--- Log opened Thu Jan 08 00:00:17 2015
00:01 -!- e1782d11df4c9914 [e1782d11df@gateway/vpn/mullvad/x-thupnfbyklmkmafd] has joined #bitcoin-wizards
00:05 -!- coiner [~linker@14.169.160.197] has quit [Ping timeout: 240 seconds]
00:08 -!- lclc is now known as lclc_bnc
00:08 -!- coiner [~linker@115.79.55.177] has joined #bitcoin-wizards
00:11 -!- MoALTz_ [~no@user-109-243-165-112.play-internet.pl] has quit [Quit: Leaving]
00:20 -!- hashtag_ [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards
00:22 -!- e1782d11df4c9914 [e1782d11df@gateway/vpn/mullvad/x-thupnfbyklmkmafd] has quit [Ping timeout: 240 seconds]
00:23 -!- hashtag [~hashtagg_@69.23.213.3] has quit [Ping timeout: 255 seconds]
00:25 -!- e1782d11df4c9914 [~e1782d11d@cpe-66-68-54-206.austin.res.rr.com] has joined #bitcoin-wizards
00:26 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards
00:31 -!- phoenix1995 [~phoenix19@116.90.238.2] has quit [Ping timeout: 252 seconds]
00:33 -!- adlai [~Adlai@gateway/tor-sasl/adlai] has quit [Ping timeout: 250 seconds]
00:36 -!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.]
00:40 -!- lclc_bnc is now known as lclc
00:42 -!- tacotime [~mashkeys@198.52.200.63] has quit [Ping timeout: 244 seconds]
00:45 -!- adam3us [~Adium@c31-67.i07-8.onvol.net] has quit [Quit: Leaving.]
00:48 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:2cb2:da29:14a2:2f75] has quit [Ping timeout: 244 seconds]
00:50 -!- tacotime [~mashkeys@198.52.200.63] has joined #bitcoin-wizards
00:51 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving]
00:53 -!- Guest74209 [~Pan0ram1x@095-096-084-122.static.chello.nl] has quit [Ping timeout: 265 seconds]
00:58 -!- CoinMuncher [~jannes@178.132.211.90] has joined #bitcoin-wizards
00:59 -!- Pan0ram1x [~Pan0ram1x@095-096-084-122.static.chello.nl] has joined #bitcoin-wizards
00:59 -!- Pan0ram1x is now known as Guest79176
01:04 -!- bendavenport [~bpd@64.124.157.148] has quit [Ping timeout: 252 seconds]
01:05 -!- andy-logbot [~bitcoin--@wpsoftware.net] has quit [Remote host closed the connection]
01:05 -!- andy-logbot [~bitcoin--@wpsoftware.net] has joined #bitcoin-wizards
01:05  * andy-logbot is logging
01:05 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Quit: pgokeeffe]
01:23 -!- lclc is now known as lclc_bnc
01:34 -!- shesek [~shesek@77.126.229.16] has quit [Ping timeout: 256 seconds]
01:37 -!- ahmed_sleep is now known as ahmed_
01:41 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has joined #bitcoin-wizards
01:42 -!- fanquake [~anonymous@unaffiliated/fanquake] has joined #bitcoin-wizards
01:47 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
01:48 -!- shesek [~shesek@77.126.229.16] has joined #bitcoin-wizards
01:49 -!- devrandom [~devrandom@gateway/tor-sasl/niftyzero1] has joined #bitcoin-wizards
01:50 -!- Graftec [~Graftec@gateway/tor-sasl/graftec] has joined #bitcoin-wizards
01:50 -!- adam3us [~Adium@c31-67.i07-8.onvol.net] has joined #bitcoin-wizards
01:50 -!- ucerron [49cc4c7f@gateway/web/freenode/ip.73.204.76.127] has quit [Ping timeout: 246 seconds]
01:51 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has quit [Ping timeout: 240 seconds]
01:53 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards
01:58 -!- shesek [~shesek@77.126.229.16] has quit [Ping timeout: 244 seconds]
02:00 -!- lclc_bnc is now known as lclc
02:00 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
02:01 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards
02:02 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
02:05 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]
02:07 -!- Emcy_ [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards
02:07 -!- Emcy [~MC@unaffiliated/mc1984] has quit [Ping timeout: 252 seconds]
02:08 -!- todays_tomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has joined #bitcoin-wizards
02:11 -!- todaystomorrow [~me@d114-78-96-116.bla803.nsw.optusnet.com.au] has quit [Ping timeout: 264 seconds]
02:12 -!- adlai [~Adlai@gateway/tor-sasl/adlai] has joined #bitcoin-wizards
02:14 -!- shesek [~shesek@77.126.229.16] has joined #bitcoin-wizards
02:18 -!- damethos [~damethos@unaffiliated/damethos] has quit [Ping timeout: 265 seconds]
02:18 < fluffypony> has the validity of this ever been discussed: http://zerocharactersleft.blogspot.co.at/2014/10/zero-confirmation-bitcoin-transactions.html
02:24 <@sipa> i don't see what it is trying to achieve
02:25 < fluffypony> no idea, someone just mentioned it to me
02:26 < fluffypony> doesn't seem very zero-conf
02:26 <@sipa> it sounds like it is creating a refund transaction with an unconfirmed input... and then claims it is a solution to double spending? wtf
02:28 <@sipa> oh i see, it just tries to explain the principle of building transactions that use unconfirmed inputs
02:29 <@sipa> nothing new - but it only works for services that don't do more than send money back/further as a result of succesfull transactions
02:30 <@sipa> satoshidice has used that technique for years, and the only result was their customers being hurt by double spending instead of them
02:31 -!- vmatekole [~vmatekole@p5DC46BC2.dip0.t-ipconnect.de] has joined #bitcoin-wizards
02:44 -!- mbelshe_ [~mike@64.124.157.148] has joined #bitcoin-wizards
02:45 -!- BlueMatt [~BlueMatt@unaffiliated/bluematt] has quit [Ping timeout: 245 seconds]
02:46 -!- BlueMatt [~BlueMatt@unaffiliated/bluematt] has joined #bitcoin-wizards
02:46 -!- mbelshe [~mike@64.124.157.148] has quit [Ping timeout: 245 seconds]
02:46 -!- mbelshe_ is now known as mbelshe
03:08 < midnightmagic> for a while it was them
03:18 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
03:25 -!- lclc is now known as lclc_bnc
03:31 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards
03:31 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards
03:43 -!- eudoxia [~eudoxia@r179-25-154-217.dialup.adsl.anteldata.net.uy] has joined #bitcoin-wizards
03:43 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Quit: pgokeeffe]
03:45 -!- vmatekol_ [~vmatekole@p5DC46BC2.dip0.t-ipconnect.de] has joined #bitcoin-wizards
03:49 -!- vmatekole [~vmatekole@p5DC46BC2.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
03:50 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards
03:54 -!- devrandom [~devrandom@gateway/tor-sasl/niftyzero1] has quit [Remote host closed the connection]
03:54 -!- devrandom [~devrandom@gateway/tor-sasl/niftyzero1] has joined #bitcoin-wizards
04:01 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Quit: pgokeeffe]
04:05 -!- vmatekol_ [~vmatekole@p5DC46BC2.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
