--- Log opened Sat Jun 27 00:00:53 2015
00:07 -!- SubCreative [~SubCreati@unaffiliated/cannacoin] has joined #bitcoin-wizards
00:31 -!- mjerr [~mjerr@p578EAB34.dip0.t-ipconnect.de] has joined #bitcoin-wizards
00:35 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Quit: Quitte]
00:43 -!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye]
00:47 -!- MatrixBridge [matrixirc@gateway/shell/matrix.org/x-shjplorkvygbyidv] has quit [Remote host closed the connection]
00:47 -!- MatrixBridge [matrixirc@gateway/shell/matrix.org/x-yeyjybbksbqjeoki] has joined #bitcoin-wizards
00:51 -!- bosma [~bosma@S01067cb21bda6531.vc.shawcable.net] has quit [Ping timeout: 248 seconds]
01:01 -!- Mably [~Mably@unaffiliated/mably] has joined #bitcoin-wizards
01:03 -!- andy-logbot [~bitcoin--@wpsoftware.net] has quit [Remote host closed the connection]
01:03 -!- andy-logbot [~bitcoin--@wpsoftware.net] has joined #bitcoin-wizards
01:03  * andy-logbot is logging
01:04 -!- shen_noe [~shen_noe@wired042.math.utah.edu] has joined #bitcoin-wizards
01:05 -!- shen_noe [~shen_noe@wired042.math.utah.edu] has quit [Client Quit]
01:12 < akrmn> lol ya the topic is confusing
01:16 -!- AaronvanW [~ewout@D979E961.cm-3-2d.dynamic.ziggo.nl] has joined #bitcoin-wizards
01:16 -!- AaronvanW [~ewout@D979E961.cm-3-2d.dynamic.ziggo.nl] has quit [Changing host]
01:16 -!- AaronvanW [~ewout@unaffiliated/aaronvanw] has joined #bitcoin-wizards
01:21 -!- mode/#bitcoin-wizards [+o wumpus] by ChanServ
01:22 -!- wumpus changed the topic of #bitcoin-wizards to: This channel is  is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
01:22 -!- shen_noe [~shen_noe@wired042.math.utah.edu] has joined #bitcoin-wizards
01:22 -!- mode/#bitcoin-wizards [-o wumpus] by ChanServ
01:23 < prosodyContext> Logbot, meet Matrix.org. MatrixBridge is now live, so we have federated, decentralized, persistent logs, a better audit trail to match our blockchain. =))
01:23 < prosodyContext> Freenode bridge*
01:24 -!- shen_noe [~shen_noe@wired042.math.utah.edu] has quit [Client Quit]
01:25 -!- b_lumenkraft [~b_lumenkr@unaffiliated/b-lumenkraft/x-4457406] has joined #bitcoin-wizards
01:25 -!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards
01:31 -!- b_lumenkraft [~b_lumenkr@unaffiliated/b-lumenkraft/x-4457406] has quit [Quit: b_lumenkraft]
01:31 -!- spinza [~spin@197.83.246.196] has quit [Excess Flood]
01:32 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Ping timeout: 246 seconds]
01:33 -!- spinza [~spin@197.83.246.196] has joined #bitcoin-wizards
01:33 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
01:34 -!- Aquentin [~Aquentin@unaffiliated/aquentin] has joined #bitcoin-wizards
01:34 -!- NewLiberty_ [~NewLibert@76-255-129-88.lightspeed.irvnca.sbcglobal.net] has joined #bitcoin-wizards
01:37 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:95c8:933e:4f9f:ac63] has quit [Ping timeout: 248 seconds]
01:47 -!- zopac [~resellerp@77.234.43.138] has joined #bitcoin-wizards
01:47 -!- p15 [~p15@182.50.108.9] has joined #bitcoin-wizards
01:47  * zopac anyone one wanna trade pm me
01:52 -!- shen_noe [~shen_noe@wired042.math.utah.edu] has joined #bitcoin-wizards
01:58 < akrmn> wrong channel for trading
01:58 < zopac> what channel trading
01:59 < akrmn> #bitcoin-otc
02:03 -!- mode/#bitcoin-wizards [+o wumpus] by ChanServ
02:03 -!- mode/#bitcoin-wizards [+b *!*@77.234.43.138] by wumpus
02:03 -!- zopac was kicked from #bitcoin-wizards by wumpus [Kindergarten is elsewhere!]
02:03 -!- mode/#bitcoin-wizards [-o wumpus] by ChanServ
02:11 -!- p15 [~p15@182.50.108.9] has quit [Ping timeout: 248 seconds]
02:17 -!- luny` is now known as luny
02:17 -!- jtimon [~quassel@69.29.134.37.dynamic.jazztel.es] has joined #bitcoin-wizards
02:22 -!- davi [~davi@gnu/davi] has joined #bitcoin-wizards
02:30 -!- shen_noe [~shen_noe@wired042.math.utah.edu] has quit [Quit: Leaving]
02:31 < fluffypony> prosodyContext: that's very cool - if I understand it correctly it uses WebRTC to move data around, and then everyone just keeps a copy of the data in case the homeserver goes down?
02:37 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 264 seconds]
02:43 -!- giel_ is now known as gielbier
02:43 -!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards
02:45 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
02:47 -!- erasmospunk [~erasmospu@gateway/vpn/privateinternetaccess/erasmospunk] has joined #bitcoin-wizards
02:47 -!- sparetire_ [~sparetire@unaffiliated/sparetire] has quit [Quit: sparetire_]
02:52 < prosodyContext> Xactly fluffypony
02:52 < prosodyContext> OpenWebRTC to be exact...
02:53 -!- drwin [~drwin@88-103-255-166.jes.cz] has joined #bitcoin-wizards
02:53 < fluffypony> very nice
02:54 < fluffypony> where can we find the MatrixBridge logs online btw?
02:57 -!- dc17523be3 [~unknown@193.138.219.233] has quit [Ping timeout: 264 seconds]
03:03 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards
03:07 -!- gielbier [~giel@095-096-099-140.static.chello.nl] has quit [Ping timeout: 246 seconds]
03:09 -!- drwin [~drwin@88-103-255-166.jes.cz] has quit [Read error: Connection reset by peer]
03:11 -!- drwin [~drwin@88-103-255-166.jes.cz] has joined #bitcoin-wizards
03:23 -!- spinza [~spin@197.83.246.196] has quit [Excess Flood]
03:26 -!- gielbier [~giel@f142219.upc-f.chello.nl] has joined #bitcoin-wizards
03:28 -!- spinza [~spin@197.83.246.196] has joined #bitcoin-wizards
03:34 -!- p15 [~p15@182.50.108.77] has joined #bitcoin-wizards
03:38 -!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Ping timeout: 246 seconds]
03:44 -!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards
03:45 -!- p15 [~p15@182.50.108.77] has quit [Ping timeout: 272 seconds]
03:46 -!- nessence_ [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has joined #bitcoin-wizards
03:48 -!- nessence [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has quit [Ping timeout: 248 seconds]
03:51 -!- erasmosp_ [~erasmospu@176.92.61.74] has joined #bitcoin-wizards
03:53 -!- erasmospunk [~erasmospu@gateway/vpn/privateinternetaccess/erasmospunk] has quit [Ping timeout: 265 seconds]
03:55 -!- spinza [~spin@197.83.246.196] has quit [Ping timeout: 256 seconds]
03:55 -!- erasmosp_ [~erasmospu@176.92.61.74] has quit [Ping timeout: 265 seconds]
03:57 -!- spinza [~spin@197.83.246.196] has joined #bitcoin-wizards
03:58 -!- SDCDev [~quassel@unaffiliated/sdcdev] has joined #bitcoin-wizards
04:02 -!- dc17523be3 [unknown@gateway/vpn/mullvad/x-tcixvsoiwmeehuts] has joined #bitcoin-wizards
04:10 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards
04:12 -!- MoALTz_ [~no@78.11.179.104] has joined #bitcoin-wizards
04:15 -!- MoALTz [~no@78.11.179.104] has quit [Ping timeout: 256 seconds]
04:23 -!- M-_mis [mistake__m@gateway/shell/matrix.org/x-mywutvpmtakghecb] has joined #bitcoin-wizards
04:23 < M-_mis> fluffypony (IRC): Well you neeed to get an account right now. 0.9.2 is current beta, v1 will bring public facing logs. They've been throttling themselves to avoid running into problems from going too fast?
