2015-11-24.log

--- Log opened Tue Nov 24 00:00:34 2015
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		00:04
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards		00:12
-!- grubles [~grubles@unaffiliated/grubles] has quit [Ping timeout: 240 seconds]		00:17
-!- grubles [~grubles@104.238.145.35] has joined #bitcoin-wizards		00:19
-!- grubles is now known as Guest16720		00:19
-!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has joined #bitcoin-wizards		00:35
-!- JackH [~Jack@host-80-43-142-236.as13285.net] has joined #bitcoin-wizards		00:38
-!- pozitrono [~nu@46.166.188.207] has joined #bitcoin-wizards		00:45
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Quit: Leaving]		00:50
-!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards		00:51
-!- tulip [~tulip@unaffiliated/tulip] has quit []		00:53
-!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye]		00:54
-!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards		00:55
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds]		01:03
-!- mkarrer [~mkarrer@17.Red-83-52-38.dynamicIP.rima-tde.net] has quit []		01:15
-!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has quit [Ping timeout: 276 seconds]		01:20
-!- pozitrono [~nu@46.166.188.207] has quit [Ping timeout: 264 seconds]		01:29
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		01:37
-!- Lightsword [~Lightswor@104.194.117.23] has quit [Ping timeout: 272 seconds]		01:41
-!- p15 [~p15@33.91.145.64.client.static.strong-tk2.bringover.net] has joined #bitcoin-wizards		01:46
-!- p15_ [~p15@75.91.145.64.client.static.strong-tk2.bringover.net] has quit [Ping timeout: 250 seconds]		01:48
-!- roconnor [~roconnor@host-45-58-253-108.dyn.295.ca] has quit [Ping timeout: 265 seconds]		02:04
-!- CoinMuncher [~jannes@178.132.211.90] has joined #bitcoin-wizards		02:06
-!- flipswitchbitch [~ielo@88-106-255-49.dynamic.dsl.as9105.com] has joined #bitcoin-wizards		02:08
-!- moa [~kiwigb@103.247.192.222] has joined #bitcoin-wizards		02:14
-!- moa [~kiwigb@103.247.192.222] has quit [Changing host]		02:14
-!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards		02:14
-!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has quit [Quit: the`doctor]		02:25
-!- bramc [~bram@99-75-88-206.lightspeed.sntcca.sbcglobal.net] has quit [Quit: This computer has gone to sleep]		02:37
-!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Ping timeout: 264 seconds]		02:42
gmaxwell	aj: I'd like to review the work here: http://lists.linuxfoundation.org/pipermail/lightning-dev/2015-November/000329.html the mention of OP_CHECK_SECP256K1_MUL_VERIFY gives me concern that something is broken. But I could use an 'extract' of the scheme that assumes I don't know or care anything about lightning.	02:55
-!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards		02:55
aj	gmaxwell: sure!	02:56
aj	gmaxwell: so the idea with HTLCs is you pay to a hash and collect the payment by revealing the preimage. using sha256 or hash160 or whatever means that to forward a htlc you have to reuse the same hash/preimage at each step. i assume you're totally familiar with that?	02:58
gmaxwell	Yes. to make the payment atomic.	02:58
aj	gmaxwell: yeah	02:58
aj	gmaxwell: so it would be nice if you could use different hash/preimages at each step, so that different nodes in the route can't conspire and work out who was paying who. the "previous message" was me trying to do that with a SNARK	03:00
gmaxwell	So in here you pay to randomly relayed pubkeys along the way. But then how is the unlock atomic? e.g. if you just sign with Q at the end, the private key is not revealed... and so the other transfers are stuck, no?	03:00
aj	gmaxwell: so the use of ecc_multiply as the hash function instead solves it much more cleverly	03:01
aj	gmaxwell: ie PUBLIC = g*PREIMAGE	03:01
aj	gmaxwell: so that's still the last step in the chain, but the step prior to that becomes PUBLICn = gPREIMAGEn, and the step before that becomes PUBLICnm = gPREIMAGEnm*	03:02
-!- AaronvanW [~ewout@unaffiliated/aaronvanw] has joined #bitcoin-wizards		03:02
aj	gmaxwell: the n and m are kept secret to the person doing the paying, and the particular node; so they're not random pubkeys, they're random multiples of the next pubkey	03:03
gmaxwell	that was supposted to be 'related'.	03:03
aj	gmaxwell: english should've been designed with a higher hamming distance	03:04
aj	gmaxwell: okay so if you're asked to forward PUBLICnm to PUBLICn; then you need to be told PUBLICnm, PUBLICn, and m; you can then verify the multiplication, and once the payment completes you'll find out PREIMAGEn (because PUBLICn will have just cleared). But you know m, so you multiply and have PREIMAGEnm and can clear the next step	03:06
gmaxwell	Why not this alternative scheme; Q = xG; Q1 = Q+P1, Q2 = Q+P2, Q3 = Q+P3 where the P_n are the single keys of the participants.	03:06
-!- flipswitchbitch [~ielo@88-106-255-49.dynamic.dsl.as9105.com] has quit [Ping timeout: 272 seconds]		03:07
gmaxwell	And instead of revealing Q you sign with it, using a forced static R value, so all the participants learn the discrete log from the signature?	03:07
aj	gmaxwell: because then you could just subtract your key P1 to work out Q and correlate transactions?	03:07
gmaxwell	aj: the 'your key'-- the key is single use, and uniformly distributed.	03:08
aj	gmaxwell: hmm, i'm not sure how that would work	03:08
gmaxwell	(I was going to seperately say you should be doing Q+nG generally, as it is enormously faster and as far as I can tell you need no property of multiplication here)	03:09
gmaxwell	aj: What part isn't clear?	03:09
aj	gmaxwell: so "x" is the secret known by the merchant, and Q is revealed to the consumer, yes?	03:10
gmaxwell	Yes.	03:11
aj	gmaxwell: oh, or is it the signature that's revealed to the consumer, not Q?	03:11
gmaxwell	x is the hash preimage, if you will, Q is the hash. the Q+... the the derrived hashes. whos preimages will be known to the keyholders of P1, P2, P3 ... respectively (and only them), once they know x.	03:12
gmaxwell	x can be disclosed if the payment to Q at the end requires signing with a particular nonce (e.g. substr constraining the signature), and the particupants know the discrete log of that nonce already.	03:14
gmaxwell	beyond not requiring additional constructs and getting rid of the expensive multiply, I think the inner public keys can replace the need for a seperate signature, and potentially make it so that all transactions except the last look like more ordinary multisig transactions.	03:15
aj	gmaxwell: hmm	03:15
aj	gmaxwell: that /sounds/ plausible, but i'll need to work it out with pen and paper...	03:18
aj	gmaxwell: (substr is a disabled opcode though)	03:19
gmaxwell	(there is an extra constraint that you need to show that P_n wasn't generated as a function of Q but there are several ways to do that.)	03:19
gmaxwell	aj: sure, though all the other things you're talking about don't exist. And I would be much more keen to enable substr (it's there in alpha, ...) than a generic point scalar multiply, which is fairly expensive (basically the same cost as a signature verify)	03:20
gmaxwell	single show signatures tend to be useful for other things in any case.	03:21
-!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving]		03:23
