--- Log opened Tue Nov 24 00:00:34 2015 00:04 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards 00:12 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards 00:17 -!- grubles [~grubles@unaffiliated/grubles] has quit [Ping timeout: 240 seconds] 00:19 -!- grubles [~grubles@104.238.145.35] has joined #bitcoin-wizards 00:19 -!- grubles is now known as Guest16720 00:35 -!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has joined #bitcoin-wizards 00:38 -!- JackH [~Jack@host-80-43-142-236.as13285.net] has joined #bitcoin-wizards 00:45 -!- pozitrono [~nu@46.166.188.207] has joined #bitcoin-wizards 00:50 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Quit: Leaving] 00:51 -!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards 00:53 -!- tulip [~tulip@unaffiliated/tulip] has quit [] 00:54 -!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye] 00:55 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards 01:03 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds] 01:15 -!- mkarrer [~mkarrer@17.Red-83-52-38.dynamicIP.rima-tde.net] has quit [] 01:20 -!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has quit [Ping timeout: 276 seconds] 01:29 -!- pozitrono [~nu@46.166.188.207] has quit [Ping timeout: 264 seconds] 01:37 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards 01:41 -!- Lightsword [~Lightswor@104.194.117.23] has quit [Ping timeout: 272 seconds] 01:46 -!- p15 [~p15@33.91.145.64.client.static.strong-tk2.bringover.net] has joined #bitcoin-wizards 01:48 -!- p15_ [~p15@75.91.145.64.client.static.strong-tk2.bringover.net] has quit [Ping timeout: 250 seconds] 02:04 -!- roconnor [~roconnor@host-45-58-253-108.dyn.295.ca] has quit [Ping timeout: 265 seconds] 02:06 -!- CoinMuncher [~jannes@178.132.211.90] has joined #bitcoin-wizards 02:08 -!- flipswitchbitch [~ielo@88-106-255-49.dynamic.dsl.as9105.com] has joined #bitcoin-wizards 02:14 -!- moa [~kiwigb@103.247.192.222] has joined #bitcoin-wizards 02:14 -!- moa [~kiwigb@103.247.192.222] has quit [Changing host] 02:14 -!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards 02:25 -!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has quit [Quit: the`doctor] 02:37 -!- bramc [~bram@99-75-88-206.lightspeed.sntcca.sbcglobal.net] has quit [Quit: This computer has gone to sleep] 02:42 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Ping timeout: 264 seconds] 02:55 < gmaxwell> aj: I'd like to review the work here: http://lists.linuxfoundation.org/pipermail/lightning-dev/2015-November/000329.html the mention of OP_CHECK_SECP256K1_MUL_VERIFY gives me concern that something is broken. But I could use an 'extract' of the scheme that assumes I don't know or care anything about lightning. 02:55 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards 02:56 < aj> gmaxwell: sure! 02:58 < aj> gmaxwell: so the idea with HTLCs is you pay to a hash and collect the payment by revealing the preimage. using sha256 or hash160 or whatever means that to forward a htlc you have to reuse the same hash/preimage at each step. i assume you're totally familiar with that? 02:58 < gmaxwell> Yes. to make the payment atomic. 02:58 < aj> gmaxwell: yeah 03:00 < aj> gmaxwell: so it would be nice if you could use different hash/preimages at each step, so that different nodes in the route can't conspire and work out who was paying who. the "previous message" was me trying to do that with a SNARK 03:00 < gmaxwell> So in here you pay to randomly relayed pubkeys along the way. But then how is the unlock atomic? e.g. if you just sign with Q at the end, the private key is not revealed... and so the other transfers are stuck, no? 03:01 < aj> gmaxwell: so the use of ecc_multiply as the hash function instead solves it much more cleverly 03:01 < aj> gmaxwell: ie PUBLIC = g*PREIMAGE 03:02 < aj> gmaxwell: so that's still the last step in the chain, but the step prior to that becomes PUBLIC*n = g*PREIMAGE*n, and the step before that becomes PUBLIC*n*m = g*PREIMAGE*n*m* 03:02 -!- AaronvanW [~ewout@unaffiliated/aaronvanw] has joined #bitcoin-wizards 03:03 < aj> gmaxwell: the n and m are kept secret to the person doing the paying, and the particular node; so they're not random pubkeys, they're random multiples of the next pubkey 03:03 < gmaxwell> that was supposted to be 'related'. 03:04 < aj> gmaxwell: english should've been designed with a higher hamming distance 03:06 < aj> gmaxwell: okay so if you're asked to forward PUBLIC*n*m to PUBLIC*n; then you need to be told PUBLIC*n*m, PUBLIC*n, and m; you can then verify the multiplication, and once the payment completes you'll find out PREIMAGE*n (because PUBLIC*n will have just cleared). But you know m, so you multiply and have PREIMAGE*n*m and can clear the next step 03:06 < gmaxwell> Why not this alternative scheme; Q = xG; Q1 = Q+P1, Q2 = Q+P2, Q3 = Q+P3 where the P_n are the single keys of the participants. 03:07 -!- flipswitchbitch [~ielo@88-106-255-49.dynamic.dsl.as9105.com] has quit [Ping timeout: 272 seconds] 03:07 < gmaxwell> And instead of revealing Q you sign with it, using a forced static R value, so all the participants learn the discrete log from the signature? 03:07 < aj> gmaxwell: because then you could just subtract your key P1 to work out Q and correlate transactions? 03:08 < gmaxwell> aj: the 'your key'-- the key is single use, and uniformly distributed. 03:08 < aj> gmaxwell: hmm, i'm not sure how that would work 03:09 < gmaxwell> (I was going to seperately say you should be doing Q+nG generally, as it is enormously faster and as far as I can tell you need no property of multiplication here) 03:09 < gmaxwell> aj: What part isn't clear? 03:10 < aj> gmaxwell: so "x" is the secret known by the merchant, and Q is revealed to the consumer, yes? 03:11 < gmaxwell> Yes. 03:11 < aj> gmaxwell: oh, or is it the signature that's revealed to the consumer, not Q? 03:12 < gmaxwell> x is the hash preimage, if you will, Q is the hash. the Q+... the the derrived hashes. whos preimages will be known to the keyholders of P1, P2, P3 ... respectively (and only them), once they know x. 03:14 < gmaxwell> x can be disclosed if the payment to Q at the end requires signing with a particular nonce (e.g. substr constraining the signature), and the particupants know the discrete log of that nonce already. 03:15 < gmaxwell> beyond not requiring additional constructs and getting rid of the expensive multiply, I think the inner public keys can replace the need for a seperate signature, and potentially make it so that all transactions except the last look like more ordinary multisig transactions. 03:15 < aj> gmaxwell: hmm 03:18 < aj> gmaxwell: that /sounds/ plausible, but i'll need to work it out with pen and paper... 03:19 < aj> gmaxwell: (substr is a disabled opcode though) 03:19 < gmaxwell> (there is an extra constraint that you need to show that P_n wasn't generated as a function of Q but there are several ways to do that.) 03:20 < gmaxwell> aj: sure, though all the other things you're talking about don't exist. And I would be much more keen to enable substr (it's there in alpha, ...) than a generic point scalar multiply, which is fairly expensive (basically the same cost as a signature verify) 03:21 < gmaxwell> single show signatures tend to be useful for other things in any case. 03:23 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving] 03:29 -!