04:05 -!- c0rw1n [~c0rw1n@63.120-67-87.adsl-dyn.isp.belgacom.be] has joined #bitcoin-wizards
04:07 -!- vmatekole [~vmatekole@p5DC46BC2.dip0.t-ipconnect.de] has joined #bitcoin-wizards
04:21 -!- hearn [~mike@46.140.2.244] has joined #bitcoin-wizards
04:34 -!- Quanttek [~quassel@2a02:8108:d00:870:b3c:833:b74d:88f] has joined #bitcoin-wizards
04:48 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards
04:48 -!- coiner [~linker@115.79.55.177] has quit [Ping timeout: 255 seconds]
04:51 -!- koshii [~0@c-68-58-151-30.hsd1.in.comcast.net] has quit [Quit: leaving]
05:06 -!- Dr-G [~Dr-G@gateway/tor-sasl/dr-g] has joined #bitcoin-wizards
05:07 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
05:11 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]
05:15 -!- hearn [~mike@46.140.2.244] has quit [Ping timeout: 264 seconds]
05:24 -!- maraoz [~maraoz@43-161-16-190.fibertel.com.ar] has joined #bitcoin-wizards
05:32 -!- lclc_bnc is now known as lclc
05:34 -!- Fistful_of_Coins is now known as o3u
05:35 -!- o3u is now known as Guest69806
05:35 -!- Guest69806 is now known as Fistful_of_coins
05:37 -!- fanquake [~anonymous@unaffiliated/fanquake] has quit [Quit: fanquake]
05:39 -!- shesek [~shesek@77.126.229.16] has quit [Ping timeout: 255 seconds]
05:45 -!- fanquake [~anonymous@unaffiliated/fanquake] has joined #bitcoin-wizards
05:45 -!- hearn [~mike@185.25.95.132] has joined #bitcoin-wizards
05:46 -!- fanquake [~anonymous@unaffiliated/fanquake] has left #bitcoin-wizards []
05:51 -!- hearn [~mike@185.25.95.132] has quit [Read error: Connection reset by peer]
05:51 -!- hearn [~mike@185.25.95.132] has joined #bitcoin-wizards
05:57 -!- hashtag [~hashtag@cpe-98-157-219-44.ma.res.rr.com] has joined #bitcoin-wizards
05:59 -!- hearn [~mike@185.25.95.132] has quit [Read error: Connection reset by peer]
06:00 -!- hearn [~mike@185.25.95.132] has joined #bitcoin-wizards
06:03 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:f841:2e72:cd85:721b] has joined #bitcoin-wizards
06:14 -!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has joined #bitcoin-wizards
06:14 -!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has quit [Changing host]
06:14 -!- nullbyte [~WW@unaffiliated/loteriety] has joined #bitcoin-wizards
06:17 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards
06:24 -!- lclc is now known as lclc_bnc
06:26 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Quit: pgokeeffe]
06:31 -!- eslbaer [~eslbaer@p548A587F.dip0.t-ipconnect.de] has joined #bitcoin-wizards
06:33 -!- hashtagg_ [~hashtag@cpe-98-157-219-44.ma.res.rr.com] has joined #bitcoin-wizards
06:35 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has quit [Quit: No Ping reply in 180 seconds.]
06:35 -!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards
06:37 -!- hashtag [~hashtag@cpe-98-157-219-44.ma.res.rr.com] has quit [Ping timeout: 252 seconds]
06:38 -!- GibsonA [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards
06:40 -!- skyraider [uid41097@gateway/web/irccloud.com/x-csrpcngartbvqixo] has joined #bitcoin-wizards
06:41 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has quit [Ping timeout: 244 seconds]
06:42 -!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Ping timeout: 264 seconds]
06:46 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has joined #bitcoin-wizards
06:48 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards
06:50 -!- narwh4l [~michael@unaffiliated/thesnark] has joined #bitcoin-wizards
06:51 -!- GibsonA [~thrasher@27-33-27-140.static.tpgi.com.au] has quit [Ping timeout: 244 seconds]
06:51 -!- shesek [~shesek@dsl212-235-31-144.bb.netvision.net.il] has joined #bitcoin-wizards
06:56 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
06:56 -!- GibsonA [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards
06:59 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has quit [Ping timeout: 240 seconds]
07:00 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]
07:01 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:f841:2e72:cd85:721b] has quit [Read error: Connection reset by peer]
07:03 -!- GibsonA [~thrasher@27-33-27-140.static.tpgi.com.au] has quit [Ping timeout: 265 seconds]
07:04 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards
07:09 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
07:10 -!- GibsonA [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards
07:10 -!- vdo [~vdo@177.Red-88-0-21.dynamicIP.rima-tde.net] has joined #bitcoin-wizards
07:11 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has quit [Ping timeout: 264 seconds]
07:14 -!- e1782d11df4c9914 [~e1782d11d@cpe-66-68-54-206.austin.res.rr.com] has quit [Ping timeout: 264 seconds]
07:14 -!- adlai [~Adlai@gateway/tor-sasl/adlai] has quit [Ping timeout: 250 seconds]
07:15 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards
07:16 -!- GibsonA [~thrasher@27-33-27-140.static.tpgi.com.au] has quit [Ping timeout: 264 seconds]
07:20 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:f18e:ee68:34d7:3d86] has joined #bitcoin-wizards
07:20 -!- hearn [~mike@185.25.95.132] has quit [Ping timeout: 244 seconds]
07:25 -!- GibsonA [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards
07:26 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards
07:26 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has quit [Ping timeout: 245 seconds]
07:27 -!- mortale [~mortale@gateway/tor-sasl/mortale] has joined #bitcoin-wizards
07:27 -!- adlai [~Adlai@gateway/tor-sasl/adlai] has joined #bitcoin-wizards
07:28 -!- vmatekole [~vmatekole@p5DC46BC2.dip0.t-ipconnect.de] has quit [Remote host closed the connection]
07:31 -!- vmatekole [~vmatekole@p5DC46BC2.dip0.t-ipconnect.de] has joined #bitcoin-wizards
07:40 -!- jps [~Jud@96-37-132-146.static.leds.al.charter.com] has joined #bitcoin-wizards
07:40 -!- jps [~Jud@96-37-132-146.static.leds.al.charter.com] has quit [Client Quit]
07:40 -!- nessence [~alexl@178.19.221.38] has joined #bitcoin-wizards
07:41 -!- roconnor [~roconnor@e120-pool-d89a63c0.brdbnd.voicenetwork.ca] has joined #bitcoin-wizards
07:48 < roconnor> sipa: Can I argue that broken crypto design and how to avoid it is ontopic here?
07:49 <@sipa> sure
07:50 <@sipa> not serializing something for min/max looks broken, as it can collide with cases where min/max are specified?
07:50 -!- hearn [~mike@46-253-188-152.dynamic.monzoon.net] has joined #bitcoin-wizards
07:50 < roconnor> to recap: https://github.com/openssh/openssh-portable/blob/master/kexgex.c#L72 is the function that hashes a bunch of data for the server to sign for authentation during one of the key exchange methods, specificall the one described in rfc 4419.
