--- Log opened Tue Sep 06 00:00:46 2016
00:02 -!- kyletorpey [~kyle@pool-173-53-94-96.rcmdva.fios.verizon.net] has quit [Quit: Leaving.]
00:12 -!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
00:13 -!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards
00:15 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards
00:26 -!- nullfxn [~nullFxn@107-147-108-164.res.bhn.net] has quit [Ping timeout: 276 seconds]
00:26 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Ping timeout: 260 seconds]
00:28 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 265 seconds]
00:34 -!- laurentmt [~Thunderbi@80.215.234.107] has joined #bitcoin-wizards
00:35 -!- laurentmt [~Thunderbi@80.215.234.107] has quit [Client Quit]
00:38 -!- rubensayshi [~ruben@82.201.93.169] has joined #bitcoin-wizards
00:53 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
01:14 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Quit: Leaving]
01:32 -!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards
01:40 -!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
01:44 -!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards
02:23 -!- bildramer [~bildramer@p2003004D2B377800DC0EF287F6F3C682.dip0.t-ipconnect.de] has quit [Ping timeout: 258 seconds]
02:24 -!- bildramer [~bildramer@2001:0:5ef5:79fb:3846:3d7:b019:bd1d] has joined #bitcoin-wizards
02:30 -!- MoALTz [~no@user-109-243-7-50.play-internet.pl] has joined #bitcoin-wizards
02:35 -!- jannes [~jannes@178.132.211.90] has joined #bitcoin-wizards
02:40 -!- pro [~pro@unaffiliated/pro] has joined #bitcoin-wizards
03:09 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards
03:18 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 265 seconds]
03:28 -!- MoALTz [~no@user-109-243-7-50.play-internet.pl] has quit [Ping timeout: 244 seconds]
03:53 -!- edvorg [~edvorg@14.169.88.102] has joined #bitcoin-wizards
03:58 -!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has joined #bitcoin-wizards
04:12 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]
04:14 -!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
04:17 -!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards
04:28 -!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 276 seconds]
04:48 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards
04:49 -!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
04:58 -!- bildramer1 [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has joined #bitcoin-wizards
04:59 -!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has joined #bitcoin-wizards
05:01 -!- bildramer [~bildramer@2001:0:5ef5:79fb:3846:3d7:b019:bd1d] has quit [Ping timeout: 255 seconds]
05:17 -!- yorick_ is now known as yorick
05:19 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
05:29 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
05:33 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
05:45 -!- AaronvanW [~ewout@unaffiliated/aaronvanw] has joined #bitcoin-wizards
05:50 -!- Noldorin [~noldorin@unaffiliated/noldorin] has joined #bitcoin-wizards
06:02 -!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards
06:09 -!- bildramer1 is now known as bildramer
06:11 -!- Noldorin [~noldorin@unaffiliated/noldorin] has quit [Ping timeout: 260 seconds]
06:16 -!- paveljanik [~paveljani@79.98.72.216] has joined #bitcoin-wizards
06:16 -!- paveljanik [~paveljani@79.98.72.216] has quit [Changing host]
06:16 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards
06:16 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]
06:24 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
06:28 -!- helo_ is now known as helo
06:28 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Client Quit]
06:33 -!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 244 seconds]
06:36 -!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Quit: leaving]
06:49 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
06:53 -!- defrag [~defrag@95.215.44.99] has joined #bitcoin-wizards
06:57 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]
06:58 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
07:11 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Read error: Connection reset by peer]
07:11 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards
07:16 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards
07:26 -!- superkuh [~superkuh@unaffiliated/superkuh] has joined #bitcoin-wizards
07:30 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]
07:34 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]
07:34 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
07:41 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]
07:42 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
07:43 -!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards
07:43 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
07:47 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 265 seconds]
07:48 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
07:50 -!- bildramer1 [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has joined #bitcoin-wizards
07:51 -!- bildramer [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has quit [Ping timeout: 250 seconds]
08:25 -!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds]
08:35 -!- rubensayshi [~ruben@82.201.93.169] has quit [Remote host closed the connection]
08:43 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]
08:44 -!- edvorg [~edvorg@14.169.88.102] has quit [Remote host closed the connection]
08:45 -!- MoALTz [~no@78-11-247-26.static.ip.netia.com.pl] has joined #bitcoin-wizards
08:47 -!- Guyver2_ [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards
08:48 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
08:48 -!- edvorg [~edvorg@14.169.88.102] has joined #bitcoin-wizards
08:50 -!- edvorg [~edvorg@14.169.88.102] has quit [Remote host closed the connection]
08:50 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Ping timeout: 252 seconds]
08:50 -!- Guyver2_ is now known as Guyver2
09:00 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 265 seconds]
09:06 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
09:10 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
09:12 -!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards
09:16 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
09:18 -!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards
09:21 -!- BashCo [~BashCo@unaffiliated/bashco] has quit [Ping timeout: 250 seconds]
09:22 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]
09:23 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]
09:27 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
09:34 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
09:47 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]
09:51 -!- laurentmt [~Thunderbi@80.215.234.31] has joined #bitcoin-wizards
09:54 -!- laurentmt [~Thunderbi@80.215.234.31] has quit [Client Quit]
09:56 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]
10:01 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
10:03 -!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards
10:04 < petertodd> Has anyone investigated the security of SHA256 midstates? Seems sketchy to essentially let the attacker pick the initialization constants.
