--- Day changed Thu May 03 2018
05:26 -!- jtimon [~quassel@142.29.134.37.dynamic.jazztel.es] has joined #secp256k1     
06:18 -!- maaku [~maaku@173.234.25.100] has quit [Ping timeout: 255 seconds]     
08:23 -!- arubi [~ese168@gateway/tor-sasl/ese168] has quit [Read error: Connection reset by peer]     
08:23 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #secp256k1     
09:30 -!- jtimon [~quassel@142.29.134.37.dynamic.jazztel.es] has quit [Quit: No Ping reply in 180 seconds.]     
09:31 -!- jtimon [~quassel@142.29.134.37.dynamic.jazztel.es] has joined #secp256k1     
09:52 -!- maaku [~maaku@173.234.25.100] has joined #secp256k1     
13:09 < andytoshi> "indistinguishability" here means indistinguishabilty from uniform random
14:56 < maaku> sipa andytoshi: the benchmark code just uses compiled circuits. is there a source code / generator for these circuits?
15:00 < sipa> https://github.com/sipa/zkstuff ?
15:07 < sipa> jubjub.sage
15:08 < sipa> which generates a .circuit file, which when fed to circuitify.py, generates an relation matrix for bulletproofs
15:15 < nsh> nice
15:16 < sipa> though i believe andytoshi has a patched circuitify that produces a somewhat different file format as output and has some extra optimizations
15:55 < maaku> sipa: thanks
15:55 < maaku> sipa: although it 404's for me
15:56 < sipa> maaku: oops, seems that was private
15:56 < sipa> just made it public
15:57 < sipa> it's very much a bunch of hastily written scripts; sorry if it's not very structured
16:30 -!- belcher [~belcher@unaffiliated/belcher] has joined #secp256k1     
16:55 < andytoshi> unfortunately the code i used to generate those circuits is a real shitshow .. it starts from pieter's circuitify program but then i did a bunch of one-off things
16:55 < andytoshi> i was hoping to gain some intuition about how to represent circuits at zkproof.org next week in boston
16:55 < andytoshi> with an eye toward formats that a sane person can use to reason about the circuits
16:56 < andytoshi> maybe deterministic generation from lists of algebraic equations is enough. but we don't even have that right now :)
17:06 < maaku> andytoshi: your circuit format is secp only, right? have you thought about what a combined secp/secq circuit format would look like?
17:06 < andytoshi> it's not secp only, it represents all scalars as bignums
17:06 < andytoshi> signed bignums
17:07 < andytoshi> there are things like "sqrt(2)" that will have a specific representation in the secp order that'll be meaningless over other fields tho
17:09 < maaku> andytoshi: what I mean is, e.g., using my NUMS scheme for CA you'd verify a secq proof of the pedersen hash, and then a secp proof of range. how do you glue those together?
17:09 < andytoshi> you have to use separate proofs
17:09 < maaku> i'm just starting to consider this and wanted to know if it's something you looked at yet, so I don't repeat any work
17:09 < andytoshi> i've thought very briefly about it, it's not nice
17:10 < andytoshi> you've gotta build commitments in one proof then give those as input to another proof
17:35 -!- belcher [~belcher@unaffiliated/belcher] has quit [Quit: Leaving]     
22:15 -!- gmaxwell [gmaxwell@mf4-xiph.osuosl.org] has joined #secp256k1     
22:16 -!- gmaxwell is now known as Guest9910     
22:16 -!- Netsplit over, joins: Apocalyptic
22:17 -!- Netsplit over, joins: nsh
22:40 -!- jtimon [~quassel@142.29.134.37.dynamic.jazztel.es] has quit [Ping timeout: 276 seconds]     
23:26 -!- Guest9910 [gmaxwell@mf4-xiph.osuosl.org] has quit [Changing host]     
23:26 -!- Guest9910 [gmaxwell@wikimedia/KatWalsh/x-0001] has joined #secp256k1     
23:27 -!- Guest9910 is now known as gmaxwell