- moa [~kiwigb@opentransactions/dev/moa] has quit [Ping timeout: 276 seconds] 03:34 < aj> gmaxwell: so i think "OP_DUP 16 OP_LEFT OP_EQUALVERFIY OP_CHECKSIGVERIFY" would let you reveal "x" with just OP_SUBSTR/OP_LEFT; but i don't see how earlier steps could get away with just a regular multisig txn? 03:36 < gmaxwell> instead of having to be a preimage + key, they're just payments to a key. 03:36 -!- epopt [~epopt@108-208-198-211.lightspeed.sntcca.sbcglobal.net] has quit [Ping timeout: 272 seconds] 03:39 -!- damethos [~damethos@unaffiliated/damethos] has quit [Ping timeout: 240 seconds] 03:39 -!- matsjj_ [~matsjj@p5B2093BB.dip0.t-ipconnect.de] has joined #bitcoin-wizards 03:39 < aj> gmaxwell: but that doesn't work transitively? ie, once I know I can sign with , but how does that help the next guy sign with ? 03:41 -!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards 03:41 < gmaxwell> when he knows x he can with with Q+P2. (presuming he could sign with P2 to begin with, he just adds x to his private key) 03:42 < aj> gmaxwell: right, but he doesn't know unless he forces me to sign with a known r too, rather than just asking me to pay to an address? 03:43 < gmaxwell> I'm assuming he'll observe the Q single show payment. 03:43 -!- matsjj [~matsjj@p20030089EA107E047892F20D24EAFAFC.dip0.t-ipconnect.de] has quit [Ping timeout: 272 seconds] 03:44 < gmaxwell> same deal as with the plain hashlock, everyone tests the same preimage. 03:44 < aj> gmaxwell: that only works if he knew the log of the value that i chose? 03:44 < gmaxwell> you can all share that in advance. (e.g. Q picks it and tells the whole channel Q,r at the start) 03:47 < aj> gmaxwell: seems like that'd require trust... i don't think you'd get to see the reveal of Q normally either -- it'd be in a channel, rather than on the blockchain 03:47 < gmaxwell> I don't see how this is different than the case where you are using a common Hx = H(x) everywhere. 03:47 < aj> gmaxwell: not using a common Hx is the goal :) 03:48 < gmaxwell> Yes for privacy! 03:48 < gmaxwell> But you're not making a privacy related objection. 03:49 < aj> gmaxwell: but with a common Hx each node along the chain says "Here's x!" to the previous node, who then verifies H(x)=Hx, and repeats. you forward along the same Hx each time because that's the only way you'll convince anyone to give you x 03:50 < gmaxwell> okay you're counting on each step forcing there not the final being made public. 03:51 < gmaxwell> Then I withdraw that optimization. Still, use of addition and single sure I hope turn out to be useful improvements. :) I'll think more about this. 03:52 < aj> gmaxwell: okay :) 03:53 < aj> gmaxwell: though... i think maybe you just end up with two OP_CHECKSIGVERIFIES anyway, rather than an OP_ECC_MUL + OP_CHECKSIGVERIFY (or OP_SHA256 + OP_CHECKSIGVERIFY) :( 03:55 < aj> gmaxwell: revealing Q with just one OP_CSIGV would let the other guy publish the old commitment tx, then spend your output (ie, getting a refund), but then claim the original payment too (assuming they didn't rip them off in the same way) 03:56 < gmaxwell> yes, if each step has to reveal then you need two keys. (a CMS with one being single show) 03:56 < aj> CMS? 03:56 < gmaxwell> checkmultisig. 03:57 -!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.] 03:58 < gmaxwell> I'm going to go try to find a single show signature in the existing system. There may well be one. 04:04 -!- flipswitchbitch [~ielo@88-106-255-49.dynamic.dsl.as9105.com] has joined #bitcoin-wizards 04:07 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards 04:11 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds] 04:12 -!- TBI_ [~TBI@20.84-48-195.nextgentel.com] has joined #bitcoin-wizards 04:14 -!- TBI [~TBI@84.48.195.20] has quit [Ping timeout: 240 seconds] 04:29 < gmaxwell> y'all are gonna hate me, but I did it: we've already got a single show signature in Bitcoin! 04:30 < aj> gmaxwell: ... so what is it? 04:32 < gmaxwell> So I have a scheme, where you can give me a pubkey, and I can write a unusual scriptpubkey that pays to it, which you can sign for but not without leaking your private key to the world ... with computational soundness (e.g. you could do an intractable amount of computation and break it.) 04:35 < sipa> hashlock where the preimage is the pubkey? 04:35 < amiller_> guy fawkes signatures satisfy that description too 04:35 < sipa> oh. leaks private key 04:35 < gmaxwell> amiller_: from context, it need to be a ECDSA single show for other reasons. 04:36 < amiller_> kk, then i'm intrigued to see this 04:37 < gmaxwell> b17df64bbaf96453bb63912b939861997275d03435043dcea56a68436895e10f 04:37 < gmaxwell> I'll let other people stew on it for a day. Someone might invent a better one along the way. :) 04:39 < gmaxwell> amiller_: simplifying the earlier discussion and removing all the LN specific stuff, here is why I want it: 04:39 < gmaxwell> Here is a private atomic swap that doesn't need the multiphase "CoinSwap" transform: 04:39 < gmaxwell> B computes nonce x and P = xG 04:39 < gmaxwell> B sends P, single-show-signature-with P to A 04:39 < gmaxwell> B pays to if() {Apub2+P} else {CLTV Bpub} 04:39 < gmaxwell> A pays to if() {Bpub, force R key P} else {CLTV Apub} 04:40 < gmaxwell> the two payements are unlinkable (assumping apub2 is kept private to alice and bob; uh and assuming my two bpubs above are distinct keys) 04:40 < gmaxwell> And they're atomic. 04:43 < amiller_> what do you mean by B sends P, single-show-signature-with P to A.... does that reveal x to A? 04:46 < gmaxwell> no, it's just a signature. then in the last payment the scriptpubkey requires a signature with P in such a way x will be made public. (e.g. if we had substr, you'd just use it to constrain R to be the R from the earlier signature) 04:46 < kanzure> atomic swap should be applied to lightning transaction types at some point 04:47 < gmaxwell> so the missing primitive for this private atomic swap was a way to do a signature which will leak the private key in bitcoin today. (since it's nicer if things work now...) 04:47 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has quit [Ping timeout: 260 seconds] 04:50 < amiller_> after step 2 "B sends P, single-show-signature-with P to A", is the message that will be eventually single-show-signed predetermined? 04:51 < gmaxwell> can't be, alas, it's a spend of the last transaction (pays) there, so it will commit to that txid. 04:52 -!- p15x [~p15x@111.193.187.214] has quit [Quit: Textual IRC Client: www.textualapp.com] 04:54 < amiller_> can you replace "A pays to if() {Bpub, force R key P} else {CLTV Apub}" with simply "A pays to if() {force R key P} else {CLTV Apub}" 04:55 -!- flipswitchbitch [~ielo@88-106-255-49.dynamic.dsl.as9105.com] has quit [Ping timeout: 246 seconds] 04:56 < gmaxwell> amiller_: doing to means someone could see that spend and race it (now knowing x) to steal the funds. 04:56 < amiller_> i cant see why this is a signature and not just revealing the preimage..... oh i see the point is for them to be unlinkable 04:56 < gmaxwell> so the requirement for a Bpubkey there is important. 04:57 < gmaxwell> Yes, to be unlinkable. 04:57 -!