07:51 < roconnor> In text it is
07:51 < roconnor>  H = hash(V_C || V_S || I_C || I_S || K_S || min || n || max ||
07:51 < roconnor>        p || g || e || f || K)
07:51 < roconnor> But there are actually two different methods described in rfc 4419
07:51 < roconnor> SSH_MSG_KEX_DH_GEX_REQUEST_OLD and SSH_MSG_KEX_DH_GEX_REQUEST
07:51 < roconnor> using a different header distingishes them.
07:52 < roconnor> and the difference is that the old method
07:52 < roconnor> Instead of sending "min || n || max", the client only sends "n".  In
07:52 < roconnor>    addition, the hash is calculated using only "n" instead of "min || n
07:52 < roconnor>    || max".
07:52 < roconnor> so that means a hash  H = hash(V_C || V_S || I_C || I_S || K_S || n ||  p || g || e || f || K) is used with the old method
07:53 < roconnor> but, as you've pick up on, the header used to select between the old method and the new method isn't part of the data being hashed.
07:53 <@sipa> ha
07:53 < roconnor> So we can try to play a game where a MITM substituse the old protocol for the new protocol by changing the header
07:54 -!- mortale [~mortale@gateway/tor-sasl/mortale] has quit [Remote host closed the connection]
07:54 < roconnor> and tries to create a situation where he gets a signature for the old protocol from the server and gets the client to validate the same serialized data, but under a different interpretation
07:55 -!- catlasshrugged [~satoshi-u@65.209.60.146] has joined #bitcoin-wizards
07:55 < roconnor> one where p, g, which are supposed to be a prime number for a field size and g is a generator of a large multipicative subgroup, are different values
07:56 < roconnor> perhaps values where discrete logs are easy to compute because the multiplicative subgroup is small.
07:56 < roconnor> anyhow, I tried for half an hour with a friend yesterday, but the conclusion was that there isnt' enough leway in the protocol to make this work.
07:56 -!- mortale [~mortale@gateway/tor-sasl/mortale] has joined #bitcoin-wizards
07:57 -!- _Iriez [wario@distribution.xbins.org] has quit [Ping timeout: 244 seconds]
07:58 < roconnor> Anyhow, even if it is fine; this doesn't really inspire confidence that it takes 30 minutes of understanding incidental details of serialization formats to believe the protocol is secure.
07:59 < roconnor> If the serialization was different, if f and e were swapped, perhaps something might be possible.  Probably not, but it would be easier.
07:59 <@gmaxwell> TLS/SSL has had several bugs of this type too. There is some propostal (IIRC for TLS 1.3) to make the session keys basicaly hash a transcript of ALL the prior headers, because figuring out which ones were needed is apparently beyond human ability.
08:00 -!- hearn [~mike@46-253-188-152.dynamic.monzoon.net] has quit [Read error: Connection reset by peer]
08:00 < roconnor> gmaxwell: hah, really?
08:00 < roconnor> This was literly the first thing I looked at in OpenSSL and it was already suspicous.
08:00 -!- treehug88 [~treehug88@34-253.as32345.tumblrhq.com] has joined #bitcoin-wizards
08:01 < roconnor> Not to blame OpenSSL, it is rfc 4419 that is broken.
08:01 < roconnor> er OpenSSH.
08:01 <@gmaxwell> There was some ranty complaint I'd responded to recently that included an argument that Bitcoin was "bad" because it didn't have adequate ciphersuite agility. (which isn't really true but whatever).  In my response I pointed out that it looked like agility is actually responsible for more security weaknesses than supporting bad ciphersuites.
08:02 -!- hearn [~mike@46-253-188-152.dynamic.monzoon.net] has joined #bitcoin-wizards
08:03 < roconnor> My rule of thumb is, if you have an if statement in your data format parser and it is choosing a branch based on data that isn't in the data blob, you are going to have a bad time.
08:04 -!- catlasshrugged [~satoshi-u@65.209.60.146] has quit [Remote host closed the connection]
08:04 < roconnor> A bit of a problem is that some of these data formats don't have parsers, but if a parser would have such an if statement, you are still going to have a bad time, even if the parser doesn't exist.
08:04 <@sipa> advantage to encryption algorithms (vs hashing): your decoding will fail in this case :)
08:05 -!- catlasshrugged [~satoshi-u@63.142.161.6] has joined #bitcoin-wizards
08:06 <@gmaxwell> roconnor: in general these hashed things should also be application distinguished. Otherwise you get some genius user that reuses a key from one application in another; and you find out there there is a potential emulation where you can get the other application to act as a messages of doom signing oracle.
08:07 < roconnor> Absolutely, though openssh appears to do a resonable job regarding that.
08:08 -!- hashtag [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards
08:08 <@gmaxwell> so if that hash were keyed with "RFC4419.3.1" it likely would have been okay, even missing an important field.
08:10 -!- Quanttek [~quassel@2a02:8108:d00:870:b3c:833:b74d:88f] has quit [Ping timeout: 244 seconds]
08:11 -!- hashtag_ [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has quit [Ping timeout: 244 seconds]
08:12 -!- hearn [~mike@46-253-188-152.dynamic.monzoon.net] has quit [Read error: Connection reset by peer]
08:12 -!- catlasshrugged [~satoshi-u@63.142.161.6] has quit [Quit: Leaving]
08:12 -!- catlasshrugged [~satoshi-u@63.142.161.6] has joined #bitcoin-wizards
08:12 -!- hearn [~mike@46-253-188-152.dynamic.monzoon.net] has joined #bitcoin-wizards
08:12 <@gmaxwell> https://bitcointalk.org/index.php?topic=918018.0 "Bi-directional micropayment channels with CHECKLOCKTIMEVERIFY"
08:12 < roconnor> gotta go. ciao.
08:13 -!- roconnor [~roconnor@e120-pool-d89a63c0.brdbnd.voicenetwork.ca] has quit [Quit: Konversation terminated!]