04:24 < fluffypony> ah cool
04:24 < M-_mis> If you install your own Synapse homeserver you get all the logs right away...
04:24 < fluffypony> 100%
04:25 -!- dEBRUYNE [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Ping timeout: 255 seconds]
04:36 -!- davi [~davi@gnu/davi] has quit [Ping timeout: 246 seconds]
04:40 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 252 seconds]
04:54 -!- p15 [~p15@114.248.214.14] has joined #bitcoin-wizards
04:56 -!- shen_noe [~shen_noe@172.56.39.60] has joined #bitcoin-wizards
05:04 -!- p15_ [~p15@64.145.91.68] has joined #bitcoin-wizards
05:05 -!- BigBitz [~BigBitz@unaffiliated/bigbitz] has joined #bitcoin-wizards
05:05 -!- p15 [~p15@114.248.214.14] has quit [Ping timeout: 255 seconds]
05:06 -!- davi [~davi@gnu/davi] has joined #bitcoin-wizards
05:08 -!- MoALTz_ [~no@78.11.179.104] has quit [Quit: Leaving]
05:10 -!- p15_ [~p15@64.145.91.68] has quit [Ping timeout: 252 seconds]
05:13 -!- jtimon [~quassel@69.29.134.37.dynamic.jazztel.es] has quit [Ping timeout: 264 seconds]
05:14 -!- p15 [~p15@198.50.160.97.static-ca.cryptolayer.com] has joined #bitcoin-wizards
05:24 -!- p15 [~p15@198.50.160.97.static-ca.cryptolayer.com] has quit [Ping timeout: 264 seconds]
05:27 -!- p15 [~p15@198.50.160.97.static-ca.cryptolayer.com] has joined #bitcoin-wizards
05:32 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
05:36 -!- c0rw|zZz is now known as c0rw|timetravel
05:38 -!- c0rw|timetravel is now known as c0rw1n
05:38 -!- drwin [~drwin@88-103-255-166.jes.cz] has quit [Read error: Connection reset by peer]
05:41 -!- davi [~davi@gnu/davi] has quit [Ping timeout: 246 seconds]
05:41 -!- drwin [~drwin@88-103-255-166.jes.cz] has joined #bitcoin-wizards
05:49 -!- p15 [~p15@198.50.160.97.static-ca.cryptolayer.com] has quit [Ping timeout: 250 seconds]
05:52 -!- p15 [~p15@114.243.157.242] has joined #bitcoin-wizards
06:00 -!- p15_ [~p15@198.50.160.97.static-ca.cryptolayer.com] has joined #bitcoin-wizards
06:01 -!- p15 [~p15@114.243.157.242] has quit [Ping timeout: 255 seconds]
06:05 -!- p15_ [~p15@198.50.160.97.static-ca.cryptolayer.com] has quit [Max SendQ exceeded]
06:12 -!- p15 [~p15@114.243.154.221] has joined #bitcoin-wizards
06:15 -!- p15 [~p15@114.243.154.221] has quit [Client Quit]
06:16 -!- p15 [~p15@114.243.154.221] has joined #bitcoin-wizards
06:27 -!- www1 [~v3@f052166172.adsl.alicedsl.de] has quit [Ping timeout: 248 seconds]
06:40 -!- www [~v3@f052166172.adsl.alicedsl.de] has joined #bitcoin-wizards
06:42 -!- p15 [~p15@114.243.154.221] has quit [Ping timeout: 246 seconds]
06:44 -!- p15 [~p15@124.64.99.182] has joined #bitcoin-wizards
06:51 -!- p15_ [~p15@64.145.91.68] has joined #bitcoin-wizards
06:53 -!- p15 [~p15@124.64.99.182] has quit [Ping timeout: 276 seconds]
06:57 -!- p15 [~p15@114.244.157.230] has joined #bitcoin-wizards
06:58 -!- p15_ [~p15@64.145.91.68] has quit [Ping timeout: 248 seconds]
06:58 -!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye]
07:23 -!- jaekwon [~jae@c-98-234-63-169.hsd1.ca.comcast.net] has joined #bitcoin-wizards
07:24 -!- p15 [~p15@114.244.157.230] has quit [Ping timeout: 264 seconds]
07:32 -!- jaekwon [~jae@c-98-234-63-169.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
07:33 -!- jaekwon [~jae@2601:645:c001:263a:4d79:868b:8819:9c18] has joined #bitcoin-wizards
07:41 -!- btcdrak [uid52049@gateway/web/irccloud.com/x-nabfjrkamedlfrit] has quit [Quit: Connection closed for inactivity]
07:44 -!- c0rw1n_ [~c0rw1n@92.74-67-87.adsl-dyn.isp.belgacom.be] has joined #bitcoin-wizards
07:44 -!- davi [~davi@gnu/davi] has joined #bitcoin-wizards
07:46 -!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards
07:47 -!- c0rw1n [~c0rw1n@92.74-67-87.adsl-dyn.isp.belgacom.be] has quit [Ping timeout: 256 seconds]
07:47 -!- c0rw1n_ is now known as c0rw1n
07:48 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 244 seconds]
08:03 -!- Xh1pher [~Xh1pher@pD9E3A97A.dip0.t-ipconnect.de] has quit [Quit: Xh1pher]
08:04 -!- Dr-G [~Dr-G@unaffiliated/dr-g] has quit [Ping timeout: 252 seconds]
08:05 -!- jaekwon [~jae@2601:645:c001:263a:4d79:868b:8819:9c18] has quit [Remote host closed the connection]
08:09 -!- jaekwon [~jae@2601:645:c001:263a:9420:5e0a:5979:ff3b] has joined #bitcoin-wizards
08:11 -!- Dr-G [~Dr-G@unaffiliated/dr-g] has joined #bitcoin-wizards
08:17 -!- gill3s [~gill3s@pat35-3-82-245-143-153.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:18 -!- jaekwon [~jae@2601:645:c001:263a:9420:5e0a:5979:ff3b] has quit [Remote host closed the connection]
08:28 -!- Burrito [~Burrito@unaffiliated/burrito] has joined #bitcoin-wizards
08:31 -!- davi [~davi@gnu/davi] has quit [Ping timeout: 246 seconds]
08:31 -!- GAit [~lnahum@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
08:34 -!- shen_noe [~shen_noe@172.56.39.60] has quit [Quit: Leaving]
08:37 -!- Xh1pher [~Xh1pher@pD9E3A97A.dip0.t-ipconnect.de] has joined #bitcoin-wizards
08:39 -!- c0rw1n_ [~c0rw1n@92.74-67-87.adsl-dyn.isp.belgacom.be] has joined #bitcoin-wizards
08:42 -!- c0rw1n [~c0rw1n@92.74-67-87.adsl-dyn.isp.belgacom.be] has quit [Ping timeout: 248 seconds]
08:43 -!- c0rw1n_ is now known as c0rw1n
08:53 -!- zooko [~user@c-73-217-16-2.hsd1.co.comcast.net] has joined #bitcoin-wizards