- Guest1328 is now known as pigeons 04:58 < gmaxwell> amiller_: I made a generic scheme for that in the past https://bitcointalk.org/index.php?topic=321228.0 which lets you hide any smart contract from the blockchain and make it private.. including an atomic swap (of the normal hashlock type)... but it has lots of steps, which is a pain to implement, and make it malleability vulnable. 05:00 -!- melvster [~melvster@ip-86-49-18-198.net.upcbroadband.cz] has joined #bitcoin-wizards 05:04 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards 05:05 < amiller_> ok i guess that kind of unlinkability is cool enough, that's cool it improves coinswap, i guess it's obvious it's possible in general but probably requires cleverness to do with existing script 05:05 -!- p15 [~p15@33.91.145.64.client.static.strong-tk2.bringover.net] has quit [Ping timeout: 260 seconds] 05:07 -!- smk [9e557647@gateway/web/freenode/ip.158.85.118.71] has quit [Ping timeout: 246 seconds] 05:14 < amiller_> since the only tool at your disposal in bitcoin script is checking a signature over the current transaction, i imagine all you can hope to do is check multiple signatures over the same message under different but related public keys 05:15 < sipa> and require related k 05:18 -!- SgtStroopwafel [~Chuck@s5597aba6.adsl.online.nl] has quit [Read error: Connection reset by peer] 05:18 < amiller_> how do you require related k? 05:18 < sipa> i've been asking myself that question for the past half hour 05:20 * gmaxwell cheshire cat 05:20 < kanzure> what was the signature scheme where you can insert arbitrary text into the middle of a signature? 05:20 -!- SgtStroopwafel [~Chuck@s5597aba6.adsl.online.nl] has joined #bitcoin-wizards 05:20 < kanzure> perhaps adding that sort of requirement would reveal some key info 05:21 < kanzure> er, it was not arbitrary text, i am misremembering, but that's already evident by me not remembering the name :-) 05:23 -!- p15x [~p15x@111.193.187.214] has joined #bitcoin-wizards 05:23 < aj> hmm, i can related keys, but can't get the sigs from the related keys to be related enough but not too much 05:25 -!- Quanttek [~quassel@ip1f11db5b.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards 05:25 < gmaxwell> unrelated; Anyone else here read Mother Earth Mother Board? I think it's online, fun read though probably a bit dated now. In it; it talks about undersea cables, once installed being something of a 'found artifact' ... like stargates left from a prior civilization, where generations of engineers pour over them to characterize them and extract every bit of capacity available... far beyond what t 05:25 < gmaxwell> hey originally did. I've thought about the bitcoin network like this at times, just because the cost ratio of upgrading it vs coming up with a crazy way to use what it has already supports doing the latter. 05:28 < amiller_> i don't think you can require related k but i also don't see why you need that 05:29 < kanzure> there was some idea about using undersea sponges to make fiber optics at some point 05:29 < sipa> amiller_: signing with related public keys does not automatically reveal the private key 05:29 < sipa> amiller_: or BIP32 would be very broken 05:29 < kanzure> like all weird scifi ideas, i am sure that orionsarm.com has shamelessly copied the idea 05:30 < aj> gmaxwell: that's the neal stephenson travelogue? was hoping for a scifi story where they were literally found artifacts... 05:34 -!- gielbier [~giel____@a149043.upc-a.chello.nl] has joined #bitcoin-wizards 05:34 -!- gielbier [~giel____@a149043.upc-a.chello.nl] has quit [Changing host] 05:34 -!- gielbier [~giel____@unaffiliated/gielbier] has joined #bitcoin-wizards 05:38 -!- giel__ [~giel____@a149043.upc-a.chello.nl] has joined #bitcoin-wizards 05:39 -!- gielbier is now known as Guest14962 05:40 -!- giel__ is now known as gielbier 05:40 -!- gielbier [~giel____@a149043.upc-a.chello.nl] has quit [Changing host] 05:40 -!- gielbier [~giel____@unaffiliated/gielbier] has joined #bitcoin-wizards 05:41 -!- Guest14962 [~giel____@unaffiliated/gielbier] has quit [Ping timeout: 240 seconds] 05:47 -!- dEBRUYNE [~dEBRUYNE@ww010513.uvt.nl] has joined #bitcoin-wizards 05:51 -!- flipswitchbitch [~ielo@host-92-23-229-197.as13285.net] has joined #bitcoin-wizards 05:52 -!- atgreen [~green@CPE687f74122463-CM00fc8d24cab0.cpe.net.cable.rogers.com] has joined #bitcoin-wizards 05:56 -!- Giszmo [~leo@pc-36-133-241-201.cm.vtr.net] has joined #bitcoin-wizards 06:03 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 250 seconds] 06:04 -!- Quanttek [~quassel@ip1f11db5b.dynamic.kabel-deutschland.de] has quit [Remote host closed the connection] 06:04 -!- p15x [~p15x@111.193.187.214] has quit [Ping timeout: 240 seconds] 06:08 -!- Quanttek [~quassel@ip1f11db5b.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards 06:10 < bsm117532> I just noticed that the Iota folks have put out a whitepaper. (It's a DAG-based crypto-currency) At first glance it looks pretty good. http://188.138.57.93/tangle.pdf 06:14 -!- atgreen [~green@CPE687f74122463-CM00fc8d24cab0.cpe.net.cable.rogers.com] has quit [Ping timeout: 272 seconds] 06:15 -!- flipswitchbitch [~ielo@host-92-23-229-197.as13285.net] has quit [Ping timeout: 264 seconds] 06:32 < bsm117532> Is Serguei Popov or any of the Iota people going to be at Scaling Bitcoins? If not I'll try to cover this material... 06:35 < sipa> that doesn't sound like applicable in the short term to bitcoin proper 06:36 -!- adam3us [~Adium@178.197.228.69] has joined #bitcoin-wizards 06:37 < kanzure> "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs" http://llvm.org/pubs/2008-12-OSDI-KLEE.html (klee stuff) 06:43 -!- rdponticelli [~quassel@190.103.200.8] has joined #bitcoin-wizards 06:48 < kanzure> oops didn't know about the name "coin history linearization", would have used that in scalingbitcoin-review.pdf had i known 06:48 < kanzure> re: blockchain sharding proposals, https://www.reddit.com/r/Bitcoin/comments/3u1m36/why_arent_we_as_a_community_talking_about/cxbamhn 06:53 -!- adam3us [~Adium@178.197.228.69] has quit [Quit: Leaving.] 07:02 -!- davec [~davec@cpe-24-243-251-52.hot.res.rr.com] has quit [Read error: Connection reset by peer] 07:02 -!- davec [~davec@cpe-24-243-251-52.hot.res.rr.com] has joined #bitcoin-wizards 07:04 -!- adam3us [~Adium@178.197.226.34] has joined #bitcoin-wizards 07:12 -!- sparetire_ [~sparetire@unaffiliated/sparetire] has joined #bitcoin-wizards 07:13 < kanzure> is there a way to do a 2-way spv peg where if the sidechain operators don't submit a conflicting proof within some number of confirmations, bitcoin users can recover their deposits to the spv address? 07:13 < kanzure> spv address or er, spv mechanism 07:14 < kanzure> unrelated; "segwit" == "segregated witness" (took me a few seconds..) 07:16 -!- adam3us [~Adium@178.197.226.34] has quit [Quit: Leaving.] 07:17 < sipa> kanzure: should be less.ambiguous than SW! 07:21 < bsm1175321> kanzure: I have talked about sharding, and I plan to make noise about it at Scaling Bitcoin, but I don't have any good proposal there. It's hard. (#3 here: http://blog.sldx.com/three-challenges-for-scaling-bitcoin/) 07:21 -!- damethos [~damethos@unaffiliated/damethos] has quit [Ping timeout: 264 seconds] 07:21 -!