--- Log opened Sat Apr 18 00:00:56 2015 00:05 -!- nivah [~linker@113.161.87.238] has joined #bitcoin-wizards 00:06 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards 00:06 -!- hktud0 [wq@unaffiliated/fluffybunny] has quit [Read error: Connection reset by peer] --- Log opened Sat Apr 18 04:16:23 2015 04:16 -!- gnusha [~gnusha@unaffiliated/kanzure/bot/gnusha] has joined #bitcoin-wizards 04:16 -!- Topic for #bitcoin-wizards: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja 04:16 -!- Topic set by andytoshi [~andytoshi@unaffiliated/andytoshi] [Fri Aug 22 14:51:37 2014] 04:16 [Users #bitcoin-wizards] 04:16 [@ChanServ ] [ comboy ] [ go1111111 ] [ larraboj ] [ nickler ] [ sneak ] 04:16 [ [7] ] [ copumpkin ] [ Graet ] [ lclc ] [ nsh ] [ sparetire_ ] 04:16 [ [ace] ] [ cornus_ammonis ] [ grandmaster ] [ leakypat ] [ nuke1989 ] [ spinza ] 04:16 [ [d__d] ] [ Cory ] [ GreenIsMyPepper] [ lechuga__ ] [ null ] [ Sqt ] 04:16 [ a5m0 ] [ coryfields_ ] [ gribble ] [ LeMiner ] [ null_radix ] [ Starduster ] 04:16 [ aakselrod ] [ crescendo ] [ Guest4827 ] [ livegnik ] [ Oizopower ] [ starsoccer ] 04:16 [ adams_ ] [ CryptOprah ] [ guruvan ] [ lmacken ] [ OneFixt_ ] [ stonecoldpat ] 04:16 [ adlai ] [ cryptowest_ ] [ gwillen ] [ lnovy ] [ optimator ] [ STRML ] 04:16 [ AdrianG ] [ cursive ] [ harrigan ] [ Logicwax ] [ otoburb ] [ sturles ] 04:16 [ afdudley ] [ d9b4bef9 ] [ harrow ] [ luigi1111 ] [ p15 ] [ SubCreative ] 04:16 [ afk11 ] [ damethos ] [ hashtagg ] [ luigi1111w ] [ p15x_ ] [ SwedFTP ] 04:16 [ airbreather ] [ dansmith_btc ] [ helo ] [ Luke-Jr ] [ Pan0ram1x ] [ Taek ] 04:16 [ ajweiss ] [ dardasaba ] [ hguux___ ] [ luny ] [ PaulCapestany ] [ TD-Linux ] 04:16 [ Alanius ] [ dasource ] [ HostFat ] [ maaku ] [ paveljanik ] [ throughnothing_] 04:16 [ amiller ] [ davout ] [ hulkhogan42o ] [ Mably ] [ petertodd ] [ Tiraspol ] 04:16 [ Anduck ] [ dc17523be3 ] [ Hunger- ] [ Madars ] [ phantomcircuit] [ tjader ] 04:16 [ andy-logbot ] [ dEBRUYNE ] [ huseby ] [ manan19 ] [ phedny ] [ Tjopper ] 04:16 [ andytoshi ] [ devrandom ] [ indolering ] [ mappum ] [ pigeons ] [ Transisto ] 04:16 [ antgreen ] [ dgenr8 ] [ Iriez ] [ mariorz ] [ platinuum ] [ tromp ] 04:16 [ Apocalyptic ] [ DougieBot5000 ] [ isis ] [ Meeh ] [ poggy ] [ tromp_ ] 04:16 [ artifexd ] [ Dr-G ] [ jaromil ] [ melvster ] [ PRab ] [ unlord_ ] 04:16 [ arubi ] [ EasyAt_ ] [ jbenet ] [ merlincorey ] [ prodatalab ] [ veox ] 04:16 [ azariah ] [ ebfull ] [ jcorgan ] [ michagogo ] [ Quanttek ] [ vonzipper ] 04:16 [ b_lumenkraft ] [ Eliel ] [ jessepollak ] [ midnightmagic] [ Relos ] [ wallet42 ] 04:16 [ BananaLotus ] [ Emcy ] [ jhogan42 ] [ mikolalysenko] [ richardus ] [ warptangent ] 04:16 [ bedeho ] [ epscy ] [ jmaurice ] [ mkarrer_ ] [ roasbeef_ ] [ warren ] 04:16 [ berndj ] [ eric ] [ jonasschnelli ] [ mm_0 ] [ RoboTeddy ] [ waxwing ] 04:16 [ binaryatrocity ] [ espes__ ] [ jtimon_ ] [ moa ] [ runeks__ ] [ weex ] 04:16 [ bliljerk101 ] [ face ] [ justanotheruser] [ MoALTz ] [ rusty ] [ whale ] 04:16 [ BlueMatt ] [ Firescar96 ] [ K1773R ] [ morcos ] [ rustyn ] [ wizkid057 ] 04:16 [ BrainOverfl0w ] [ Fistful_of_coins] [ Keefe ] [ mr_burdell ] [ ryan-c ] [ wumpus ] 04:16 [ brand0 ] [ fluffypony ] [ kgk ] [ MRL-Relay ] [ ryanxcharles ] [ x98gvyn ] 04:16 [ bsm117532 ] [ forrestv ] [ kinlo ] [ Muis ] [ s1w ] [ xapp ] 04:16 [ c0rw1n ] [ GAit ] [ koshii ] [ nanotube ] [ sdaftuar ] [ Xzibit17 ] 04:16 [ catcow ] [ gavinandresen ] [ Krellan ] [ NeatBasisW ] [ SDCDev ] [ yoleaux ] 04:16 [ catlasshrugged_] [ gielbier ] [ kumavis ] [ nephyrin ] [ shesek ] [ yorick ] 04:16 [ cdecker ] [ gmaxwell ] [ Kwelstr ] [ nessence ] [ sl01 ] [ yrashk ] 04:16 [ cfields_ ] [ gnusha ] [ kyuupichan ] [ NewLiberty ] [ smooth ] [ Zouppen ] 04:16 -!- Irssi: #bitcoin-wizards: Total of 228 nicks [1 ops, 0 halfops, 0 voices, 227 normal] 04:16 -!- Channel #bitcoin-wizards created Mon Feb 25 23:24:47 2013 04:16 -!- Irssi: Join to #bitcoin-wizards was synced in 14 secs 04:20 -!- whale [~jinglebel@149.130.134.120] has quit [Remote host closed the connection] 04:27 < Eliel> fluffypony: is that an inside joke or are you serious? :P 04:34 -!- jtimon_ [~quassel@41.Red-83-59-233.dynamicIP.rima-tde.net] has quit [Ping timeout: 256 seconds] 04:35 -!- p15 [~p15@123.118.86.166] has quit [Max SendQ exceeded] 04:40 -!- p15 [~p15@123.118.86.166] has joined #bitcoin-wizards 04:41 -!- belcher [~belcher-s@unaffiliated/belcher] has joined #bitcoin-wizards 04:42 -!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards 04:43 -!- p15 [~p15@123.118.86.166] has quit [Max SendQ exceeded] 04:46 -!- jhogan42 [~jhogan42@c-67-169-168-179.hsd1.ca.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com] 04:46 -!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Ping timeout: 245 seconds] 04:49 -!- p15 [~p15@123.118.86.166] has joined #bitcoin-wizards 04:51 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 264 seconds] 04:55 -!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.] 04:57 < fluffypony> Eliel: https://botbot.me/freenode/bitcoin-wizards/2015-04-18/?msg=36911496&page=1 05:06 -!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards 05:19 -!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection] 05:28 -!- xenog [~xenog@95.83.254.108] has joined #bitcoin-wizards 05:29 -!- xenog [~xenog@95.83.254.108] has quit [Read error: Connection reset by peer] 05:29 -!- xenog [~xenog@95.83.254.108] has joined #bitcoin-wizards 05:32 -!- xenog [~xenog@95.83.254.108] has quit [Client Quit] 05:32 -!- SDCDev [~quassel@unaffiliated/sdcdev] has quit [Ping timeout: 265 seconds] 05:33 -!- SDCDev [~quassel@196-210-38-243.dynamic.isadsl.co.za] has joined #bitcoin-wizards 05:33 -!- SDCDev [~quassel@196-210-38-243.dynamic.isadsl.co.za] has quit [Changing host] 05:33 -!- SDCDev [~quassel@unaffiliated/sdcdev] has joined #bitcoin-wizards 05:35 -!- mm_0 is now known as mm_1 05:37 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Read error: Connection reset by peer] 05:37 -!- pavel_ [~paveljani@79-98-72-216.sys-data.com] has joined #bitcoin-wizards 05:37 -!- pavel_ [~paveljani@79-98-72-216.sys-data.com] has quit [Client Quit] 05:38 -!- cluckj [~cluckj@c-71-225-211-210.hsd1.pa.comcast.net] has joined #bitcoin-wizards 05:38 -!- Rynomster [~quassel@unaffiliated/rynomster] has joined #bitcoin-wizards 05:41 -!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards 05:41 -!- SDCDev [~quassel@unaffiliated/sdcdev] has quit [Ping timeout: 256 seconds] 05:50 -!- kanzure [~kanzure@unaffiliated/kanzure] has joined #bitcoin-wizards 05:51 -!- wallet42 [~wallet42@78.189.29.215] has quit [Quit: Leaving.] 05:53 -!- wallet42 [~wallet42@78.189.29.215] has joined #bitcoin-wizards 05:54 -!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection] 06:01 -!- jeremyrubin [~jeremyrub@jeremys-mbp.media.mit.edu] has joined #bitcoin-wizards 06:06 -!- cbeams [~cbeams@chello084114181075.1.15.vie.surfer.at] has joined #bitcoin-wizards 06:06 -!- cbeams [~cbeams@chello084114181075.1.15.vie.surfer.at] has quit [Changing host] 06:06 -!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards 06:14 -!- adam3us [~Adium@88-105-23-192.dynamic.dsl.as9105.com] has joined #bitcoin-wizards 06:22 -!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection] 06:23 -!- p15x_ [~p15x@123.118.86.166] has quit [Ping timeout: 250 seconds] 06:23 -!- p15 [~p15@123.118.86.166] has quit [Ping timeout: 272 seconds] 06:23 -!- p15_ [~p15@123.118.94.249] has joined #bitcoin-wizards 06:24 -!- p15x [~p15x@182.50.108.72] has joined #bitcoin-wizards 06:25 -!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards 06:27 -!- p15_ [~p15@123.118.94.249] has quit [Max SendQ exceeded] 06:28 -!- p15 [~p15@123.118.94.249] has joined #bitcoin-wizards 06:28 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards 06:28 -!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards 06:34 -!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Ping timeout: 272 seconds] 06:35 -!- p15 [~p15@123.118.94.249] has quit [Max SendQ exceeded] 06:35 -!- Guest4827 is now known as HM2 06:36 -!- HM2 is now known as HM 06:36 -!- p15 [~p15@123.118.94.249] has joined #bitcoin-wizards 06:39 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Quit: Leaving.] 06:40 -!- whale [~jinglebel@149.130.245.91] has joined #bitcoin-wizards 06:41 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards 06:42 -!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 248 seconds] 06:43 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 256 seconds] 06:45 -!- hashtag_ [~hashtag@81.0.80.12] has joined #bitcoin-wizards 06:51 -!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye] 06:52 -!