--- Log opened Fri Jan 05 00:00:21 2024
03:23 -!- nickler [~nickler@static.219.205.69.159.clients.your-server.de] has quit [Ping timeout: 246 seconds]
03:30 -!- nickler [~nickler@static.219.205.69.159.clients.your-server.de] has joined #secp256k1
04:16 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
04:39 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
05:55 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
05:57 -!- jon_atack [~jonatack@user/jonatack] has quit [Ping timeout: 255 seconds]
06:27 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
06:29 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
07:54 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
08:16 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
08:18 < sipa> real_or_random: i realize in #1198 the reasoning we came up for switching to the ellswift-style hash callback function (which receives both pubkeys) doesn't apply?
08:19 < sipa> because in a design where pubkeys are x-only, and the shared output only depends on the x coordinate of the result, there exists effectively only one pubkey encoding per private keys (the privkey negations are treated as equivalent)
09:01 -!- preimage [~halosghos@user/halosghost] has joined #secp256k1
09:10 < real_or_random> sipa: I can't follow entirely. *What* reasoning doesn't apply?
09:12 < real_or_random> You mean our reasoning that both pubkeys should be included doesn't apply when pubkeys are x-only?]
09:15 < sipa> yes
09:16 < sipa> it matters for ellswift, because equivalent keys can have distinct encodings
09:18 < real_or_random> yes... though it's a bit more complicated than that
09:18 < real_or_random> at least philosophically
09:20 < real_or_random> if you protocols use x-only keys natively, then I agree. if you actually use 33-byte keys, and you just make them x-only for ECDH, then it could matter
09:20 < real_or_random> I guess pragmatically we could just offer two functions for the two cases? 
09:22 < real_or_random> and whether the one for x-only pubkeys hashes them is then just a tiny matter we can bikeshed about (taste / consistency / efficiency)
09:22 < sipa> well the API (as currently implemented) takes a 32-byte array pointer as input for pubkeys
09:22 < real_or_random> the proposed API in the PR?
09:23 < real_or_random> okay, I haven't checked but that one isn't merged yet, so we still have all the freedom
09:23 < sipa> yes, of course
09:24 < real_or_random> you could also consider the case that there are two distinct pairs of private keys that would map to the same shared secret then.
09:25 < sipa> yeah, that remains applicable and may be surspriding
09:25 < sipa> *surprising
09:26 < real_or_random> but it's really hard to imagine that this has real-world implications. I mean you'd need to assume that the same party/the same attacker controls *both* keys
09:26 < real_or_random> on the hand, hashing is cheap shrug
09:27 < real_or_random> well, so much about bike shedding ^^ 
09:29 < real_or_random> an entirely different discussion is that last time, we didn't know whether we wanted #1198. I remember I had Concept ACKed it, but then we started to debate on the scope of the library. :D
09:33 < real_or_random> and well, stratum v2 should just switch to BIP324 :P
09:33 < real_or_random> Their rationale contains "These primitives are chosen so that Noise Encryption layer for Stratum V2 can be implemented using primitives already present in Bitcoin Core project at the time of writing this spec." ... 
09:37 < sipa> they have other implementations in other codebases too, though
09:37 < sipa> notable a rust one
09:38 < sipa> but if they'd use ellswift based ECDH, i wouldn't be surprised if that'd be enough for them to achieve pseudorandomness of the bytestream
09:40 < sipa> and they do have mandatory authentication
09:40 < sipa> could send a signature on the session id, but...
09:41 < real_or_random> how does auth work?
09:41 < sipa> Noise
09:42 < sipa> which i assume means 3DH
09:43 < real_or_random> fancy
09:44 < sipa> iirc they also encrypt the lengths with a full mac, which while inefficient does mean a pseudorandom bytestream
09:44 < sipa> but i may be misremembering this part
09:58 -!- cacrowley [~cacrowley@2607:fb91:f85:a13:a16e:af9e:a7a8:2b52] has joined #secp256k1
11:39 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
11:46 -!- cacrowley [~cacrowley@2607:fb91:f85:a13:a16e:af9e:a7a8:2b52] has quit [Quit: Client closed]
11:56 -!- jon_atack [~jonatack@user/jonatack] has joined #secp256k1
11:59 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 256 seconds]
12:13 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
12:25 -!- cacrowley [~cacrowley@2607:fb91:f85:a13:a16e:af9e:a7a8:2b52] has joined #secp256k1
12:27 -!- cacrowley12 [~cacrowley@2607:fb91:f85:a13:a16e:af9e:a7a8:2b52] has joined #secp256k1
12:28 -!- cacrowley [~cacrowley@2607:fb91:f85:a13:a16e:af9e:a7a8:2b52] has quit [Client Quit]
12:57 -!- preimage [~halosghos@user/halosghost] has quit [Ping timeout: 256 seconds]
12:59 -!- preimage [~halosghos@user/halosghost] has joined #secp256k1
13:45 -!- jon_atack [~jonatack@user/jonatack] has quit [Quit: WeeChat 4.1.2]
13:50 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
14:03 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 246 seconds]
14:04 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
14:12 -!- preimage [~halosghos@user/halosghost] has quit [Quit: WeeChat 4.1.1]
14:19 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 252 seconds]
14:21 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
14:23 -!- cacrowley12 [~cacrowley@2607:fb91:f85:a13:a16e:af9e:a7a8:2b52] has quit [Ping timeout: 250 seconds]
14:50 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
16:35 -!- ajonas [uid385278@id-385278.helmsley.irccloud.com] has joined #secp256k1
16:43 -!- achow101 [~achow101@user/achow101] has quit [Remote host closed the connection]
17:06 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
17:12 -!- achow101 [~achow101@user/achow101] has quit [Remote host closed the connection]
18:04 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
18:45 -!- ajonas [uid385278@id-385278.helmsley.irccloud.com] has quit [Quit: Connection closed for inactivity]
18:54 -!- achow101 [~achow101@user/achow101] has quit [Remote host closed the connection]
18:57 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
18:57 -!- achow101 [~achow101@user/achow101] has quit [Read error: Connection reset by peer]
19:03 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
19:21 -!- achow101 [~achow101@user/achow101] has quit [Read error: Connection reset by peer]
19:24 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
19:26 -!- achow101 [~achow101@user/achow101] has quit [Remote host closed the connection]
20:26 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
20:57 -!- achow101 [~achow101@user/achow101] has quit [Remote host closed the connection]
20:57 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
21:04 -!- achow101 [~achow101@user/achow101] has quit [Remote host closed the connection]
21:09 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
21:28 -!- achow101 [~achow101@user/achow101] has quit [Read error: Connection reset by peer]
21:35 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
22:57 -!- bob_x2 [~bob_x@user/bob-x1/x-8934932] has quit [Remote host closed the connection]
22:57 -!- bob_x2 [~bob_x@user/bob-x1/x-8934932] has joined #secp256k1
23:02 -!- jon_atack [~jonatack@user/jonatack] has joined #secp256k1
23:03 -!- jonatack1 [~jonatack@user/jonatack] has joined #secp256k1
23:04 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 252 seconds]
23:06 -!- jon_atack [~jonatack@user/jonatack] has quit [Ping timeout: 260 seconds]
23:23 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
23:43 -!- jonatack1 [~jonatack@user/jonatack] has quit [Ping timeout: 252 seconds]
23:45 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
--- Log closed Sat Jan 06 00:00:21 2024