- fuc [~fuc@91.210.105.101] has quit [] 07:22 < bsm1175321> sipa: better to take a long road to the right answer than a short-term band-aid that we'll regret the consequences of forever. To that end, DAGs can solve a lot of problems, and we should consider a route to it. 07:23 < bsm1175321> If you want to hear how I think we can add a DAG layer to bitcoin without upsetting consensus and bitcoin blocks I can talk about it more here... 07:24 -!- atgreen [~green@209.171.88.136] has joined #bitcoin-wizards 07:24 -!- rdponticelli [~quassel@190.103.200.8] has quit [Ping timeout: 276 seconds] 07:28 -!- dEBRUYNE [~dEBRUYNE@ww010513.uvt.nl] has quit [Ping timeout: 255 seconds] 07:38 -!- simba [~simba@dhcp-18-111-19-189.dyn.mit.edu] has joined #bitcoin-wizards 07:43 -!- simba [~simba@dhcp-18-111-19-189.dyn.mit.edu] has quit [Remote host closed the connection] 07:52 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards 07:52 -!- simba [~simba@dhcp-18-111-19-189.dyn.MIT.EDU] has joined #bitcoin-wizards 07:55 -!- pozitron [~nu@89.248.172.147] has joined #bitcoin-wizards 08:05 < kanzure> "Asymmetric proof-of-work based on the Generalized Birthday problem" https://eprint.iacr.org/2015/946 https://eprint.iacr.org/2015/946.pdf https://www.reddit.com/r/Bitcoin/comments/3u2gk6/asymmetric_proofofwork_based_on_the_generalized/cxbbauh 08:08 -!- flipswitchbitch [~ielo@host-92-23-224-69.as13285.net] has joined #bitcoin-wizards 08:11 -!- atgreen [~green@209.171.88.136] has quit [Ping timeout: 240 seconds] 08:12 < tromp__> kanzure, that was previously discussed at https://www.reddit.com/r/bitcoinxt/comments/3n6hkc/research_paper_asymmetric_proofofwork_based_on/ 08:14 < bsm1175321> I have a hard time with word salad. Lots of salad in those last few links. 08:33 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards 08:37 -!- Guest16720 is now known as grubles 08:37 -!- grubles [~grubles@104.238.145.35] has quit [Changing host] 08:37 -!- grubles [~grubles@unaffiliated/grubles] has joined #bitcoin-wizards 08:46 -!- TBI [~TBI@20.84-48-195.nextgentel.com] has joined #bitcoin-wizards 08:48 -!- TBI_ [~TBI@20.84-48-195.nextgentel.com] has quit [Ping timeout: 260 seconds] 08:50 -!- ebfull [~sean@73.34.119.0] has joined #bitcoin-wizards 08:51 -!- flipswitchbitch [~ielo@host-92-23-224-69.as13285.net] has quit [Ping timeout: 255 seconds] 08:55 < Taek> .tell bramc you mentioned earlier working on Bitcion's peer protocol. gavinandresen was also talking about rewriting Bitcoin's peer protocol, perhaps there's value in collaboration 08:55 < yoleaux> Taek: I'll pass your message to bramc. 09:03 -!- bramc [~bram@99-75-88-206.lightspeed.sntcca.sbcglobal.net] has joined #bitcoin-wizards 09:06 -!- simba [~simba@dhcp-18-111-19-189.dyn.MIT.EDU] has quit [Remote host closed the connection] 09:06 -!- simba [~simba@dhcp-18-111-19-189.dyn.mit.edu] has joined #bitcoin-wizards 09:06 -!- simba [~simba@dhcp-18-111-19-189.dyn.mit.edu] has quit [Remote host closed the connection] 09:22 -!- psztorc [4575fa8d@gateway/web/freenode/ip.69.117.250.141] has joined #bitcoin-wizards 09:28 -!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards 09:32 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards 09:40 -!- GGuyZ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has joined #bitcoin-wizards 09:44 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds] 09:46 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 240 seconds] 09:47 < kanzure> "OP_CHECKWILDCARDSIGVERIFY or "Wildcard Inputs"" http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-November/011805.html 09:48 -!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit [Read error: Connection reset by peer] 09:48 -!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards 09:50 < gwillen> kanzure: hmmm interesting 09:50 < kanzure> yeah seems likely to work if you can enforce some standard about sorting 09:51 < gwillen> oh hm, like sorting the candidate utxos? 09:51 < kanzure> right 09:52 < kanzure> but lookup time is going to be painful for validators 09:52 < kanzure> especially without references 09:52 < gwillen> yeah it sounds like he wants it to take them all without actually having to know what they are 09:52 < kanzure> validators will always have to know them all 09:52 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards 09:52 < gwillen> but if you instead do specify the amount 09:52 < gwillen> and just have it take utxos from the beginning in sort order until you reach that amount 09:53 < gwillen> and I mean, this is no more annoying for validators than SIGHASH_NO_TXID or whatever 09:53 < gwillen> that would be "give me any coin with this scriptpubkey", versus this is "give me _all_ coins with this scriptpubkey" 09:57 -!- cocoBTC [~cocoBTC__@c-233a71d5.136-1-64736c10.cust.bredbandsbolaget.se] has joined #bitcoin-wizards 09:58 < kanzure> how would you do miner fees with the partial one? 09:58 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 250 seconds] 09:58 < kanzure> you would have to specify the fee amount in script too :) 10:00 -!- Cynexus [~eXile@S0106bcd165307be2.cg.shawcable.net] has joined #bitcoin-wizards 10:01 < gwillen> kanzure: I'm imagining that you do specify an input value, contra the original mailing list suggestion 10:01 < gwillen> and that value has to be the some of the values of some prefix of the list of possible inputs in whatever the sort order is 10:01 < gwillen> and it unambiguously uses all of those 10:01 < gwillen> err, the sum*** of the values 10:02 < gwillen> and then the fee works as normal 10:02 < kanzure> i think that many implementations assume that all inputs are valid, and use that as a way to reject invalid transactions, though 10:02 -!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 272 seconds] 10:02 < kanzure> er. valid according to existing rules. 10:02 < kanzure> so increases soft-fork difficulty 10:02 < gwillen> hmm, can you explain a bit more? 10:03 < kanzure> the input would be "invalid" according to existing rules 10:03 -!- cocoBTC [~cocoBTC__@c-233a71d5.136-1-64736c10.cust.bredbandsbolaget.se] has quit [Quit: Leaving] 10:03 < kanzure> implementation details- like how validators are implemented- can influence how you choose to implement a soft-forkable feature... if a change requires too much effort, widespread deployment is unlikely. 10:04 < gwillen> ahh hmm 10:04 < kanzure> i haven't actually looked tho 10:08 -!- hsmiths [uid95325@gateway/web/irccloud.com/x-jzwumdbgbomzymcz] has quit [] 10:10 -!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards 10:15 -!- bedeho_ [~bedeho@195.159.234.190] has quit [Ping timeout: 246 seconds] 10:17 < zookolaptop> Aw, that's nice that they thank gmaxwell and tromp_: https://eprint.iacr.org/2015/946 10:22 -!- Yoghur114 [~jorn@g227014.upc-g.chello.nl] has joined #bitcoin-wizards 10:24 -!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards 10:27 -!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has joined #bitcoin-wizards 10:35 -!- Emcy_ [~MC@unaffiliated/mc1984] has quit [Ping timeout: 240 seconds] 10:37 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards 10:38 -!- Emcy_ [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has joined #bitcoin-wizards 10:38 -!- Emcy_ [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has quit [Changing host] 10:38 -!- Emcy_ [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards 10:40 < kanzure> gwillen: also; if you use the no-inputs-ever strategy, then you might accidentally spend some BTC to fees if you receive BTC to that scriptpubkey after you sign a transaction, but before the transaction is confirmed. 