-!- moa [~kiwigb@opentransactions/dev/moa] has quit [Ping timeout: 276 seconds]		03:29
aj	gmaxwell: so i think "OP_DUP 16 OP_LEFT <r> OP_EQUALVERFIY <Q> OP_CHECKSIGVERIFY" would let you reveal "x" with just OP_SUBSTR/OP_LEFT; but i don't see how earlier steps could get away with just a regular multisig txn?	03:34
gmaxwell	instead of having to be a preimage + key, they're just payments to a key.	03:36
-!- epopt [~epopt@108-208-198-211.lightspeed.sntcca.sbcglobal.net] has quit [Ping timeout: 272 seconds]		03:36
-!- damethos [~damethos@unaffiliated/damethos] has quit [Ping timeout: 240 seconds]		03:39
-!- matsjj_ [~matsjj@p5B2093BB.dip0.t-ipconnect.de] has joined #bitcoin-wizards		03:39
aj	gmaxwell: but that doesn't work transitively? ie, once I know <x> I can sign with <Q+P3>, but how does that help the next guy sign with <Q+P2>?	03:39
-!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards		03:41
gmaxwell	when he knows x he can with with Q+P2. (presuming he could sign with P2 to begin with, he just adds x to his private key)	03:41
aj	gmaxwell: right, but he doesn't know <x> unless he forces me to sign with a known r too, rather than just asking me to pay to an address?	03:42
gmaxwell	I'm assuming he'll observe the Q single show payment.	03:43
-!- matsjj [~matsjj@p20030089EA107E047892F20D24EAFAFC.dip0.t-ipconnect.de] has quit [Ping timeout: 272 seconds]		03:43
gmaxwell	same deal as with the plain hashlock, everyone tests the same preimage.	03:44
aj	gmaxwell: that only works if he knew the log of the <r> value that i chose?	03:44
gmaxwell	you can all share that in advance. (e.g. Q picks it and tells the whole channel Q,r at the start)	03:44
aj	gmaxwell: seems like that'd require trust... i don't think you'd get to see the reveal of Q normally either -- it'd be in a channel, rather than on the blockchain	03:47
gmaxwell	I don't see how this is different than the case where you are using a common Hx = H(x) everywhere.	03:47
aj	gmaxwell: not using a common Hx is the goal :)	03:47
gmaxwell	Yes for privacy!	03:48
gmaxwell	But you're not making a privacy related objection.	03:48
aj	gmaxwell: but with a common Hx each node along the chain says "Here's x!" to the previous node, who then verifies H(x)=Hx, and repeats. you forward along the same Hx each time because that's the only way you'll convince anyone to give you x	03:49
gmaxwell	okay you're counting on each step forcing there not the final being made public.	03:50
gmaxwell	Then I withdraw that optimization. Still, use of addition and single sure I hope turn out to be useful improvements. :) I'll think more about this.	03:51
aj	gmaxwell: okay :)	03:52
aj	gmaxwell: though... i think maybe you just end up with two OP_CHECKSIGVERIFIES anyway, rather than an OP_ECC_MUL + OP_CHECKSIGVERIFY (or OP_SHA256 + OP_CHECKSIGVERIFY) :(	03:53
aj	gmaxwell: revealing Q with just one OP_CSIGV would let the other guy publish the old commitment tx, then spend your output (ie, getting a refund), but then claim the original payment too (assuming they didn't rip them off in the same way)	03:55
gmaxwell	yes, if each step has to reveal then you need two keys. (a CMS with one being single show)	03:56
aj	CMS?	03:56
gmaxwell	checkmultisig.	03:56
-!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.]		03:57
gmaxwell	I'm going to go try to find a single show signature in the existing system. There may well be one.	03:58
-!- flipswitchbitch [~ielo@88-106-255-49.dynamic.dsl.as9105.com] has joined #bitcoin-wizards		04:04
-!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards		04:07
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds]		04:11
-!- TBI_ [~TBI@20.84-48-195.nextgentel.com] has joined #bitcoin-wizards		04:12
-!- TBI [~TBI@84.48.195.20] has quit [Ping timeout: 240 seconds]		04:14
gmaxwell	y'all are gonna hate me, but I did it: we've already got a single show signature in Bitcoin!	04:29
aj	gmaxwell: ... so what is it?	04:30
gmaxwell	So I have a scheme, where you can give me a pubkey, and I can write a unusual scriptpubkey that pays to it, which you can sign for but not without leaking your private key to the world ... with computational soundness (e.g. you could do an intractable amount of computation and break it.)	04:32
sipa	hashlock where the preimage is the pubkey?	04:35
amiller_	guy fawkes signatures satisfy that description too	04:35
sipa	oh. leaks private key	04:35
gmaxwell	amiller_: from context, it need to be a ECDSA single show for other reasons.	04:35
amiller_	kk, then i'm intrigued to see this	04:36
gmaxwell	b17df64bbaf96453bb63912b939861997275d03435043dcea56a68436895e10f	04:37
gmaxwell	I'll let other people stew on it for a day. Someone might invent a better one along the way. :)	04:37
gmaxwell	amiller_: simplifying the earlier discussion and removing all the LN specific stuff, here is why I want it:	04:39
gmaxwell	Here is a private atomic swap that doesn't need the multiphase "CoinSwap" transform:	04:39
gmaxwell	B computes nonce x and P = xG	04:39
gmaxwell	B sends P, single-show-signature-with P to A	04:39
gmaxwell	B pays to if() {Apub2+P} else {CLTV Bpub}	04:39
gmaxwell	A pays to if() {Bpub, force R key P} else {CLTV Apub}	04:39
gmaxwell	the two payements are unlinkable (assumping apub2 is kept private to alice and bob; uh and assuming my two bpubs above are distinct keys)	04:40
gmaxwell	And they're atomic.	04:40
amiller_	what do you mean by B sends P, single-show-signature-with P to A.... does that reveal x to A?	04:43
gmaxwell	no, it's just a signature. then in the last payment the scriptpubkey requires a signature with P in such a way x will be made public. (e.g. if we had substr, you'd just use it to constrain R to be the R from the earlier signature)	04:46
kanzure	atomic swap should be applied to lightning transaction types at some point	04:46
gmaxwell	so the missing primitive for this private atomic swap was a way to do a signature which will leak the private key in bitcoin today. (since it's nicer if things work now...)	04:47
-!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Ping timeout: 260 seconds]		04:47
amiller_	after step 2 "B sends P, single-show-signature-with P to A", is the message that will be eventually single-show-signed predetermined?	04:50
gmaxwell	can't be, alas, it's a spend of the last transaction (pays) there, so it will commit to that txid.	04:51
-!- p15x [~p15x@111.193.187.214] has quit [Quit: Textual IRC Client: www.textualapp.com]		04:52
amiller_	can you replace "A pays to if() {Bpub, force R key P} else {CLTV Apub}" with simply "A pays to if() {force R key P} else {CLTV Apub}"	04:54
-!- flipswitchbitch [~ielo@88-106-255-49.dynamic.dsl.as9105.com] has quit [Ping timeout: 246 seconds]		04:55
gmaxwell	amiller_: doing to means someone could see that spend and race it (now knowing x) to steal the funds.	04:56
amiller_	i cant see why this is a signature and not just revealing the preimage..... oh i see the point is for them to be unlinkable	04:56
gmaxwell	so the requirement for a Bpubkey there is important.	04:56
gmaxwell	Yes, to be unlinkable.	04:57
-!- Guest1328 is now known as pigeons		04:57