08:15 -!- hearn_ [~mike@46.140.2.242] has joined #bitcoin-wizards
08:16 -!- hearn_ is now known as Guest56620
08:16 -!- coiner [~linker@14.169.160.197] has joined #bitcoin-wizards
08:16 -!- nessence [~alexl@178.19.221.38] has quit [Remote host closed the connection]
08:19 -!- hearn [~mike@46-253-188-152.dynamic.monzoon.net] has quit [Ping timeout: 264 seconds]
08:25 -!- NewLiberty is now known as NewLiberty-afk
08:25 -!- catlasshrugged is now known as Guest70943
08:25 -!- Guest70943 [~satoshi-u@63.142.161.6] has quit [Ping timeout: 240 seconds]
08:28 -!- nessence [~alexl@178.19.221.38] has joined #bitcoin-wizards
08:36 -!- eudoxia [~eudoxia@r179-25-154-217.dialup.adsl.anteldata.net.uy] has quit [Quit: Leaving]
08:39 -!- maraoz [~maraoz@43-161-16-190.fibertel.com.ar] has quit [Ping timeout: 244 seconds]
08:40 -!- bendavenport [~bpd@64.124.157.148] has joined #bitcoin-wizards
08:42 -!- NewLiberty-afk is now known as NewLiberty
08:43 -!- lclc_bnc is now known as lclc
08:48 -!- hearn [~mike@185.25.95.132] has joined #bitcoin-wizards
08:49 -!- Guest56620 [~mike@46.140.2.242] has quit [Ping timeout: 264 seconds]
08:50 -!- hearn [~mike@185.25.95.132] has quit [Read error: Connection reset by peer]
08:51 -!- nullbyte [~WW@unaffiliated/loteriety] has quit [Ping timeout: 265 seconds]
08:51 -!- maraoz [~maraoz@43-161-16-190.fibertel.com.ar] has joined #bitcoin-wizards
08:52 -!- nullbyte [WW@gateway/vpn/mullvad/x-psgbyouloewsbega] has joined #bitcoin-wizards
08:52 -!- nullbyte [WW@gateway/vpn/mullvad/x-psgbyouloewsbega] has quit [Changing host]
08:52 -!- nullbyte [WW@unaffiliated/loteriety] has joined #bitcoin-wizards
08:52 -!- nullbyte [WW@unaffiliated/loteriety] has quit [Changing host]
08:52 -!- nullbyte [WW@gateway/vpn/mullvad/x-psgbyouloewsbega] has joined #bitcoin-wizards
08:55 -!- skyraider [uid41097@gateway/web/irccloud.com/x-csrpcngartbvqixo] has quit [Quit: Connection closed for inactivity]
08:57 -!- hearn [~mike@185.25.95.132] has joined #bitcoin-wizards
08:58 -!- hearn [~mike@185.25.95.132] has quit [Read error: Connection reset by peer]
08:58 -!- hearn [~mike@185.25.95.132] has joined #bitcoin-wizards
09:10 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
09:13 -!- todays_tomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has quit [Ping timeout: 244 seconds]
09:21 -!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:d049:6ac3:c0cc:c48e] has quit [Ping timeout: 244 seconds]
09:21 -!- catlasshrugged [~satoshi-u@65.209.60.146] has joined #bitcoin-wizards
09:25 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
09:27 -!- cluckj [~cluckj@cpe-24-92-48-18.nycap.res.rr.com] has joined #bitcoin-wizards
09:27 -!- mode/#bitcoin-wizards [+o andytoshi] by ChanServ
09:30 -!- coiner [~linker@14.169.160.197] has quit [Read error: Connection reset by peer]
09:30 -!- coiner [~linker@14.169.160.197] has joined #bitcoin-wizards
09:31 -!- mode/#bitcoin-wizards [-b ajweiss!*@*$##fix_your_connection] by andytoshi
09:31 -!- ajweiss [~adam@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards
09:33 -!- nuke1989 [~nuke@46-161-92.adsl.cyta.gr] has quit [Ping timeout: 244 seconds]
09:33 -!- skyraider [uid41097@gateway/web/irccloud.com/x-pswomzeadtkmdtmx] has joined #bitcoin-wizards
09:33 -!- damethos [~damethos@unaffiliated/damethos] has quit [Ping timeout: 264 seconds]
09:34 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has joined #bitcoin-wizards
09:35 -!- lclc is now known as lclc_bnc
09:35 -!- nuke1989 [~nuke@46-161-92.adsl.cyta.gr] has joined #bitcoin-wizards
09:36 -!- Iriez [wario@distribution.xbins.org] has joined #bitcoin-wizards
09:37 -!- nessence [~alexl@178.19.221.38] has quit [Remote host closed the connection]
09:40 -!- vdo [~vdo@177.Red-88-0-21.dynamicIP.rima-tde.net] has quit [Quit: Lost terminal]
09:40 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
09:40 -!- nuke1989 [~nuke@46-161-92.adsl.cyta.gr] has quit [Ping timeout: 244 seconds]
09:41 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
09:41 -!- hearn [~mike@185.25.95.132] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
09:42 -!- nuke1989 [~nuke@46-161-92.adsl.cyta.gr] has joined #bitcoin-wizards
09:44 -!- tacotime [~mashkeys@198.52.200.63] has quit [Remote host closed the connection]
09:45 -!- tacotime [~mashkeys@198.52.200.63] has joined #bitcoin-wizards
09:45 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]
09:47 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
09:48 -!- ryanxcharles [~ryanxchar@162-245-22-162.v250d.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards
09:48 -!- Burrito [~Burrito@unaffiliated/burrito] has joined #bitcoin-wizards
09:54 < Emcy_> anyone know where/how gavin came up with the 20mb figure for new blocksize?
09:54 < Emcy_> arbitrary?
09:56 < Emcy_> from that post it seems like he spent a while showing that a few yrs old hardware can handle quite bigger blocks but we already knew that, really. The issue is bandwidth.
09:57 -!- CoinMuncher [~jannes@178.132.211.90] has quit [Quit: Leaving.]
09:58 < Emcy_> the issue of bandwidth seems to have been left almost as an after thought :/. I could tell you that 20mb blocks would preclude me running a node full time on the internet service i have right now today, let alone the future
09:59 <@gmaxwell> Emcy_: I don't think we knew it in a strong sense, but we did assume it and would have been surprised otherwise. Back in 2013 I had a conversation with Gavin and a number of others at Bitcoin 2013 and I expressed the view that I think that kind of testing is a hard prereq to even having a discussion about the wisdom of doing anything; its simply to easy to do the test as an initial check to see w
09:59 <@gmaxwell> here the wheels fall off. So, indeed, while it doesn't address the Important Issues; it's still a useful and interesting thing to do.
10:00 < Emcy_> sure, the tests have to be done
10:00 < Emcy_> its a good thing to show definitively what we expected to be the case
10:01 < Emcy_> im just worried he is still too dismissive of the bandwidth issue
10:01 < Emcy_> of that he bases his conclusions around an assumption of google fiber or something
10:02 < Emcy_> lots of people have data caps as low as 200gb/m. Mine is actually less (and it depends ont he time of day, which is also getting more common)
10:03 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
10:03 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
10:04 -!- treehug88 [~treehug88@34-253.as32345.tumblrhq.com] has quit [Ping timeout: 256 seconds]
10:07 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]
10:09 -!- treehug88 [~treehug88@static-96-239-100-47.nycmny.fios.verizon.net] has joined #bitcoin-wizards
10:12 < Emcy_> I AM FRETTING ABOUT IT
10:12 < Emcy_> ok im going to sleep
10:13 <@gmaxwell> Probably of some interest here, OpenSSL bug Bignum squaring may produce incorrect results (CVE-2014-3570)  has been de-embargoed.  This bug was discovered as part of the development of libsecp256k1. I've comment some about it on HN: https://news.ycombinator.com/item?id=8857398
10:14 -!- treehug88 [~treehug88@static-96-239-100-47.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds]
10:14 -!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has joined #bitcoin-wizards
10:16  * nsh perks
10:18 < midnightmagic> gmaxwell, sipa: will you guys be re-adding the comparison testing back into libsecp256k1 now?
10:21 -!- treehug88 [~treehug88@66.6.34.252] has joined #bitcoin-wizards
10:21 <@gmaxwell> probably not, actually. We're still doing high level (full system) comparison testing, just not unit (basic operation) level. We don't really have so much 1:1 matching of the basic operations anymore in any case. E.g. we don't need a generic bignum implementation anymore.
10:30 -!- MoALTz [~no@user-109-243-165-112.play-internet.pl] has joined #bitcoin-wizards
10:32 -!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards
10:33 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
10:33 < midnightmagic> gmaxwell: is the testing that was pulled out available anywhere or could it be of use to a third-party ec library?