- iddo [~idddo@unaffiliated/iddo] has joined #bitcoin-wizards 06:53 -!- zooko [~user@c-67-176-52-224.hsd1.co.comcast.net] has joined #bitcoin-wizards 06:57 -!- mm_1 is now known as mm_0 07:02 -!- p15 [~p15@123.118.94.249] has quit [Max SendQ exceeded] 07:03 -!- p15 [~p15@123.118.94.249] has joined #bitcoin-wizards 07:06 -!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards 07:22 -!- mm_0 is now known as mm_1 07:36 -!- x98gvyn [~vfbtgn@188.27.90.84] has quit [Ping timeout: 246 seconds] 07:42 -!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 255 seconds] 07:48 -!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection] 07:48 -!- mm_1 is now known as mm_0 07:50 -!- p15x_ [~p15x@182.50.108.36] has joined #bitcoin-wizards 07:51 -!- p15 [~p15@123.118.94.249] has quit [Ping timeout: 245 seconds] 07:51 -!- p15x [~p15x@182.50.108.72] has quit [Ping timeout: 245 seconds] 07:51 -!- binaryatrocity [~atr0phy.n@unaffiliated/br4n] has quit [Read error: Connection reset by peer] 07:52 -!- binaryatrocity [~atr0phy.n@69.85.87.117] has joined #bitcoin-wizards 07:52 -!- binaryatrocity [~atr0phy.n@69.85.87.117] has quit [Changing host] 07:52 -!- binaryatrocity [~atr0phy.n@unaffiliated/br4n] has joined #bitcoin-wizards 07:53 -!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards 07:58 -!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards 08:05 -!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards 08:06 -!- p15x_ [~p15x@182.50.108.36] has quit [Ping timeout: 245 seconds] 08:07 -!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded] 08:08 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Read error: Connection reset by peer] 08:08 -!- melvster1 [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards 08:08 -!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards 08:09 -!- ryanxcharles [~ryan@2601:9:4680:dd0:dd6:4e1a:aaf4:ab72] has quit [Ping timeout: 245 seconds] 08:09 -!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards 08:11 -!- cbeams [~cbeams@unaffiliated/cbeams] has quit [Remote host closed the connection] 08:22 -!- satwo [~satwo@unaffiliated/satwo] has joined #bitcoin-wizards 08:24 -!- lclc [~lucas@unaffiliated/lclc] has quit [Ping timeout: 248 seconds] 08:27 -!- zmachine [uid53369@gateway/web/irccloud.com/x-hozgscmqnpqodpqr] has joined #bitcoin-wizards 08:31 -!- delitzer [~delitzer@c-66-30-9-144.hsd1.ma.comcast.net] has joined #bitcoin-wizards 08:31 -!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded] 08:32 -!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards 08:37 -!- whale [~jinglebel@149.130.245.91] has quit [Remote host closed the connection] 08:39 -!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded] 08:42 -!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 250 seconds] 08:43 -!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards 08:43 -!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded] 08:44 -!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards 08:44 -!- xenog [~xenog@46.7.118.40] has joined #bitcoin-wizards 08:47 -!- zooko [~user@c-67-176-52-224.hsd1.co.comcast.net] has quit [Ping timeout: 250 seconds] 08:48 -!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards 08:51 -!- delitzer [~delitzer@c-66-30-9-144.hsd1.ma.comcast.net] has left #bitcoin-wizards [] 08:54 -!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded] 08:55 -!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards 08:56 -!- wallet42 [~wallet42@78.189.29.215] has quit [Quit: Leaving.] 08:58 -!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards 08:59 -!- dc17523be3 [unknown@gateway/vpn/mullvad/x-byszzurigaymlqbp] has quit [Ping timeout: 256 seconds] 09:01 -!- dc17523be3 [unknown@gateway/vpn/mullvad/x-iuxjwcctcnkcemka] has joined #bitcoin-wizards 09:02 -!- Emcy [~MC@unaffiliated/mc1984] has quit [Ping timeout: 272 seconds] 09:05 -!- jeremyrubin [~jeremyrub@jeremys-mbp.media.mit.edu] has quit [] 09:10 -!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-zxuydnlizhevazpo] has joined #bitcoin-wizards 09:10 -!- HostFat [~HostFat@adsl-ull-187-93.42-151.net24.it] has quit [Ping timeout: 276 seconds] 09:12 -!- mm_0 is now known as mm_1 09:17 < fluffypony> So just so we all know, Ethereum will be 100% safe to use, because it depends on Go code, not on correct maths: https://twitter.com/vitalikbuterin/status/589337931283832832 09:17 < fluffypony> .title 09:17 < yoleaux> Vitalik Buterin auf Twitter: "@fluffyponyza @mperklin The safety of people's funds depends on the go code, not the math notation. And the go code is doing just fine." 09:21 < sturles> I believe it says "math notation", not maths. 09:21 < fluffypony> sturles: you can't really separate the two; by definition maths requires precision 09:22 < fluffypony> "Oh sorry guize, missed landing on Mars because sqrt not sqr, my bad lol" 09:23 < sturles> Yes, you can. There are several notations for may sub-diciplines in math. 09:23 < fluffypony> It's basically one of those places where pedantry is a prerequisite:-P 09:23 -!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded] 09:23 < sturles> E.g.: http://en.wikipedia.org/wiki/Notation_for_differentiation 09:23 < sturles> "In differential calculus, there is no single uniform notation for differentiation. Instead, several different notations for the derivative of a function or variable have been proposed by different mathematicians. The usefulness of each notation varies with the context, and it is sometimes advantageous to use more than one notation in a given context. The most common notations for differentiation 09:23 < sturles> are listed below." 09:24 < fluffypony> sturles: sure, but this is the specific case he's referring to - http://imgur.com/MPrtgdy 09:25 < fluffypony> Tbh his use of "notation" is a red herring, this is more than just notation 09:26 < sturles> Did anyone find actual errors, or just awkward notation? Of course using your own notation may make it very difficult for trained mathematicians to spot mistakes without cleaning it up first. 09:27 < sturles> Which is bad. 09:27 -!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards 09:31 -!- Burrito [~Burrito@unaffiliated/burrito] has joined #bitcoin-wizards 09:40 < gmaxwell> sturles: most of that paper just makes no sense. 09:42 < gmaxwell> asking if there are errors is like asking if you found errors in beat poetry. The reason people are picking on the notation is because they feel it's the paper being intetionally obfscuated and putting on a show of sophication that doesn't actually fit. 09:42 -!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 272 seconds] 09:43 -!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded] 09:46 -!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has quit [Read error: Connection reset by peer] 09:48 -!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards 09:49 -!- mm_1 is now known as mm_0 09:50 < fluffypony> sturles: the notation makes everything unclear, so it's impossible to determine validity or soundness; how do you forego that and then focus on the "concepts"? 09:51 -!- AlienProject [~Alien_Pro@72.53.101.165] has joined #bitcoin-wizards 09:51 < fluffypony> put another way: if I told you that 10 minute blocks are way too long, and 8 second blocks are preferable, you'd undoubtedly ask me to provide evidence of that statement 09:51 < fluffypony> if my evidence is 3WAFFLE 8 X &@#)@#* = 7 what are you going to say? 09:51 -!- Emcy [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has joined #bitcoin-wizards 09:51 -!- Emcy [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has quit [Changing host] 09:51 -!- Emcy [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards 09:52 < gmaxwell> It also fails to cite prior work, so it's unclear whats background and what they're claiming is concepts. The things like fraud proofs are an old idea. 09:53 < gmaxwell> The descriptions of things use symbology that is introduced nowhere before randomly, so you litterally cannot understand quite a few sentences; beyond "I know this is talking about subject X, but I can't figure out what if anything of substance its saying about it.". 09:54 < jcorgan> i'll give him a small benefit of the doubt. it seems like something a self-taught person would do, unaware of the typical academic conventions of notation, citing prior work, and extending existing conceptual frameworks. 09:54 < jcorgan> iow, young and naive. 