10:04 < petertodd> For example, if you were to create a timestamp commitment via a midstate, can the attacker choose one that makes a preimage attack easier?
10:04 < petertodd> 0 retweets 0 likes
10:04 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
10:05 < e0_> When is someone allowed to pick the midstates?
10:06 < e0_> do you mean chaining variable?
10:06 < petertodd> e0_: if you are the verifier, and you don't have the full data, then the attacker can pick the midstate at will without you being able to know
10:07 -!- PaulCape_ [~PaulCapes@204.28.124.82] has quit [Ping timeout: 264 seconds]
10:07 < e0_> ok, so someone sends you a SHA256 chaining variable and the inputs that extend the chaining-variable to the final output?
10:07 < petertodd> e0_: yup
10:08 < petertodd> e0_: case in point being timestamp proofs, where the attacker would want to choose the midstate such that finding a second message with the same hash is made easier
10:08 -!- wangchun [~wangchun@li414-193.members.linode.com] has quit [Remote host closed the connection]
10:09 < katu> petertodd: yes. your "midstate" generally fall into the category of length extension attacks (not the simple case of bypassing authentication though).
10:10 < e0_> Midstate clearly leverages length extention but granting an attacker the ability to pick a chaining variable without having to show how that chaining variable was generated is pretty powerful.
10:10 < katu> chosen-iv is practical only for sha1 at the moment, though.
10:10 < e0_> yes, free state collisions
10:10 <@gmaxwell> petertodd: it seems almost certian to me that it reduces security, which is one of the reasons I've shyed away from constructions that use that trick.
10:11 < petertodd> katu: they're similar to length extension attacks, but they may be even worse: remember that sha256 starts with a nothing-up-my-sleeve number, and midstates let the attacker bypass that and choose the initialization conditions at will
10:11 < e0_> exactly
10:12 < katu> petertodd: if it's pure chosen-iv that sounds incredibly dangerous. as i said, sha1 is already broken under that precondition.
10:12 < petertodd> gmaxwell: yeah, it's a surprisingly big change to the algorithm
10:12 <@gmaxwell> katu: sha1 is a much more linear construction, however.
10:12 < e0_> as someone involved in hash function cryptanalysis, such a protocol would make my job easier
10:13 < petertodd> katu: you're familiar with what the midstate concept is right? it's simply where you provide the internal state of the SHA256 computation as your "prefix", and the suffix is the rest of the message. So yes, it's basically a chosen-iv
10:14 < sipa> but we're still only interested in preimage attacks, right?
10:14 < sipa> so the case where an attacker sees an existing published hash, and constructs an initial state + suffic that hash to that published value
10:14 < e0_> @katu and it isn't just choosen-IV, as the length of the message is included to the padding
10:14 < petertodd> sipa: for timestamping, yes! because a birthday collission still proves that both messages existed prior to some point in time!
10:15 < katu> petertodd: im not sure where that scenario arises, though, ie attacker having completely free choice. taking apart hash function for spare parts like that and doing something silly with it ... isnt that explicitly forbidden via "dont roll your own crypto if you dont need to"? :)
10:15 < sipa> an attacker being able to construct two different initial states + suffix that both hash to the same thing... well, good for him, now he can timestamp two values from the price of one
10:15 < petertodd> katu: this is used in production by p2pool to make shares more compact, and I've seen people propose it for timestamping
10:16 < sipa> the relevant of length extension attacks is usually wrt collisions, not preimages
10:16 < katu> ouch
10:16 < petertodd> katu: I'm not sure it actually would matter for p2pool, but using it for timestamping seems very unwise to me...
10:17 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
10:17 < petertodd> sipa: yeah, timestamping is weird that way :)
10:17 < katu> another scenario (with sha1) is compactly representing single file in a torrent
10:17 < sipa> so the question is really whether you're able to invert a single sha256 transform
10:17 < e0_> p2pool is basically rolling their own crypto primatives. Without someone spending a very long time thinking about it, no one knows how secure it is.
10:17 < katu> you need to keep sha1 midstate for preceding and trailing chunk.
10:18 < petertodd> sipa: yup
10:18 -!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards
10:18 <@gmaxwell> e0_: for that if it were somewhat broken it would hardly matter.
10:19 < sipa> if the data being hashed (or claimed to be hashed) is unconstrained, this is essentially a problem with 256 bits known, and 768 bits variable
10:19 < sipa> as opposed to the typical preimage attack problem where you have 256 bits known and only 512 bits variable
10:19 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 250 seconds]
10:19 < katu> e0_: it's ok if it is some hack on top of existing protocol (ie see the example of representing file in a torrent - there simply isnt other option), i just cant imagine why p2pool would actually need it.
10:20 <@gmaxwell> katu: because its a hack on top of the bitcoin protocol.