10:40 < gwillen> kanzure: that's why you do specify a value 10:44 < bsm1175321> Hahaa I decided on some terminology: In a DAG if one of your node's parent's parent is one of your own parents, that's {\it incest} and disallowed. (Popov's tangle has incest) 10:46 -!- cocoBTC [~cocoBTC__@c-233a71d5.136-1-64736c10.cust.bredbandsbolaget.se] has joined #bitcoin-wizards 10:47 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards 11:01 -!- CoinMuncher [~jannes@178.132.211.90] has quit [Quit: Leaving.] 11:02 -!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit [] 11:05 -!- AnoAnon [~AnoAnon@197.39.235.211] has joined #bitcoin-wizards 11:05 -!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards 11:05 -!- AnoAnon [~AnoAnon@197.39.235.211] has quit [Max SendQ exceeded] 11:06 -!- matsjj_ [~matsjj@p5B2093BB.dip0.t-ipconnect.de] has quit [] 11:06 -!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has joined #bitcoin-wizards 11:07 -!- matsjj [~matsjj@p5B2093BB.dip0.t-ipconnect.de] has joined #bitcoin-wizards 11:12 -!- matsjj [~matsjj@p5B2093BB.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds] 11:13 -!- atgreen [~green@38.104.156.251] has joined #bitcoin-wizards 11:14 -!- matsjj [~matsjj@162.216.46.180] has joined #bitcoin-wizards 11:18 -!- Jeremy_Rand [~jeremy@ip68-97-32-41.ok.ok.cox.net] has joined #bitcoin-wizards 11:20 -!- matsjj_ [~matsjj@p20030089EA107E5AE57FED906E2B14D0.dip0.t-ipconnect.de] has joined #bitcoin-wizards 11:20 -!- kwonbie [~me@30-9-149.wireless.csail.mit.edu] has joined #bitcoin-wizards 11:23 -!- matsjj [~matsjj@162.216.46.180] has quit [Ping timeout: 255 seconds] 11:23 -!- GGuyZ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has quit [Read error: Connection reset by peer] 11:24 -!- GGuyZ_ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has joined #bitcoin-wizards 11:30 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards 11:34 -!- Lightsword [~Lightswor@104.194.123.94] has joined #bitcoin-wizards 11:36 -!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has quit [Quit: Leaving] 11:38 -!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 250 seconds] 11:43 -!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has joined #bitcoin-wizards 11:45 -!- GGuyZ_ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has quit [Read error: Connection reset by peer] 11:45 -!- GGuyZ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has joined #bitcoin-wizards 11:46 -!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has quit [Read error: Connection reset by peer] 11:46 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards 11:52 -!- GGuyZ [~GGuyZ@dhcp-18-111-20-150.dyn.mit.edu] has quit [Quit: GGuyZ] 11:56 -!- justanotheruser [~Justan@12.201.37.4] has joined #bitcoin-wizards 12:01 -!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards 12:10 -!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-vnccgrmwirjygoug] has joined #bitcoin-wizards 12:16 -!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards 12:24 -!- adam3us [~Adium@178.197.233.215] has joined #bitcoin-wizards 12:28 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards 12:28 -!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 260 seconds] 12:28 -!- justanotheruser [~Justan@12.201.37.4] has quit [Ping timeout: 264 seconds] 12:30 -!- justanotheruser [~Justan@12.201.37.4] has joined #bitcoin-wizards 12:34 -!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards 12:41 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Read error: Connection reset by peer] 12:46 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has quit [Ping timeout: 276 seconds] 12:51 -!- justanotheruser [~Justan@12.201.37.4] has quit [Quit: leaving] 12:51 -!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has quit [Quit: leaving] 12:55 -!- adam3us [~Adium@178.197.233.215] has quit [Quit: Leaving.] 12:55 -!- pozitron [~nu@89.248.172.147] has quit [Ping timeout: 260 seconds] 13:00 -!- binaryFate [~binaryFat@2a02:2788:9a6:71a:b1f3:76f4:7ab3:7e37] has joined #bitcoin-wizards 13:05 -!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye] 13:06 -!- damethos [~damethos@unaffiliated/damethos] has joined #bitcoin-wizards 13:12 -!- kwonbie [~me@30-9-149.wireless.csail.mit.edu] has quit [Ping timeout: 272 seconds] 13:14 -!- TBI_ [~TBI@20.84-48-195.nextgentel.com] has joined #bitcoin-wizards 13:15 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards 13:16 -!- TBI [~TBI@20.84-48-195.nextgentel.com] has quit [Ping timeout: 240 seconds] 13:17 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 246 seconds] 13:18 -!- mjerr [~mjerr@p5B2093BB.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds] 13:18 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards 13:19 -!- Emcy [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has joined #bitcoin-wizards 13:19 -!- Emcy [~MC@cpc3-swan1-0-0-cust996.7-3.cable.virginm.net] has quit [Changing host] 13:19 -!- Emcy [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards 13:21 -!- Emcy_ [~MC@unaffiliated/mc1984] has quit [Ping timeout: 240 seconds] 13:21 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Remote host closed the connection] 13:24 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards 13:30 -!- hsmiths_ [uid95325@gateway/web/irccloud.com/x-nxidfcgxxxnahqum] has joined #bitcoin-wizards 13:35 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer] 13:36 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards 13:38 -!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards 13:38 -!- Guyver2_ [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards 13:41 -!- priidu [~priidu@unaffiliated/priidu] has quit [Read error: Connection reset by peer] 13:42 < bsm1175321> Just in case anyone else wanted to read that Iota paper I posted...don't. It's a confused mess with some poorly understood textbook statistics thrown in. 13:43 -!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards 13:51 -!- damethos [~damethos@unaffiliated/damethos] has quit [Quit: Bye] 13:58 -!- simba_ [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards 13:58 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer] 14:03 -!- bramc [~bram@99-75-88-206.lightspeed.sntcca.sbcglobal.net] has quit [Quit: This computer has gone to sleep] 14:04 -!- Jeremy_Rand [~jeremy@ip68-97-32-41.ok.ok.cox.net] has quit [Ping timeout: 260 seconds] 14:04 -!- el33th4x0r [8054a73f@gateway/web/cgi-irc/kiwiirc.com/ip.128.84.167.63] has joined #bitcoin-wizards 14:06 -!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.] 14:07 < kanzure> "Bitcoin meets strong consistency" http://www.tik.ee.ethz.ch/file/ed3e5da74fbca5584920e434d9976a12/peercensus.pdf (something about an identity layer?) 14:09 < el33th4x0r> Bitcoin already provides strong consistency. 14:10 < sipa> eh, no 14:10 < el33th4x0r> This meme that is going around that Bitcoin is "eventually consistent" is just wrong. 14:10 < sipa> bitcoin is not even eventually consistent. it's probabilistically consistent 14:10 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Read error: Connection reset by peer] 14:10 < el33th4x0r> Correct, it's not eventually consistent. 14:10 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards 14:11 < el33th4x0r> It provides a very strong probabilistic guarantee. 