09:55 < fluffypony> jcorgan: a self-taught person would tend to explain things a LOT more clearly, because they're had to learn from junk on the Interwebz and books written on a subject (rather than academic text books) 09:56 < gmaxwell> It's also unaware of the solutions that some of the prior work presents. E.g. the problem with fraud proofs is that if no one can check the data, no one can produce the fraud proof. It waxes on philosophically about this at length but never attempts and solutions or really points out how fatal it is for using fraud proofs for anything related to bandwidth scaling. (Part of the reason we've not 09:56 < gmaxwell> implemented them even though we proposed them in 2011/2012). 09:56 < gmaxwell> This is also sad because unawareness of other work means that they weren't aware that the community actually has an interesting and powerful improvment to fraud censorship: 09:57 -!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards 10:00 < gmaxwell> Problem there is: say a block contains an invalid spend; you're expecting people randomly checking parts to spot it (and have constructed the block so this is possible), once any participant finds fraud they can compactly prove it to everyone transitively connected to them. Hurray. But if no one will give them the fradulent data, they can't sample uniformly, and they just won't see it. Setting th 10:00 < gmaxwell> ings up so someone can prove their sampling is being blocked seems to be quite hard. 10:01 -!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has joined #bitcoin-wizards 10:02 < gmaxwell> The improvement we have is this, a party offering a block to the network can be required to code it using a locally decodable rateless error correcting code. So they virtually expand the block up to 'infinite' size, such that if you read approx. $blocksize worth of the the infinite space at random, you can recover the whole block. 10:03 < gmaxwell> Now, when people fetch, they pick random parts to fetch, and check those parts.. but if the sever transmits more than the total block size in aggregate, the other nodes can colaborate to recover any censored parts. So the total amount transmitted must be limited. 10:05 -!- whale [~jinglebel@149.130.224.66] has joined #bitcoin-wizards 10:05 < gmaxwell> It's not clear if this is actually useful --- it basically means that any block transmitted by an untrusted peer can only come from sources that have the whole block... which is less useful. But its an interesting area.. and the kind of stuff that anyone who would hope to make progress in this space should know about. 10:07 -!- nuke1989 [~nuke@46-198-83-118.adsl.cyta.gr] has quit [Read error: Connection reset by peer] 10:08 -!- nuke1989 [~nuke@46-198-83-118.adsl.cyta.gr] has joined #bitcoin-wizards 10:12 -!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 244 seconds] 10:12 < fluffypony> gmaxwell: wouldn't that be useful once blockchain pruning gets added, ie. for fetching pre-pruning block data from those peers that offer it? 10:14 < gmaxwell> fluffypony: you don't need that for that.. in that case you just fetch it from whomever has it. Thats all above about addressing a specific problem where: (1) Not everone will fetch everything, (2) people will fetch things at random and check and tell others if they find problems (3) the randomness in (2) is essential for security. 10:16 < gmaxwell> one could use fec to make it harder to lose data completely, but the extra overhead of storing correction data could instead be used to just store more blocks. The correction data approach is slightly more powerful, but I don't see "can't find a block" as being a serious issue. 10:16 < gmaxwell> (and has to be weighed against the FEC being slow) 10:16 < gmaxwell> Freenet uses FEC in that manner though. 10:16 < fluffypony> ah makes sense 10:20 -!- whale [~jinglebel@149.130.224.66] has quit [Remote host closed the connection] 10:22 -!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards 10:23 -!- whale [~jinglebel@149.130.224.66] has joined #bitcoin-wizards 10:23 < gmaxwell> (For those not faimlar with how error correcting codes work, imagine instead of storing block 5 or block 500 you store block 5 xor block 500.. now later your data is helpful to _either_ someone who has 5 and wants 500 but can't find it, OR helpful to someone who has 500 and wants 5-- just as helpful as having the wanted block. But you didn't have to know in advance which of the two would go missi 10:23 < gmaxwell> ng. If 5 and 500 are both missing though, your data isn't helpful at all. There are more complex schemes that let you achieve coding groups of any N=data, K=redundancy, even efficient ones where K=infinity. 10:30 -!- x98gvyn [~vfbtgn@82.77.167.173] has joined #bitcoin-wizards 10:32 < Taek> if you're using fountain codes to request random parts of a block, how do you report that someone is refusing to send a particular piece without opening yourself to the attack were someone reports that every piece of every block can't be requested? 10:32 -!- Firescar96 [~nchinda2@18.189.122.17] has quit [Ping timeout: 245 seconds] 10:32 < Taek> also does using fountain codes give you any sort of guarantee that the block is smaller than $size? 10:34 -!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has quit [Ping timeout: 276 seconds] 10:43 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:edd0:d1aa:cbe5:33b6] has quit [Ping timeout: 245 seconds] 10:53 -!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards 10:55 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 250 seconds] 10:56 < gmaxwell> Taek: you don't report that, instead everyone selects totally seperate pieces (e.g. cryptographically random 128 bit indexes); the sender cannot emit more than a threshold of total output without allowing recovery; if they try to censor any piece that touches a segment of the block in question, they'll have to block almost everyone (basically everyone minus the overhead of the scheme). 10:58 -!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has quit [Ping timeout: 264 seconds] 10:59 < gmaxwell> you can think of it interms that the probablity that they'll have to block a user to prevent possible recovery of the fradulent segment starts off at ~1/segments and tends to 1 as the number of segements served goes to the blocksize+overhead. As far as the size goes, you wouldn't be able to decode anything at all if the size was miststated. 11:03 -!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has joined #bitcoin-wizards 11:05 < Taek> ok. So if I'm trying to decode and verify some subset of the block, I'm going to request cryptographically random coded pieces of the block until I've got enough data to decode some particular segment? 11:05 < Taek> and if lots of people are doing this, eventually some of them will be able to recover the fraudulent segment? 11:05 < gmaxwell> Taek: or the server will have to start rejecting virtually every request. 11:06 < gmaxwell> (by the point where its given out roughly one copy worth in total) 11:07 < Taek> that's pretty neat 11:07 < gmaxwell> this may be more useful for something somewhat more centeralized than a blockchain cryptocurrency; e.g. a opentransactions like private ledger, or a system like certificate transparency; ... things where there is a 'well known server'. 11:08 < gmaxwell> but it's an interesting tool in the toolbelt. 11:08 -!- Rynomster [~quassel@unaffiliated/rynomster] has quit [Ping timeout: 252 seconds] 11:09 < Taek> why couldn't you apply it to lightweight Bitcoin nodes? 11:10 < kanzure> was there anything before loom and opentransactions that did similar cryptography things for signed receipts and balances? 11:11 < Taek> it seems to me that you would need multiple parties trying to assemble and share a full block to prevent the server from selectively excluding people by always refusing their requests 11:11 < gmaxwell> Taek: you can but the server in the scheme needs to have all the data. 11:11 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Remote host closed the connection] 11:11 < gmaxwell> which makes it somewhat less exciting when you want to imagine multiple servers. 11:11 < Taek> right you still need full nodes, but it seems like an upgrade from SPV verification 11:12 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards 11:12 < gmaxwell> kanzure: digicash? 11:13 -!- devrandom [~devrandom@unaffiliated/niftyzero1] has quit [Quit: leaving] 11:13 < kanzure> digicash doesn't count for what i have in mind 11:13 < gmaxwell> Taek: sure, fraud proofs alone are an upgrade there (Even without the anti-censorship measures). (also, note that the bitcoin whitepaper admits spv nodes being able to detect fraud that way; it just doesn't mention compact fraud proofs; so it's unclear how you could detect fraud that way without it being a huge DOS vector). 