--- Log opened Fri Nov 13 00:00:15 2020
01:08 -!- dr_orlovsky [~dr-orlovs@31.14.40.19] has quit [Ping timeout: 256 seconds]
02:30 -!- belcher_ is now known as belcher
03:54 -!- roconnor [~roconnor@host-184-164-7-99.dyn.295.ca] has joined #secp256k1
03:58 < roconnor> ja: have you looked into session types for musig?
06:35 -!- queip [~queip@unaffiliated/rezurus] has quit [Excess Flood]
06:38 -!- queip [~queip@unaffiliated/rezurus] has joined #secp256k1
07:56 < ja> roconnor: no, do you think it would be necessary or elegant?
08:56 < andytoshi> lol even uncompressed bulletproofs are smaller than the oldschool rangeproofs
08:57 < andytoshi> by a factor of about 2
08:57 < andytoshi> oh no, i made an arithmetic error. they are smaller but not by a ton
09:57 -!- sanket1729_ [~sanket172@ec2-100-24-255-95.compute-1.amazonaws.com] has left #secp256k1 []
09:59 -!- sanket1729 [~sanket172@ec2-100-24-255-95.compute-1.amazonaws.com] has joined #secp256k1
09:59 < sanket1729>  andytoshi: What do you mean compressed vs uncompressed BP?
10:05 < andytoshi> i mean a BP rangeproof with or without the inner product argument
10:07 < sanket1729> is there a version of BP without the inner product argument? or do you mean OR proofs as implemneted currently in CT?
10:08 < andytoshi> wdym "is there a version"
10:08 < andytoshi> i've written one which isn't published yet because the verifier isn't done
10:08 < andytoshi> but morally, there has existed one since the original paper
10:09 < sanket1729> ah, you mean you have another zk proof system like BP that does not use inner product arguemtn?
10:10 < andytoshi> yes
10:10 < sipa> BP consists of two steps, a first one that produces a proof that is linear in size (but cheaper to validate)
10:11 < andytoshi> right, it's not really "like BP", it's just BP without the compression step
10:11 < sipa> the second step that proof is compressed using the inner product argument into a log-sized one
10:15 < sanket1729> andytoshi: So what you are suggesting that is each recursive step the prover can grind values to produce only x-only points in the poof
10:15 < sanket1729> *proof
10:16 < sanket1729> maybe, it's not worth to save 1 byte per round. which would be 6-7 bytes atmost.
10:19 < andytoshi> sanket1729: no, in the inner product argument there isn't anything to grind unfortunately
10:19 < andytoshi> i was suggesting that in the uncompressed proof we could save a couple bytes
10:19 < sanket1729> You grind the initial transcript?
10:19 < sipa> there is no grinding here?
10:20 < andytoshi> like, grind the entire uncompressed rangeproof? lol
10:20 < andytoshi> sanket1729: the reason i brought up x-only is so that i could produce the uncompressed rangeproof as a series of 64-byte chunks
10:20 < andytoshi> instead i have to make a couple of those chunks 65 bytes
10:20 < andytoshi> which is an API annoyance but nothing more
10:21 < sanket1729> I think the grinding can be added locally
10:21 < sanket1729> if a challenge in a recursive round does not work, try challenge + 1
10:22 < sanket1729> by locally, I mean in recursive round or fold step is what they refer in the paper
10:30 < andytoshi> then you have to signal to the verifier when challenge+1 was used :)
10:32 < sanket1729> yeah, the verfier can also grind it :) . On an average we should find it in 2 trials.
10:32 < sanket1729> but yeah, definitely not worth it
10:34 < andytoshi> the verifier cannot grind, because the verifier is doing a massive multiexp
10:34 < andytoshi> which either passes or doesn't
10:35 < sanket1729> yep, you are right.
11:17 < roconnor> ja: I've actually never used session types in Haskell, but it was my impression that it was designed for this sort of thing.
11:17 < roconnor> If you want to restrict the ability to duplicate musig state.
11:18 < roconnor> But, since I've never used them before, I cannot say for sure how effective the would be for this problem.
11:19 -!- belcher [~belcher@unaffiliated/belcher] has quit [Quit: Leaving]
12:37 -!- dr-orlovsky [~dr-orlovs@31.14.40.19] has joined #secp256k1
12:55 -!- jonatack [~jon@213.152.162.69] has quit [Quit: jonatack]
13:09 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has quit [Remote host closed the connection]
13:23 -!- jonatack [~jon@88.124.242.136] has joined #secp256k1
13:28 -!- jonatack [~jon@88.124.242.136] has quit [Ping timeout: 264 seconds]
13:28 -!- jonatack [~jon@109.202.103.170] has joined #secp256k1
13:34 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has joined #secp256k1
23:25 -!- roconnor [~roconnor@host-184-164-7-99.dyn.295.ca] has quit [Ping timeout: 256 seconds]
--- Log closed Sat Nov 14 00:00:16 2020