09:05 -!- zooko [~user@c-73-217-16-2.hsd1.co.comcast.net] has quit [Ping timeout: 255 seconds]
09:24 -!- gill3s [~gill3s@pat35-3-82-245-143-153.fbx.proxad.net] has joined #bitcoin-wizards
09:28 -!- davi [~davi@gnu/davi] has joined #bitcoin-wizards
09:28 -!- jaekwon [~jae@2601:645:c001:263a:e5f4:cdf5:ec7e:4529] has joined #bitcoin-wizards
09:30 -!- cosmo [~james@unaffiliated/cosmo] has joined #bitcoin-wizards
09:32 -!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has quit [Remote host closed the connection]
09:36 -!- bosma [~bosma@S01067cb21bda6531.vc.shawcable.net] has joined #bitcoin-wizards
09:38 -!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards
09:44 -!- www1 [~v3@x5ce1bf95.dyn.telefonica.de] has joined #bitcoin-wizards
09:46 -!- www [~v3@f052166172.adsl.alicedsl.de] has quit [Ping timeout: 265 seconds]
09:52 -!- belcher [~belcher-s@unaffiliated/belcher] has joined #bitcoin-wizards
10:17 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
10:18 -!- Giszmo [~leo@pc-185-201-214-201.cm.vtr.net] has joined #bitcoin-wizards
10:19 -!- nessence [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has joined #bitcoin-wizards
10:22 -!- nessence_ [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has quit [Ping timeout: 276 seconds]
10:29 -!- SwedFTP [~SwedFTP@unaffiliated/swedftp] has quit [Ping timeout: 248 seconds]
10:42 -!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has quit [Ping timeout: 264 seconds]
10:44 -!- nessence_ [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has joined #bitcoin-wizards
10:44 -!- nessence [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has quit [Ping timeout: 246 seconds]
10:54 -!- nessence [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has joined #bitcoin-wizards
10:55 -!- nessence_ [~alexl@c-68-51-194-2.hsd1.mi.comcast.net] has quit [Ping timeout: 250 seconds]
11:01 -!- laurentmt [~chatzilla@89-93-129-41.hfc.dyn.abo.bbox.fr] has joined #bitcoin-wizards
11:03 -!- jaekwon [~jae@2601:645:c001:263a:e5f4:cdf5:ec7e:4529] has quit [Remote host closed the connection]
11:05 -!- jaekwon [~jae@2601:645:c001:263a:8d02:77cf:56ad:fc82] has joined #bitcoin-wizards
11:05 -!- davi [~davi@gnu/davi] has quit [Ping timeout: 256 seconds]
11:16 -!- bi_fa_fu [~E@65.113.88.100] has joined #bitcoin-wizards
11:19 -!- jaekwon [~jae@2601:645:c001:263a:8d02:77cf:56ad:fc82] has quit [Remote host closed the connection]
11:21 -!- belcher [~belcher-s@unaffiliated/belcher] has quit [Quit: Leaving]
11:38 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 255 seconds]
11:42 -!- drwin [~drwin@88-103-255-166.jes.cz] has quit [Read error: Connection reset by peer]
11:43 -!- drwin [~drwin@88-103-255-166.jes.cz] has joined #bitcoin-wizards
11:43 -!- laurentmt [~chatzilla@89-93-129-41.hfc.dyn.abo.bbox.fr] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.5/20150525141253]]
11:45 -!- davi [~davi@gnu/davi] has joined #bitcoin-wizards
11:47 -!- JackH [~Jack@host-80-43-142-154.as13285.net] has joined #bitcoin-wizards
11:56 -!- AaronvanW [~ewout@unaffiliated/aaronvanw] has quit [Ping timeout: 246 seconds]
12:02 -!- SwedFTP [~SwedFTP@unaffiliated/swedftp] has joined #bitcoin-wizards
12:08 -!- AaronvanW [~ewout@unaffiliated/aaronvanw] has joined #bitcoin-wizards
12:14 -!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has joined #bitcoin-wizards
12:14 -!- btcdrak [uid52049@gateway/web/irccloud.com/x-ofupgucuyetqhqgd] has joined #bitcoin-wizards
12:15 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Quit: Leaving]
12:16 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards
12:17 -!- davi [~davi@gnu/davi] has quit [Ping timeout: 246 seconds]
12:20 -!- davi [~davi@gnu/davi] has joined #bitcoin-wizards
12:28 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
12:34 -!- davi [~davi@gnu/davi] has quit [Ping timeout: 246 seconds]
12:41 -!- Guest68586 is now known as mr_burdell
12:41 -!- mr_burdell is now known as Guest87353
13:00 -!- jmcn_ [~jamie@2.24.158.21] has joined #bitcoin-wizards
13:03 -!- jmcn [~jamie@2.24.158.87] has quit [Ping timeout: 276 seconds]
13:06 -!- GAit [~lnahum@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]
13:09 -!- GAit [~lnahum@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
13:09 -!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Ping timeout: 248 seconds]
13:42 -!- mjerr [~mjerr@p578EAB34.dip0.t-ipconnect.de] has quit [Ping timeout: 248 seconds]
13:46 -!- kmels [~kmels@186.151.61.184] has joined #bitcoin-wizards
13:51 -!- drwin_ [~drwin@88-103-255-166.jes.cz] has joined #bitcoin-wizards
13:51 -!- drwin [~drwin@88-103-255-166.jes.cz] has quit [Read error: No route to host]
14:04 -!- Quanttek [~quassel@2a02:8108:73f:f6e4:e23f:49ff:fe47:9364] has quit [Remote host closed the connection]
14:10 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards
14:10 -!- davi [~davi@gnu/davi] has joined #bitcoin-wizards
14:11 -!- damethos [~damethos@unaffiliated/damethos] has quit [Client Quit]
14:11 -!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards
14:11 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards
14:18 -!- PaulCapestany [~PaulCapes@204.28.124.82] has quit [Quit: .]