11:14 < kanzure> surely there was an open-source "signed receipts" utility that existed backwhenever 11:17 < gmaxwell> Taek: Another approach we had to the censorship problem was just, if you really cannot obtain a segment, you compute a costly hashcash proof "I cannot obtain segment X". And nodes have some acceptable overhead they're willing to take for additional load for censorship proofs. e.g. they'll double their bandwidth by requesting an equal number of claimed censored segments to actual segements. Then 11:17 < gmaxwell> they take the censored claims they've heard and pick that many at random weighed by their amount of hashcash proof. If they also find it censored, they begin working on the hashcash to emit a stronger hashcash proof for censorship. 11:18 < gmaxwell> kanzure: ask adam, nothing is coming to mind but that may be because I don't know precisely what you're referring to. Does RPOW's tokens fit your criteria? 11:19 < amiller> kanzure, maybe truledger? 11:19 < amiller> nvm that is loom 11:19 < kanzure> rpow tokens might fit, but i just mean more general accounting software with issuances, receipts, transactions... surprisingly, gnucash might come close. 11:19 < amiller> hrm maybe it's not loom... but came after? 11:20 < kanzure> http://www.gnucash.org/features.phtml 11:20 < kanzure> this does not even look multi-user 11:20 < gmaxwell> Taek: I suspect it may be possible that you can set that up so that a censor is unlikely to be successful (unlikely proportional to the overhead people take) when the attacker has a miniority hashpower; but I haven't chased that idea enough to work out the security argument for it. 11:20 -!- cornus_ammonis [~Cornus@pool-173-73-140-137.washdc.fios.verizon.net] has quit [Ping timeout: 250 seconds] 11:28 -!- p15 [~p15@114.248.223.237] has quit [Max SendQ exceeded] 11:31 -!- p15 [~p15@114.248.223.237] has joined #bitcoin-wizards 11:47 -!- whale [~jinglebel@149.130.224.66] has quit [Remote host closed the connection] 11:47 -!- whale [~jinglebel@149.130.224.66] has joined #bitcoin-wizards 11:48 -!- whale [~jinglebel@149.130.224.66] has quit [Remote host closed the connection] 11:58 -!- xcthulhu [~mpwd@pine.noqsi.com] has joined #bitcoin-wizards 12:01 < jcorgan> i'm not sure whatever happened to the project, but last year there was a group that was going to broadcast new blocks in a data sub-channel of a DVB-T station in Finland. IIRC they were going to use a fountain code to continually send encoded parts of the latest block so that receivers could start decoding at any point in time until they heard enough to reassemble the block locally. 12:04 -!- AlienProject [~Alien_Pro@72.53.101.165] has quit [Ping timeout: 248 seconds] 12:06 -!- xenog [~xenog@46.7.118.40] has quit [Ping timeout: 240 seconds] 12:08 -!- xenog [~xenog@46.7.118.40] has joined #bitcoin-wizards 12:12 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards 12:13 -!- pollux-bts [uid52270@gateway/web/irccloud.com/x-lpqdbsguixvhuinm] has joined #bitcoin-wizards 12:20 -!- afk11 [~thomas@89.100.72.184] has quit [Quit: Leaving.] 12:21 < pigeons> truledger can act as a loom client and was inspired by loom, but the actual truledger system uses cryptogrphy instead of loom's "big numbers" 12:24 < pigeons> truledger server and client agree on signed balances yes 12:36 -!- zmachine [uid53369@gateway/web/irccloud.com/x-hozgscmqnpqodpqr] has quit [Quit: Connection closed for inactivity] 12:39 -!- satwo_ [~satwo@unaffiliated/satwo] has joined #bitcoin-wizards 12:40 -!- satwo [~satwo@unaffiliated/satwo] has quit [Ping timeout: 245 seconds] 12:43 -!- SDCDev [~quassel@unaffiliated/sdcdev] has joined #bitcoin-wizards 12:49 -!- AlienProject [~Alien_Pro@72.53.101.165] has joined #bitcoin-wizards 12:49 -!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded] 12:54 -!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards 13:07 -!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Read error: Connection reset by peer] 13:09 -!- sparetire [~sparetire@unaffiliated/sparetire] has joined #bitcoin-wizards 13:16 -!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-zxuydnlizhevazpo] has quit [Quit: Connection closed for inactivity] 13:17 -!- dryhopper [18b63105@gateway/web/freenode/ip.24.182.49.5] has joined #bitcoin-wizards 13:21 -!- dignork [~dignork@unaffiliated/dignork] has joined #bitcoin-wizards 13:22 -!- dryhopper [18b63105@gateway/web/freenode/ip.24.182.49.5] has quit [Ping timeout: 246 seconds] 13:33 -!- hulkhogan42o [~WW@unaffiliated/loteriety] has quit [Ping timeout: 245 seconds] 13:36 -!- hulkhogan42o [WW@gateway/vpn/mullvad/x-vjacinagruirdptd] has joined #bitcoin-wizards 13:37 -!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-jntcyljmroftseyt] has joined #bitcoin-wizards 13:46 -!- Rynomster [~quassel@unaffiliated/rynomster] has joined #bitcoin-wizards 13:48 -!- SDCDev [~quassel@unaffiliated/sdcdev] has quit [Ping timeout: 245 seconds] 13:51 -!- zooko [~user@174-16-215-53.hlrn.qwest.net] has joined #bitcoin-wizards 14:14 -!- xenog [~xenog@46.7.118.40] has quit [Quit: Leaving.] 14:16 -!- nessence [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has quit [Remote host closed the connection] 14:17 -!- [d__d] [~d__d]@ec2-54-85-45-223.compute-1.amazonaws.com] has quit [Ping timeout: 250 seconds] 14:18 -!- [d__d] [~d__d]@ec2-54-85-45-223.compute-1.amazonaws.com] has joined #bitcoin-wizards 14:28 -!- hashtagg [~hashtagg_@cpe-69-23-213-3.ma.res.rr.com] has quit [Ping timeout: 255 seconds] 14:29 -!- hashtagg [~hashtagg_@cpe-69-23-213-3.ma.res.rr.com] has joined #bitcoin-wizards 14:30 -!- tjader [~tjader@179.210.108.36] has quit [Ping timeout: 256 seconds] 14:33 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards 14:35 -!- Tjopper [~Jop@dhcp-077-249-237-229.chello.nl] has quit [Read error: Connection reset by peer] 14:40 -!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has quit [Remote host closed the connection] 14:41 -!- xcthulhu [~mpwd@pine.noqsi.com] has quit [Quit: xcthulhu] 14:48 -!- Firescar96 [~nchinda2@18.189.125.28] has joined #bitcoin-wizards 14:50 -!- tryout123 [d92ae275@gateway/web/cgi-irc/kiwiirc.com/ip.217.42.226.117] has joined #bitcoin-wizards 14:50 -!- b_lumenkraft [~b_lumenkr@unaffiliated/b-lumenkraft/x-4457406] has quit [Quit: b_lumenkraft] 14:51 -!- tryout123 [d92ae275@gateway/web/cgi-irc/kiwiirc.com/ip.217.42.226.117] has quit [Client Quit] 15:13 -!- zooko [~user@174-16-215-53.hlrn.qwest.net] has quit [Ping timeout: 276 seconds] 15:20 -!- x98gvyn [~vfbtgn@82.77.167.173] has quit [Ping timeout: 245 seconds] 15:30 -!- dansmith_btc [~dansmith@unaffiliated/dansmith-btc/x-0355117] has quit [Ping timeout: 246 seconds] 15:36 -!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has joined #bitcoin-wizards 15:40 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds] 15:41 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards 15:42 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Read error: Connection reset by peer] 15:42 -!- RoboTed__ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards 15:45 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 276 seconds] 15:47 -!- whale [~jinglebel@184-209-8-30.pools.spcsdns.net] has joined #bitcoin-wizards 15:47 -!- RoboTed__ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 246 seconds] 15:47 -!- mm_0 is now known as mm_1 15:47 -!- mm_1 is now known as mm_0 15:48 -!- xcthulhu [~mpwd@pine.noqsi.com] has joined #bitcoin-wizards 15:53 -!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has quit [Ping timeout: 248 seconds] 15:54 -!- whale [~jinglebel@184-209-8-30.pools.spcsdns.net] has quit [Read error: Connection reset by peer] 15:56 -!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has joined #bitcoin-wizards 16:00 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 16:01 -!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has quit [Ping timeout: 256 seconds] 16:02 -!- whale [~jinglebel@184.209.8.30] has joined #bitcoin-wizards 16:03 -!- dansmith_btc [~dansmith@static-ip-188-138-127-218.inaddr.ip-pool.com] has joined #bitcoin-wizards 16:03 -!- jtimon [~quassel@41.Red-83-59-233.dynamicIP.rima-tde.net] has joined #bitcoin-wizards 16:05 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Quit: :)] 16:09 -!- whale [~jinglebel@184.209.8.30] has quit [Remote host closed the connection] 16:12 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards 16:17 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds] 16:18 -!- sparetire [~sparetire@unaffiliated/sparetire] has quit [Quit: sparetire] 16:25 -!