gmaxwell(also partly why I boggle at the 'memory hard' camp; since that super strongly moves costs back from operation to construction)20:41
-!- PRab [~chatzilla@2601:4:400:2105:a1de:ce13:2b47:7635] has joined #bitcoin-wizards20:42
instagibbswon't be happy until I get an ASIC in a cereal box20:43
gmaxwellAnd TSMC's profits of $3 billion dollars in a quarter suggest that there is a difference between what it actually costs to build state of the art semiconductor devices and what people pay for them on the market.20:44
kanzureoriginally the 4004 did not cost billions to make20:44
gmaxwellCompetition for energy is a lot more efficient that competition for fab capacity. :)20:44
-!- xcthulhu [~mpwd@pine.noqsi.com] has quit [Quit: xcthulhu]20:46
gmaxwellkanzure: sure you can fabricate a mining asic in a bathtub, but if it's 100,000 times less energy efficient who cares? the cost is the operation, not the fabrication. I wouldn't be too surprised to find out that on the latest processes they can burn through more energy cost in a week than the marginal fabrication cost.20:46
-!- blablaa [~z@unaffiliated/blablaa] has quit [Quit: Ping timeout: 260 seconds]20:46
kanzurehm where are you getting 100 kilotimes less efficient from?20:47
kanzure4004? was just example20:48
phantomcircuitgmaxwell, i believe the marginal cost of production is very close to zero actually20:48
gmaxwellphantomcircuit: well wafers cost several grand a piece.20:48
gmaxwellkanzure: random ass number, but you can see a factor of 100 alone between 100 nm and current state of the art miners.  10um bathtub circuits are a long way from 100nm.20:49
gmaxwellphantomcircuit: but I know it's _very_ low, whatever it is.20:49
kanzurei think you can get 1 micron with some effort, but agreed about 100 nm and 10 nm20:50
phantomcircuitgmaxwell, i believe the cost to produce them is also marginally close to zero20:50
kanzure100 nm maybe with some focused ion beam milling (ugh) but 10 nm is more tricky20:50
phantomcircuitthe capital cost is huge for all of this though20:50
phantomcircuitgmaxwell, iirc the expensive wafers are fairly larger20:51
phantomcircuitlarge*20:51
gmaxwellphantomcircuit: oh fair enough, indeed silicon boule construction scales really well; it mostly works because the crystal growth is self purifying. I'd not considered what the true marginal cost was there.20:51
phantomcircuitso20:51
phantomcircuitin theory someone could setup their own fab and absolutely own the asic market20:52
phantomcircuitbut well20:52
phantomcircuitwho has $10b to spend on bitcoin asics?20:52
gmaxwellphantomcircuit: 300mm now, I think is most popular. which is pretty mind blowing.20:52
gmaxwell(building a 'molecule' which is a foot across. :P )20:53
kanzureelvira sakhipzadovna nabiullina20:53
kanzureor was that a trick question20:53
phantomcircuitgmaxwell, larger wafers directly effect the marginal cost of production20:53
phantomcircuiti believe the majority of the marginal cost is highly skilled labor20:53
phantomcircuitwhich is roughly the same for large or small wafers20:53
kanzureer which skilled labor in particular20:54
gmaxwellthe skill of not tripping over the cealing mounted fab robots.20:54
phantomcircuitthe people running the robots20:54
-!- [7] [~quassel@rockbox/developer/TheSeven] has quit [Disconnected by services]20:54
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards20:55
kanzure"oh no my lazy susan wafer spinner is going to go all skynet on me"?20:55
gmaxwellalso, have you put on a bunnysuit? those things are tricky.20:55
gmaxwell:P20:55
kanzurenot into that20:55
phantomcircuitgmaxwell, ha no20:55
phantomcircuit<instagibbs> won't be happy until I get an ASIC in a cereal box20:56
phantomcircuitim sure there are people who will gladly mail you an asic if you pay for shipping20:57
gmaxwellone of the things that amuses me about living in the bay area is signs "For lease: office space with ISO 3 clean room" signs on random places.20:57
phantomcircuitgmaxwell, biomedical research20:58
instagibbsphantomcircuit: I really don't know the energy efficiency / overall capital cost curve that exists today. My impression is that all the most efficient ASICs are the big bricks/racks that cost a bit20:59