14:19 -!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards
14:30 -!- jgarzik [~jgarzik@unaffiliated/jgarzik] has joined #bitcoin-wizards
14:33 -!- spinza [~spin@197.83.246.196] has quit [Excess Flood]
14:33 -!- sparetire_ [~sparetire@unaffiliated/sparetire] has joined #bitcoin-wizards
14:34 -!- SubCreative [~SubCreati@unaffiliated/cannacoin] has quit [Read error: Connection timed out]
14:38 -!- spinza [~spin@197.83.246.196] has joined #bitcoin-wizards
14:40 -!- SubCreative [~SubCreati@unaffiliated/cannacoin] has joined #bitcoin-wizards
14:56 -!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye]
14:56 -!- SubCreative [~SubCreati@unaffiliated/cannacoin] has quit [Read error: Connection timed out]
14:58 -!- SubCreative [~SubCreati@2601:601:400:1f04:9125:1736:b549:ab2e] has joined #bitcoin-wizards
14:58 -!- SubCreative [~SubCreati@2601:601:400:1f04:9125:1736:b549:ab2e] has quit [Changing host]
14:58 -!- SubCreative [~SubCreati@unaffiliated/cannacoin] has joined #bitcoin-wizards
15:04 -!- Xh1pher [~Xh1pher@pD9E3A97A.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
15:04 -!- drwin_ [~drwin@88-103-255-166.jes.cz] has quit []
15:05 -!- davi [~davi@gnu/davi] has quit [Ping timeout: 256 seconds]
15:25 -!- SubCreative [~SubCreati@unaffiliated/cannacoin] has quit [Read error: Connection timed out]
15:26 -!- SubCreative [~SubCreati@unaffiliated/cannacoin] has joined #bitcoin-wizards
15:33 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards
15:35 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 256 seconds]
15:58 -!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards
16:10 -!- eudoxia [~eudoxia@r186-54-146-25.dialup.adsl.anteldata.net.uy] has joined #bitcoin-wizards
16:13 -!- prodatalab [~prodatala@2601:6c4:200:d4e0:1e4:702:bd2d:1f6] has joined #bitcoin-wizards
16:18 -!- jtimon [~quassel@69.29.134.37.dynamic.jazztel.es] has joined #bitcoin-wizards
16:40 -!- shen_noe [~shen_noe@173-165-135-246-utah.hfc.comcastbusiness.net] has joined #bitcoin-wizards
16:52 -!- midnightmadness [~tom@d154-5-183-203.bchsia.telus.net] has joined #bitcoin-wizards
16:57 < shen_noe> had a (possibly bad) idea for a modification of Confidential Transactions to cryptonote which could use some feedback:
16:58 < shen_noe> In original CT we have: If the author of a transaction takes care in picking their blinding
16:58 < shen_noe> factors so that they add up correctly, then the network can still verify
16:58 < shen_noe> the transaction by checking that its commitments add up to zero:
16:58 < shen_noe> what if we change this to check that the blinding factors don't add exactly to zero, but rather the sum of inputs and outputs commitments leaves zG
16:59 < shen_noe> so sum of input commitments - output commitments is a commitment to zero
16:59 < shen_noe> secret key only known to the sender
16:59 < shen_noe> now, take a ring signature over C_1, ..., C_s, ..., C_n where C_i are possible input commitments taken ad-hoc from blockchain
16:59 < shen_noe> C_s being the one belonging to signature
17:00 < shen_noe> actually a ring sig over C_1 - outputs, ..., C_s - outputs, ..., C_n - outputs
17:00 < shen_noe> so sender can prove that 1/n of these is a commitment to zero
17:00 < shen_noe> (the LLW ring sig's are nice for this purpose)
17:01 -!- Mably [~Mably@unaffiliated/mably] has quit [Ping timeout: 276 seconds]
17:01 < shen_noe> after this, proceed as in normal CT (proving outputs are commitments to positive values), using boromean sigs if that helps,, etc
17:02 < shen_noe> thoughts?
17:04 < shen_noe> *C_s being the one belonging to the "signer"
17:12 < andytoshi> shen_noe: i'm not quite sure what you gain here .. you need that every `inputs - outputs` is zero, so proving that 1/n of them are seems like it'd just be wasteful
17:13 < MRL-Relay> [shen] andytoshi, I want to prove that 1/n of inputs - outputs is a commitment to zero
17:13 < MRL-Relay> [shen] to not reveal which input index belongs to me
17:13 < andytoshi> oh, i see 1/n of inputs
17:15 < andytoshi> i guess, you are combining this with monero's usual ringsigs..
17:15 < shen_noe> yeah, or the LLW that you guys used (which are more efficient)
17:15 < andytoshi> and what it gets you is that you can ring-sign with arbitrary input sets, and not care about their sizes
17:15 < shen_noe> and hide amounts better than currentlyy
17:15 -!- hashtag [~hashtag@cpe-69-23-213-3.ma.res.rr.com] has quit [Ping timeout: 246 seconds]
17:16 < andytoshi> yeah, the exact scheme is not so important, what i'm trying to get is the high-level .. you have (a) a ringsignature over several inputs which proves you own one of them, (b) a "ring-CT proof" that one of these inputs is the right size
17:17 < shen_noe> yeah
17:17 < andytoshi> so, you need to link these two signatures somehow to make sure the input you're spending and the input whose value you're using are the same one
17:17 < andytoshi> but i'd guess this is easy once you write out the algebra
17:17 < andytoshi> but off the top of my head i'm not certain how
17:18 < andytoshi> or maybe the original ring signature is not important actually..
17:19 < shen_noe> so you need to link the two sigs: I think you can include all the original C_in's so a verifier can recreate the original sig themselves
17:19 < shen_noe> (maybe?)
17:19 < andytoshi> you use the delta from 0 in the `input - outputs` as your verification key
17:19 < shen_noe> yeah
17:19 < andytoshi> then if you are able to prove that `input - outputs == 0` this also proves you own the input
17:19 < andytoshi> (i think)
17:19 < shen_noe> so in language of CT paper, (x+z)G + aH = y1G + b1H + y2G + b2H
17:20 < shen_noe> where x+z = y1+y2
17:20 < shen_noe> and a = b1+b2
17:20 < andytoshi> yeah
17:20 < shen_noe> then z is sk
17:20 < andytoshi> yeah
17:20 -!- gielbier [~giel@f142219.upc-f.chello.nl] has quit [Ping timeout: 256 seconds]
17:22 < andytoshi> so, let's think how this would work for a one-input-one-output tx, with a ringsize of one
17:23 < andytoshi> so there is no ring sig magic here, i'm just trying to figure out when/how the pubkey is determined
17:23 -!- gielbier [~giel@f142219.upc-f.chello.nl] has joined #bitcoin-wizards
17:23 < andytoshi> with the current CT setup you've got something like an output value of `rG + vH` where r is secret and v is the hidden value
17:23 < shen_noe> ok, so above equation I guess becomes (x+z)G + aH = xG + aH
17:24 < andytoshi> yeah, sure, let's use your notatin
17:24 < andytoshi> the output is (x + z)G + aH? z is the key, a is the value, what is x?