- xcthulhu [~mpwd@pine.noqsi.com] has quit [Quit: xcthulhu] 16:29 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards 16:38 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 255 seconds] 16:50 -!- HostFat [~HostFat@adsl-ull-187-93.42-151.net24.it] has joined #bitcoin-wizards 16:52 -!- satwo_ [~satwo@unaffiliated/satwo] has quit [] 16:59 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:8c74:47b4:6891:1826] has joined #bitcoin-wizards 17:02 -!- x98gvyn [~vfbtgn@86.126.0.70] has joined #bitcoin-wizards 17:13 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards 17:13 -!- nessence [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has joined #bitcoin-wizards 17:13 -!- Kwelstr [~rex@2602:306:cd77:1d10:c9e7:1b25:aa23:e7f7] has quit [Quit: Leaving] 17:14 -!- AlienProject [~Alien_Pro@72.53.101.165] has quit [Ping timeout: 256 seconds] 17:15 -!- Kwelstr [~rex@2602:306:cd77:1d10:646e:36a:1eb8:4a5] has joined #bitcoin-wizards 17:17 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 246 seconds] 17:20 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards 17:21 -!- sparetire [~sparetire@unaffiliated/sparetire] has joined #bitcoin-wizards 17:23 -!- PaulCapestany [~PaulCapes@204.28.124.82] has quit [Read error: Connection reset by peer] 17:23 -!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards 17:27 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards 17:29 -!- Mably [~Mably@unaffiliated/mably] has quit [Ping timeout: 240 seconds] 17:36 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Remote host closed the connection] 17:42 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has joined #bitcoin-wizards 17:42 -!- mkarrer_ [~mkarrer@46.Red-79-154-251.dynamicIP.rima-tde.net] has quit [] 17:44 -!- mkarrer [~mkarrer@46.Red-79-154-251.dynamicIP.rima-tde.net] has joined #bitcoin-wizards 18:01 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 255 seconds] 18:09 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:8c74:47b4:6891:1826] has quit [Ping timeout: 245 seconds] 18:24 -!- coinrookie [~c0inr00ki@c-68-53-21-189.hsd1.tn.comcast.net] has joined #bitcoin-wizards 18:34 -!- Dr-G2 [~Dr-G@x4d08aa2e.dyn.telefonica.de] has joined #bitcoin-wizards 18:34 -!- Dr-G [~Dr-G@unaffiliated/dr-g] has quit [Disconnected by services] 18:39 -!- c0rw1n is now known as c0rw|sleep 18:39 -!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards 18:50 -!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has joined #bitcoin-wizards 18:50 -!- xcthulhu [~mpwd@pine.noqsi.com] has joined #bitcoin-wizards 18:51 -!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has quit [Client Quit] 18:52 -!- zooko` [~user@174-16-95-68.hlrn.qwest.net] has joined #bitcoin-wizards 18:52 -!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 245 seconds] 18:54 -!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Ping timeout: 248 seconds] 19:00 -!- HostFat [~HostFat@adsl-ull-187-93.42-151.net24.it] has quit [Ping timeout: 245 seconds] 19:00 -!- melvster1 [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Read error: Connection reset by peer] 19:01 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards 19:05 -!- metamarc [~snizysnaz@97.95.172.50] has joined #bitcoin-wizards 19:05 -!- metamarc [~snizysnaz@97.95.172.50] has quit [Changing host] 19:05 -!- metamarc [~snizysnaz@unaffiliated/agorist000] has joined #bitcoin-wizards 19:10 -!- fanquake [~fanquake@unaffiliated/fanquake] has joined #bitcoin-wizards 19:11 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 250 seconds] 19:12 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards 19:14 -!- blablaa [~z@unaffiliated/blablaa] has joined #bitcoin-wizards 19:15 < blablaa> what do people here think about PoS? i'm thinking the savings in costs of maintaining network can be so huge, it's worth investigating... 19:16 -!- belcher [~belcher-s@unaffiliated/belcher] has quit [Quit: Leaving] 19:16 < phantomcircuit> blablaa, doesn't work 19:16 < bsm117532> Yes, failing to achieve consensus is cheap. 19:16 < phantomcircuit> https://download.wpsoftware.net/bitcoin/pos.pdf 19:17 < blablaa> phantomcircuit, reading 19:17 < phantomcircuit> blablaa, there was a lot of hope that it would work early 19:17 < phantomcircuit> but sadly no 19:19 < blablaa> phantomcircuit, i was thinking about punishing double signers, i see it's dealt in your paper, reading it 19:19 < phantomcircuit> blablaa, thats from andytoshi btw 19:20 -!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards 19:22 -!- Burrito [~Burrito@unaffiliated/burrito] has quit [Quit: Leaving] 19:25 < blablaa> phantomcircuit, stake-grinding just gives some more revenues to people with more computational power, no? doesn't seem fatal... 19:25 < phantomcircuit> blablaa, it's just one of many issues 19:25 < blablaa> but the problem of people selling their "stake" before messing up the network indeed seems a solid... 19:25 < blablaa> a solid problem, even if maybe more theoretical than practical 19:27 < kanzure> also https://download.wpsoftware.net/bitcoin/alts.pdf 19:27 < justanotheruser> blablaa: a practical problem as well https://bitcointalk.org/index.php?topic=131901.0 19:28 < phantomcircuit> justanotheruser, that's stake grinding i believe 19:29 < justanotheruser> yes 19:29 < justanotheruser> oh, he wasn't speaking of NaS in general 19:29 < phantomcircuit> the conclusion section notes that you can grind in such a way as to get yourself more stake in the future as well 19:29 < phantomcircuit> it's a powerful attack 19:30 < phantomcircuit> the only "solution" i've seen is limiting timestamp drift 19:30 < phantomcircuit> which doesn't work 19:33 < blablaa> phantomcircuit, timestamp is very ugly theoretically, maybe something like asking every block to be signed by 50% of coins would be more sensible 19:33 < blablaa> it would also kill stake grinding of any kind 19:34 < phantomcircuit> blablaa, doesn't work 19:35 < blablaa> why? 19:35 < phantomcircuit> because you cant get 50% of anybody to do anything in real time 19:36 < blablaa> hehe then make it 10% 19:37 < blablaa> but there is still the more general "stake" problem 19:37 < blablaa> well in this case there would be a battle for low delay 19:40 < justanotheruser> blablaa: that still leaves you open to other attacks, however that means an attacker needs 10% of the stake to grind 19:40 < justanotheruser> and your blocks will be *massive* 19:40 < blablaa> hehe yes i know 19:41 < phantomcircuit> also i (without thinking too hard) there's probably some speed of light issues with that 19:41 -!- zooko` is now known as zooko 19:41 -!- fanquake [~fanquake@unaffiliated/fanquake] has left #bitcoin-wizards [] 19:44 -!- hashtag_ [~hashtag@81.0.80.12] has quit [Ping timeout: 255 seconds] 19:50 -!- PRab [~chatzilla@2601:4:400:2105:a1de:ce13:2b47:7635] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 37.0.1/20150402191859]] 19:57 < blablaa> phantomcircuit, i don't understand why long range attacks would still be possible. Can't we still choose longest chain, and still choose the "true" one in this way? Because the one signed by more people will be longer, no? 19:57 < blablaa> so it seems to me the "long-range" attack is feasible only if one really has largest "stake" 19:57 < kanzure> "more people" no.. that's not how it works. you can't count people. 19:58 < blablaa> kanzure, people weighted by (not recently moved) coins they have 19:58 < gmaxwell> You can count keys, and the attacker gets lots of keys with coins as a product of their attack, so it self amplifies. 19:58 < kanzure> uh what is your definition of a person? 19:59 < blablaa> kanzure, damn i mean just count the "stake" 19:59 < blablaa> gmaxwell, the idea is to only consider the coins held for some blocks when "stake" is needed 20:00 < gmaxwell> you should visualize a ouroboros-- you can't build a consensus system outside of itself, it's tautological. 20:00 < blablaa> hehe 20:00 < kanzure> what i'm really confused about is why you don't think pos.pdf covers these objections already---- maybe it doesn't, and i'm remembering phantom text? 20:01 < gmaxwell> blablaa: yes and? so I go and obtain old no longer useful keys from people who've left the system, I fork using their ability to create blocks back then, and play forward. My alternative looks just as good -- it _is_ just as good, if the real network could have done it the fake one can too. 20:01 < gmaxwell> This is all described in the writeup, indeed. 20:02 < kanzure> perhaps those sentences need to be repeated twice in a row for emphasis in the doc 20:02 < gmaxwell> maybe a latex macro that makes flaming text. 20:02 < blablaa> gmaxwell, ok, right, i was just confused 20:03 < kanzure> is there a way the document could be made more clear to you? 20:03 < kanzure> and, which aspects are confusing? 