* kanzure watches http://avideos.5min.com/134/5187134/518713362_4.mp4 (transcriptic's facilities) (blame maaku)20:59
gmaxwellsome is, but I doubt anyone is using ISO3 for biomed.20:59
phantomcircuitinstagibbs, power efficiency has virtually nothing to do with total size20:59
instagibbsTheoretically sure, but how about the ASICs coming out of the fabs21:00
instagibbsmeaning21:00
instagibbsthey are marketed to people willing to drop thousands, so they're build and tested that way21:00
gmaxwellinstagibbs: the asics chips being fabricated are all fairly small for a number of reasons; the people who build huge single parts were crazy and their products sucked.21:00
instagibbsI may be wrong. Just the impression21:00
gmaxwellinstagibbs: there is certantly a size for the whole applicance that is optimal, and may be a bit large for home use or whatever; but the same chips can be used in smaller quantity in smaller devices when someone cares to bother to do so.21:02
phantomcircuitgmaxwell, that is more true now that antminer got the chained power stuff right21:04
phantomcircuitbefore that it was less true for things with external 12v/control21:04
gmaxwellyou just have the regulator costs. but there are also shared mechnicals.21:05
instagibbsI wonder what the curve looks like for size. If it's nothing too crazy I don't see why not.21:05
phantomcircuitgmaxwell, eh with 1 asic you could get away without a fan or anything usually21:05
phantomcircuitinstagibbs, the gist is that as real scale you can do things like disable the tiny fans and use facility fans (5-10% power reduction)21:09
phantomcircuitsupply 12v in parallel with multiple PSUs (do not try with consumer ATX PSUs...)21:09
instagibbsInteresting.21:13
phantomcircuitinstagibbs, otoh you have to actually pay for the power infrastructure you're using21:14
phantomcircuitwhich consumers mostly dont pay for directly21:14
instagibbsHobbyists are willing to take various "dings", and 5-10% isn't that crazy21:15
gmaxwellalso, cooling is much easier at non-industrial scale "free heat, hurrah" ... I mean, people use space heaters...21:16
phantomcircuitwhich reminds me21:18
phantomcircuitgmaxwell, just how quiet is an sp20?21:18
gmaxwellwith the fan at whatever low setting I have it at (I think not the lowest?), it's pretty quiet; dunno. desktop computer loud.21:22
instagibbsoh that's not as bad as I was thinking21:23
gmaxwellif it's cranked up its loudish but its much much better than the SP10. not just in terms of how loud, but the SP20 is a not unpleasent white noise; people pay for devices to make noise like this.21:24
gmaxwellSP10 is a minature jet engine array.21:24
-!- instagibbs [60ff5d39@gateway/web/freenode/ip.96.255.93.57] has quit [Quit: Page closed]21:29
-!- iddo [~idddo@unaffiliated/iddo] has quit [Remote host closed the connection]21:33
-!- sparetire [~sparetire@unaffiliated/sparetire] has quit [Ping timeout: 240 seconds]21:34
-!- snakesandbarrels [~snizysnaz@97.95.172.50] has joined #bitcoin-wizards21:36
-!- snakesandbarrels [~snizysnaz@97.95.172.50] has quit [Read error: Connection reset by peer]21:36
-!- sparetire [~sparetire@unaffiliated/sparetire] has joined #bitcoin-wizards21:37
-!- metamarc [~snizysnaz@unaffiliated/agorist000] has quit [Ping timeout: 244 seconds]21:38
-!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards21:39
-!- zooko` [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards21:42
-!- zooko [~user@174-16-95-68.hlrn.qwest.net] has quit [Ping timeout: 255 seconds]21:44
-!- jtimon [~quassel@41.Red-83-59-233.dynamicIP.rima-tde.net] has quit [Ping timeout: 264 seconds]21:50
-!- kmels [~kmels@186.151.61.184] has joined #bitcoin-wizards21:52
-!- hashtag_ [~hashtag@81.0.80.12] has joined #bitcoin-wizards21:54
-!- xcthulhu [~mpwd@pine.noqsi.com] has joined #bitcoin-wizards21:55
-!- AlienProject [~Alien_Pro@72.53.101.165] has joined #bitcoin-wizards22:00
-!- b_lumenkraft [~b_lumenkr@unaffiliated/b-lumenkraft/x-4457406] has joined #bitcoin-wizards22:22
-!- hashtagg_ [~hashtag@81.0.80.12] has joined #bitcoin-wizards22:24
-!- hashtag_ [~hashtag@81.0.80.12] has quit [Ping timeout: 240 seconds]22:27
-!- arubi [~ese168@unaffiliated/arubi] has quit [Quit: Leaving]22:41