14:11 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards 14:11 < sipa> with certain economic assumptions 14:13 -!- kang_ [67efe9a9@gateway/web/freenode/ip.103.239.233.169] has joined #bitcoin-wizards 14:14 < el33th4x0r> And assumptions on the hash power of colluding attackers. 14:15 < el33th4x0r> but the bottom line is that one cannot look at the tail of the blockchain, observe that it's changing, and conclude that the system is "eventually consistent" or "inconsistent" 14:15 < el33th4x0r> Paxos proposals can change over time. Paxos guarantees serializability, one of the strongest consistency guarantees. 14:16 < el33th4x0r> When we evaluate databases, we examine their behavior with respect to a Write protocol and Read protocol. 14:16 -!- Alanius [~alan@flyingarm.bar] has quit [Ping timeout: 250 seconds] 14:16 -!- Alanius [~alan@flyingarm.bar] has joined #bitcoin-wizards 14:17 < el33th4x0r> We do not examine the intermediate states of their internal data structures. No one cares that those change, as long as the changes are not reflected to clients through the Read()/Write() API. 14:19 < el33th4x0r> I've heard various people mention casually that Bitcoin offers weak consistency. This is incorrect -- the exponentially-decaying probabilistic guarantee offered by Bitcoin is stronger than most distributed databases. 14:21 < amiller_> i think they should cite Exposing Computationally-Challenged Byzantine Impostors ftp://haskell.cs.yale.edu/pub/TR/tr1332.pdf and PoW-Based Distributed Cryptography with No Trusted Setup http://link.springer.com/chapter/10.1007/978-3-662-48000-7_19 14:34 -!- lnovy [~lnovy@2002:4d57:f055::1] has quit [Ping timeout: 240 seconds] 14:35 < bsm1175321> el33th4x0r: Bitcoin's consistency is only asymptotic, not convergent (and certainly not exponential). Academic studies (PAXOS) generally go for convergence. 14:36 < kanzure> ah gmaxwell already posted a comment https://www.reddit.com/r/Bitcoin/comments/3u3c2g/roasbeef_bitcoin_meets_strong_consistency_paper/cxbru1g 14:36 -!- digitalmagus [~digitalma@unaffiliated/digitalmagus] has joined #bitcoin-wizards 14:36 -!- lnovy [~lnovy@2002:4d57:f055::1] has joined #bitcoin-wizards 14:37 -!- simba_ [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer] 14:37 < el33th4x0r> Paxos is not an academic study, it's a protocol. 14:37 -!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has joined #bitcoin-wizards 14:37 < bsm1175321> It originated in academia and is well studied there. 14:38 < el33th4x0r> Right, I'm an academic, well aware of Paxos' origins. 14:39 < el33th4x0r> If we wanted to be pedantic, Synod is the original consensus protocol, and Paxos has been applied to a family of consensus protocols. 14:39 < bsm1175321> So why this dislike of "weak consistency"? Isn't it just saying "asymptotic"? 14:40 < el33th4x0r> Because Bitcoin provides something stronger than weak consistency. Also, the framework people use to evaluate it is broken. 14:40 < el33th4x0r> BTW "convergent" is not a well-defined term. And the probabilistic guarantee offered by Bitcoin is certainly exponential, discussed in the white paper. 14:41 < bsm1175321> Convergent is a very well defined mathematical term. 14:41 < el33th4x0r> Can you please define it for consensus protocols? 14:41 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Quit: GGuyZ] 14:41 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards 14:44 * bsm1175321 looks through notes. Would be happy to be wrong about this... 14:52 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 14:56 < bsm1175321> el33th4x0r: I think you're right. "Probabilistic Convergence" is better. If I figure out why I decided it was asymptotic I'll post about it. But the probability of an attacker with hashpower < 0.5 creating the highest-weight chain is absolutely convergent to zero. 14:59 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 264 seconds] 15:02 -!- atgreen [~green@38.104.156.251] has quit [Ping timeout: 255 seconds] 15:03 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Quit: :)] 15:03 -!- Guyver2_ is now known as Guyver2 15:03 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Read error: Connection reset by peer] 15:04 < el33th4x0r> bsm1175321: Great. And the probability of an attacker with hashpower < 0.33 creating the highest-weight chain indeed converges to 0 with increasing block height. 15:04 -!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit [Remote host closed the connection] 15:05 < bsm1175321> Modulo the selfish mining attack... 15:05 < bsm1175321> Which I think you wrote, no? 15:05 < el33th4x0r> Right, that's me and Ittay Eyal. 15:05 -!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards 15:06 -!- flipswitchbitch [~ielo@host-92-23-224-69.as13285.net] has joined #bitcoin-wizards 15:07 < el33th4x0r> I'll head home for dinner and baby play, but let me leave on a positive note: we all have good reason to be proud of Bitcoin when it comes to claims about its consistency. 15:07 < el33th4x0r> It provides stronger consistency guarantees than Mongo, for instance. 15:08 < el33th4x0r> Not as strong as HyperDex, which provides a linearizability guarantee, but still stronger than many of the systems that people use to store their data. 15:10 < el33th4x0r> Judging Bitcoin by the presence of change at the blockchain's tail reflects confusion, because no one would judge Paxos or Zab or RAFT by how the leader changes its proposal. 15:11 -!- binaryFate [~binaryFat@2a02:2788:9a6:71a:b1f3:76f4:7ab3:7e37] has quit [Quit: Konversation terminated!] 15:11 -!- el33th4x0r [8054a73f@gateway/web/cgi-irc/kiwiirc.com/ip.128.84.167.63] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client] 15:14 -!- psztorc_ [~psztorc@2607:fb90:e60:6c0a:5dfd:1d72:e0f0:1068] has joined #bitcoin-wizards 15:14 -!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has quit [Read error: Connection reset by peer] 15:14 -!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has quit [Quit: Leaving] 15:14 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards 15:17 -!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has joined #bitcoin-wizards 15:19 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has left #bitcoin-wizards [] 15:20 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 15:24 -!- belcher [~user@unaffiliated/belcher] has joined #bitcoin-wizards 15:28 * rusty2 pings gmaxwell... 15:31 -!- Burrito [~Burrito@unaffiliated/burrito] has quit [Ping timeout: 276 seconds] 15:36 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer] 15:36 -!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has joined #bitcoin-wizards 15:38 -!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has joined #bitcoin-wizards 15:39 -!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has quit [Read error: Connection reset by peer] 15:41 -!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has joined #bitcoin-wizards 15:42 -!- hsmiths_ [uid95325@gateway/web/irccloud.com/x-nxidfcgxxxnahqum] has quit [Quit: Connection closed for inactivity] 15:45 -!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-vnccgrmwirjygoug] has quit [Quit: Connection closed for inactivity] 15:46 -!- Quanttek [~quassel@ip1f11db5b.dynamic.kabel-deutschland.de] has quit [Ping timeout: 260 seconds] 15:52 -!