20:03 < blablaa> gmaxwell, even if your attack is not entirely trivial, you've to obtain enough useful keys 20:03 < kanzure> you are missing a verb 20:03 < gmaxwell> it's okay, so this subject confused us for a long time. PoS was invented by the bitcoin tech community and most of us that were around then were super psyched about it for a couple months until we really started to understand all the subtle implications. 20:03 < kanzure> oh, excess abbreviation 20:03 < blablaa> gmaxwell, that at some point in the past were a large stake 20:04 < kanzure> the only safe operation of that would be to never have any private keys to begin with, to guard against the accumulation of private keys by any single person 20:05 < gmaxwell> blablaa: thats just one example; so don't fall into a trap of confusing a _specific_ set of operations that were used to illustrate a fundimental limitation as being the thing that must be prevented; the error that leads to is 'patching' around it (which usually then introduces new and potentially worse vulnerabilityies) and exhausting the cryptoanaylsis resources and patience. :) 20:05 < blablaa> hehe 20:05 -!- GAit [~lnahum@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer] 20:06 < blablaa> gmaxwell, it's just that for ALL fake chains you need to have them "nested" on a block where you had a large stake 20:06 < kanzure> "fake" 20:06 -!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Ping timeout: 240 seconds] 20:06 < gmaxwell> The point is that there is a fundimental issue there which results in many different attacks; and really should be addressed _in general_; otherwise you just get a system which is patchy and vulerable but too much of a PITA to analyize until it's really profitable to rip it off. (also the more complex the attack needed, the slower people are to respond to it; you can see an example with that with 20:06 < gmaxwell> pool hopping earlier in bitcoin's life) 20:06 -!- GAit [~lnahum@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards 20:07 < kanzure> there's no such thing as fake in these systems 20:07 < kanzure> there's no "fake history"... if a history validates then it is impossible to determine whether it was "fake" without resorting to a cetnral party. 20:08 < kanzure> (well, this could probably be tightened up to be more clear...) 20:08 < gmaxwell> blablaa: where collaborating attackers had enough stake to continue the system if the other users went away (in their alternative universe they'll expand their position thereafter). Also, in all these systems there is non-determinstic inputs, so you can 'boost' your apparent stake by trying over and over again. (often they delay the non-determinstic influence to make them not _instantly_ fail to 20:09 < gmaxwell> stake grinding, but they all have it for sufficiently large reorgs) 20:10 < blablaa> gmaxwell, the PoS i have in mind has no timestamp but many signatures per block 20:10 < blablaa> so there should be no grinding used for "boosting" your stake 20:10 < blablaa> hmm well but then it's entirely different, sorry 20:11 < blablaa> in the thing i've in mind, you can't mine not even a block without 10% stake 20:11 < gmaxwell> I do hope you've read alts.pdf; anyone can build a cryptosystem they themselves cannot break. It's really astonishingly hard to do anything in this space that doesn't just shatter. 20:12 < gmaxwell> blablaa: so if something like mtgox happened where ~10% of the coins were 'lost' at once the system cannot continue? 20:13 < blablaa> gmaxwell, indeed 20:13 < blablaa> gmaxwell, but agreed, the problem is people may still retain key even after having no longer the "stake" 20:13 < blablaa> so, in general, you're right 20:14 < blablaa> someone could buy these keys theoretically 20:14 -!- instagibbs [60ff5d39@gateway/web/freenode/ip.96.255.93.57] has joined #bitcoin-wizards 20:14 < instagibbs> I'm sure the mtgox "hackers" would gladly mint some blocks for you ;) 20:15 < gmaxwell> blablaa: yea, and you can probably even automate selling them! e.g. having a smart contract that trustlessly buys them from people. 20:16 < gmaxwell> I mean, basically any such system _instantly_ fails on an incentives basis since the rational thing for a non-participant to do is to immeidately join in a costless attack with the prior participants; ... but maybe thats not a concern because of activiation energy; ... but the activiation energy from 'sell your key, get funds' is pretty darn low. 20:17 < blablaa> gmaxwell, i think this sell your key is the only problem. otherwise it would work. 20:17 < blablaa> but it's not a solvable problem 20:18 < gmaxwell> blablaa: I actually don't think its the root issue, it's an example of the more fundimental issue, which is the circular relationship, that everything in the system is defined in the system; so attacks cost nothing external. 20:19 < blablaa> gmaxwell, i think it's root issue. attacks require stake, and you can't have stake without keys, and you can't have someone else keys unless he gives them to you. 20:19 < gmaxwell> Even if there were some magical edict that prevented selling; it would still be in the rational interest for all participants who've exited to to participate in attacks. (keep in mind, it's not required that there be a single 'attacker'; it can just be the selfsame past users that create an alternative history) 20:19 < gmaxwell> You don't need someone elses keys though. 20:20 < instagibbs> blablaa: the original Master Stakeholders will always control the system, followed by the 2nd most powerful stakeholder in history, followed by the 3rd.... 20:20 < gmaxwell> You're adopting a mental model of a singular attacker; thats over constraining it. It's perfectly possible for people to collectively act in self interest-- even without explicit coordination, it happens in markets every day... and not just for wholesome purposes. 20:21 < instagibbs> related: one big problem with Vitalik's recent work, from someone who actually read the whole thing(not me), was that he was modeling attackers non-cooperatively. 20:22 < blablaa> gmaxwell, well that is just selling your key to some virtual group that will do the attack instead of selling to an individual. it's basically identical. 20:22 < gmaxwell> underimagination about attackers is one of the hardest things to deal with in cryptography. 20:23 < kanzure> you also don't have to sell your private key, people can just post them or derive them from faulty pseudorandom number ists 20:23 < kanzure> *number lists 20:23 < gmaxwell> blablaa: there is no virtual anything required! you keep it yourself, and you just have software that does whatever is most profitable for you; supporting the honest network is not profitable (as you have no coins in it), someone else shows up with a fork where you have coins... sign away baby! 20:24 < instagibbs> gmaxwell: but I'll just phone the Bitcoin CEO and figure out the true chain 20:24 < blablaa> gmaxwell, in game theory it's called a coalition :) 20:24 < gmaxwell> it's not hard to write mining software that does a straight expected value calculation and does all the profitable things; signing is cheap. 20:24 < gmaxwell> writing the software takes work, but its one time. 20:25 < blablaa> gmaxwell, indeed this is also what i had concluded at the first analysis of this issue (that the attack is valid but not so practical because u need large coalition).. then somewhat forgot it while thinking about it. 20:25 < gmaxwell> "The security of my system depends on no one being non-lazy enough to write a code that maximizes profits, or everyone being too lazy to run it" is kinda fragile! :P 20:26 < blablaa> gmaxwell, and large coalition is practical indeed, via market mechanism of selling keys 20:26 < gmaxwell> blablaa: well count yourself ahead a little bit then, as there are people out selling a lot of dreams without ever thinking of that much. 20:27 < blablaa> gmaxwell, i appreciated your help, sorry if questions were too stupid. 20:27 < gmaxwell> I still think you're overestimating the requirement level for selling; its an example; but "software that just automatically does whatever is in the owners interest; even 'rule breaking' things" is another. 20:27 < gmaxwell> There are no stupid questions, only stupid people. 