10:33 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
10:34 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
10:34 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
10:36 <@gmaxwell> it's in the git history. but it requires access to 'internals' do it's not easy to just use with things.
10:37 < midnightmagic> ah, that's nice then. thank you, history is perfect.
10:38 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
10:41 < nsh> gmaxwell, what was the mistake in BN_sqr.c?
10:41 < nsh> having trouble finding the fix in openssl's commits
10:41 < nsh> (also trying to find out if libressl is affected)
10:42 <@sipa> nsh: in crypto/bn/asm/x86_64-asm.c iirc
10:42 < nsh> oh, ah
10:42 <@sipa> in a macro with asm.code
10:42 <@gmaxwell> nsh: almost certantly.
10:42 <@gmaxwell> sipa: IIRC the C code was wrong too. no?
10:42 -!- treehug88 [~treehug88@66.6.34.252] has quit [Ping timeout: 244 seconds]
10:42 <@gmaxwell> (been a while, we threw this over to openssl months ago)
10:43 <@sipa> yes
10:43 <@gmaxwell> 10:42 < sipa> the C code was #if 0'd out, but yes
10:43 <@sipa> it was #if 0'd out
10:43 <@gmaxwell> Right, relevant for libressl perhaps.
10:46 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has quit [Ping timeout: 240 seconds]
10:47 -!- treehug88 [~treehug88@static-96-239-100-47.nycmny.fios.verizon.net] has joined #bitcoin-wizards
10:48 -!- treehug88 [~treehug88@static-96-239-100-47.nycmny.fios.verizon.net] has quit [Max SendQ exceeded]
10:48 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
10:49 -!- treehug88 [~treehug88@34-254.as32345.tumblrhq.com] has joined #bitcoin-wizards
10:49 <@gmaxwell> I'm really pretty proud of our testing in libsecp256k1; when redirected to OpenSSL in a blackbox-ish manner, it found a bug that had probablity p=2^-128 for 'random' inputs. This was part of what I was referring to in the 0.10 release nodes when I wrote "we have reason to believe that libsecp256k1 is better tested and more thoroughly reviewed than the implementation in OpenSSL".
10:50 < nsh> hmm
10:50 -!- treehug88 [~treehug88@34-254.as32345.tumblrhq.com] has quit [Read error: Connection reset by peer]
10:51 -!- faraka [49cc4c7f@gateway/web/freenode/ip.73.204.76.127] has joined #bitcoin-wizards
10:55 < midnightmagic> well it is pretty neat. congratulations on finding a fundamental problem.
10:56 < nsh> squaring a bit number looks very difficult
10:56 < nsh> i wonder how much of that is an artifact of the x86 legacy and how much is just mathematics
10:57 < nsh> you'd think it'd be easy to formally prove the correctness of a limbed squaring function
10:57 < zooko> gmaxwell: nice work!
10:58 -!- treehug88 [~treehug88@34-254.as32345.tumblrhq.com] has joined #bitcoin-wizards
10:59 < nsh> but otoh i inhabit a wondrous fairy-tale land of theory and whimsy unsullied by having to make things, or worse, make them work
10:59 < faraka> would it make sense to implement a zkp to audit exchange transactions? to the same end of peter todds auditing method for exchanges?
10:59 < nsh> audit in what sense?
11:00 < faraka> let's say i have a merkle chain of n items, is it possible to create a zero knowledge proof of the existence of a correct chain between hash 1 to n?
11:02 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
11:03 < nsh> hmmm
11:03 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards
11:03 < nsh> strangely this came up at congress
11:06 < faraka> link?
11:07 < nsh> in discuss, which unfortunately i don't remember much detail of, sorry
11:08 < nsh> but afaik, you can make produce a ZKP of a route-to-node in an authenticated data structure under some or other model
11:08 < nsh> andytoshi or gmaxwell or petertodd would know infinitely more than me on the matter
11:08 -!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards
11:09 < nsh> in the context of exchange settlements you just want to prove consistency, which is an easier problem in general
11:11 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has joined #bitcoin-wizards
11:13 -!- catlasshrugged [~satoshi-u@65.209.60.146] has quit [Remote host closed the connection]
11:14 -!- catlasshrugged [~satoshi-u@63.142.161.8] has joined #bitcoin-wizards
11:20 < ajweiss> did you guys happen upon a value that squared wrongly or was that found by auditing openssl?
11:20 -!- shesek [~shesek@dsl212-235-31-144.bb.netvision.net.il] has quit [Ping timeout: 240 seconds]
11:20 < midnightmagic> ajweiss: https://news.ycombinator.com/item?id=8857683
11:22 <@gmaxwell> ajweiss: it was a result of "greybox" testing, I suppose you could say.
11:22 <@gmaxwell> Of course we've also audited OpenSSL, but there is only so deep someone who has a goal of something other than openssl is going to go into their optimized math code. :)
11:23 < catlasshrugged> @kristovatlas: Updated SharedCoin advisory: Blockchain has claimed to fixed the privacy issue (not yet confirmed). http://t.co/XN0XGCxuFv
11:24 -!- belcher [~belcher-s@5ec3973e.skybroadband.com] has joined #bitcoin-wizards
11:24 -!- belcher [~belcher-s@5ec3973e.skybroadband.com] has quit [Changing host]
11:24 -!- belcher [~belcher-s@unaffiliated/belcher] has joined #bitcoin-wizards
11:25 -!- webdeli [~projects@42.39.233.220.static.exetel.com.au] has joined #bitcoin-wizards
11:26 < ajweiss> low transition probability?
11:28 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 240 seconds]
11:28 <@gmaxwell> ajweiss: numbers like 1111000000000000000001111111111111111111110000111100000000001111111
11:29 -!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has joined #bitcoin-wizards
11:34 -!- nessence [~alexl@178.19.221.38] has joined #bitcoin-wizards
11:42 < nsh> i wonder if it's possible/worthwhile to bitsquat bitcoin addresses
11:43 < nsh> the checksum seems to be concerned with glyph-substitutions rather than bitflips
11:44 <@gmaxwell> nsh: I believe I previously created an issue for bitcoin core to post-verify signed transactions against the reencoded input precisely due to that concern.
11:45 < nsh> hmm
11:48 -!- Burrito [~Burrito@unaffiliated/burrito] has quit [Quit: Leaving]
11:52 <@gmaxwell> e.g. take your signed txn, and reencode the addresses out of it. Verify the addresses and values against the inputs as far back up the stack as you can.
11:53 -!- Dizzle [~diesel@70.114.207.41] has joined #bitcoin-wizards
11:54  * nsh nods
11:55 < ajweiss> interesting... it's a technique used for efficient testing of digital circuits...
12:03 < tacotime> deanonymizing sharedcoin tx is kind of like shooting fish in a barrel
12:04 < catlasshrugged> tacotime: how recently did you look at it?
12:05 < tacotime> months ago, so maybe it's improved since then
12:05 < catlasshrugged> it has *changed* since then, I can't speak to whether it's improved
12:05 < tacotime> the problem with all centralized mixing services is that they could care less as to whether proper mixing is occurring so long as it simply appears to be occurring to the end user
12:06 < tacotime> as long as people are using it, they get their 1-3% fee or whatever
12:06 < catlasshrugged> tru dat
12:07 -!- Quanttek [~quassel@2a02:8108:d00:870:e23f:49ff:fe47:9364] has joined #bitcoin-wizards
12:10 -!- webdeli [~projects@42.39.233.220.static.exetel.com.au] has quit [Quit: Leaving...]