17:25 < shen_noe> x + z = y is constructed as an equation of blinding factors
17:25 < shen_noe> oh no y
17:25 < andytoshi> ok i think you don't need both x and z
17:26 < andytoshi> oh, no, you do, cuz you have to reveal zG at some point here
17:26 < andytoshi> which if z was the only blinding factor, would reveal a
17:27 < andytoshi> so my question is: what is the output? a value commitment (x + z)G + aH as well as a verification key zG?
17:28 < shen_noe> output is yeah, yG + aH, where a is the sent amount, y is blinding factor
17:28 < andytoshi> kk gotcha
17:28 < shen_noe> so let's see (x + z)G + aH - yG + aH = zG
17:29 < shen_noe> if z = y
17:29 < shen_noe> and presumably you know log_G zG
17:29 < andytoshi> if x = y you mean
17:29 < shen_noe> since you made it
17:29 < shen_noe> yes
17:29 < shen_noe> (sorry been up late)
17:29 < andytoshi> np
17:30 < shen_noe> so if x = y, then (x + z)G + aH - yG - aH = zG
17:30 < shen_noe> now, you know log_G zG, so you can sign make a signaturre from the above difference
17:31 < andytoshi> yeah, understood
17:31 < andytoshi> can you remind me what normally happens? basically z = 0 in that case
17:31 < shen_noe> normally, z = 0, so it's more like xG + aH - yG - aH = 0 if x = y
17:31 < andytoshi> oh, never mind, i'm being silly
17:32 < shen_noe> the network verfies it's actually "is" zero
17:32 < shen_noe> rather than commitment to zero
17:32 < andytoshi> i was like "how do you prove you know the input" but that's not the commitment-proof's job in the original system
17:32 < shen_noe> sure
17:32 < shen_noe> :P
17:33 < andytoshi> kk so now i need to think for a few mins about if you can game this somehow .. i guess not if zG is in the output and can't be changed
17:33 < shen_noe> greatly appreciated
17:34 < andytoshi> ok, so i think i can choose {z, zG} then spend any output like this by taking the input point and adding zG to it to get my output point
17:34 -!- dEBRUYNE_ [~dEBRUYNE@239-196-ftth.onsbrabantnet.nl] has quit [Read error: Connection reset by peer]
17:34 < andytoshi> so i don't actually know x or a in this case
17:35 < shen_noe> hmm, let's see how that would work
17:35 < shen_noe> so C_in is chosen arbitrarilyy
17:35 < shen_noe> you don't know C_in = xG + aH (you don't know x or a)
17:36 < shen_noe> so zG + C_in - C_out = zG if C_in = C_out
17:36 < andytoshi> (i'll let you work thru this, meanwhile i think i have a fix, tho it's a little bigger than a single sig)
17:36 < shen_noe> is that what you mean?
17:36 < andytoshi> yes
17:36 < shen_noe> so basically you can send funds back to their outputs?
17:36 < shen_noe> I mean inputs
17:37 < andytoshi> hmmm, maybe that's all this wolud do..
17:37 < shen_noe> it still might cause a problem somehow
17:38 < andytoshi> is zG part of the output that's being spent? or is the idea is it's only computed as C_in - C_out?
17:39 < shen_noe> so I'm thinking the input you know is xG + aH, then you decompose x into x = z + y
17:39 < shen_noe> and then use y = sum outputs blinding factors
17:39 < shen_noe> and z is sk
17:40 < andytoshi> understood
17:40 < andytoshi> my question is whether z is forced by the output that you're spending
17:41 < andytoshi> i think the answer should be yes
17:41 < andytoshi> like, what i'm saying is the output will be {C_in, zG}
17:41 < shen_noe> it seems like it's forced not by output, but by the blinding factors you pick
17:41 < andytoshi> ok, so the output is only C_in?
17:42 < shen_noe> yeah C_in is something you've received from previous transaction
17:42 < andytoshi> then i can choose C_in from an arbitary output, choose z randomly, and produce a tx whose output is C_out = C_in + zG
17:42 < andytoshi> now i know z and can sign anything with it
17:43 < andytoshi> i think putting zG in the output fixes this
17:43 < shen_noe> lets see
17:43 < shen_noe> C_in = xG + aH, C_out = xG + aH + zG
17:43 < shen_noe> then C_in - C_out = -zG
17:44 < andytoshi> ..right, and then i know -z and can sign for that
17:44 < shen_noe> so you can find z, then you can send funds to C_in + zG
17:45 < shen_noe> let's see
17:45 < shen_noe> what about the range proof in this case?
17:45 < andytoshi> there should've been a range proof attached to C_in right?
17:45 < andytoshi> i just copy that
17:45 < shen_noe> now it's a range proof for C_in + zG though
17:45 < andytoshi> oh hmm
17:46 < shen_noe> does it still work the same?
17:46 < shen_noe> (this is extremely helpful btw thx)
17:46 < andytoshi> one sec i gotta find the rangeproof writeup to remind myself
17:46 < shen_noe> same
17:47 < andytoshi> it's about:blank
17:47 < andytoshi> lol https://people.xiph.org/~greg/confidential_values.txt
17:48 < shen_noe> so it looks something like C_in + z_G == C_1 + C_2 + ... + C_5
17:49 < shen_noe> where C_i represent proofs of the binary coefficients of C_in + z_G
17:49 < shen_noe> so C_1 proves that first binary coefficient of C_in + z_G is 0 or 1
17:50 < andytoshi> yeah, so actually what you do is add zG to one of the C_i's
17:50 < shen_noe> so to prove C_1 you have to know either log_G (C_in + z_G) or log_G (C_in + zG - H)
17:50 < andytoshi> yup
17:51 < andytoshi> so if i have a signature for xG on m, can i mar this into a sig for (x + z)G on m, knowing only z?
17:51 < andytoshi> (x is just an arbitrary secret value, it doesn't correspond to anything we've mentioned so far)
17:52 < shen_noe> hrm
17:52 < andytoshi> one sec,gotta do this on paper..
17:52 < shen_noe> yeah
17:52 < andytoshi> yeah you totally can for schnorr sigs
17:53 < shen_noe> using homomorphic prop?
17:53 < andytoshi> yeah, s -> s + zH(m||r), r -> r
17:53 < andytoshi> if s = k + xH(m||r) this gives you s' = k + (x + z)H(m||r)
17:54 < shen_noe> so that would be like signing with x + z, without knowing x, and only knowing xG
17:54 < andytoshi> right
17:54 < andytoshi> being unable to do this is -not- a standard security property that i'm aware of, i doubt it holds for any standard sig system
17:55 < shen_noe> so how do you sign with (x + z) without knowing (x + z) ?
17:55 < andytoshi> oh, wait, i was assuming you had a signature on x
17:55 < andytoshi> but obviously you don't, not on your new transaction..
17:55 < shen_noe> hrm
17:56 < andytoshi> i'm beginning to think this is ok
17:56 < shen_noe> my super-caffeinated brain which slept 2 hours thinks its ok
17:56 < shen_noe> but that's not usually enough to actually "be" ok
17:57 < shen_noe> as my advisor has shown me numerous times
17:57 < andytoshi> i do think this is gonna be a bear to argue correctness for
17:57 < andytoshi> yeah lol
17:58 < andytoshi> ok, my next attack is, maybe you know (x + z) but not x or z..