10:20 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards
10:20 < petertodd> sipa: right, because you get the extra degree of freedom in the 256 bits of midstate
10:20 < sipa> exactly
10:21 < sipa> i don't know whether this matters, but it may be important to realize that this is fundamentally an easier problem than a preimage attack
10:21 < sipa> (though, even in the presence of known collision attacks, this construction is not necessarily broken)
10:21 -!- CocoBTC [~coco@c-703b71d5.136-1-64736c10.cust.bredbandsbolaget.se] has joined #bitcoin-wizards
10:21 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
10:22 < katu> gmaxwell: ah, is it this? https://github.com/forrestv/mm2-spec
10:22 <@gmaxwell> not quite. that was forrestv trying to generalize it.
10:23 < e0_> katu: I don't think it is ok, These things are really tricky, just understanding the exact security properties you want is an involved task. Determining if a modification of a crypto primative meets that property requires long term research. There is a reason that SHA-3 was run as a multi-year contest with many cryptographers looking at each hash function.
10:23 <@gmaxwell> When you attempt a share, you need to reveal the user-id and sharechain root that it commits to. This information is at the end of the coinbase transaction, which is some 15kbytes of data.  It's not important to communicate that first 15kb when initially connecting the share to the share chain.  Once you've verified it, and connected it, the rest of the data in the coinbase transaction is a funct
10:23 -!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds]
10:23 <@gmaxwell> ion of the sharechain, and all that is verified too.
10:24 <@gmaxwell> So as-I-vaguely-recall the way it's used in p2p is even if it's totally busted it only results in a CPU exhaustion DOS attack against p2pool nodes at worse (by flooding them with non-p2pool shares that you've made look like p2pool shares)
10:24 < katu> e0_: in both cases, there is clear cost benefit. the hash is broken apart to achieve something, and explicitly acknowledging 'yep, that breaks the hash'. but both in case of merged mining and bittorrent, it seems the widened attack surface is worth it.
10:24 <@gmaxwell> s/used in p2p/used in p2pool'
10:25 < katu> e0_: most importantly, in neither case the hash is used to hash a secret, but only commitment. commitment which is later re-verified by doing proper hash.
10:26 <@gmaxwell> but people have tried to do this elsewhere, where stronger properties were needed and where the use had greater consequences, and I've discouraged it for the reasons e0_ mentions.
10:27 < e0_> katu: I have no idea of the cost benefit analysis. My only point is that may not be safe or secure.
10:30 <@gmaxwell> katu: fwiw, 'don't make your own constructs' I think that is advice which is causing harm.  At one level it's obviously good but the way people apply it is that they can take random black box standardized cryptographic objects found on github and apply them and then think they're doing fine.
10:31 -!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards
10:31 <@gmaxwell> At least in the realm of open protocols on the internet it has been well over a decade since there was a major example of someone cooking up their own blockcipher. But over and over again we see people every day cooking up busted protcols and using implementations of standard constructs with gratitious sidechannel vulerabilities in places where it might matter.
10:32 <@gmaxwell> So I liken that advice to "abstence only" cryptography education, it has similar failure modes to its parallel in human sexuality.
10:32 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]
10:32 < bsm117532> gmaxwell: I've been thinking that for some time.  The adage "don't roll your own crypto" is really incompatible with crypto-financial engineering.  Instead we need to figure out how to do software engineering, using cryptography, in a secure manner.
10:32 < katu> gmaxwell: you're criticizing fundamental problem of computer engineering. yes, commodity solutions are sub-optimal, but typically with better outcomes than people rolling stuff on their own.
10:33 < katu> from scratch. every time.
10:33 < bsm117532> Just passing the buck sucks.
10:33 <@gmaxwell> katu: no.. it's orthorgonal.
10:33 -!- laurentmt [~Thunderbi@80.215.234.31] has joined #bitcoin-wizards
10:35 < petertodd> incidentally, it occures to me that for some applications, it to require the midstate to be followed by a fixed "pseudo-iv" - although whether or not that's actually secure is beyond my paygrade
10:35 < petertodd> *it'd be feasible to require the
10:35 <@gmaxwell> katu: I'm not complaining that AES isn't the best fit function for some application or whatnot. But rather the mindset that you are safe _if_ and only if you use something that you think is standardized. The overwhelming majority of cryptographic breaks come from bad protocol design, and there are virtually no well studied protocols for pratically any engineering. So people just say 'the crypto i
10:35 <@gmaxwell> s the [AES] the protocol is not crypto. I can write that without understanding crypto.' with bad results.
10:35 < sipa> i think what gmaxwell is saying that people who just take off-the-shelf crypto primitive *also* make mistakes... for example AES without authentication, or with sidechannels
10:35 -!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards
10:35 < sipa> jinxed
10:36 < sipa> so the advice should be to always research the various attack vectors and security assumptions
10:36 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
10:37 < sipa> and when you're digging deeper in the stack, the difficulty of that goes up
10:37 < katu> gmaxwell: fiar enough. the advice for crypto-ignorant people should definitely extend to usage too. which is, adhere to predefined protocol spec, just like primitives.
10:37 < sipa> but it's not a boolean
10:37 <@gmaxwell> Yes, there is no replacement for having a degree of understanding. And if you do, you will also realize that there is no way you're going to cook up your own replacement for AES.
10:37 < petertodd> gmaxwell: note how far NaCl has to go to create an API that's "sufficiently safe" to use without a solid understanding of it, and in the process they've made something where it's not clear how you'd use it for consensus - as an example
10:37 -!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards
10:38 < katu> sipa: worst with AES i've seen in practice is key-similiarity attacks.