gmaxwell	amiller_: I made a generic scheme for that in the past https://bitcointalk.org/index.php?topic=321228.0 which lets you hide any smart contract from the blockchain and make it private.. including an atomic swap (of the normal hashlock type)... but it has lots of steps, which is a pain to implement, and make it malleability vulnable.	04:58
-!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards		05:00
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		05:04
amiller_	ok i guess that kind of unlinkability is cool enough, that's cool it improves coinswap, i guess it's obvious it's possible in general but probably requires cleverness to do with existing script	05:05
-!- p15 [~p15@33.91.145.64.client.static.strong-tk2.bringover.net] has quit [Ping timeout: 260 seconds]		05:05
-!- smk [9e557647@gateway/web/freenode/ip.158.85.118.71] has quit [Ping timeout: 246 seconds]		05:07
amiller_	since the only tool at your disposal in bitcoin script is checking a signature over the current transaction, i imagine all you can hope to do is check multiple signatures over the same message under different but related public keys	05:14
sipa	and require related k	05:15
-!- SgtStroopwafel [~Chuck@s5597aba6.adsl.online.nl] has quit [Read error: Connection reset by peer]		05:18
amiller_	how do you require related k?	05:18
sipa	i've been asking myself that question for the past half hour	05:18
* gmaxwell cheshire cat		05:20
kanzure	what was the signature scheme where you can insert arbitrary text into the middle of a signature?	05:20
-!- SgtStroopwafel [~Chuck@s5597aba6.adsl.online.nl] has joined #bitcoin-wizards		05:20
kanzure	perhaps adding that sort of requirement would reveal some key info	05:20
kanzure	er, it was not arbitrary text, i am misremembering, but that's already evident by me not remembering the name :-)	05:21
-!- p15x [~p15x@111.193.187.214] has joined #bitcoin-wizards		05:23
aj	hmm, i can related keys, but can't get the sigs from the related keys to be related enough but not too much	05:23
-!- Quanttek [~quassel@ip1f11db5b.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards		05:25
gmaxwell	unrelated; Anyone else here read Mother Earth Mother Board? I think it's online, fun read though probably a bit dated now. In it; it talks about undersea cables, once installed being something of a 'found artifact' ... like stargates left from a prior civilization, where generations of engineers pour over them to characterize them and extract every bit of capacity available... far beyond what t	05:25
gmaxwell	hey originally did. I've thought about the bitcoin network like this at times, just because the cost ratio of upgrading it vs coming up with a crazy way to use what it has already supports doing the latter.	05:25
amiller_	i don't think you can require related k but i also don't see why you need that	05:28
kanzure	there was some idea about using undersea sponges to make fiber optics at some point	05:29
sipa	amiller_: signing with related public keys does not automatically reveal the private key	05:29
sipa	amiller_: or BIP32 would be very broken	05:29
kanzure	like all weird scifi ideas, i am sure that orionsarm.com has shamelessly copied the idea	05:29
aj	gmaxwell: that's the neal stephenson travelogue? was hoping for a scifi story where they were literally found artifacts...	05:30
-!- gielbier [~giel____@a149043.upc-a.chello.nl] has joined #bitcoin-wizards		05:34
-!- gielbier [~giel____@a149043.upc-a.chello.nl] has quit [Changing host]		05:34
-!- gielbier [~giel____@unaffiliated/gielbier] has joined #bitcoin-wizards		05:34
-!- giel__ [~giel____@a149043.upc-a.chello.nl] has joined #bitcoin-wizards		05:38
-!- gielbier is now known as Guest14962		05:39
-!- giel__ is now known as gielbier		05:40
-!- gielbier [~giel____@a149043.upc-a.chello.nl] has quit [Changing host]		05:40
-!- gielbier [~giel____@unaffiliated/gielbier] has joined #bitcoin-wizards		05:40
-!- Guest14962 [~giel____@unaffiliated/gielbier] has quit [Ping timeout: 240 seconds]		05:41
-!- dEBRUYNE [~dEBRUYNE@ww010513.uvt.nl] has joined #bitcoin-wizards		05:47
-!- flipswitchbitch [~ielo@host-92-23-229-197.as13285.net] has joined #bitcoin-wizards		05:51
-!- atgreen [~green@CPE687f74122463-CM00fc8d24cab0.cpe.net.cable.rogers.com] has joined #bitcoin-wizards		05:52
-!- Giszmo [~leo@pc-36-133-241-201.cm.vtr.net] has joined #bitcoin-wizards		05:56
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 250 seconds]		06:03
-!- Quanttek [~quassel@ip1f11db5b.dynamic.kabel-deutschland.de] has quit [Remote host closed the connection]		06:04
-!- p15x [~p15x@111.193.187.214] has quit [Ping timeout: 240 seconds]		06:04
-!- Quanttek [~quassel@ip1f11db5b.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards		06:08
bsm117532	I just noticed that the Iota folks have put out a whitepaper. (It's a DAG-based crypto-currency) At first glance it looks pretty good. http://188.138.57.93/tangle.pdf	06:10
-!- atgreen [~green@CPE687f74122463-CM00fc8d24cab0.cpe.net.cable.rogers.com] has quit [Ping timeout: 272 seconds]		06:14
-!- flipswitchbitch [~ielo@host-92-23-229-197.as13285.net] has quit [Ping timeout: 264 seconds]		06:15
bsm117532	Is Serguei Popov or any of the Iota people going to be at Scaling Bitcoins? If not I'll try to cover this material...	06:32
sipa	that doesn't sound like applicable in the short term to bitcoin proper	06:35
-!- adam3us [~Adium@178.197.228.69] has joined #bitcoin-wizards		06:36
kanzure	"KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs" http://llvm.org/pubs/2008-12-OSDI-KLEE.html (klee stuff)	06:37
-!- rdponticelli [~quassel@190.103.200.8] has joined #bitcoin-wizards		06:43
kanzure	oops didn't know about the name "coin history linearization", would have used that in scalingbitcoin-review.pdf had i known	06:48
kanzure	re: blockchain sharding proposals, https://www.reddit.com/r/Bitcoin/comments/3u1m36/why_arent_we_as_a_community_talking_about/cxbamhn	06:48
-!- adam3us [~Adium@178.197.228.69] has quit [Quit: Leaving.]		06:53
-!- davec [~davec@cpe-24-243-251-52.hot.res.rr.com] has quit [Read error: Connection reset by peer]		07:02
-!- davec [~davec@cpe-24-243-251-52.hot.res.rr.com] has joined #bitcoin-wizards		07:02
-!- adam3us [~Adium@178.197.226.34] has joined #bitcoin-wizards		07:04
-!- sparetire_ [~sparetire@unaffiliated/sparetire] has joined #bitcoin-wizards		07:12
kanzure	is there a way to do a 2-way spv peg where if the sidechain operators don't submit a conflicting proof within some number of confirmations, bitcoin users can recover their deposits to the spv address?	07:13
kanzure	spv address or er, spv mechanism	07:13
kanzure	unrelated; "segwit" == "segregated witness" (took me a few seconds..)	07:14
-!- adam3us [~Adium@178.197.226.34] has quit [Quit: Leaving.]		07:16
sipa	kanzure: should be less.ambiguous than SW!	07:17
bsm1175321	kanzure: I have talked about sharding, and I plan to make noise about it at Scaling Bitcoin, but I don't have any good proposal there. It's hard. (#3 here: http://blog.sldx.com/three-challenges-for-scaling-bitcoin/)	07:21
-!- damethos [~damethos@unaffiliated/damethos] has quit [Ping timeout: 264 seconds]		07:21
-!- fuc [~fuc@91.210.105.101] has quit []		07:21
bsm1175321	sipa: better to take a long road to the right answer than a short-term band-aid that we'll regret the consequences of forever. To that end, DAGs can solve a lot of problems, and we should consider a route to it.	07:22