20:27 < gmaxwell> :P 20:29 < blablaa> gmaxwell, ok... probably this stupid people was confused by bitcoin way of thinking... and didn't think about the "old" keys that no longer have coins... despite i had just read of this generalized "stake" problem so should have thought about it. 20:29 < blablaa> gmaxwell, i was too lazy to think and just asked for a stupid example to get it faster 20:29 < kanzure> he was not calling you stupid 20:29 < gmaxwell> thats why I call the circularity the fundimental problem, if not for it the key would not longer be useful. 20:29 < gmaxwell> I was not calling you stupid, indeed! 20:29 < instagibbs> it was a joke, I think ganked from a demotivational poster 20:30 < instagibbs> http://www.despair.com/cluelessness.html 20:30 -!- bsm117532 [~bsm117532@static-108-21-236-13.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds] 20:30 < kanzure> what a wonderful domain name 20:31 < gmaxwell> this stuff is really hard, and require unusual ways of thinking. Even after working for years on distributed system with no uniform view of time or events in large routing networks cryptocurrency still trips me up from time to time. 20:32 < blablaa> gmaxwell, is there something that has some chance in your most optimist dreams to replace PoW? 20:32 -!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards 20:33 < gmaxwell> kanzure: so many moons ago when that site was new, I worked for a municipality in the IT department, which was in the grips of some consultants that had us put up a bunch of posters of the style being mocked there (some stock art and some pithy meaningless statement), and one of my employees replaced them; and no one noticed for roughly a year. :P 20:35 < gmaxwell> blablaa: Hard to say; I've learned my lesson with claims of impossiblity; but I've seen a lot of failed things. I suspect that any replacement wouldn't be as attractive as you'd hope. POW works because there is an external cost; it also is what makes it fair and inclusive (anyone who can work can participate; which is another whole area where POS fails: existing majority of stake holders can ex 20:35 < gmaxwell> clude participants or censor transactions); but thats also 90% of the what anyone would have to complain about it! 20:37 < instagibbs> assuming the long-term economics of ASIC production/use aren't completely centralizing. Wonder what that landscape will look like in 5 years. 20:37 < blablaa> gmaxwell, problem i see with these "external costs" is that they're basically unlimited 20:37 < andytoshi> blablaa: they are limited by the landauer limit 20:37 < kanzure> asics can be produced outside of billion dollar fabs but it will require education and tooling (i estimate <$50k in parts) 20:38 < blablaa> andytoshi, i can't understand 20:38 < kanzure> .wik landauer limit 20:38 < yoleaux> "Landauer's principle, first argued in 1961 by Rolf Landauer of IBM, is a physical principle pertaining to the lower theoretical limit of energy consumption of computation." — http://en.wikipedia.org/wiki/Landauer_limit 20:39 < andytoshi> blablaa: sorry, that was a bit of a hit-and-run comment.. 20:39 < andytoshi> blablaa: there is a physical bound on how many joules are required to flip a bit 20:39 < andytoshi> blablaa: you can get a swag on how many bits are required to be flipped to compute a block.. 20:39 < gmaxwell> instagibbs: right well-- thats one of the allowed areas for improvement; really you can say what we use is "Proof of Resources Expended" and for our PoRE we use hashcash. You can ask how good a PoRE a given hashcash is, and things like control of semiconductor fabrication are a consideration. (some other hashcash implementations are worse on PoRE, e.g. a hashcash which requires a much more compl 20:40 < gmaxwell> ex design or patent licensing for the design is a much less decenteralized PoRE) 20:40 < andytoshi> oh, actually this is irrelevant, what matters is that ~25BTC of energy will get expended 20:40 < blablaa> andytoshi, yeah nothing to do with what i was saying :P 20:40 < blablaa> andytoshi, i was saying it's hard to put a bound on the rewards that have to be given to miners so that there are enough miners. 20:40 < gmaxwell> the construction costs are already small compared to operating costs though; for bitcoin's hashcash; so I don't know how much of a consideration any of that is. 20:41 < andytoshi> blablaa: oh, i see, that's fair 20:41 < gmaxwell> (also partly why I boggle at the 'memory hard' camp; since that super strongly moves costs back from operation to construction) 20:42 -!- PRab [~chatzilla@2601:4:400:2105:a1de:ce13:2b47:7635] has joined #bitcoin-wizards 20:43 < instagibbs> won't be happy until I get an ASIC in a cereal box 20:44 < gmaxwell> And TSMC's profits of $3 billion dollars in a quarter suggest that there is a difference between what it actually costs to build state of the art semiconductor devices and what people pay for them on the market. 20:44 < kanzure> originally the 4004 did not cost billions to make 20:44 < gmaxwell> Competition for energy is a lot more efficient that competition for fab capacity. :) 20:46 -!- xcthulhu [~mpwd@pine.noqsi.com] has quit [Quit: xcthulhu] 20:46 < gmaxwell> kanzure: sure you can fabricate a mining asic in a bathtub, but if it's 100,000 times less energy efficient who cares? the cost is the operation, not the fabrication. I wouldn't be too surprised to find out that on the latest processes they can burn through more energy cost in a week than the marginal fabrication cost. 20:46 -!- blablaa [~z@unaffiliated/blablaa] has quit [Quit: Ping timeout: 260 seconds] 20:47 < kanzure> hm where are you getting 100 kilotimes less efficient from? 20:48 < kanzure> 4004? was just example 20:48 < phantomcircuit> gmaxwell, i believe the marginal cost of production is very close to zero actually 20:48 < gmaxwell> phantomcircuit: well wafers cost several grand a piece. 20:49 < gmaxwell> kanzure: random ass number, but you can see a factor of 100 alone between 100 nm and current state of the art miners. 10um bathtub circuits are a long way from 100nm. 20:49 < gmaxwell> phantomcircuit: but I know it's _very_ low, whatever it is. 20:50 < kanzure> i think you can get 1 micron with some effort, but agreed about 100 nm and 10 nm 20:50 < phantomcircuit> gmaxwell, i believe the cost to produce them is also marginally close to zero 20:50 < kanzure> 100 nm maybe with some focused ion beam milling (ugh) but 10 nm is more tricky 20:50 < phantomcircuit> the capital cost is huge for all of this though 20:51 < phantomcircuit> gmaxwell, iirc the expensive wafers are fairly larger 20:51 < phantomcircuit> large* 20:51 < gmaxwell> phantomcircuit: oh fair enough, indeed silicon boule construction scales really well; it mostly works because the crystal growth is self purifying. I'd not considered what the true marginal cost was there. 20:51 < phantomcircuit> so 20:52 < phantomcircuit> in theory someone could setup their own fab and absolutely own the asic market 20:52 < phantomcircuit> but well 20:52 < phantomcircuit> who has $10b to spend on bitcoin asics? 20:52 < gmaxwell> phantomcircuit: 300mm now, I think is most popular. which is pretty mind blowing. 20:53 < gmaxwell> (building a 'molecule' which is a foot across. :P ) 20:53 < kanzure> elvira sakhipzadovna nabiullina 20:53 < kanzure> or was that a trick question 20:53 < phantomcircuit> gmaxwell, larger wafers directly effect the marginal cost of production 20:53 < phantomcircuit> i believe the majority of the marginal cost is highly skilled labor 20:53 < phantomcircuit> which is roughly the same for large or small wafers 20:54 < kanzure> er which skilled labor in particular 20:54 < gmaxwell> the skill of not tripping over the cealing mounted fab robots. 20:54 < phantomcircuit> the people running the robots 20:54 -!- [7] [~quassel@rockbox/developer/TheSeven] has quit [Disconnected by services] 20:55 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards 20:55 < kanzure> "oh no my lazy susan wafer spinner is going to go all skynet on me"? 20:55 < gmaxwell> also, have you put on a bunnysuit? those things are tricky. 20:55 < gmaxwell> :P 20:55 < kanzure> not into that 20:55 < phantomcircuit> gmaxwell, ha no 20:56 < phantomcircuit> won't be happy until I get an ASIC in a cereal box 20:57 < phantomcircuit> im sure there are people who will gladly mail you an asic if you pay for shipping 20:57 < gmaxwell> one of the things that amuses me about living in the bay area is signs "For lease: office space with ISO 3 clean room" signs on random places. 20:58 < phantomcircuit> gmaxwell, biomedical research 20:59 < instagibbs> phantomcircuit: I really don't know the energy efficiency / overall capital cost curve that exists today. My impression is that all the most efficient ASICs are the big bricks/racks that cost a bit 20:59 * kanzure watches http://avideos.5min.com/134/5187134/518713362_4.mp4 (transcriptic's facilities) (blame maaku) 20:59 < gmaxwell> some is, but I doubt anyone is using ISO3 for biomed. 