--- Day changed Fri Nov 17 2017
00:07 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Quit: oleganza]     
00:46 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has joined #secp256k1     
01:02 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Quit: oleganza]     
01:10 < nickler> andytoshi: https://github.com/apoelstra/secp256k1-mw/blob/bulletproofs/src/modules/bulletproof/inner_product_impl.h#L56 looks like 64*(2+3) = 320 summands, so should be a bit faster with pippenger_wnaf
01:40 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Remote host closed the connection]     
01:49 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
02:03 -!- roconnor_ [~roconnor@host-192.252-163-122.dyn.295.ca] has quit [Ping timeout: 248 seconds]     
02:46 -!- nickler [~nickler@185.12.46.130] has quit [Ping timeout: 268 seconds]     
03:03 -!- nickler [~nickler@185.12.46.130] has joined #secp256k1     
04:12 -!- roconnor_ [~roconnor@host-45-58-213-120.dyn.295.ca] has joined #secp256k1     
04:12 < andytoshi> nickler: no, it's 64*2 + 6*2 + 1 = 141
04:38 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Read error: Connection reset by peer]     
04:41 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
05:29 < nickler> ok, in that case pippenger_wnaf would only be beneficial with endo
05:53 < andytoshi> yeah
05:53 < andytoshi> though i'm working on the rangeproof now and it looks like there's another 64 (plus a few) things to multiexp
05:54 < andytoshi> looking at whether i can eliminate that somehow
05:58 -!- d4de [~d4de@41.35.242.251] has joined #secp256k1     
06:18 -!- jtimon [~quassel@164.31.134.37.dynamic.jazztel.es] has joined #secp256k1     
08:07 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Remote host closed the connection]     
08:10 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
09:26 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has joined #secp256k1     
10:18 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has joined #secp256k1     
11:32 < andytoshi> regarding aggregation of bulletproofs, if we want to aggregate a non-power-of-2 number of proofs then the inner product argument becomes a bit weird
11:32 < andytoshi> is there an obvious trick for how to handle this efficiently? i was imagining "padding" with extra proofs whose generators are all the identity or something like that
11:32 < andytoshi> i should put "generators" in quotes there :P
11:36 < gmaxwell> bleh.
11:36 < gmaxwell> perhaps it's reasonable to get the whole thing implemented supporting only powers of two so we can benchmark it.
11:39 < andytoshi> yeah, sure
11:40 < andytoshi> in practice i suspect that 2 is the most common aggregate (a single transaction) and 4 is the next-common (2-party coinjoin of typical transactions)
11:40 < andytoshi> and then anything larger is like exchange payouts and maybe if they're incentivized to payout in powers of 2 they'll do it :P
11:43 < gmaxwell> I think for prod we would need to support 3,5 etc.. but we don't need to for benchmarking, and this is code that will benefit from reworking later anyways.
12:27 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Remote host closed the connection]     
13:09 -!- MrBusiness [~ArcMrBism@2602:306:8325:a300:a:d288:b2ca:3c7f] has quit [Ping timeout: 250 seconds]     
13:22 -!- MrBusiness [~ArcMrBism@2602:306:8325:a300:a:d288:b2ca:3c7f] has joined #secp256k1     
13:34 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Remote host closed the connection]     
13:34 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has joined #secp256k1     
15:35 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Quit: oleganza]     
15:36 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has joined #secp256k1     
15:36 -!- oleganza [~oleganza@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Client Quit]     
16:04 < gmaxwell> andytoshi: the additional things to multiexp, is that a seperate multiexp or just a bigger one?
16:14 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 240 seconds]     
16:14 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1     
17:26 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Ping timeout: 248 seconds]     
18:38 -!- jtimon [~quassel@164.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 248 seconds]     
20:42 -!- Cory [~Cory@unaffiliated/cory] has quit [Ping timeout: 250 seconds]     
20:50 -!- Cory [~Cory@unaffiliated/cory] has joined #secp256k1     
20:56 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has joined #secp256k1     
20:59 < andytoshi> gmaxwell: it's a separate multiexp, tho you can always combine them by randomizing them
20:59 < andytoshi> but i'm talking to benedikt, i think (tentatively) that i can eliminate it by modifying the protocol
21:15 < gmaxwell> without loss of generality?
21:18 < andytoshi> idk what you mean, a rangeproof is not very general to begin with
21:20 < andytoshi> but i mean that the current protocol, i think, has 9 + N exponentiations to do, and i think i can get that down to 10 at the expense of having N more scalar mults to do
21:21 < gmaxwell> andytoshi: bulletproofs quite easily apply to arbritary arithmetic circuits, see benedikt's implementation.
21:21 < gmaxwell> oh, hm. N to 1...
21:21 < andytoshi> ok, i haven't looked at the general case
21:22 < gmaxwell> that isn't a small difference either.
21:23 < andytoshi> i had thought the rangeproof (which proves a couple specific polynomials have a specific inner product) was something of a different beast from the general arithmetic circuits
21:28 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Quit: oleganza]     
21:45 < gmaxwell> andytoshi: not by much.
21:46 < gmaxwell> perhaps there are optimizations that are worthwhile and exist only in the rangeproof case, not sure.
21:47 < gmaxwell> If they're big wins I guess we should use them, though I would generally hate to lose the generality.
21:57 < sipa> generally losing generality is generically bad
22:01 < sipa> generally speaking, that is
22:06 < gmaxwell> I'm not sure I follow, could you be a little more specific?
22:08 < sipa> speaking specifically as a specimen of a specific species: sporadically
22:13 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has joined #secp256k1     
22:17 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Client Quit]     
22:32 -!- Netsplit over, joins: arubi
22:33 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has joined #secp256k1     
23:00 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Quit: oleganza]     
23:35 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1