bsm1175321	If you want to hear how I think we can add a DAG layer to bitcoin without upsetting consensus and bitcoin blocks I can talk about it more here...	07:23
-!- atgreen [~green@209.171.88.136] has joined #bitcoin-wizards		07:24
-!- rdponticelli [~quassel@190.103.200.8] has quit [Ping timeout: 276 seconds]		07:24
-!- dEBRUYNE [~dEBRUYNE@ww010513.uvt.nl] has quit [Ping timeout: 255 seconds]		07:28
-!- simba [~simba@dhcp-18-111-19-189.dyn.mit.edu] has joined #bitcoin-wizards		07:38
-!- simba [~simba@dhcp-18-111-19-189.dyn.mit.edu] has quit [Remote host closed the connection]		07:43
-!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards		07:52
-!- simba [~simba@dhcp-18-111-19-189.dyn.MIT.EDU] has joined #bitcoin-wizards		07:52
-!- pozitron [~nu@89.248.172.147] has joined #bitcoin-wizards		07:55
kanzure	"Asymmetric proof-of-work based on the Generalized Birthday problem" https://eprint.iacr.org/2015/946 https://eprint.iacr.org/2015/946.pdf https://www.reddit.com/r/Bitcoin/comments/3u2gk6/asymmetric_proofofwork_based_on_the_generalized/cxbbauh	08:05
-!- flipswitchbitch [~ielo@host-92-23-224-69.as13285.net] has joined #bitcoin-wizards		08:08
-!- atgreen [~green@209.171.88.136] has quit [Ping timeout: 240 seconds]		08:11
tromp__	kanzure, that was previously discussed at https://www.reddit.com/r/bitcoinxt/comments/3n6hkc/research_paper_asymmetric_proofofwork_based_on/	08:12
bsm1175321	I have a hard time with word salad. Lots of salad in those last few links.	08:14
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		08:33
-!- Guest16720 is now known as grubles		08:37
-!- grubles [~grubles@104.238.145.35] has quit [Changing host]		08:37
-!- grubles [~grubles@unaffiliated/grubles] has joined #bitcoin-wizards		08:37
-!- TBI [~TBI@20.84-48-195.nextgentel.com] has joined #bitcoin-wizards		08:46
-!- TBI_ [~TBI@20.84-48-195.nextgentel.com] has quit [Ping timeout: 260 seconds]		08:48
-!- ebfull [~sean@73.34.119.0] has joined #bitcoin-wizards		08:50
-!- flipswitchbitch [~ielo@host-92-23-224-69.as13285.net] has quit [Ping timeout: 255 seconds]		08:51
Taek	.tell bramc you mentioned earlier working on Bitcion's peer protocol. gavinandresen was also talking about rewriting Bitcoin's peer protocol, perhaps there's value in collaboration	08:55
yoleaux	Taek: I'll pass your message to bramc.	08:55
-!- bramc [~bram@99-75-88-206.lightspeed.sntcca.sbcglobal.net] has joined #bitcoin-wizards		09:03
-!- simba [~simba@dhcp-18-111-19-189.dyn.MIT.EDU] has quit [Remote host closed the connection]		09:06
-!- simba [~simba@dhcp-18-111-19-189.dyn.mit.edu] has joined #bitcoin-wizards		09:06
-!- simba [~simba@dhcp-18-111-19-189.dyn.mit.edu] has quit [Remote host closed the connection]		09:06
-!- psztorc [4575fa8d@gateway/web/freenode/ip.69.117.250.141] has joined #bitcoin-wizards		09:22
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards		09:28
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards		09:32
-!- GGuyZ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has joined #bitcoin-wizards		09:40
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds]		09:44
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 240 seconds]		09:46
kanzure	"OP_CHECKWILDCARDSIGVERIFY or "Wildcard Inputs"" http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-November/011805.html	09:47
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit [Read error: Connection reset by peer]		09:48
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards		09:48
gwillen	kanzure: hmmm interesting	09:50
kanzure	yeah seems likely to work if you can enforce some standard about sorting	09:50
gwillen	oh hm, like sorting the candidate utxos?	09:51
kanzure	right	09:51
kanzure	but lookup time is going to be painful for validators	09:52
kanzure	especially without references	09:52
gwillen	yeah it sounds like he wants it to take them all without actually having to know what they are	09:52
kanzure	validators will always have to know them all	09:52
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards		09:52
gwillen	but if you instead do specify the amount	09:52
gwillen	and just have it take utxos from the beginning in sort order until you reach that amount	09:52
gwillen	and I mean, this is no more annoying for validators than SIGHASH_NO_TXID or whatever	09:53
gwillen	that would be "give me any coin with this scriptpubkey", versus this is "give me _all_ coins with this scriptpubkey"	09:53
-!- cocoBTC [~cocoBTC__@c-233a71d5.136-1-64736c10.cust.bredbandsbolaget.se] has joined #bitcoin-wizards		09:57
kanzure	how would you do miner fees with the partial one?	09:58
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 250 seconds]		09:58
kanzure	you would have to specify the fee amount in script too :)	09:58
-!- Cynexus [~eXile@S0106bcd165307be2.cg.shawcable.net] has joined #bitcoin-wizards		10:00
gwillen	kanzure: I'm imagining that you do specify an input value, contra the original mailing list suggestion	10:01
gwillen	and that value has to be the some of the values of some prefix of the list of possible inputs in whatever the sort order is	10:01
gwillen	and it unambiguously uses all of those	10:01
gwillen	err, the sum*** of the values	10:01
gwillen	and then the fee works as normal	10:02
kanzure	i think that many implementations assume that all inputs are valid, and use that as a way to reject invalid transactions, though	10:02
-!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 272 seconds]		10:02
kanzure	er. valid according to existing rules.	10:02
kanzure	so increases soft-fork difficulty	10:02
gwillen	hmm, can you explain a bit more?	10:02
kanzure	the input would be "invalid" according to existing rules	10:03
-!- cocoBTC [~cocoBTC__@c-233a71d5.136-1-64736c10.cust.bredbandsbolaget.se] has quit [Quit: Leaving]		10:03
kanzure	implementation details- like how validators are implemented- can influence how you choose to implement a soft-forkable feature... if a change requires too much effort, widespread deployment is unlikely.	10:03
gwillen	ahh hmm	10:04
kanzure	i haven't actually looked tho	10:04
-!- hsmiths [uid95325@gateway/web/irccloud.com/x-jzwumdbgbomzymcz] has quit []		10:08
-!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards		10:10
-!- bedeho_ [~bedeho@195.159.234.190] has quit [Ping timeout: 246 seconds]		10:15
zookolaptop	Aw, that's nice that they thank gmaxwell and tromp_: https://eprint.iacr.org/2015/946	10:17
-!- Yoghur114 [~jorn@g227014.upc-g.chello.nl] has joined #bitcoin-wizards		10:22
-!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards		10:24
-!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has joined #bitcoin-wizards		10:27
-!- Emcy_ [~MC@unaffiliated/mc1984] has quit [Ping timeout: 240 seconds]		10:35
-!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards		10:37
-!- Emcy_ [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has joined #bitcoin-wizards		10:38
-!- Emcy_ [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has quit [Changing host]		10:38
-!- Emcy_ [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards		10:38
kanzure	gwillen: also; if you use the no-inputs-ever strategy, then you might accidentally spend some BTC to fees if you receive BTC to that scriptpubkey after you sign a transaction, but before the transaction is confirmed.	10:40
gwillen	kanzure: that's why you do specify a value	10:40