10:39 < katu> its not often stressed enough, just *dont* have similiar keys for aes, ie hash those before using.
10:39 <@gmaxwell> katu: uh. no. people use AES-CTR and then reuse keys/iv.
10:39 < katu> gmaxwell: thats not aes as such, but ctr :)
10:39 <@gmaxwell> Or they use CBC without an IV and yield fingerprinting attacks (linux disk encryption and truecrypt too)
10:39 < sipa> AES-ECB is totally safe, right?
10:40 <@gmaxwell> or they use AES-ECB
10:40 < katu> all the chained modes are pretty tricky
10:40 < sipa> gmaxwell: which reminds me, we should add CBC to ctaes
10:40 <@gmaxwell> katu: but aes without a chaining mode is not fit for basically any application.
10:40 < katu> or generally the poor understanding of word 'nonce'
10:40 < katu> that which should not appear twice
10:41 < sipa> nwice
10:41 < katu> (bitcoin with its 'nonce' isnt helping, shouldnt that be serial or something :)
10:41 -!- laurentmt [~Thunderbi@80.215.234.31] has quit [Quit: laurentmt]
10:42 < petertodd> sipa: I use ECB because I believe in block equality
10:43 < e0_> If you are designing cryptographic protocols you need an expert. I'm all for experimentation and playing around with building your own crypto, but getting it right and knowing when you got it wrong requires a person that has dedicated many years of the life as a full time job learning how to securely engineer crypto.
10:43 < katu> e0_: yeah, just make robust cookiecutters for protocols too
10:43 < katu> isnt that basically what nacl is all about?
10:44 < e0_> I think robust cookiecutters are good idea, but often projects will require a usercase not supplied by the cookiecutter.
10:44 < e0_> Even standardized protocols have serious problems.
10:45 < bsm117532> e0_ let's educate, instead of passing the buck though.  Lots of dev shops have obtuse (non-crypto) programming rules and frameworks that try to prevent programmers from shooting themselves in the foot -- I think this is largely foolish.  Don't treat people like idiots, educate them instead.
10:45 <@gmaxwell> e0_: but that isn't the standard advice, the standard advice is some kind of abstence cult; not a hire an expert cult. :P
10:45 < e0_> If apple can't get imessage right, and they couldn't, who can?
10:46 <@gmaxwell> There are basically no secure standardized protocols for anything non-trivial.
10:46 < e0_> gmaxwell: I don't agree with the abstence view.
10:46 < e0_> right
10:46 < katu> bsm117532: the midstte sha is a good example though. it goes against advice "dont reinvent crypto". but in cases when it is actually used, it is acknowledged the hash is broken. for cases such as those, i'd simply standardize use of mid-hashes for sha1/sha2.
10:46 < waxwing> apparently we are abstaining from spelling out the word abstinence too :)
10:47 < katu> also possibly have cryptanalist outlien to which degree is the hash broken.
10:47 < katu> damn, too many typos to regex through
10:48 < bsm117532> I think there do not exist enough cryptographers in the world to transition to cryptographic finance.  We're all going to have to bite the bullet and learn more about midstates...
10:48 <@gmaxwell> I don't think midstate compression is much _more_ an "act of cryptography" than, say, coming up with your hashtree structure.
10:49 <@gmaxwell> even when your hashtree doesn't peel back the crypto black box boundaries at all.
10:49 -!- wangchun [~wangchun@li414-193.members.linode.com] has joined #bitcoin-wizards
10:49 < katu> gmaxwell: depends, it's just a single primitive with valid use (put a wedge to hashlist/md tree).
10:49 < e0_> midstate compression is very dangerous because it opens the door to fine grained control of variables in the hash function which are assumed to not be under the control of an attacker
10:49 < katu> s/to/into/
10:50 < e0_> like BLAKE has "interesting" behavior if an attacker can control the chaining variables
10:50 < katu> e0_: it needs to be evaluated to which degree it is hard to produce evil states. as it is now, it is assumed "reasonably hard to stave off DoS"
10:50 <@gmaxwell> for example, we sit here and cringe with the midstate compression but haven't encountered a pratical attack. But the hashtree construction used in Bitcoin has _three_ known vulnerabilties, and one is pratical and easily exploited.
10:50 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]
10:51 <@gmaxwell> So I think being horrified by one but not blinking at the other is being pennywise and pound foolish.
10:51  * sipa googles "pennywise -band"
10:51 < petertodd> gmaxwell: one potential difference, is that explaining the vulnerabilities in bitcoin's hashtree is easy - for that matter, even a relatively unsophisticated person could find them too
10:52 < e0_> I wasn't aware of the problems with the hashtree, but that sounds bad as well =/
10:52 <@gmaxwell> petertodd: many attacks sound pretty obvious in hindsight, look at the attacks on 64-bit block ciphers in SSL.