20:59 < phantomcircuit> instagibbs, power efficiency has virtually nothing to do with total size 21:00 < instagibbs> Theoretically sure, but how about the ASICs coming out of the fabs 21:00 < instagibbs> meaning 21:00 < instagibbs> they are marketed to people willing to drop thousands, so they're build and tested that way 21:00 < gmaxwell> instagibbs: the asics chips being fabricated are all fairly small for a number of reasons; the people who build huge single parts were crazy and their products sucked. 21:00 < instagibbs> I may be wrong. Just the impression 21:02 < gmaxwell> instagibbs: there is certantly a size for the whole applicance that is optimal, and may be a bit large for home use or whatever; but the same chips can be used in smaller quantity in smaller devices when someone cares to bother to do so. 21:04 < phantomcircuit> gmaxwell, that is more true now that antminer got the chained power stuff right 21:04 < phantomcircuit> before that it was less true for things with external 12v/control 21:05 < gmaxwell> you just have the regulator costs. but there are also shared mechnicals. 21:05 < instagibbs> I wonder what the curve looks like for size. If it's nothing too crazy I don't see why not. 21:05 < phantomcircuit> gmaxwell, eh with 1 asic you could get away without a fan or anything usually 21:09 < phantomcircuit> instagibbs, the gist is that as real scale you can do things like disable the tiny fans and use facility fans (5-10% power reduction) 21:09 < phantomcircuit> supply 12v in parallel with multiple PSUs (do not try with consumer ATX PSUs...) 21:13 < instagibbs> Interesting. 21:14 < phantomcircuit> instagibbs, otoh you have to actually pay for the power infrastructure you're using 21:14 < phantomcircuit> which consumers mostly dont pay for directly 21:15 < instagibbs> Hobbyists are willing to take various "dings", and 5-10% isn't that crazy 21:16 < gmaxwell> also, cooling is much easier at non-industrial scale "free heat, hurrah" ... I mean, people use space heaters... 21:18 < phantomcircuit> which reminds me 21:18 < phantomcircuit> gmaxwell, just how quiet is an sp20? 21:22 < gmaxwell> with the fan at whatever low setting I have it at (I think not the lowest?), it's pretty quiet; dunno. desktop computer loud. 21:23 < instagibbs> oh that's not as bad as I was thinking 21:24 < gmaxwell> if it's cranked up its loudish but its much much better than the SP10. not just in terms of how loud, but the SP20 is a not unpleasent white noise; people pay for devices to make noise like this. 21:24 < gmaxwell> SP10 is a minature jet engine array. 21:29 -!- instagibbs [60ff5d39@gateway/web/freenode/ip.96.255.93.57] has quit [Quit: Page closed] 21:33 -!- iddo [~idddo@unaffiliated/iddo] has quit [Remote host closed the connection] 21:34 -!- sparetire [~sparetire@unaffiliated/sparetire] has quit [Ping timeout: 240 seconds] 21:36 -!- snakesandbarrels [~snizysnaz@97.95.172.50] has joined #bitcoin-wizards 21:36 -!- snakesandbarrels [~snizysnaz@97.95.172.50] has quit [Read error: Connection reset by peer] 21:37 -!- sparetire [~sparetire@unaffiliated/sparetire] has joined #bitcoin-wizards 21:38 -!- metamarc [~snizysnaz@unaffiliated/agorist000] has quit [Ping timeout: 244 seconds] 21:39 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 21:42 -!- zooko` [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards 21:44 -!- zooko [~user@174-16-95-68.hlrn.qwest.net] has quit [Ping timeout: 255 seconds] 21:50 -!- jtimon [~quassel@41.Red-83-59-233.dynamicIP.rima-tde.net] has quit [Ping timeout: 264 seconds] 21:52 -!- kmels [~kmels@186.151.61.184] has joined #bitcoin-wizards 21:54 -!- hashtag_ [~hashtag@81.0.80.12] has joined #bitcoin-wizards 21:55 -!- xcthulhu [~mpwd@pine.noqsi.com] has joined #bitcoin-wizards 22:00 -!- AlienProject [~Alien_Pro@72.53.101.165] has joined #bitcoin-wizards 22:22 -!- b_lumenkraft [~b_lumenkr@unaffiliated/b-lumenkraft/x-4457406] has joined #bitcoin-wizards 22:24 -!- hashtagg_ [~hashtag@81.0.80.12] has joined #bitcoin-wizards 22:27 -!- hashtag_ [~hashtag@81.0.80.12] has quit [Ping timeout: 240 seconds] 22:41 -!- arubi [~ese168@unaffiliated/arubi] has quit [Quit: Leaving] 22:51 -!- Starduster_ [~guest@unaffiliated/starduster] has joined #bitcoin-wizards 22:54 -!- AlienProject [~Alien_Pro@72.53.101.165] has quit [Ping timeout: 245 seconds] 22:54 -!- Starduster [~guest@unaffiliated/starduster] has quit [Ping timeout: 240 seconds] 23:13 < gmaxwell> andytoshi: some conversation fluffypony and I were having about privacy in ringsignature schemes: http://0bin.net/paste/ZALkbSAwgJ2tS8K1#TbazYhfm4Aegx9ZiIXK0r1j-DYcQwfYV0WVGLVNuJHu 23:14 < gmaxwell> andytoshi: I'm wondering what the necessary and sufficient criteria is for determining if an output has been removed from the sensible anonymity set; and what cheaply computable input selection approach produces better decisions. 23:15 < gmaxwell> I give an example of inputs falling out of the set; three transactions with mixin sets [A, B], [B, C], [C, A]; once those txn exist, inputs A, B, C are out of the running. 23:16 < gmaxwell> I suggest a sufficient algorithim (I think) for avoiding creating bad graphs, which is start with your input, then do not use any other input which is reachable via an undirected co-mixin graph (efficiently computable by running union find over the mixin sets); but thats too agressive, as it'll exclude many reasonable candidates. 23:17 < gmaxwell> (Sad: Union find is probably my favorite algorithim :P ) 23:29 < gmaxwell> fluffypony: another criteria to avoid bad graphs is to never create a spend whos mixin set is a permutation of another existing mixin set. 23:30 -!- Relos [~Relos@unaffiliated/relos] has quit [Ping timeout: 248 seconds] 23:32 < gmaxwell> as that necessarily guts the privacy of both. It takes only N spends using an identical mixin set of size N to remove it from the running. I think thats always the smallest number of transactions required to take a txout out of the running. 23:35 < gmaxwell> Thats also not toooo expensive to avoid. Just keep track of every mixin set involving your own inputs; and don't duplicate it. 23:35 < smooth> gmaxwell: alternatively do it on purpose to allow pruning and prevent worse failures 23:37 < gmaxwell> it's expensive to use it for pruning though. I suppose you could detect when you can close a group with a single transaction, then just do a kind of explicitly less anonymous one and close the group... but the issue there is that _detecting_ that a closed group has been formed is not cheap. 23:38 < gmaxwell> trivial examples are easy but I can construct graphs which no greedy assignment will be successful. 23:38 < gmaxwell> but are solvable. 23:39 < smooth> hmm, im not sure. Let say A mixes with B and C. Then if we say that B and C must also mix with (A,B,C) and no one else can mix with those, then it seems easy 23:40 < smooth> but this may allow attacks where you own A and C and mix with B because you are trying to attack B 23:40 < gmaxwell> yea, also it preclused B and C from having larger sets. 23:40 < gmaxwell> er precludes. 23:40 < smooth> i was sort of assumeing fixed size sets 23:40 < smooth> or maybe specified per output 23:41 < gmaxwell> you actually get much harder to solve graphs with variable sized groups in general. 23:42 < gmaxwell> keep in mind e.g. [A, B], [B, C], [C, A] ... each of A,B,C actualy know who everyone was in this set. The world doesn't, but those parties do. 23:43 < gmaxwell> e.g. if you know that the real input in the first was A, then you know that the others were B, C. If it was B, then the others were C, A. 23:43 < gmaxwell> which is pretty awful, works for a cycle of any length too. 23:45 < gmaxwell> e.g. [a,b] [b,c] [c,d] [e,f] ... [z,a] if you know a single transaction in the cycle you know all of them. 23:47 < smooth> this is the chain reaction of MRL-0001. you dont need a closed cycle and the chain can go on arbitrarily 23:48 < smooth> once you know a then you know the second is b, etc. 23:51 < gmaxwell> yea, it's espeiclaly bad in the for e.g. bytecoin where the initial utxo set is probably owned by a single person or something due to the fake history. 23:57 -!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has quit [Ping timeout: 276 seconds] 23:58 -!- p15x [~p15x@114.248.223.237] has quit [Max SendQ exceeded] 23:59 -!- p15x [~p15x@114.248.223.237] has joined #bitcoin-wizards --- Log closed Sun Apr 19 00:00:22 2015