17:58 < andytoshi> i think you can't do this because x is gonna be different for each bit of the range-proof in the output
17:59 < shen_noe> yeah, as long as output is not 1H
17:59 < shen_noe> also, to show commitmment to zero, you have to know z?
17:59 < andytoshi> yeah
18:00 < andytoshi> ok, so, you ringsign with (C_i, C_i - H) to proof either 0 or 1, and there are always multiple random C_i's
18:01 < andytoshi> -but- i think we can attack this only marring one of them, you do C_1 -> C_1 + zG say
18:01 < shen_noe> ok
18:01 < andytoshi> now, the remaining C_i's have unchanged so you can keep their part of the rangeproof
18:02 < andytoshi> and you set things up so that you know the DL of (C_1 + zG) even tho i don't know z or the DL of C_1
18:02 < andytoshi> now you can reproduce that part of the rangeproof
18:02 < andytoshi> -but- i think you're screwed now because you have to produce a signature with z on top of this right?
18:03 < shen_noe> yeah, at the end you need to sign with z
18:03 < andytoshi> ok, i think this is safe actually
18:03 < shen_noe> to prove inputs - ouputs = commitment to zero
18:03 < andytoshi> cuz you always have to sign with (a) z and (b) z + r, where r is some randomness from the input's rangeproof
18:04 < andytoshi> you don't know r unless you own the output, so you can't do both unless you own the output
18:05 < shen_noe> ..yes
18:05 < shen_noe> I think that's right
18:06 < andytoshi> oh, but now have we broken the value proofs?
18:06 < andytoshi> like, can you go spending with outputs > inputs?
18:07 < andytoshi> (i think) the answers is no, as long as nobody knows the DL of your generators
18:07 < shen_noe> I was hoping the value proofs were pretty much the same as in CT
18:08 < shen_noe> so.. I think outputs = inputs is guaranteed by commitment to zero of the original summation
18:08 -!- gmaxwell [greg@wikimedia/KatWalsh/x-0001] has joined #bitcoin-wizards
18:09 < shen_noe> and then value proofs are just to prove C_out has aH with a in the right range
18:10 < andytoshi> i think you're right
18:11 < shen_noe> gmaxwell invented ct also: so I was thinking of modifying the summation equation (In1 + In2 + In3 + plaintext_input_amount*H...) -
18:11 < shen_noe>      (Out1 + Out2 + Out3 + ... fees*H) == 0.
18:12 < shen_noe> to be instead a commitment to zero
18:12 < shen_noe> now take a ring sig over (C_1 - \sum outputs, ..., C_s - \sum outputs, ..., C_n - \sum outputs)
18:13 < shen_noe> where s is secret index
18:13 -!- zooko [~user@2602:306:ccd3:2710:fc20:c4dc:4dcf:4186] has joined #bitcoin-wizards
18:13 < andytoshi> shen_noe: i think 100% of CT was gmaxwell and adam3us, i had nothing to do with it
18:13 < shen_noe> ahh i see I saw your name on the boromean paper
18:13 < gmaxwell> shen_noe: adam proposed in his original thread that showing knowedlge of the discrete log of the blinding factor as a replacement for the normal signature (so long as you don't mind losing all the useful script properties)
18:13 < andytoshi> yeah, i wrote the paper but all i invented was the time travel stuff
18:13 < andytoshi> which was purely an explanatory device
18:13 < shen_noe> gmaxwell, ahh nice
18:14 < shen_noe> I've just seen your writeup of it actually
18:14 < gmaxwell> shen_noe: but if I send you coins I also know your blinding factors, so the send is not a payment (as I can claw the funds back) unless we use an interactive proptocol to have you generate the blinded coins.
18:15 < gmaxwell> (and their range proofs, etc)
18:15 < andytoshi> oh, i see it now, yeah, you can't hide z from the payee without interaction .. dammit
18:15 < shen_noe> oh i see... hmm yes sender would know the receivers blinding factors obviously
18:15 < gmaxwell> so it didn't really seem like a big gain, also since the rangeproofs can often be omitted.
18:16 < andytoshi> well, the gain was really for monero, so you could ringsign over inputs of varying values
18:16 < shen_noe> the reason I was considering this, is if you modify for CryptoNote, then you need someway tto hide the input index
18:16 < shen_noe> yeah
18:17 < gmaxwell> Adam actually had a proposal to for a ringsig version, but I'm not sure if it was complete or correct.
18:17 < shen_noe> would love to see that.. hmm
18:17 < shen_noe> do you remember how many steps in the interactive protocol?
18:17 < gmaxwell> I think the ringsig is not very exciting though since coninjoin works so will with the CT approach... and the ringsig has other costs.
18:18 -!- hashtag [~hashtag@cpe-69-23-213-3.ma.res.rr.com] has joined #bitcoin-wizards
18:18 < shen_noe> i.e. most sigma protocols (3 steps) can be made non-interactive
18:18 < andytoshi> shen_noe: it won't be a sigma protocol, here both parties need knowledge of secret data
18:18 < gmaxwell> shen_noe: it requires interaction because the reciever needs to have a secret.
18:18 < shen_noe> yeah, it was more of a thought exercise, since the size with ring sigs included makes it fairly large
18:19 < shen_noe> I see, so something like receiver passing you their blinding factor
18:20 -!- zooko [~user@2602:306:ccd3:2710:fc20:c4dc:4dcf:4186] has quit [Ping timeout: 248 seconds]
18:20 < gmaxwell> shen_noe: they can't do that or you can spend their coins.  Rather the reciever has to create two outputs and their range proofs and tell you their blinding factor sum and value sum.
18:20 < shen_noe> I wonder if you could "key-image" outputs
18:20 -!- jtimon [~quassel@69.29.134.37.dynamic.jazztel.es] has quit [Ping timeout: 264 seconds]
18:20 < shen_noe> and then since change-addresses are one-time keys...
18:20 -!- eudoxia [~eudoxia@r186-54-146-25.dialup.adsl.anteldata.net.uy] has quit [Quit: Leaving]
18:20 < gmaxwell> then you can create a transaction which includes their outputs where only you know the discrete log of the sum of the blinding factors.
18:20 < andytoshi> shen_noe: yeah, the LWW paper has a really generic way of making key images, you just have another generator H, then the key image of xG is xH, and you provide a proof-of-equal-discrete-logs
18:21 < andytoshi> or ring-proof-of-equal-discrete-logs or whatever
18:22 < shen_noe> andytoshi, I'll have to read that more carefully
18:22 < gmaxwell> (but then you get into problems where you have to prohibit spending those two coins in the same transaction and other stupidity.)
18:23 < shen_noe> so.. maybe it would work, with some caveats on how you spend coins..
18:23 < CodeShark> are many of the insights in partially homomorphic crypto using the discrete log problem applicable to lattice-based crypto?
18:23 < gmaxwell> and interaction on send.