10:52 < petertodd> gmaxwell: I feel perfectly confident designing a hashtree precisely because the vulnerabilities in bitcoin's one are obvious to me with my current level of knowledge; I don't have a damn clue what makes sha256 work
10:53 < petertodd> gmaxwell: sure, what I mean is simply that my level of knowledge for hashtrees is likely a lot closer to that of experts in the field than it is for designing hash functions from scratch
10:53 < sipa> well there is no clear algorithmic hardness assumption for sha256
10:54 < sipa> it's just a mix of permutations and non-linear operations
10:54 < petertodd> sipa: aka, black magic :P
10:54 < sipa> yes, pretty much
10:54 < sipa> there is a large collection of understanding about what kinds of constructions lead to easy attacks
10:55 <@gmaxwell> yes, but consider, if sha256 midstate compression were _completely_ broken it would very likely have manifest itself in other ways and would have been noted elsewhere.  The midstate extension property is not intended interface of sha256 but it's highly related to extension attacks.
10:55 < sipa> and hash function design is mostly just avoiding that, and then doing enough of it :)
10:55 < katu> sipa: those can be definitely expressed and mathematically solved, as a SAT problem or polynomial in extended gf(2)
10:55 < katu> the trick is, how big are those sat/poly?
10:55 < katu> satcoin might hint some interesting answers
10:56 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
10:56 <@gmaxwell> there is no strong argument provided by anyone that I'm aware of that says that second preimages results in a sat problem which is hard.  Other than the hope that if it didn't the extensive cryptanalysis so far would have uncovered it.
10:56 < sipa> assuming sha256 is not broken in any way that isn't known now, i don't expect midstates to be trivially attackable
10:57 <@gmaxwell> doesn't mean using it is a good idea generally.
10:57 < sipa> but they may be somewhat easier than a full sha256 premiage
10:58 < petertodd> sipa: an interesting question then, is given the desire for nothing-up-your-sleeve numbers, why didn't the sha256 designers just use zero's as the IV?
10:58 < e0_> https://eprint.iacr.org/2016/374.pdf
10:59 < e0_> there has been some success on free-start collisions on SHA256 in reduced round varients
10:59 < sipa> petertodd: sha3 uses all zeroes as initial state :)
10:59 < petertodd> sipa: lol, nice :)
10:59 <@gmaxwell> sipa: I would be shocked if it weren't easier, and shocked if it made any interesting attack easy.
10:59 < sipa> gmaxwell: agree
11:00 < sipa> a massively easy midstate attack would likely indicate a full preimage attack
11:00 < e0_> SHA3 is also a completely different construction
11:00 <@gmaxwell> e0_: he wasn't giving that as a justification. :)
11:04 < petertodd> e0_: yup, just reading that section now - sounds like pretty clear evidence that freedom in the IV is at least a negative
11:04 < katu> sipa: well, for example in case of sha1 thats not strictly the case. chosen-ivs seem to be pretty magical, and whole security of sha1 now lies in that its difficult to arrive to this fixed point when attempting to produce real world collisions.
11:04 -!- bsm117532 [~mcelrath@38.121.165.30] has quit [Ping timeout: 250 seconds]
11:05 < katu> ie what if you dont get a wide class of chosen-ivs as options, but something very very specific
11:06 -!- tucenaber [~tucenaber@unaffiliated/tucenaber] has quit [Ping timeout: 276 seconds]
11:07 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]
11:07 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
11:10 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]
11:13 -!- bsm117532 [~mcelrath@38.121.165.30] has joined #bitcoin-wizards
11:15 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
11:20 -!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]
11:21 -!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards
11:27 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]
11:29 -!- mkarrer [~mkarrer@201.218.217.188] has joined #bitcoin-wizards
11:31 -!- mkarrer [~mkarrer@201.218.217.188] has quit [Client Quit]
11:32 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
11:39 < roasbeef> andytoshi: "Pairings for Cryptographers": https://eprint.iacr.org/2006/165.pdf
11:43 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]
11:46 -!- laurentmt [~Thunderbi@176.158.157.202] has joined #bitcoin-wizards
11:47 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
11:50 -!- c0rw1n [~c0rw1n@109.128.247.136] has quit [Quit: Leaving]
11:51 < andytoshi> thanks roasbeef .. though i think that is too simplified for what i'm doing, and it also predates a lot of important work in pairing-based crypto (in particular freeman's unification of several families of curves that support pairings, and lynn's thesis)
11:52 -!- c0rw1n [~c0rw1n@109.128.247.136] has joined #bitcoin-wizards
11:55 -!- c0rw1n [~c0rw1n@109.128.247.136] has quit [Read error: Connection reset by peer]
11:55 -!- c0rw1n_ [~c0rw1n@109.128.247.136] has joined #bitcoin-wizards
11:58 -!- Davasny [~quassel@78-11-193-195.static.ip.netia.com.pl] has joined #bitcoin-wizards
11:59 -!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 264 seconds]
12:03 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]
12:05 -!- blackwraith [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards
12:07 -!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 250 seconds]
12:07 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
12:16 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]
12:20 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
12:22 -!- parathon [~parathon@31.223.24.145] has joined #bitcoin-wizards
12:24 -!- parathon [~parathon@31.223.24.145] has quit [Client Quit]
12:26 -!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards
12:29 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]
12:34 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
12:34 -!- byteflam1 [~byteflame@50.25.160.41] has joined #bitcoin-wizards
12:35 -!- byteflam1 [~byteflame@50.25.160.41] has quit [Client Quit]
12:35 -!- byteflame [~byteflame@50.25.160.41] has quit [Quit: leaving]
12:35 -!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards
12:38 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards
12:43 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]
12:43 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 252 seconds]
12:48 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
12:51 -!- bildramer [~bildramer@2001:0:5ef5:79fb:3811:32e:b019:bd1d] has joined #bitcoin-wizards
12:53 -!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards
12:55 -!- bildramer1 [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has quit [Ping timeout: 250 seconds]
12:55 -!- laurentmt [~Thunderbi@176.158.157.202] has quit [Quit: laurentmt]
12:56 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
12:59 -!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 250 seconds]
13:01 -!- jrayhawk_ is now known as jrayhawk
13:06 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 240 seconds]
13:08 < kanzure> in dagchain designs, is there anything particularly broken about having long weak block chains that eventually get reorged into stronger chains? potentially conflicting transaction trees can be excluded (or one side can be picked/favored by the miner of the non-weak pow chain that reincorporates most of the weak chain results).