12:12 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has quit [Read error: Connection reset by peer]
12:13 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has joined #bitcoin-wizards
12:16 -!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has quit [Quit: Profreid]
12:19 -!- austeritysucks [~AS@unaffiliated/austeritysucks] has quit [Ping timeout: 255 seconds]
12:19 -!- faraka [49cc4c7f@gateway/web/freenode/ip.73.204.76.127] has quit [Ping timeout: 246 seconds]
12:20 -!- Dizzle__ [~diesel@70.114.207.41] has joined #bitcoin-wizards
12:21 -!- Dizzle [~diesel@70.114.207.41] has quit [Disconnected by services]
12:21 -!- Dizzle__ is now known as Dizzle
12:30 -!- vmatekole [~vmatekole@p5DC46BC2.dip0.t-ipconnect.de] has quit [Remote host closed the connection]
12:33 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
12:36 -!- catlasshrugged [~satoshi-u@63.142.161.8] has quit [Ping timeout: 264 seconds]
12:40 -!- catlasshrugged [~satoshi-u@63.142.161.2] has joined #bitcoin-wizards
12:50 -!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
12:53 -!- todays_tomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has joined #bitcoin-wizards
12:53 -!- shesek [~shesek@77.126.229.16] has joined #bitcoin-wizards
12:54 < DougieBot5000> faraka: WRT zero-knowledge merkle chain, in theory a zk_SNARK constructed with the rules for validation of your chain could be used to verify that there exists a valid chain satisfying those properties
12:55 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has quit [Ping timeout: 264 seconds]
12:55 < DougieBot5000> it may not be practical though, as I don't think zk-SNARKS are very efficient
12:55 < DougieBot5000> yet?
12:56 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has quit [Ping timeout: 244 seconds]
12:57 <@gmaxwell> 11:00 < faraka> let's say i have a merkle chain of n items, is it possible to create a zero knowledge proof of the existence of a correct chain between hash  1 to n?
12:57 <@gmaxwell> what does "correct chain" mean?
12:58 <@gmaxwell> If correct means "anything at all" then sure. Your proof is return true;  :)
12:58 < DougieBot5000> I just took it to mean "satisfying some validation criterion"
12:59 < DougieBot5000> gmaxwell: aside from the obv implementation and practical issues with something like a zk-SNARK, is there any reason one could not be used to bootstrap clients for the initial chain download?
13:00 < DougieBot5000> either use a proof that X number of headers from the genesis are correct (the proof generator would need to download and verify them) or by directly specifying the UTXO set as an output
13:01 < DougieBot5000> in the first case, it might save some verification and lookups, but the clinet would still need to generate the UTXO set itself
13:01 < DougieBot5000> in the second case, it should be good to go (except for blocks newer than the proof generation time)
13:02 < DougieBot5000> am i missing something obvious?
13:04 <@gmaxwell> The first case doesn't save much, but can be used to avoid some dos attacks. (e.g. wasting your time fetching a chain that isn't really best).  We give a log-scaling snarkless ZKP for this in the sidechains whitepaper.
13:04 <@gmaxwell> As far as the second, been suggested many times before, it's just infeasble currently.
13:04 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
13:05 <@gmaxwell> State of the art ZKP performance (which has only 80 bit security and requires trusted setup) has the prover evaluate its code with speed ~= 10Hz.
13:05 < DougieBot5000> Do you get any speedups by removing the need for zero-knowledge from the SNARK? Most of the papers i find on SNARKS are the ZK variety
13:06 < DougieBot5000> yeah, the trusted setup is a big sticking point
13:06 <@gmaxwell> No. ZK is almost a "for free" side-effect of the proof being sublinear in the size of the execution transcript.
13:06 < DougieBot5000> i imagine though that simply having someone generate a proof only once a month or longer would be sufficient and amoritze the large proof generation cost somewhat
13:06 < DougieBot5000> well, amoritize is the wrong word there
13:07 < DougieBot5000> i see
13:07 < DougieBot5000> hmm, at 10HZ though, even a fraction of the chain would take forever to validate
13:07 <@gmaxwell> (to put the 10Hz into context, state of the art ecdsa verification takes 183k cycles on x86_64 and x86_64 cycles are more powerful than the proof system cycles)
13:07 <@gmaxwell> (though there are better ways to perform that particular operation, it's stupidly slow in any case)
13:08 <@gmaxwell> DougieBot5000: yes, we could afford _insane_ proof costs, since we only need to do one (or a few; due to trusted setup) proofs for the whole world. But insane has limits.
13:09 < DougieBot5000> i see. Perhaps when we have 20+ years of chain history and better SNARK implementations, it may be feasible to roll some chunk of that into a snark proof
13:09 <@gmaxwell> DougieBot5000: Yes, I think it's likely. There is nothing fundimental preventing this from being acceptably fast.
13:10 < DougieBot5000> What are the verification times like for the 80 bit state-of-the-art you mentioned?
13:10 < DougieBot5000> I seem to remember it being either constant time, or some small polynomial related to circuit size or something?
13:11 <@gmaxwell> on the order of 10ms. So the system with has state of the art prover performance/scaling is slightly slower to verify because it must use an insanely constrained set of cryptographic parameters that make the verifier a bit slower.
13:12 < DougieBot5000> Thats not bad at all
13:12 < DougieBot5000> well, thanks for answering my questions gmaxwell, dont let me waste any more of your time
13:12 < DougieBot5000> a pleasure, as always
13:12 <@gmaxwell> DougieBot5000: most of the things you've seen people write about are all based on the same underlying cryptosystem (GGPR'12), and have more or less the same benefits and weaknesses (super fast to verify, tractable to prove for small statements, trusted setup)
13:13 < DougieBot5000> any work on removing the trusted setup component?
13:13 < DougieBot5000> I try to keep up, but that Eli Ben-Sasson just keeps cranking out papers on it
13:14 < phantomcircuit> gmaxwell, everytime i think i've come up with something novel i realize it's either already been designed or is only slightly different
13:14 < phantomcircuit> heh
13:15 < DougieBot5000> yeah, same here
13:15 < DougieBot5000> i remember coming up with a blockchain compression idea a year or two ago
13:15 < DougieBot5000> not only was it not new, it was worse that what everyone else had come up with years before that
13:20 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]
13:21 -!- Greed [~Greed@unaffiliated/greed] has quit [Quit: Classic.]
13:22 -!- Greed [~Greed@unaffiliated/greed] has joined #bitcoin-wizards
13:22 <@gmaxwell> Better than coming up with things that are so stupid no one has mentioned them at all.
13:24 -!- todays_tomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has quit [Ping timeout: 244 seconds]
13:25 < phantomcircuit> gmaxwell, :)
13:26 < zooko> Yeah. ☺ I know I'm on the right track when I'm inventing things that better thinkers have already invented, studied, and superceded.
13:27 < ajweiss> "you know, for kids!"