bsm1175321	Hahaa I decided on some terminology: In a DAG if one of your node's parent's parent is one of your own parents, that's {\it incest} and disallowed. (Popov's tangle has incest)	10:44
-!- cocoBTC [~cocoBTC__@c-233a71d5.136-1-64736c10.cust.bredbandsbolaget.se] has joined #bitcoin-wizards		10:46
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		10:47
-!- CoinMuncher [~jannes@178.132.211.90] has quit [Quit: Leaving.]		11:01
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit []		11:02
-!- AnoAnon [~AnoAnon@197.39.235.211] has joined #bitcoin-wizards		11:05
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards		11:05
-!- AnoAnon [~AnoAnon@197.39.235.211] has quit [Max SendQ exceeded]		11:05
-!- matsjj_ [~matsjj@p5B2093BB.dip0.t-ipconnect.de] has quit []		11:06
-!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has joined #bitcoin-wizards		11:06
-!- matsjj [~matsjj@p5B2093BB.dip0.t-ipconnect.de] has joined #bitcoin-wizards		11:07
-!- matsjj [~matsjj@p5B2093BB.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]		11:12
-!- atgreen [~green@38.104.156.251] has joined #bitcoin-wizards		11:13
-!- matsjj [~matsjj@162.216.46.180] has joined #bitcoin-wizards		11:14
-!- Jeremy_Rand [~jeremy@ip68-97-32-41.ok.ok.cox.net] has joined #bitcoin-wizards		11:18
-!- matsjj_ [~matsjj@p20030089EA107E5AE57FED906E2B14D0.dip0.t-ipconnect.de] has joined #bitcoin-wizards		11:20
-!- kwonbie [~me@30-9-149.wireless.csail.mit.edu] has joined #bitcoin-wizards		11:20
-!- matsjj [~matsjj@162.216.46.180] has quit [Ping timeout: 255 seconds]		11:23
-!- GGuyZ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has quit [Read error: Connection reset by peer]		11:23
-!- GGuyZ_ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has joined #bitcoin-wizards		11:24
-!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards		11:30
-!- Lightsword [~Lightswor@104.194.123.94] has joined #bitcoin-wizards		11:34
-!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has quit [Quit: Leaving]		11:36
-!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 250 seconds]		11:38
-!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has joined #bitcoin-wizards		11:43
-!- GGuyZ_ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has quit [Read error: Connection reset by peer]		11:45
-!- GGuyZ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has joined #bitcoin-wizards		11:45
-!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has quit [Read error: Connection reset by peer]		11:46
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards		11:46
-!- GGuyZ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has quit [Quit: GGuyZ]		11:52
-!- justanotheruser [~Justan@12.201.37.4] has joined #bitcoin-wizards		11:56
-!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards		12:01
-!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-vnccgrmwirjygoug] has joined #bitcoin-wizards		12:10
-!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards		12:16
-!- adam3us [~Adium@178.197.233.215] has joined #bitcoin-wizards		12:24
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards		12:28
-!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 260 seconds]		12:28
-!- justanotheruser [~Justan@12.201.37.4] has quit [Ping timeout: 264 seconds]		12:28
-!- justanotheruser [~Justan@12.201.37.4] has joined #bitcoin-wizards		12:30
-!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards		12:34
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Read error: Connection reset by peer]		12:41
-!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has quit [Ping timeout: 276 seconds]		12:46
-!- justanotheruser [~Justan@12.201.37.4] has quit [Quit: leaving]		12:51
-!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has quit [Quit: leaving]		12:51
-!- adam3us [~Adium@178.197.233.215] has quit [Quit: Leaving.]		12:55
-!- pozitron [~nu@89.248.172.147] has quit [Ping timeout: 260 seconds]		12:55
-!- binaryFate [~binaryFat@2a02:2788:9a6:71a:b1f3:76f4:7ab3:7e37] has joined #bitcoin-wizards		13:00
-!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye]		13:05
-!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards		13:06
-!- kwonbie [~me@30-9-149.wireless.csail.mit.edu] has quit [Ping timeout: 272 seconds]		13:12
-!- TBI_ [~TBI@20.84-48-195.nextgentel.com] has joined #bitcoin-wizards		13:14
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards		13:15
-!- TBI [~TBI@20.84-48-195.nextgentel.com] has quit [Ping timeout: 240 seconds]		13:16
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 246 seconds]		13:17
-!- mjerr [~mjerr@p5B2093BB.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]		13:18
-!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards		13:18
-!- Emcy [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has joined #bitcoin-wizards		13:19
-!- Emcy [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has quit [Changing host]		13:19
-!- Emcy [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards		13:19
-!- Emcy_ [~MC@unaffiliated/mc1984] has quit [Ping timeout: 240 seconds]		13:21
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Remote host closed the connection]		13:21
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards		13:24
-!- hsmiths_ [uid95325@gateway/web/irccloud.com/x-nxidfcgxxxnahqum] has joined #bitcoin-wizards		13:30
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer]		13:35
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards		13:36
-!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards		13:38
-!- Guyver2_ [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards		13:38
-!- priidu [~priidu@unaffiliated/priidu] has quit [Read error: Connection reset by peer]		13:41
bsm1175321	Just in case anyone else wanted to read that Iota paper I posted...don't. It's a confused mess with some poorly understood textbook statistics thrown in.	13:42
-!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards		13:43
-!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye]		13:51
-!- simba_ [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards		13:58
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer]		13:58
-!- bramc [~bram@99-75-88-206.lightspeed.sntcca.sbcglobal.net] has quit [Quit: This computer has gone to sleep]		14:03
-!- Jeremy_Rand [~jeremy@ip68-97-32-41.ok.ok.cox.net] has quit [Ping timeout: 260 seconds]		14:04
-!- el33th4x0r [8054a73f@gateway/web/cgi-irc/kiwiirc.com/ip.128.84.167.63] has joined #bitcoin-wizards		14:04
-!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.]		14:06
kanzure	"Bitcoin meets strong consistency" http://www.tik.ee.ethz.ch/file/ed3e5da74fbca5584920e434d9976a12/peercensus.pdf (something about an identity layer?)	14:07
el33th4x0r	Bitcoin already provides strong consistency.	14:09
sipa	eh, no	14:10
el33th4x0r	This meme that is going around that Bitcoin is "eventually consistent" is just wrong.	14:10
sipa	bitcoin is not even eventually consistent. it's probabilistically consistent	14:10
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Read error: Connection reset by peer]		14:10
el33th4x0r	Correct, it's not eventually consistent.	14:10
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards		14:10
el33th4x0r	It provides a very strong probabilistic guarantee.	14:11