13:08 -!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Quit: WeeChat 0.4.2]
13:09 < bsm117532> Nothing in particular and in fact I'm planning on that.
13:09 < bsm117532> However it requires that you can identify conflicting transactions, so is not compatible with aggregation a la Mimblewimble.
13:09 < kanzure> oh wait-- so the particular problem would have to be something like: an attacker can trivially broadcast their different transaction to different long weak chains.    but this is more the fault of a user that believes a weak confirmation is valuable.
13:09 < bsm117532> Correct.
13:10 < kanzure> what is the value of the weak confirmation (in the context of long weak chains) at all?
13:10 < bsm117532> The notion of "confirmation" changes and requires a more sophisticated calculation.  I'm planning on using a "high water mark" which is an indication of the maximum hashpower that could be on a weak chain.
13:11 < bsm117532> If you're on a weak chain (any chain where the highest hashpower ever see is 100% larger than what is currently visible) -- transactions NEVER confirm.
13:11 < bsm117532> ...until they're merged with the stronger chain.
13:11 -!- kyletorpey [~kyle@pool-173-53-94-96.rcmdva.fios.verizon.net] has joined #bitcoin-wizards
13:12 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
13:12 < kanzure> i suppose you could make handwavy incentive arguments about miners wanting to take a portion of fees that might not otherwise happen without the transaction trees included in the (longer) weak chains
13:12 < bsm117532> This allows one to automatically and generically merge chains in the case of e.g. network splits.
13:15 < Taek> kanzure: it depends on the algorithm that you use to merge weaker chains into longer chains
13:15 < bsm117532> Miner coin allocation also uses the high-water-mark.
13:15 < Taek> but, generally speaking I believe that either the weaker chain has to be orphaned, or it can cause reorgs of depth up to the size of the weaker chain
13:15 < bsm117532> Though there may be other ideas, and as Taek says, it comes down to your conflict resolution at merge time.
13:16 < Taek> I'm also worried about the algorithmic complexity of merging
13:17 < Taek> it you can merge weak chains that are thousands of blocks behind, your conflict resolution may get intractable
13:22 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
13:27 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
13:31 -!- Tenhi_ [~tenhi@static.177.80.201.138.clients.your-server.de] has joined #bitcoin-wizards
13:37 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Read error: Connection reset by peer]
13:38 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 264 seconds]
13:41 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards
13:42 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]
13:42 -!- Tenhi_ [~tenhi@static.177.80.201.138.clients.your-server.de] has quit [K-Lined]
13:46 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
13:49 -!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards
13:52 < oleganza> Hi there. A friend asked if we it's a good idea to slap MAC onto the payload in the CT range proof. I think the ring signature is effectively a MAC on the ciphertext (yielding "encrypt-then-mac" method), so no more integrity checks are necessary, is that right?
13:52 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 276 seconds]
13:53 -!- MoALTz [~no@78-11-247-26.static.ip.netia.com.pl] has quit [Quit: Leaving]
13:54 < andytoshi> oleganza: heya. yeah, the ringsig itself is effectively a MAC. you still might wanna checksum the data as a sanity check (in case of corruption before it went into the ringsig or after it came out)
13:54 < oleganza> in other words, how much is schnorr ring signature malleable by non-signers? IMHO, a simple check like "enforce low-s" should suffice
13:54 < andytoshi> don't even need low-s with schnorr, it's not malleable at all
13:54 < andytoshi> and there's even a proof https://download.wpsoftware.net/bitcoin/wizardry/schnorr-mall.pdf unlike ecdsa..
13:55 < oleganza> andytoshi: agreed on checksum for external reasons, but just for ciphertext integrity it's not necessary, right?
13:55 < andytoshi> oleganza: correct
13:55 < andytoshi> (fwiw, that proof is for schnorr, so it doesn't technically apply to CT ringsigs, but really it does)
13:56 < oleganza> Yeah, i can see that it's pretty obvious how to extend it to ringsigs
13:57 < oleganza> awesome, thx
13:59 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]
13:59 < oleganza> andytoshi: btw, since you asked about PBC a few days ago, this video was really insightful for me: https://m.youtube.com/watch?v=F4x2kQTKYFY
13:59 < oleganza> also Dan Boneh, but with more behind-the-scenes reasoning and less math
14:00 < oleganza> and some funny tricks with curves of non-prime RSA order (n = p*q) giving homomorphic encryption provided factorization is kept secret.