-!- Starduster_ [~guest@unaffiliated/starduster] has joined #bitcoin-wizards22:51
-!- AlienProject [~Alien_Pro@72.53.101.165] has quit [Ping timeout: 245 seconds]22:54
-!- Starduster [~guest@unaffiliated/starduster] has quit [Ping timeout: 240 seconds]22:54
gmaxwellandytoshi: some conversation fluffypony and I were having about privacy in ringsignature schemes: http://0bin.net/paste/ZALkbSAwgJ2tS8K1#TbazYhfm4Aegx9ZiIXK0r1j-DYcQwfYV0WVGLVNuJHu23:13
gmaxwellandytoshi: I'm wondering what the necessary and sufficient criteria is for determining if an output has been removed from the sensible anonymity set; and what cheaply computable input selection approach produces better decisions.23:14
gmaxwellI give an example of inputs falling out of the set; three transactions with mixin sets [A, B], [B, C], [C, A]; once those txn exist, inputs A, B, C are out of the running.23:15
gmaxwellI suggest a sufficient algorithim (I think) for avoiding creating bad graphs, which is start with your input, then do not use any other input which is reachable via an undirected co-mixin graph (efficiently computable by running union find over the mixin sets); but thats too agressive, as it'll exclude many reasonable candidates.23:16
gmaxwell(Sad: Union find is probably my favorite algorithim :P )23:17
gmaxwellfluffypony: another criteria to avoid bad graphs is to never create a spend whos mixin set is a permutation of another existing mixin set.23:29
-!- Relos [~Relos@unaffiliated/relos] has quit [Ping timeout: 248 seconds]23:30
gmaxwellas that necessarily guts the privacy of both.  It takes only N spends using an identical mixin set of size N to remove it from the running.  I think thats always the smallest number of transactions required to take a txout out of the running.23:32
gmaxwellThats also not toooo expensive to avoid. Just keep track of every mixin set involving your own inputs; and don't duplicate it.23:35
smoothgmaxwell: alternatively do it on purpose to allow pruning and prevent worse failures23:35
gmaxwellit's expensive to use it for pruning though.  I suppose you could detect when you can close a group with a single transaction, then just do a kind of explicitly less anonymous one and close the group... but the issue there is that _detecting_ that a closed group has been formed is not cheap.23:37
gmaxwelltrivial examples are easy but I can construct graphs which no greedy assignment will be successful.23:38
gmaxwellbut are solvable.23:38
smoothhmm, im not sure. Let say A mixes with B and C. Then if we say that B and C must also mix with (A,B,C) and no one else can mix with those, then it seems easy23:39
smoothbut this may allow attacks where you own A and C and mix with B because you are trying to attack B23:40
gmaxwellyea, also it preclused B and C from having larger sets.23:40
gmaxweller precludes.23:40
smoothi was sort of assumeing fixed size sets23:40
smoothor maybe specified per output23:40
gmaxwellyou actually get much harder to solve graphs with variable sized groups in general.23:41
gmaxwellkeep in mind e.g. [A, B], [B, C], [C, A] ... each of A,B,C actualy know who everyone was in this set. The world doesn't, but those parties do.23:42
gmaxwelle.g. if you know that the real input in the first was A,  then you know that the others were B, C.   If it was B, then the others were C, A.23:43
gmaxwellwhich is pretty awful, works for a cycle of any length too.23:43
gmaxwelle.g. [a,b] [b,c] [c,d] [e,f] ... [z,a]  if you know a single transaction in the cycle you know all of them.23:45
smooththis is the chain reaction of MRL-0001. you dont need a closed cycle and the chain can go on arbitrarily23:47
smoothonce you know a then you know the second is b, etc.23:48
gmaxwellyea, it's espeiclaly bad in the for e.g. bytecoin where the initial utxo set is probably owned by a single person or something due to the fake history.23:51
-!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has quit [Ping timeout: 276 seconds]23:57
-!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded]23:58
-!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards23:59
--- Log closed Sun Apr 19 00:00:22 2015

Generated by irclog2html.py 2.15.0.dev0 by Marius Gedminas - find it at mg.pov.lt!