--- Log opened Wed Feb 20 00:00:54 2019
00:48 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 246 seconds]
02:32 -!- elichai2 [uid212594@gateway/web/irccloud.com/x-sztoaakskooyefnq] has joined #rust-bitcoin
02:45 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
02:45 < cjs77> I'm grokking the MuSig code is elements; aiui, you can skip the "Hash commitment sharing" step if you're willing to accept the OMDL assumption over the DL assumption. How much weaker is OMDL / why would you (not) recommend skipping that step?
03:36 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 240 seconds]
04:03 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
04:04 -!- TamasBlummer1 [~Thunderbi@p200300DD672D1A64359A3327C2060744.dip0.t-ipconnect.de] has joined #rust-bitcoin
04:06 -!- TamasBlummer [~Thunderbi@p200300DD672D1A42CCB192D64AAB9220.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
04:06 -!- TamasBlummer1 is now known as TamasBlummer
04:40 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 250 seconds]
05:24 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has joined #rust-bitcoin
05:29 < andytoshi> cjs77: you cannot skip that step
05:29 < andytoshi> do you recall where you heard that you could?
05:29 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
05:33 < andytoshi> stevenroose: how do you imagine the split between rust-bitcoin and rust-miniscript?
05:34 < andytoshi> my thinking was that we'd keep everything descriptor-related in rust-miniscript
05:34 < cjs77> andytoshi: https://blockstream.com/2018/01/23/musig-key-aggregation-schnorr-signatures/
05:34 < cjs77> > Technically, BN has a precommit round, where the signers first reveal H(Ri) to each other, before revealing the Ri points themselves. This step is necessary to prove security under the DL assumption, but it can be avoided if we instead accept the OMDL assumption. This is also the distinction between two-round and three-round MuSig.
05:34 < andytoshi> cjs77: o shit! thank you
05:34 < andytoshi> we were incorrect about that
05:34 < andytoshi> will update with a correction
05:35 < cjs77> So there's no 2-round MuSig anymore?
05:35 < andytoshi> not yet ;)
05:35 < cjs77> :)
05:35 < andytoshi> cjs77: the old 2-round scheme was actually broken by https://mobile.twitter.com/gregoryneven/status/1082337250304638976
05:35 < andytoshi> (that's a paper, even though i'm linking to twitter ;))
05:35 < cjs77> MY team called me out on this today, and I used the appeal to authority that Blockstream said it was ok ;)
05:36 < andytoshi> oof
05:36 < andytoshi> sorry about that
05:36 < cjs77> lol, np
05:36 < andytoshi> this was my bad - i did make this claim in public a ton of times, but i didn't realize i'd written it down somewhere authoritative
05:37 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
05:38 < cjs77> On the topic, the "session id" concept in your implementation to try and prevent replay attacks looks pretty much like a local state machine; there's no global registry of previous sessions or anything like that is there? I mean that sounds pretty impractical
05:39 < andytoshi> cjs77: you can just use a counter
05:39 < andytoshi> you need like 8 bytes of persistent storage
05:39 < andytoshi> but correct, our API provides no help at all with this
05:40 < cjs77> on the blockchain or wherever
05:40 < andytoshi> no, in your secure hardware
05:40 < andytoshi> you need to maintain a counter which never returns the same value
05:40 < andytoshi> and you can use that as a session ID
05:40 < cjs77> right
05:41 < andytoshi> alternately, if you have some source of randomness, you can just use 32 random bytes ... you don't need *good* randomness, just enough to avoid repeating with nonneglible probability
05:41 < andytoshi> then you can get away without any state
05:45 < cjs77> sure, makes sense.
06:12 -!- jtimon [~quassel@119.24.134.37.dynamic.jazztel.es] has joined #rust-bitcoin
06:13 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
06:25 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 268 seconds]
06:39 < stevenroose> andytoshi: saw your comment on github first, answered there.
06:41 < stevenroose> andytoshi: I think for now that would be ok. Just in the future scenario where descriptors might become widely used like an alternative to addresses, f.e., it would be convenient to have at least the passive representation in rust-bitcoin to not require all dependent packages to have another dependency on miniscript.
06:41 < stevenroose> Thinking about packages that do JSON serialization f.e.
06:54 < andytoshi> ok, sure
06:54 < andytoshi> i also considered having a "small" descriptor format in rust-bitcoin that didn't have full miniscript support, and somehow using generics to make rust
06:54 < andytoshi> rust-miniscript use this
06:55 < andytoshi> but i didn't flesh out the idea
07:10 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
07:22 -!- icota [~igor@141-136-187-44.dsl.iskon.hr] has quit [Quit: Konversation terminated!]
07:22 -!- icota [~igor@141-136-187-44.dsl.iskon.hr] has joined #rust-bitcoin
09:31 -!- jtimon [~quassel@119.24.134.37.dynamic.jazztel.es] has quit [Quit: gone]
10:50 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Remote host closed the connection]
10:50 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
10:56 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 268 seconds]
10:57 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
11:02 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 246 seconds]
11:02 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
11:31 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has joined #rust-bitcoin
12:25 < dongcarl> PSBT is rebased and ready for review: https://github.com/rust-bitcoin/rust-bitcoin/pull/103
12:36 < dongcarl> The most important review beg so far ^
13:09 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 256 seconds]
13:21 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Remote host closed the connection]
13:51 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
14:13 -!- elichai2 [uid212594@gateway/web/irccloud.com/x-sztoaakskooyefnq] has quit [Quit: Connection closed for inactivity]
14:22 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 245 seconds]
14:38 -!- CubicEarth [~CubicEart@c-67-168-1-172.hsd1.wa.comcast.net] has quit [Ping timeout: 268 seconds]
14:39 -!- CubicEarth [~CubicEart@c-67-168-1-172.hsd1.wa.comcast.net] has joined #rust-bitcoin
14:59 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
15:32 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 268 seconds]
17:29 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
18:15 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 255 seconds]
19:09 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
19:14 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 264 seconds]
21:10 -!- schmidty [~schmidty@unaffiliated/schmidty] has joined #rust-bitcoin
21:46 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #rust-bitcoin
22:04 -!- schmidty [~schmidty@unaffiliated/schmidty] has quit [Ping timeout: 255 seconds]
--- Log closed Thu Feb 21 00:00:55 2019