18:24 < shen_noe> like all oupts are otk's by force, and can be spent once
18:24 < andytoshi> CodeShark: i don't -think- so
18:25 -!- jgarzik_ [~jgarzik@104-178-201-106.lightspeed.tukrga.sbcglobal.net] has joined #bitcoin-wizards
18:25 < andytoshi> CodeShark: lattice crypto is about having a secret basis in which matrices can be efficiently manipulated in sorta ad-hoc ways, i'm not aware of something similar to this "have two generators so given aG + bH nobody can know its discrete log"
18:26 < gmaxwell> shen_noe: double spending is not an issue there; the problem is the symmetry of the reciever and the senders knoweldge. It can be broken, with a cost, but the benefit is pretty small.
18:26 < CodeShark> my understanding (which admittedly isn't as good as I would like) is that lattice based homomorphic encryption is based on ideals
18:26 -!- jgarzik_ [~jgarzik@104-178-201-106.lightspeed.tukrga.sbcglobal.net] has quit [Client Quit]
18:27 < CodeShark> as in ideals of rings
18:27 < shen_noe> gmaxwell, right, I was momentarily confused - so makes the transaction with the coins first wins
18:27 < CodeShark> but I really need to read up more :p
18:27 < andytoshi> CodeShark: oh, i'm only dimly aware of that side of the literature
18:27 < andytoshi> if you have any intuitions they probably trump mine
18:28 -!- gmaxwell [greg@wikimedia/KatWalsh/x-0001] has left #bitcoin-wizards []
18:28  * CodeShark pulls out his old algebraic geometry texts :)
18:32 -!- midnightmadness [~tom@d154-5-183-203.bchsia.telus.net] has quit [Remote host closed the connection]
18:32 < shen_noe> so maybe it would need a "coins" received function where receiver scans blockchain and when they find their coins, send it to a new address.. I'm not sure what that implies
18:33 < shen_noe> andytoshi thx for feedback
18:33 < andytoshi> np shen_noe
18:33 < andytoshi> but i think now the complexity is not worth it
18:33 < andytoshi> interaction is pretty much a dealbreaker
18:33 < shen_noe> yeah: there is a much simpler method (but not as good) which already works in monero actually
18:34 < shen_noe> just split up your amount into like n = n_1 + n_2 + ... + n_m
18:34 < shen_noe> and the cardinality of possiblities is 2^m
18:35 < shen_noe> (since one-time keys for change addresses and receive addresses)
18:36 < shen_noe> although I think you could get away with not full interaction: receiver only interacts by scanning blockchain and "accepting" their transaction
18:36 < shen_noe> by sending it to a new address they control
18:37 < shen_noe> with new blinding factors
18:37 < andytoshi> i see what you're saying, yeah, that works
18:37 < shen_noe> so it's open to chargebacks until the receiver decides they want it
18:37 < andytoshi> i think
18:38 < shen_noe> and (unless other problems) it costs an additional transaction fee
18:39 < shen_noe> in any case, gotta run
18:39 -!- shen_noe [~shen_noe@173-165-135-246-utah.hfc.comcastbusiness.net] has quit [Quit: quitquitquit]
18:44 -!- Quanttek [~quassel@ip1f10af17.dynamic.kabel-deutschland.de] has quit [Ping timeout: 264 seconds]
18:55 -!- Dr-G [~Dr-G@unaffiliated/dr-g] has quit [Disconnected by services]
18:55 -!- Dr-G2 [~Dr-G@x4d08da17.dyn.telefonica.de] has joined #bitcoin-wizards
19:24 -!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards
19:28 -!- OneFixt [~OneFixt@unaffiliated/onefixt] has quit [Remote host closed the connection]
19:28 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards
19:29 -!- OneFixt [~OneFixt@unaffiliated/onefixt] has joined #bitcoin-wizards
19:50 -!- M-_mis [mistake__m@gateway/shell/matrix.org/x-mywutvpmtakghecb] has quit [Remote host closed the connection]
19:50 -!- MatrixBridge [matrixirc@gateway/shell/matrix.org/x-yeyjybbksbqjeoki] has quit [Remote host closed the connection]
19:54 -!- MatrixBridge [matrixirc@gateway/shell/matrix.org/x-ppbdqbcrjapyujex] has joined #bitcoin-wizards
19:55 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has quit [Ping timeout: 246 seconds]
19:55 -!- MatrixBridge is now known as 5EXABJ6GG
19:55 -!- MatrixBridge [matrixirc@gateway/shell/matrix.org/x-gngdpbityeshsnky] has joined #bitcoin-wizards
19:55 -!- MatrixBridge [matrixirc@gateway/shell/matrix.org/x-gngdpbityeshsnky] has quit [Remote host closed the connection]
20:03 -!- prodatalab [~prodatala@2601:6c4:200:d4e0:1e4:702:bd2d:1f6] has quit [Ping timeout: 248 seconds]
20:07 -!- hashtag [~hashtag@cpe-69-23-213-3.ma.res.rr.com] has quit [Ping timeout: 244 seconds]
20:16 -!- thrasher` [~thrasher@unaffiliated/thrasher/x-7291870] has quit [Ping timeout: 255 seconds]
20:19 -!- thrasher` [~thrasher@ec2-54-66-203-250.ap-southeast-2.compute.amazonaws.com] has joined #bitcoin-wizards
20:23 -!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has joined #bitcoin-wizards
20:27 -!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has quit [Client Quit]
20:32 -!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has joined #bitcoin-wizards
20:35 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Disconnected by services]
20:35 -!- [7] [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards
20:42 -!- Giszmo [~leo@pc-185-201-214-201.cm.vtr.net] has quit [Quit: Leaving.]
20:45 -!- amiller [~socrates1@unaffiliated/socrates1024] has quit [Excess Flood]
20:46 -!- p15 [~p15@93.186.169.199] has joined #bitcoin-wizards
20:46 -!- Guest30532 [~socrates1@li175-104.members.linode.com] has joined #bitcoin-wizards
21:07 -!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
21:10 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards
21:10 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
21:26 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has quit [Ping timeout: 252 seconds]
21:30 -!- Zooko-phone [~androirc@c-73-202-109-21.hsd1.ca.comcast.net] has joined #bitcoin-wizards
21:41 -!- Burrito [~Burrito@unaffiliated/burrito] has quit [Quit: Leaving]
21:54 -!- p15_ [~p15@93.186.169.212] has joined #bitcoin-wizards
21:55 -!- p15 [~p15@93.186.169.199] has quit [Ping timeout: 250 seconds]
21:57 -!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has joined #bitcoin-wizards
22:01 -!- getplank [~getplank@cpe-74-71-180-161.nyc.res.rr.com] has quit [Client Quit]
22:03 -!- hashtag [~hashtag@cpe-69-23-213-3.ma.res.rr.com] has joined #bitcoin-wizards
22:07 -!- hashtag [~hashtag@cpe-69-23-213-3.ma.res.rr.com] has quit [Ping timeout: 248 seconds]
22:11 -!- MrTratta [~MrTratta@2-228-102-98.ip191.fastwebnet.it] has quit [Ping timeout: 272 seconds]
22:14 -!- prodatalab [~prodatala@2601:6c4:200:d4e0:49e:59fd:b28a:eafa] has joined #bitcoin-wizards
22:29 -!- jgarzik [~jgarzik@unaffiliated/jgarzik] has quit [Quit: This computer has gone to sleep]
22:36 -!- gmaxwell [greg@wikimedia/KatWalsh/x-0001] has joined #bitcoin-wizards
22:36 < gmaxwell> https://github.com/scipr-lab/libsnark/commits/master  < got code for sha256 15 days ago
22:37 -!- davi [~davi@gnu/davi] has joined #bitcoin-wizards
22:42 -!- arubi_ [~ese168@unaffiliated/arubi] has quit [Quit: Leaving]
22:49 -!- cosmo [~james@unaffiliated/cosmo] has quit [Ping timeout: 252 seconds]
22:51 -!- bi_fa_fu [~E@65.113.88.100] has quit []
22:51 < CodeShark> so you can compress many levels of sha256 into a single proof whose size does not depend on the number of levels in a tree?