13:28 -!- nessence [~alexl@178.19.221.38] has quit [Remote host closed the connection]
13:30 -!- coiner [~linker@14.169.160.197] has quit [Ping timeout: 255 seconds]
13:34 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has joined #bitcoin-wizards
13:46 -!- Dizzle [~diesel@70.114.207.41] has quit [Disconnected by services]
13:46 -!- Dizzle__ [~diesel@70.114.207.41] has joined #bitcoin-wizards
13:46 -!- Dizzle__ is now known as Dizzle
13:47 -!- Quanttek [~quassel@2a02:8108:d00:870:e23f:49ff:fe47:9364] has quit [Ping timeout: 244 seconds]
13:55 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards
13:57 -!- hashtagg_ [~hashtag@cpe-98-157-219-44.ma.res.rr.com] has quit [Ping timeout: 244 seconds]
14:05 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has joined #bitcoin-wizards
14:07 -!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye]
14:13 -!- faraka [835eba0a@gateway/web/freenode/ip.131.94.186.10] has joined #bitcoin-wizards
14:15 -!- austeritysucks [~AS@users69.kollegienet.dk] has joined #bitcoin-wizards
14:15 -!- austeritysucks [~AS@users69.kollegienet.dk] has quit [Changing host]
14:15 -!- austeritysucks [~AS@unaffiliated/austeritysucks] has joined #bitcoin-wizards
14:23 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Quit: This computer has gone to sleep]
14:37 -!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has joined #bitcoin-wizards
14:39 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has joined #bitcoin-wizards
14:39 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
14:40 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Quit: :)]
14:40 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has joined #bitcoin-wizards
14:43 -!- maraoz [~maraoz@43-161-16-190.fibertel.com.ar] has quit [Ping timeout: 252 seconds]
14:47 -!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has joined #bitcoin-wizards
14:49 -!- eslbaer [~eslbaer@p548A587F.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
15:04 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards
15:07 < phantomcircuit> interesting observation, if a transaction has equal sized outputs coin selection picks the lowest index number
15:07 < phantomcircuit> possibly that should be randomized
15:07 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has quit [Ping timeout: 245 seconds]
15:08 -!- NewLiberty is now known as NewLiberty-afk
15:09 < phantomcircuit> case in point https://blockchain.info/tx/14f2680565ba651d89247e59befeae4c9ef5f140bc589acf059655e6c3bd75ff
15:14 <@gmaxwell> hm? it does?
15:16 < phantomcircuit> gmaxwell, appears to
15:16 <@gmaxwell> if you would have asked I would have said I thought we randomly shuffled the inputs first.
15:16 < phantomcircuit> oh actually
15:16 < phantomcircuit> i wonder if im doing this to myself
15:16 < phantomcircuit> yes i am foot gunning
15:16 < phantomcircuit> nvm
15:19 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Quit: pgokeeffe]
15:22 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards
15:24 -!- PaulCapestany [~PaulCapes@204.28.124.82] has quit []
15:25 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has quit [Ping timeout: 255 seconds]
15:25 -!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards
15:25 -!- Dizzle [~diesel@70.114.207.41] has quit [Quit: Leaving...]
15:29 < faraka> does anyone have a copy of the hop whitepaper by cunicula?
15:30 -!- catlasshrugged [~satoshi-u@63.142.161.2] has quit [Ping timeout: 244 seconds]
15:30 <@gmaxwell> op_mul:  Oh hey, I think I may know why that crazy nonce reuser reuses nonces.  Maybe they use a single random nonce per transaction. Doing so would make the signing for the second and later intputs about 100x faster.
15:31 <@gmaxwell> op_mul: so if they're super slow HSM or something they might have decided this suicidal sounding optimization was a good idea and done it intentionally.
15:33 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has joined #bitcoin-wizards
15:34 -!- treehug88 [~treehug88@34-254.as32345.tumblrhq.com] has quit []
15:38 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Quit: pgokeeffe]
15:42 -!- epscy [~epscy@176.126.241.239] has quit [Ping timeout: 265 seconds]
15:42 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:1504:e12:6080:36ce] has joined #bitcoin-wizards
15:47 -!- NewLiberty-afk is now known as NewLiberty
15:47 -!- epscy [~epscy@176.126.241.239] has joined #bitcoin-wizards
15:48 -!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards
15:55 -!- faraka [835eba0a@gateway/web/freenode/ip.131.94.186.10] has quit [Ping timeout: 246 seconds]
15:57 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards
16:03 -!- hashtag_ [~hashtag@69.23.213.3] has joined #bitcoin-wizards
16:03 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:1504:e12:6080:36ce] has quit [Read error: Connection reset by peer]
16:04 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:1504:e12:6080:36ce] has joined #bitcoin-wizards
16:04 -!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
16:06 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving]
16:15 -!- faraka [835eba0a@gateway/web/freenode/ip.131.94.186.10] has joined #bitcoin-wizards
16:18 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Quit: pgokeeffe]
16:24 -!- devrandom [~devrandom@gateway/tor-sasl/niftyzero1] has quit [Remote host closed the connection]
16:25 -!- devrandom [~devrandom@gateway/tor-sasl/niftyzero1] has joined #bitcoin-wizards
16:32 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:1504:e12:6080:36ce] has quit [Read error: Connection reset by peer]
16:33 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:1504:e12:6080:36ce] has joined #bitcoin-wizards
16:35 -!- skyraider [uid41097@gateway/web/irccloud.com/x-pswomzeadtkmdtmx] has quit [Quit: Connection closed for inactivity]
16:36 -!- siervo [uid49244@gateway/web/irccloud.com/x-fwcbocjnrcqsdbmk] has joined #bitcoin-wizards
16:39 -!- siervo [uid49244@gateway/web/irccloud.com/x-fwcbocjnrcqsdbmk] has quit [Client Quit]
16:50 -!- op_mul [~op_mul@178.62.78.122] has joined #bitcoin-wizards
16:51 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards
16:52 -!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has quit [Quit: wyager]
16:52 < op_mul> gmaxwell: I'm not sure I'd call that suicidal so long as you're keeping track of which keys use which nonces. at that point though you'd probably be getting off getting a less-shit HSM though.
16:54 < op_mul> you also make it alarmingly obvious which transactions are yours. nobody else has that behaviour. part of the reason I think it's intentional is that the signer uses compressed points, if it was just a stupid Sony-level implementation they wouldn't be doing that.
17:07 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards
17:09 -!- faraka [835eba0a@gateway/web/freenode/ip.131.94.186.10] has quit [Ping timeout: 246 seconds]
17:20 -!- belcher [~belcher-s@unaffiliated/belcher] has quit [Quit: Leaving]
17:21 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:1504:e12:6080:36ce] has quit [Ping timeout: 244 seconds]
17:32 -!- HaltingState [~HaltingSt@unaffiliated/haltingstate] has joined #bitcoin-wizards
17:32 -!- zooko` [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards
17:34 -!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Ping timeout: 264 seconds]
17:35 -!- narwh4l [~michael@unaffiliated/thesnark] has quit [Quit: Leaving]
17:42 -!- hashtagg [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards
17:43 -!- hashtag [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has quit [Ping timeout: 252 seconds]
17:48 -!- adam3us [~Adium@c31-67.i07-8.onvol.net] has quit [Quit: Leaving.]