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		14:11
sipa	with certain economic assumptions	14:11
-!- kang_ [67efe9a9@gateway/web/freenode/ip.103.239.233.169] has joined #bitcoin-wizards		14:13
el33th4x0r	And assumptions on the hash power of colluding attackers.	14:14
el33th4x0r	but the bottom line is that one cannot look at the tail of the blockchain, observe that it's changing, and conclude that the system is "eventually consistent" or "inconsistent"	14:15
el33th4x0r	Paxos proposals can change over time. Paxos guarantees serializability, one of the strongest consistency guarantees.	14:15
el33th4x0r	When we evaluate databases, we examine their behavior with respect to a Write protocol and Read protocol.	14:16
-!- Alanius [~alan@flyingarm.bar] has quit [Ping timeout: 250 seconds]		14:16
-!- Alanius [~alan@flyingarm.bar] has joined #bitcoin-wizards		14:16
el33th4x0r	We do not examine the intermediate states of their internal data structures. No one cares that those change, as long as the changes are not reflected to clients through the Read()/Write() API.	14:17
el33th4x0r	I've heard various people mention casually that Bitcoin offers weak consistency. This is incorrect -- the exponentially-decaying probabilistic guarantee offered by Bitcoin is stronger than most distributed databases.	14:19
amiller_	i think they should cite Exposing Computationally-Challenged Byzantine Impostors ftp://haskell.cs.yale.edu/pub/TR/tr1332.pdf and PoW-Based Distributed Cryptography with No Trusted Setup http://link.springer.com/chapter/10.1007/978-3-662-48000-7_19	14:21
-!- lnovy [~lnovy@2002:4d57:f055::1] has quit [Ping timeout: 240 seconds]		14:34
bsm1175321	el33th4x0r: Bitcoin's consistency is only asymptotic, not convergent (and certainly not exponential). Academic studies (PAXOS) generally go for convergence.	14:35
kanzure	ah gmaxwell already posted a comment https://www.reddit.com/r/Bitcoin/comments/3u3c2g/roasbeef_bitcoin_meets_strong_consistency_paper/cxbru1g	14:36
-!- digitalmagus [~digitalma@unaffiliated/digitalmagus] has joined #bitcoin-wizards		14:36
-!- lnovy [~lnovy@2002:4d57:f055::1] has joined #bitcoin-wizards		14:36
-!- simba_ [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer]		14:37
el33th4x0r	Paxos is not an academic study, it's a protocol.	14:37
-!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has joined #bitcoin-wizards		14:37
bsm1175321	It originated in academia and is well studied there.	14:37
el33th4x0r	Right, I'm an academic, well aware of Paxos' origins.	14:38
el33th4x0r	If we wanted to be pedantic, Synod is the original consensus protocol, and Paxos has been applied to a family of consensus protocols.	14:39
bsm1175321	So why this dislike of "weak consistency"? Isn't it just saying "asymptotic"?	14:39
el33th4x0r	Because Bitcoin provides something stronger than weak consistency. Also, the framework people use to evaluate it is broken.	14:40
el33th4x0r	BTW "convergent" is not a well-defined term. And the probabilistic guarantee offered by Bitcoin is certainly exponential, discussed in the white paper.	14:40
bsm1175321	Convergent is a very well defined mathematical term.	14:41
el33th4x0r	Can you please define it for consensus protocols?	14:41
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Quit: GGuyZ]		14:41
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards		14:41
* bsm1175321 looks through notes. Would be happy to be wrong about this...		14:44
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards		14:52
bsm1175321	el33th4x0r: I think you're right. "Probabilistic Convergence" is better. If I figure out why I decided it was asymptotic I'll post about it. But the probability of an attacker with hashpower < 0.5 creating the highest-weight chain is absolutely convergent to zero.	14:56
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 264 seconds]		14:59
-!- atgreen [~green@38.104.156.251] has quit [Ping timeout: 255 seconds]		15:02
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Quit: :)]		15:03
-!- Guyver2_ is now known as Guyver2		15:03
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Read error: Connection reset by peer]		15:03
el33th4x0r	bsm1175321: Great. And the probability of an attacker with hashpower < 0.33 creating the highest-weight chain indeed converges to 0 with increasing block height.	15:04
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit [Remote host closed the connection]		15:04
bsm1175321	Modulo the selfish mining attack...	15:05
bsm1175321	Which I think you wrote, no?	15:05
el33th4x0r	Right, that's me and Ittay Eyal.	15:05
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards		15:05
-!- flipswitchbitch [~ielo@host-92-23-224-69.as13285.net] has joined #bitcoin-wizards		15:06
el33th4x0r	I'll head home for dinner and baby play, but let me leave on a positive note: we all have good reason to be proud of Bitcoin when it comes to claims about its consistency.	15:07
el33th4x0r	It provides stronger consistency guarantees than Mongo, for instance.	15:07
el33th4x0r	Not as strong as HyperDex, which provides a linearizability guarantee, but still stronger than many of the systems that people use to store their data.	15:08
el33th4x0r	Judging Bitcoin by the presence of change at the blockchain's tail reflects confusion, because no one would judge Paxos or Zab or RAFT by how the leader changes its proposal.	15:10
-!- binaryFate [~binaryFat@2a02:2788:9a6:71a:b1f3:76f4:7ab3:7e37] has quit [Quit: Konversation terminated!]		15:11
-!- el33th4x0r [8054a73f@gateway/web/cgi-irc/kiwiirc.com/ip.128.84.167.63] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]		15:11
-!- psztorc_ [~psztorc@2607:fb90:e60:6c0a:5dfd:1d72:e0f0:1068] has joined #bitcoin-wizards		15:14
-!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has quit [Read error: Connection reset by peer]		15:14
-!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has quit [Quit: Leaving]		15:14
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards		15:14
-!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has joined #bitcoin-wizards		15:17
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has left #bitcoin-wizards []		15:19
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards		15:20
-!- belcher [~user@unaffiliated/belcher] has joined #bitcoin-wizards		15:24
* rusty2 pings gmaxwell...		15:28
-!- Burrito [~Burrito@unaffiliated/burrito] has quit [Ping timeout: 276 seconds]		15:31
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer]		15:36
-!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has joined #bitcoin-wizards		15:36
-!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has joined #bitcoin-wizards		15:38
-!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has quit [Read error: Connection reset by peer]		15:39
-!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has joined #bitcoin-wizards		15:41
-!- hsmiths_ [uid95325@gateway/web/irccloud.com/x-nxidfcgxxxnahqum] has quit [Quit: Connection closed for inactivity]		15:42
-!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-vnccgrmwirjygoug] has quit [Quit: Connection closed for inactivity]		15:45
-!- Quanttek [~quassel@ip1f11db5b.dynamic.kabel-deutschland.de] has quit [Ping timeout: 260 seconds]		15:46