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-ndfecrcpeheykywn] has joined #bitcoin-wizards 15:57 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving] 16:05 -!- bramc [~bram@99-75-88-206.lightspeed.sntcca.sbcglobal.net] has joined #bitcoin-wizards 16:06 -!- flipswitchbitch [~ielo@host-92-23-224-69.as13285.net] has quit [Ping timeout: 240 seconds] 16:11 -!- Starduster [~guest@unaffiliated/starduster] has quit [Ping timeout: 276 seconds] 16:12 -!- Starduster [~guest@unaffiliated/starduster] has joined #bitcoin-wizards 16:13 -!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has quit [Ping timeout: 255 seconds] 16:14 -!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has quit [Read error: Connection reset by peer] 16:14 -!- frankenmint [~frankenmi@75-175-72-226.ptld.qwest.net] has joined #bitcoin-wizards 16:14 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards 16:20 -!- arowser [~quassel@106.120.101.38] has quit [Quit: No Ping reply in 180 seconds.] 16:21 -!- arowser [~quassel@106.120.101.38] has joined #bitcoin-wizards 16:26 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards 16:32 -!- Yoghur114 [~jorn@g227014.upc-g.chello.nl] has quit [Remote host closed the connection] 16:36 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer] 16:36 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has joined #bitcoin-wizards 16:36 -!- smk [2ef67c2a@gateway/web/freenode/ip.46.246.124.42] has joined #bitcoin-wizards 16:37 -!- psztorc__ [~psztorc@ool-4575fa8d.dyn.optonline.net] has joined #bitcoin-wizards 16:40 -!- psztorc_ [~psztorc@2607:fb90:e60:6c0a:5dfd:1d72:e0f0:1068] has quit [Ping timeout: 272 seconds] 16:51 -!- Cynexus [~eXile@S0106bcd165307be2.cg.shawcable.net] has quit [Ping timeout: 240 seconds] 16:53 -!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has quit [Remote host closed the connection] 16:54 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-zowntxnmndwnhcxr] has quit [Quit: Connection closed for inactivity] 16:55 -!- MagikSquirrel [~MagikSqui@unaffiliated/magiksquirrel] has joined #bitcoin-wizards 16:57 -!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards 16:59 -!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has quit [Read error: Connection reset by peer] 17:01 -!- MoALTz [~no@78-11-179-104.static.ip.netia.com.pl] has joined #bitcoin-wizards 17:07 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards 17:07 -!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has quit [Quit: Ctrl-C at console.] 17:07 -!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards 17:09 < bramc> Asymptotic rolling consistency, with no one single moment having absolute consensus except in retrospect, is how all databases should work. 17:09 < yoleaux> 24 Nov 2015 16:55Z bramc: you mentioned earlier working on Bitcion's peer protocol. gavinandresen was also talking about rewriting Bitcoin's peer protocol, perhaps there's value in collaboration 17:10 < bramc> Taek, Right Gavin's muttering about it is why I was thinking about it. I don't actually know how Bitcoin's peer protocol works though, I just have some slightly sketchy thoughts about how I'd do it from scratch. 17:12 -!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has quit [Client Quit] 17:12 -!- phantomcircuit [phantomcir@2600:3c01::f03c:91ff:fe73:6892] has quit [Quit: quit] 17:12 -!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards 17:13 -!- SwedFTP [~SwedFTP@unaffiliated/swedftp] has quit [Ping timeout: 246 seconds] 17:13 -!- phantomcircuit [phantomcir@2600:3c01::f03c:91ff:fe73:6892] has joined #bitcoin-wizards 17:14 -!- huseby [~huseby@unaffiliated/huseby] has quit [Ping timeout: 264 seconds] 17:18 < bramc> So at some point I should sit down with someone who knows the current protocol well and discuss it. 17:18 -!- bliljerk101 [~bliljerk1@c-71-60-0-241.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer] 17:19 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has quit [Ping timeout: 272 seconds] 17:19 < kang_> bramc: record it 17:19 -!- Guest46756 [~bliljerk1@2601:547:c303:6cd0:fced:ecd9:65f9:1a5e] has joined #bitcoin-wizards 17:20 -!- SwedFTP [~SwedFTP@unaffiliated/swedftp] has joined #bitcoin-wizards 17:21 -!- blkdb [~supybot@2a01:4f8:212:1ea2::2] has quit [Quit: Ctrl-C at console.] 17:25 -!- huseby [~huseby@unaffiliated/huseby] has joined #bitcoin-wizards 17:25 -!- cocoBTC [~cocoBTC__@c-233a71d5.136-1-64736c10.cust.bredbandsbolaget.se] has quit [Quit: Leaving] 17:32 -!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards 17:40 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards 17:51 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 255 seconds] 17:55 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Ping timeout: 240 seconds] 18:00 -!- giel__ [~giel____@a149043.upc-a.chello.nl] has joined #bitcoin-wizards 18:01 -!- wumpus [~quassel@pdpc/supporter/professional/wumpus] has quit [Ping timeout: 240 seconds] 18:02 -!- gielbier [~giel____@unaffiliated/gielbier] has quit [Ping timeout: 260 seconds] 18:02 < bramc> Has anybody looked at http://eprint.iacr.org/2015/366.pdf ? It's got a nontrivial proof of time 18:03 -!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit [Remote host closed the connection] 18:03 -!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has quit [Ping timeout: 260 seconds] 18:03 -!- wumpus [~quassel@pdpc/supporter/professional/wumpus] has joined #bitcoin-wizards 18:09 -!- AaronvanW [~ewout@unaffiliated/aaronvanw] has quit [Ping timeout: 246 seconds] 18:18 < tromp__> i read the first 2 sections:) 18:25 < bramc> tromp__ I'm finding section 3 nontrivial, but it says that their construction is based on modular square roots, which raises the question of why not simply do repeated modular square roots 18:28 -!- bildramer [~bildramer@p5DC8A746.dip0.t-ipconnect.de] has quit [Ping timeout: 272 seconds] 18:29 -!- bildramer [~bildramer@93.200.167.70] has joined #bitcoin-wizards 18:30 < tromp__> those do not take more time to compute 18:31 < tromp__> for a prime field the multiplicative order is p-1 18:31 < tromp__> so computing a square root is taking a (p-1)/2 -th power 18:31 < tromp__> a sqrt of a sqrt is cheaper, just (p-1)/4 th power 18:32 < tromp__> uhm, wait. what happens if p == 3 mod 4 18:33 < gmaxwell> tromp__: if the field is congruent to 3 mod 4, then you can use the (p+1)/4th power (and simular to get a 4th root) 18:35 < gmaxwell> if P has other structure you can also construct a more efficient powering ladder (e.g. if its a repunit prime like 2^127-1 you can do most of the work by repeated squaring). 18:38 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards 18:39 < bramc> Oh I see 18:39 < gmaxwell> bramc: in any case the way sqrt works over a field is that the roots of member of the field that is a quadratic residue form a cyclic subgrop with a known number of members, so the way you find the sqrt is effectiely by going all the way around the long way, repeatly squaring to get to the members-1th step. 18:39 < gmaxwell> (and since we know how big the group is, we can just efficiently raise to the relevant power) 18:40 < bramc> This might be a fairly good practical speedup, because the constant multiplier has to do with number of bits instead of number of bytes 18:42 < bramc> although, umm, you don't have the floating multiplier that you do in the repeated hashing constructions. Apparently I need to trudge through the rest of this paper. 