14:02 -!- musalbas [~musalbas@2001:bc8:30c2:ff00::] has quit [Ping timeout: 250 seconds]
14:04 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
14:04 -!- musalbas [~musalbas@2001:bc8:30c2:ff00::] has joined #bitcoin-wizards
14:05 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 260 seconds]
14:06 -!- vega4 [~pc_rafals@c0-100.icpnet.pl] has joined #bitcoin-wizards
14:06 < kanzure> not nearly the same content, but this is recent (from the other day) (the video this is from is not recent though) http://diyhpl.us/wiki/transcripts/simons-institute/pairing-cryptography/
14:08 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards
14:08 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards
14:14 -!- blackwraith [~priidu@unaffiliated/priidu] has quit [Ping timeout: 244 seconds]
14:17 < andytoshi> thanks oleganza, this is great
14:19 -!- JackH [~Jack@79-73-191-94.dynamic.dsl.as9105.com] has joined #bitcoin-wizards
14:19 < e0_> I assume someone else has already thought of this but you can reduce the expected-loss of a user doublespending a 0-confirmation transaction once transactions maleability is solved.
14:23 < e0_> Alice wants to pay Bob for a coffee by paying 0.001 BTC in transaction T1 but doesn't want to wait for a confirmation. Bob asks Alice to spend 10 BTC into a 2-of-2 transaction spendable only by both Alice and Bob's key. Bob creates and signs a refund transaction for the 2-of-2 which also spends 0.00001 BTC from T1. Thus, if T1 is doublespent Alice loses 10 BTC since the refund is invalid but if T1 is confirmed on the blockchain Alice can reclaim her 1
14:25 < e0_> if the 2-of-2 is spendable by Bob's key alone after say 2 weeks, Bob merely needs to calculate the probability that both the 2-of-2 and T1 and doublespent and choose a 2-of-2 insurance value which gives him an expected value of 0.001 BTC.
14:28 -!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
14:31 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]
14:32 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]
14:35 -!- pavel_ [~paveljani@79.98.72.216] has joined #bitcoin-wizards
14:35 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Ping timeout: 244 seconds]
14:36 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
14:39 -!- vega4 [~pc_rafals@c0-100.icpnet.pl] has quit [Ping timeout: 240 seconds]
14:39 -!- moli [~molly@unaffiliated/molly] has joined #bitcoin-wizards
14:44 -!- belcher is now known as JM-IRCRelay
14:44 -!- JM-IRCRelay is now known as belcher
14:44 < CocoBTC> Not in this way - but AFAIK pre-made transactions are a part of how Lightning network will work with "HTLCs"
14:48 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]
14:52 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
14:58 -!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards
15:00 < e0_> CocoBTC: what do you mean by "pre-made". I was thinking that this method could be used to quickly establish a payment channel with the lightning network.
15:05 -!- xissburg [~xissburg@unaffiliated/xissburg] has quit [Quit: leaving]
15:08 -!- xissburg [~xissburg@unaffiliated/xissburg] has joined #bitcoin-wizards
15:14 -!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has joined #bitcoin-wizards
15:15 -!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has quit [Client Quit]
15:15 -!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has joined #bitcoin-wizards
15:16 <@gmaxwell> e0_: not just thought of, but actually used, thats a payment channel.
15:17 -!- Noldorin [~noldorin@unaffiliated/noldorin] has joined #bitcoin-wizards
15:26 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
15:28 -!- Davasny [~quassel@78-11-193-195.static.ip.netia.com.pl] has quit [Read error: Connection reset by peer]
15:37 -!- CocoBTC [~coco@c-703b71d5.136-1-64736c10.cust.bredbandsbolaget.se] has quit [Quit: Leaving]
15:38 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 240 seconds]
15:41 -!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has quit [Quit: No Ping reply in 180 seconds.]
15:42 -!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards
15:44 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
15:45 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds]
15:50 -!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards
15:52 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
15:57 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
16:01 -!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has quit [Ping timeout: 250 seconds]
16:03 -!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has quit [Read error: Connection reset by peer]
16:05 -!- Alanius [~alan@flyingarm.bar] has quit [Remote host closed the connection]
16:06 < Eliel> e0_: is the 10 BTC payment to the 2-of-2 address supposed to be confirmed beforehand or how were you planning on preventing that from being doublespent?