-!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-ndfecrcpeheykywn] has joined #bitcoin-wizards		15:52
-!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving]		15:57
-!- bramc [~bram@99-75-88-206.lightspeed.sntcca.sbcglobal.net] has joined #bitcoin-wizards		16:05
-!- flipswitchbitch [~ielo@host-92-23-224-69.as13285.net] has quit [Ping timeout: 240 seconds]		16:06
-!- Starduster [~guest@unaffiliated/starduster] has quit [Ping timeout: 276 seconds]		16:11
-!- Starduster [~guest@unaffiliated/starduster] has joined #bitcoin-wizards		16:12
-!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has quit [Ping timeout: 255 seconds]		16:13
-!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has quit [Read error: Connection reset by peer]		16:14
-!- frankenmint [~frankenmi@75-175-72-226.ptld.qwest.net] has joined #bitcoin-wizards		16:14
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards		16:14
-!- arowser [~quassel@106.120.101.38] has quit [Quit: No Ping reply in 180 seconds.]		16:20
-!- arowser [~quassel@106.120.101.38] has joined #bitcoin-wizards		16:21
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards		16:26
-!- Yoghur114 [~jorn@g227014.upc-g.chello.nl] has quit [Remote host closed the connection]		16:32
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer]		16:36
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards		16:36
-!- smk [2ef67c2a@gateway/web/freenode/ip.46.246.124.42] has joined #bitcoin-wizards		16:36
-!- psztorc__ [~psztorc@ool-4575fa8d.dyn.optonline.net] has joined #bitcoin-wizards		16:37
-!- psztorc_ [~psztorc@2607:fb90:e60:6c0a:5dfd:1d72:e0f0:1068] has quit [Ping timeout: 272 seconds]		16:40
-!- Cynexus [~eXile@S0106bcd165307be2.cg.shawcable.net] has quit [Ping timeout: 240 seconds]		16:51
-!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has quit [Remote host closed the connection]		16:53
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-zowntxnmndwnhcxr] has quit [Quit: Connection closed for inactivity]		16:54
-!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has joined #bitcoin-wizards		16:55
-!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards		16:57
-!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has quit [Read error: Connection reset by peer]		16:59
-!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has joined #bitcoin-wizards		17:01
-!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards		17:07
-!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has quit [Quit: Ctrl-C at console.]		17:07
-!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards		17:07
bramc	Asymptotic rolling consistency, with no one single moment having absolute consensus except in retrospect, is how all databases should work.	17:09
yoleaux	24 Nov 2015 16:55Z <Taek> bramc: you mentioned earlier working on Bitcion's peer protocol. gavinandresen was also talking about rewriting Bitcoin's peer protocol, perhaps there's value in collaboration	17:09
bramc	Taek, Right Gavin's muttering about it is why I was thinking about it. I don't actually know how Bitcoin's peer protocol works though, I just have some slightly sketchy thoughts about how I'd do it from scratch.	17:10
-!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has quit [Client Quit]		17:12
-!- phantomcircuit [phantomcir@2600:3c01::f03c:91ff:fe73:6892] has quit [Quit: quit]		17:12
-!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards		17:12
-!- SwedFTP [~SwedFTP@unaffiliated/swedftp] has quit [Ping timeout: 246 seconds]		17:13
-!- phantomcircuit [phantomcir@2600:3c01::f03c:91ff:fe73:6892] has joined #bitcoin-wizards		17:13
-!- huseby [~huseby@unaffiliated/huseby] has quit [Ping timeout: 264 seconds]		17:14
bramc	So at some point I should sit down with someone who knows the current protocol well and discuss it.	17:18
-!- bliljerk101 [~bliljerk1@c-71-60-0-241.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]		17:18
-!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has quit [Ping timeout: 272 seconds]		17:19
kang_	bramc: record it	17:19
-!- Guest46756 [~bliljerk1@2601:547:c303:6cd0:fced:ecd9:65f9:1a5e] has joined #bitcoin-wizards		17:19
-!- SwedFTP [~SwedFTP@unaffiliated/swedftp] has joined #bitcoin-wizards		17:20
-!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has quit [Quit: Ctrl-C at console.]		17:21
-!- huseby [~huseby@unaffiliated/huseby] has joined #bitcoin-wizards		17:25
-!- cocoBTC [~cocoBTC__@c-233a71d5.136-1-64736c10.cust.bredbandsbolaget.se] has quit [Quit: Leaving]		17:25
-!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards		17:32
-!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards		17:40
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 255 seconds]		17:51
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Ping timeout: 240 seconds]		17:55
-!- giel__ [~giel____@a149043.upc-a.chello.nl] has joined #bitcoin-wizards		18:00
-!- wumpus [~quassel@pdpc/supporter/professional/wumpus] has quit [Ping timeout: 240 seconds]		18:01
-!- gielbier [~giel____@unaffiliated/gielbier] has quit [Ping timeout: 260 seconds]		18:02
bramc	Has anybody looked at http://eprint.iacr.org/2015/366.pdf ? It's got a nontrivial proof of time	18:02
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit [Remote host closed the connection]		18:03
-!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has quit [Ping timeout: 260 seconds]		18:03
-!- wumpus [~quassel@pdpc/supporter/professional/wumpus] has joined #bitcoin-wizards		18:03
-!- AaronvanW [~ewout@unaffiliated/aaronvanw] has quit [Ping timeout: 246 seconds]		18:09
tromp__	i read the first 2 sections:)	18:18
bramc	tromp__ I'm finding section 3 nontrivial, but it says that their construction is based on modular square roots, which raises the question of why not simply do repeated modular square roots	18:25
-!- bildramer [~bildramer@p5DC8A746.dip0.t-ipconnect.de] has quit [Ping timeout: 272 seconds]		18:28
-!- bildramer [~bildramer@93.200.167.70] has joined #bitcoin-wizards		18:29
tromp__	those do not take more time to compute	18:30
tromp__	for a prime field the multiplicative order is p-1	18:31
tromp__	so computing a square root is taking a (p-1)/2 -th power	18:31
tromp__	a sqrt of a sqrt is cheaper, just (p-1)/4 th power	18:31
tromp__	uhm, wait. what happens if p == 3 mod 4	18:32
gmaxwell	tromp__: if the field is congruent to 3 mod 4, then you can use the (p+1)/4th power (and simular to get a 4th root)	18:33
gmaxwell	if P has other structure you can also construct a more efficient powering ladder (e.g. if its a repunit prime like 2^127-1 you can do most of the work by repeated squaring).	18:35
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards		18:38
bramc	Oh I see	18:39
gmaxwell	bramc: in any case the way sqrt works over a field is that the roots of member of the field that is a quadratic residue form a cyclic subgrop with a known number of members, so the way you find the sqrt is effectiely by going all the way around the long way, repeatly squaring to get to the members-1th step.	18:39
gmaxwell	(and since we know how big the group is, we can just efficiently raise to the relevant power)	18:39
bramc	This might be a fairly good practical speedup, because the constant multiplier has to do with number of bits instead of number of bytes	18:40