17:53 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Quit: pgokeeffe]
17:54 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has joined #bitcoin-wizards
18:00 -!- HaltingState [~HaltingSt@unaffiliated/haltingstate] has quit [Quit: Leaving]
18:03 -!- d1ggy_ [~d1ggy@dslc-082-082-157-078.pools.arcor-ip.net] has joined #bitcoin-wizards
18:06 -!- ryanxcharles [~ryanxchar@162-245-22-162.v250d.PUBLIC.monkeybrains.net] has quit [Ping timeout: 244 seconds]
18:07 -!- d1ggy__ [~d1ggy@dslb-088-071-001-101.088.071.pools.vodafone-ip.de] has quit [Ping timeout: 264 seconds]
18:12 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has quit [Ping timeout: 245 seconds]
18:21 -!- Dizzle [~Dizzle@2605:6000:1018:c04a:6441:98aa:5dd2:6813] has joined #bitcoin-wizards
18:22 -!- c0rw1n [~c0rw1n@63.120-67-87.adsl-dyn.isp.belgacom.be] has quit []
18:23 < nanotube> BlueMatt, gmaxwell, do you want gribble here? can be easily arranged, once my server issues are solved.
18:26 -!- faraka [835eba0a@gateway/web/freenode/ip.131.94.186.10] has joined #bitcoin-wizards
18:28 -!- TechGhost420 [~kvirc@207.207.22.62] has joined #bitcoin-wizards
18:30 -!- GibsonA [~thrasher@27-33-27-140.static.tpgi.com.au] has quit []
18:32 -!- Dr-G2 [~Dr-G@gateway/tor-sasl/dr-g] has joined #bitcoin-wizards
18:34 -!- TechGhost420 [~kvirc@207.207.22.62] has quit [Ping timeout: 256 seconds]
18:35 -!- Dr-G [~Dr-G@gateway/tor-sasl/dr-g] has quit [Ping timeout: 250 seconds]
18:36 -!- ebfull [~ebfull@c-76-120-40-34.hsd1.co.comcast.net] has joined #bitcoin-wizards
18:49 -!- Dizzle [~Dizzle@2605:6000:1018:c04a:6441:98aa:5dd2:6813] has quit [Ping timeout: 265 seconds]
18:49 -!- TechGhost420 [~kvirc@207.207.28.164] has joined #bitcoin-wizards
18:55 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has quit [Ping timeout: 255 seconds]
18:55 -!- Dizzle [~Dizzle@cpe-72-182-36-12.austin.res.rr.com] has joined #bitcoin-wizards
18:58 -!- bendavenport [~bpd@64.124.157.148] has quit [Ping timeout: 252 seconds]
19:07 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has joined #bitcoin-wizards
19:14 -!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:8ddf:c65e:b6d3:3462] has joined #bitcoin-wizards
19:17 -!- faraka [835eba0a@gateway/web/freenode/ip.131.94.186.10] has quit [Ping timeout: 246 seconds]
19:21 -!- roconnor [~roconnor@e120-pool-d89a63c0.brdbnd.voicenetwork.ca] has joined #bitcoin-wizards
19:41 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has joined #bitcoin-wizards
19:49 -!- nullbyte [WW@gateway/vpn/mullvad/x-psgbyouloewsbega] has quit [Ping timeout: 244 seconds]
19:50 -!- nullbyte [WW@unaffiliated/loteriety] has joined #bitcoin-wizards
19:50 -!- nullbyte [WW@unaffiliated/loteriety] has quit [Changing host]
19:50 -!- nullbyte [WW@gateway/vpn/mullvad/x-yljruxuocayzjhei] has joined #bitcoin-wizards
19:53 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards
19:58 -!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Ping timeout: 245 seconds]
20:02 -!- user7779_ [user777907@gateway/vpn/mullvad/x-vjuhydyhbhbaladh] has joined #bitcoin-wizards
20:04 -!- zooko`` [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards
20:04 -!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has quit [Ping timeout: 244 seconds]
20:06 -!- zooko` [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Ping timeout: 264 seconds]
20:11 -!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards
20:13 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 244 seconds]
20:15 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards
20:15 -!- user7779_ [user777907@gateway/vpn/mullvad/x-vjuhydyhbhbaladh] has quit [Ping timeout: 264 seconds]
20:17 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has joined #bitcoin-wizards
20:18 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
20:19 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #bitcoin-wizards
20:26 -!- GAit [~lnahum@enki.greenaddressit.p3.tiktalik.io] has quit [Remote host closed the connection]
20:30 -!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has quit [Ping timeout: 240 seconds]
20:32 -!- user7779078 [user777907@gateway/vpn/mullvad/x-ixspuvqyodkfxdal] has joined #bitcoin-wizards
20:42 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has quit [Remote host closed the connection]
20:51 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has joined #bitcoin-wizards
20:51 -!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has joined #bitcoin-wizards
20:55 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
20:56 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has joined #bitcoin-wizards
21:01 -!- faraka [835eba0a@gateway/web/freenode/ip.131.94.186.10] has joined #bitcoin-wizards
21:01 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has quit [Ping timeout: 255 seconds]
21:01 -!- coutts [sid31766@gateway/web/irccloud.com/x-orzglfwmoczhzjub] has quit [Quit: Connection closed for inactivity]
21:04 -!- todaystomorrow [~me@d114-78-105-180.bla803.nsw.optusnet.com.au] has quit [Ping timeout: 265 seconds]
21:09 -!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has quit [Quit: wyager]
21:10 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards
21:12 -!- MoALTz_ [~no@user-109-243-165-112.play-internet.pl] has joined #bitcoin-wizards
21:14 -!- MoALTz [~no@user-109-243-165-112.play-internet.pl] has quit [Ping timeout: 244 seconds]
21:17 -!- kyletorpey [~kyle@c-24-131-0-5.hsd1.va.comcast.net] has joined #bitcoin-wizards
21:34 -!- Dizzle [~Dizzle@cpe-72-182-36-12.austin.res.rr.com] has quit [Quit: Leaving...]
21:38 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:f18e:ee68:34d7:3d86] has quit [Ping timeout: 265 seconds]
21:49 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has quit [Quit: No Ping reply in 180 seconds.]
21:55 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 244 seconds]
21:58 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards
22:03 -!- user7779078 [user777907@gateway/vpn/mullvad/x-ixspuvqyodkfxdal] has quit [Remote host closed the connection]
22:07 -!- TechGhost420 [~kvirc@207.207.28.164] has quit [Ping timeout: 264 seconds]
22:22 -!- SDCDev [~quassel@unaffiliated/sdcdev] has joined #bitcoin-wizards
22:28 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards
22:41 -!- SDCDev [~quassel@unaffiliated/sdcdev] has quit [Remote host closed the connection]
22:59 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:709c:9bb5:57c1:18d6] has joined #bitcoin-wizards
23:12 -!- faraka [835eba0a@gateway/web/freenode/ip.131.94.186.10] has quit [Ping timeout: 246 seconds]
23:28 -!- bendavenport [~bpd@c-50-131-42-132.hsd1.ca.comcast.net] has joined #bitcoin-wizards
23:39 -!- Dizzle [~Dizzle@2605:6000:1018:c04a:a87c:587:9965:90b] has joined #bitcoin-wizards
23:45 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
23:52 -!- lclc_bnc is now known as lclc
23:52 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
23:54 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
--- Log closed Fri Jan 09 00:00:17 2015