16:07 -!- bildramer [~bildramer@2001:0:5ef5:79fb:3811:32e:b019:bd1d] has quit [Ping timeout: 250 seconds]
16:08 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 264 seconds]
16:10 -!- bildramer [~bildramer@p2003004D2B01000000BE29B2F1B6B020.dip0.t-ipconnect.de] has joined #bitcoin-wizards
16:13 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
16:17 -!- oleganza_ [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards
16:18 -!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has quit [Ping timeout: 250 seconds]
16:18 -!- oleganza_ is now known as oleganza
16:21 -!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has joined #bitcoin-wizards
16:26 -!- NewLiberty_ [~NewLibert@107-142-8-22.lightspeed.irvnca.sbcglobal.net] has quit [Ping timeout: 240 seconds]
16:29 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]
16:33 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
16:46 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Remote host closed the connection]
16:55 -!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 252 seconds]
16:56 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]
16:56 -!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards
17:01 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
17:27 -!- andytoshi [~andytoshi@unaffiliated/andytoshi] has quit [Ping timeout: 265 seconds]
17:30 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards
17:32 -!- PRab [~chatzilla@c-68-62-95-247.hsd1.mi.comcast.net] has joined #bitcoin-wizards
17:32 -!- PRab [~chatzilla@c-68-62-95-247.hsd1.mi.comcast.net] has quit [Client Quit]
17:39 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards
17:39 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]
17:40 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards
17:40 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Max SendQ exceeded]
17:40 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards
17:40 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]
17:40 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards
17:40 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]
17:41 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards
17:41 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]
17:41 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards
17:41 -!- andytoshi [~andytoshi@wpsoftware.net] has joined #bitcoin-wizards
17:41 -!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]
17:42 -!- Illumitardi [~dave4925@unaffiliated/dave4925] has quit [Ping timeout: 255 seconds]
17:42 -!- copumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:46 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
17:51 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
18:01 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]
18:03 -!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has quit [Quit: oleganza]
18:06 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
18:14 -!- copumpkin [~copumpkin@haskell/developer/copumpkin] has joined #bitcoin-wizards
18:17 -!- oleganza [~oleganza@172.56.39.101] has joined #bitcoin-wizards
18:28 -!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 276 seconds]
18:32 -!- oleganza [~oleganza@172.56.39.101] has quit [Quit: oleganza]
18:37 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]
18:42 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
18:46 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-nfzyxtmgrfwogkow] has quit [Quit: Connection closed for inactivity]
18:48 < bsm1175321> Taek: there needs to be a lower bound: it is expressed as a fraction of the "high water mark".  Obviously an arbitrarily low-difficulty chain can't be merged with the main one.
18:48 < bsm1175321> Or you open a DDoS attack.
18:52 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
18:56 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
19:00 -!- xissburg [~xissburg@unaffiliated/xissburg] has quit [Quit: ZZZzzz…]
19:04 -!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]
19:05 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
19:07 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]
19:08 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards
19:09 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
19:10 -!- N0S4A2 [~weechat@24.35.69.143] has quit [Quit: WeeChat 1.5]
19:22 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]
19:28 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
19:37 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]
19:37 -!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has quit [Quit: Leaving.]
19:39 -!- Noldorin [~noldorin@unaffiliated/noldorin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
19:40 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 252 seconds]
19:42 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
19:42 -!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards
19:42 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
19:48 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 240 seconds]
19:51 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
19:55 -!- pro [~pro@unaffiliated/pro] has quit [Quit: Leaving]
20:14 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]
20:17 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]
20:20 -!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 240 seconds]
20:30 -!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]
20:32 -!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards
20:32 -!- oleganza [~oleganza@172.56.39.108] has joined #bitcoin-wizards
20:34 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
20:37 -!- oleganza [~oleganza@172.56.39.108] has quit [Ping timeout: 244 seconds]
20:38 -!- Damiana [~Damiana@rrcs-71-42-254-60.sw.biz.rr.com] has joined #bitcoin-wizards
20:41 -!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]
20:43 -!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards
20:44 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 276 seconds]
20:46 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
20:58 -!- Damiana [~Damiana@rrcs-71-42-254-60.sw.biz.rr.com] has quit [Remote host closed the connection]
20:59 -!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has quit [Quit: Verlassend]
20:59 -!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has joined #bitcoin-wizards
20:59 -!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has quit [Remote host closed the connection]
21:03 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]
21:05 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 264 seconds]
21:07 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
21:08 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
21:10 -!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]
21:12 -!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards
21:13 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 252 seconds]
21:16 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
21:19 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]
21:23 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
21:34 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
21:38 -!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds]
21:38 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
21:42 -!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards
21:48 -!- pavel_ [~paveljani@79.98.72.216] has quit [Quit: Leaving]
21:50 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 250 seconds]
21:52 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]
21:54 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 265 seconds]
21:55 -!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has quit [Ping timeout: 250 seconds]
21:56 -!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 276 seconds]
21:56 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards
21:56 -!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards
21:56 -!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 265 seconds]
21:56 -!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has joined #bitcoin-wizards
21:56 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
21:57 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
21:58 -!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards
22:08 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
22:10 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has joined #bitcoin-wizards
22:10 -!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has quit [Ping timeout: 244 seconds]
22:11 -!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds]
22:11 -!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 276 seconds]
22:11 -!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards
22:12 -!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has joined #bitcoin-wizards
22:12 -!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards
22:12 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
22:46 -!- tripleslash [~triplesla@unaffiliated/imsaguy] has quit [Ping timeout: 250 seconds]
22:47 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
22:50 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 240 seconds]
22:55 -!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards
22:58 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 244 seconds]
23:10 -!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Quit: oleganza]
23:15 -!- tripleslash [~triplesla@unaffiliated/imsaguy] has joined #bitcoin-wizards
23:29 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards
23:34 -!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]
23:38 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 260 seconds]
23:39 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-jbijoaxwxnmxqglc] has joined #bitcoin-wizards
23:40 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
23:42 -!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards
23:46 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 250 seconds]
23:49 -!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards
23:58 -!- BashCo [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection]
23:58 -!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]
--- Log closed Wed Sep 07 00:00:47 2016