bramc	although, umm, you don't have the floating multiplier that you do in the repeated hashing constructions. Apparently I need to trudge through the rest of this paper.	18:42
-!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has quit [Ping timeout: 250 seconds]		18:45
-!- giel___ [~giel____@a149043.upc-a.chello.nl] has joined #bitcoin-wizards		18:47
-!- giel__ [~giel____@a149043.upc-a.chello.nl] has quit [Read error: Connection reset by peer]		18:47
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards		18:51
-!- belcher [~user@unaffiliated/belcher] has quit [Quit: Leaving]		18:52
-!- Jeremy_Rand [~jeremy@ip68-97-32-41.ok.ok.cox.net] has joined #bitcoin-wizards		18:55
-!- tulip [~tulip@unaffiliated/tulip] has joined #bitcoin-wizards		19:00
-!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 240 seconds]		19:01
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Read error: Connection reset by peer]		19:01
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards		19:01
-!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards		19:07
-!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards		19:10
bramc	I'm not following their sloth construction, but if you're shooting for the biggest ratio of time to generate versus time to verify for a given size proof, I think it's best to just pick as large of a P which will fit.	19:11
-!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has quit [Ping timeout: 265 seconds]		19:15
-!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-ndfecrcpeheykywn] has quit [Quit: Connection closed for inactivity]		19:25
-!- blkdb [~blkdb@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards		19:25
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 250 seconds]		19:27
tromp__	hmmm, a megabit prime?	19:27
-!- atgreen [~green@CPE687f74122463-CM00fc8d24cab0.cpe.net.cable.rogers.com] has joined #bitcoin-wizards		19:28
tromp__	then optimization freeness may suffer, as you need these fancy FFT based multiplication methods for best performance	19:29
katu	i find their argument (well or more or less lack of) that tonneli-shanks root finding is unparallelizabl lacking	19:29
katu	its a probabilistic meet-in-the middle algorithm	19:29
-!- blkdb [~blkdb@2a01:4f8:212:1ea2::2] has quit [Remote host closed the connection]		19:31
-!- blkdb [~blkdb@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards		19:35
bramc	tromp__ The whole thing is going to have to assume quite a bit of known best optimization	19:36
tromp__	yes, that's the shaky part. with iterated hash there is little worry about the optimal way to compute it:)	19:37
gmaxwell	There needs to be one of these SMBC comics that chargs "knoweldge of number theory" vs "faith that any asymmetric cryptography is actually secure in the long run" that goes up for a bit then down to almost zero then up a little bit and stays flat. :)	19:42
gmaxwell	[Another topic] Someone on reddit was complaining ( https://www.reddit.com/r/Bitcoin/comments/3u5b1d/my_exchange_with_coinbase_ceo_brian_armstrong/ ) that coinbase terminated the payment processing account for his NSFW comic book business, I responded extolling the virtues of not using third party payment processing and complained about soft-power regulation that bypasses due process by putting p	19:49
gmaxwell	ressure on commercial intermediaries but not banning things, and said I hoped tech like Bitcoin would reduce reliance on vulnerable choke-points. Apparently the name of one DOJ program doing this sort of thing is "operation chokepoint". I guess I approve of the naming!	19:49
kanzure	yes it is nice when they use independently derivable naming	19:55
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Quit: GGuyZ]		19:59
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards		20:11
-!- [7] [~quassel@rockbox/developer/TheSeven] has quit [Disconnected by services]		20:16
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards		20:17
-!- mm_1 [bnc33@bnc33.nitrado.net] has quit [Ping timeout: 260 seconds]		20:25
-!- arowser [~quassel@106.120.101.38] has quit [Quit: No Ping reply in 180 seconds.]		20:26
-!- arowser [~quassel@106.120.101.38] has joined #bitcoin-wizards		20:26
-!- mm_1 [bnc33@bnc33.nitrado.net] has joined #bitcoin-wizards		20:27
-!- roconnor [~roconnor@host-45-58-254-171.dyn.295.ca] has joined #bitcoin-wizards		20:29
-!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Quit: GGuyZ]		20:32
-!- Burrito [~Burrito@unaffiliated/burrito] has joined #bitcoin-wizards		20:32
-!- PRab [~chatzilla@c-68-34-102-231.hsd1.mi.comcast.net] has joined #bitcoin-wizards		20:40
-!- adam3us [~Adium@178.197.236.204] has joined #bitcoin-wizards		20:42
-!- kang_ [67efe9a9@gateway/web/freenode/ip.103.239.233.169] has quit [Quit: Page closed]		20:43
-!- jaekwon [~jaekwon@2601:645:c001:263a:79d2:1f15:1228:6d0f] has joined #bitcoin-wizards		20:58
-!- psztorc__ [~psztorc@ool-4575fa8d.dyn.optonline.net] has quit [Ping timeout: 240 seconds]		20:58
-!- psztorc_ [~psztorc@ool-4575fa8d.dyn.optonline.net] has joined #bitcoin-wizards		21:00
-!- p15 [~p15@114.248.208.87] has joined #bitcoin-wizards		21:01
-!- jaekwon [~jaekwon@2601:645:c001:263a:79d2:1f15:1228:6d0f] has quit [Remote host closed the connection]		21:09
-!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has joined #bitcoin-wizards		21:10
-!- p15 [~p15@114.248.208.87] has quit [Quit: Textual IRC Client: www.textualapp.com]		21:17
-!- sparetire_ [~sparetire@unaffiliated/sparetire] has quit [Quit: sparetire_]		21:17
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 272 seconds]		21:47
-!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has quit [Quit: the`doctor]		21:49
-!- adam3us1 [~Adium@178.197.227.255] has joined #bitcoin-wizards		21:56
-!- adam3us [~Adium@178.197.236.204] has quit [Ping timeout: 272 seconds]		21:57
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards		22:05
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		22:13
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards		22:22
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 240 seconds]		22:22
-!- binaryatrocity [~quassel@unaffiliated/br4n] has quit [Quit: No Ping reply in 180 seconds.]		22:23
-!- ratbanebo [~ratbanebo@78-23-10-185.access.telenet.be] has quit []		22:26
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards		22:41
-!- Giszmo [~leo@pc-36-133-241-201.cm.vtr.net] has quit [Quit: Leaving.]		22:42
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 250 seconds]		22:48
-!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards		22:52
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 246 seconds]		22:53
-!- mjerr [~mjerr@p5B2093BB.dip0.t-ipconnect.de] has joined #bitcoin-wizards		23:08
-!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has joined #bitcoin-wizards		23:08
-!- ebfull [~sean@73.34.119.0] has quit [Remote host closed the connection]		23:36
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-kssotdfzbjvavpmi] has joined #bitcoin-wizards		23:47
-!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer]		23:50
-!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has joined #bitcoin-wizards		23:52
-!- ebfull [~sean@73.34.119.0] has joined #bitcoin-wizards		23:56
--- Log closed Wed Nov 25 00:00:35 2015

Generated by irclog2html.py 2.15.0.dev0 by Marius Gedminas - find it at mg.pov.lt!