18:45 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has quit [Ping timeout: 250 seconds] 18:47 -!- giel___ [~giel____@a149043.upc-a.chello.nl] has joined #bitcoin-wizards 18:47 -!- giel__ [~giel____@a149043.upc-a.chello.nl] has quit [Read error: Connection reset by peer] 18:51 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards 18:52 -!- belcher [~user@unaffiliated/belcher] has quit [Quit: Leaving] 18:55 -!- Jeremy_Rand [~jeremy@ip68-97-32-41.ok.ok.cox.net] has joined #bitcoin-wizards 19:00 -!- tulip [~tulip@unaffiliated/tulip] has joined #bitcoin-wizards 19:01 -!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 240 seconds] 19:01 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Read error: Connection reset by peer] 19:01 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards 19:07 -!- snthsnth [~snthsnth@c-98-207-208-241.hsd1.ca.comcast.net] has joined #bitcoin-wizards 19:10 -!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has joined #bitcoin-wizards 19:11 < bramc> I'm not following their sloth construction, but if you're shooting for the biggest ratio of time to generate versus time to verify for a given size proof, I think it's best to just pick as large of a P which will fit. 19:15 -!- dEBRUYNE [~dEBRUYNE@56-197-ftth.onsbrabantnet.nl] has quit [Ping timeout: 265 seconds] 19:25 -!- c-cex-yuriy [uid76808@gateway/web/irccloud.com/x-ndfecrcpeheykywn] has quit [Quit: Connection closed for inactivity] 19:25 -!- blkdb [~blkdb@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards 19:27 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 250 seconds] 19:27 < tromp__> hmmm, a megabit prime? 19:28 -!- atgreen [~green@CPE687f74122463-CM00fc8d24cab0.cpe.net.cable.rogers.com] has joined #bitcoin-wizards 19:29 < tromp__> then optimization freeness may suffer, as you need these fancy FFT based multiplication methods for best performance 19:29 < katu> i find their argument (well or more or less lack of) that tonneli-shanks root finding is unparallelizabl lacking 19:29 < katu> its a probabilistic meet-in-the middle algorithm 19:31 -!- blkdb [~blkdb@2a01:4f8:212:1ea2::2] has quit [Remote host closed the connection] 19:35 -!- blkdb [~blkdb@2a01:4f8:212:1ea2::2] has joined #bitcoin-wizards 19:36 < bramc> tromp__ The whole thing is going to have to assume quite a bit of known best optimization 19:37 < tromp__> yes, that's the shaky part. with iterated hash there is little worry about the optimal way to compute it:) 19:42 < gmaxwell> There needs to be one of these SMBC comics that chargs "knoweldge of number theory" vs "faith that any asymmetric cryptography is actually secure in the long run" that goes up for a bit then down to almost zero then up a little bit and stays flat. :) 19:49 < gmaxwell> [Another topic] Someone on reddit was complaining ( https://www.reddit.com/r/Bitcoin/comments/3u5b1d/my_exchange_with_coinbase_ceo_brian_armstrong/ ) that coinbase terminated the payment processing account for his NSFW comic book business, I responded extolling the virtues of not using third party payment processing and complained about soft-power regulation that bypasses due process by putting p 19:49 < gmaxwell> ressure on commercial intermediaries but not banning things, and said I hoped tech like Bitcoin would reduce reliance on vulnerable choke-points. Apparently the name of one DOJ program doing this sort of thing is "operation chokepoint". I guess I approve of the naming! 19:55 < kanzure> yes it is nice when they use independently derivable naming 19:59 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Quit: GGuyZ] 20:11 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has joined #bitcoin-wizards 20:16 -!- [7] [~quassel@rockbox/developer/TheSeven] has quit [Disconnected by services] 20:17 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards 20:25 -!- mm_1 [bnc33@bnc33.nitrado.net] has quit [Ping timeout: 260 seconds] 20:26 -!- arowser [~quassel@106.120.101.38] has quit [Quit: No Ping reply in 180 seconds.] 20:26 -!- arowser [~quassel@106.120.101.38] has joined #bitcoin-wizards 20:27 -!- mm_1 [bnc33@bnc33.nitrado.net] has joined #bitcoin-wizards 20:29 -!- roconnor [~roconnor@host-45-58-254-171.dyn.295.ca] has joined #bitcoin-wizards 20:32 -!- GGuyZ [~GGuyZ@216-15-125-203.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com] has quit [Quit: GGuyZ] 20:32 -!- Burrito [~Burrito@unaffiliated/burrito] has joined #bitcoin-wizards 20:40 -!- PRab [~chatzilla@c-68-34-102-231.hsd1.mi.comcast.net] has joined #bitcoin-wizards 20:42 -!- adam3us [~Adium@178.197.236.204] has joined #bitcoin-wizards 20:43 -!- kang_ [67efe9a9@gateway/web/freenode/ip.103.239.233.169] has quit [Quit: Page closed] 20:58 -!- jaekwon [~jaekwon@2601:645:c001:263a:79d2:1f15:1228:6d0f] has joined #bitcoin-wizards 20:58 -!- psztorc__ [~psztorc@ool-4575fa8d.dyn.optonline.net] has quit [Ping timeout: 240 seconds] 21:00 -!- psztorc_ [~psztorc@ool-4575fa8d.dyn.optonline.net] has joined #bitcoin-wizards 21:01 -!- p15 [~p15@114.248.208.87] has joined #bitcoin-wizards 21:09 -!- jaekwon [~jaekwon@2601:645:c001:263a:79d2:1f15:1228:6d0f] has quit [Remote host closed the connection] 21:10 -!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has joined #bitcoin-wizards 21:17 -!- p15 [~p15@114.248.208.87] has quit [Quit: Textual IRC Client: www.textualapp.com] 21:17 -!- sparetire_ [~sparetire@unaffiliated/sparetire] has quit [Quit: sparetire_] 21:47 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 272 seconds] 21:49 -!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has quit [Quit: the`doctor] 21:56 -!- adam3us1 [~Adium@178.197.227.255] has joined #bitcoin-wizards 21:57 -!- adam3us [~Adium@178.197.236.204] has quit [Ping timeout: 272 seconds] 22:05 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 22:13 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards 22:22 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards 22:22 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 240 seconds] 22:23 -!- binaryatrocity [~quassel@unaffiliated/br4n] has quit [Quit: No Ping reply in 180 seconds.] 22:26 -!- ratbanebo [~ratbanebo@78-23-10-185.access.telenet.be] has quit [] 22:41 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards 22:42 -!- Giszmo [~leo@pc-36-133-241-201.cm.vtr.net] has quit [Quit: Leaving.] 22:48 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 250 seconds] 22:52 -!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards 22:53 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 246 seconds] 23:08 -!- mjerr [~mjerr@p5B2093BB.dip0.t-ipconnect.de] has joined #bitcoin-wizards 23:08 -!- the`doctor [~the`docto@unaffiliated/thedoctor/x-1964342] has joined #bitcoin-wizards 23:36 -!- ebfull [~sean@73.34.119.0] has quit [Remote host closed the connection] 23:47 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-kssotdfzbjvavpmi] has joined #bitcoin-wizards 23:50 -!- simba [~simba@dhcp-18-111-121-34.dyn.mit.edu] has quit [Read error: Connection reset by peer] 23:52 -!- simba [~simba@dhcp-18-111-121-34.dyn.MIT.EDU] has joined #bitcoin-wizards 23:56 -!- ebfull [~sean@73.34.119.0] has joined #bitcoin-wizards --- Log closed Wed Nov 25 00:00:35 2015