22:54 < CodeShark> oh very cool
22:54 -!- Xh1pher [~Xh1pher@pD9E3A97A.dip0.t-ipconnect.de] has joined #bitcoin-wizards
22:55 < CodeShark> so it's an optimized "gadget" within an NP-complete language
22:56 < Luke-Jr> hm! is it possible, I wonder, to design a PoW that *must* be performed in a SNARK? <.<
22:56 -!- d1ggy [~d1ggy@p20030057E7177926B5D367921D5726A6.dip0.t-ipconnect.de] has joined #bitcoin-wizards
22:57 < CodeShark> creating the proof is expensive - but in principle verification could be made much simpler than just brute force hashing
22:58 < CodeShark> that's why the NP-complete part :p
22:59 -!- d1ggy_ [~d1ggy@p20030057E71779409885E2CF83005408.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]
22:59 < Luke-Jr> right, I'm wondering this as a way to prevent block withholding on even p2pool
22:59 < CodeShark> substitute "in practice" for "in principle" :)
22:59 < gmaxwell> Luke-Jr: you've asked this before. The answer is no.
22:59 -!- Guest30532 [~socrates1@li175-104.members.linode.com] has quit [Changing host]
22:59 -!- Guest30532 [~socrates1@unaffiliated/socrates1024] has joined #bitcoin-wizards
22:59 -!- Guest30532 is now known as amiller
23:00 < Luke-Jr> :|
23:01 < gmaxwell> CodeShark: yes, you can, so long as you're willing to take on a whole host of new strong cryptographic assumptions; and a long (like 30 seconds to minutes) proving time. And verification that runs on the order of 200 proofs per second.
23:01 -!- p15x [~p15x@123.118.89.114] has joined #bitcoin-wizards
23:02 < CodeShark> it's based on paired crypto?
23:02 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 248 seconds]
23:02 < gmaxwell> _pairing_ crypto; though it has many more assuptions than just the hardness of discrete logs in bilinar groups and the normal stuff for most pairing crypto.
23:03 < CodeShark> pairing crypto, yes. that's what I meant :)
23:04 < gmaxwell> (I'm not dissing the approach I think it's just important to keep in mind Magic's Price)
23:04 < CodeShark> are the other assumptions largely surrounding statistical vs. computational zero knowledge?
23:04 < gmaxwell> no, absolutely not.
23:05 < CodeShark> so all these approaches don't assume anything more than computional zk, right?
23:05 < gmaxwell> (well the non-falsifyable one is)
23:05 < CodeShark> or specifically, this library
23:05 < gmaxwell> CodeShark: the ZK in this is perfect. The soundness is computational.
23:05 < CodeShark> ok, got it
23:05 < gmaxwell> No succinect proof system for genral NP can have better than computational security in any case (owing to a counting argument).
23:06 < gmaxwell> (er better than computational security for soundness)
23:06 < CodeShark> right...
23:07 < gmaxwell> but I'm not talking just about the hardness, I mean there are new strong assumptions; e.g. that certant functions cannot be efficiently computed; for which no proof currently exists that reduces them to an existing prior known strong assumption. (like the hardness of the computational discrete log problem in a bilinear group).  They sound plausable and fortunately its an interesting enough area t
23:07 < gmaxwell> hat people are actually working on breaking them and such.
23:08 < CodeShark> so what are the other big assumptions with bilinear group stuff?
23:08 < CodeShark> besides difficulty of discrete log, of course
23:11 < CodeShark> oh, hmm
23:11 < CodeShark> nvm, I was late on the keyboard :p
23:13 < gmaxwell> The papers go over them, though unless you're a current postdoc in that subfield you'll probably (like me) mostly just shrug at them. :)
23:14 -!- www1 [~v3@x5ce1bf95.dyn.telefonica.de] has quit [Ping timeout: 244 seconds]
23:16 < CodeShark> this whole zkSNARK thing does seem too good to be true...so yeah, there's a price for that magic
23:16 < gmaxwell> CodeShark: one of them is that it has trusted setup.
23:16 < CodeShark> is there no known way around that still?
23:17 < gmaxwell> There are proposals to potentially use multiparty computation for it, so the trusted setup gets some threshold security.
23:17 -!- mjerr [~mjerr@p578EAB34.dip0.t-ipconnect.de] has joined #bitcoin-wizards
23:18 < gmaxwell> People are also working on other schemes for NP proofs with a totally different cryptographic basis which won't have that problem; but their proofs will be less efficient.
23:18 < CodeShark> less efficient for the prover? the verifier? or both?
23:19 < gmaxwell> Less space efficient. They may well be faster to verify.
23:20 -!- p15_ [~p15@93.186.169.212] has quit [Ping timeout: 255 seconds]
23:20 < CodeShark> by totally different cryptographic basis you're referring to something other than bilinear crypto or pairing crypto?
23:21 < gmaxwell> right
23:21 -!- p15x [~p15x@123.118.89.114] has quit [Ping timeout: 264 seconds]
23:22 -!- drwin [~drwin@88-103-255-166.jes.cz] has joined #bitcoin-wizards
23:22 < CodeShark> but still using discrete log? or LWE or something else?
23:22 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
23:26 -!- p15x [~p15x@123.118.90.213] has joined #bitcoin-wizards
23:26 < gmaxwell> No; likely using using just random oracle assumptions.
23:27 < gmaxwell> PCP theorem plus fiat shamir tell us that at least in principle there are efficient computationally sound, statstically private proof systems for NP; that have no strong assumptions except the RO used for the fiat shamir.  Though making them pratical is hard.
23:28 < gmaxwell> (as the most direct routes require you to e.g. build a hashtree over a set of bits with substantially more entries than atoms in the universe)
23:41 < gmaxwell> andytoshi: do you see any obvious way to do an _efficient_ proof of polysig equivilence.  E.g. say there is a set of keys for a polysig, and some unknown permutation, and I want to prove to you that a given polysig series corresponds to that set without revealing the permutation?
23:41 -!- spinza [~spin@197.83.246.196] has quit [Excess Flood]
23:41 -!- spinza [~spin@197.83.246.196] has joined #bitcoin-wizards
23:48 -!- p15x [~p15x@123.118.90.213] has quit [Ping timeout: 252 seconds]
23:48 -!- p15x [~p15x@111.193.176.183] has joined #bitcoin-wizards
23:53 -!- davi [~davi@gnu/davi] has quit [Ping timeout: 246 seconds]
23:58 -!- arubi_ [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards
--- Log closed Sun Jun 28 00:00:54 2015