--- Log opened Sun Sep 30 00:00:23 2018
00:28 -!- p0nziph0ne [p0nziph0ne@gateway/vpn/privateinternetaccess/p0nziph0ne] has joined #bitcoin-wizards
00:48 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Remote host closed the connection]
00:48 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
01:21 -!- tombusby [~tombusby@gateway/tor-sasl/tombusby] has quit [Ping timeout: 256 seconds]
01:25 -!- tombusby [~tombusby@gateway/tor-sasl/tombusby] has joined #bitcoin-wizards
01:42 -!- Krellan [~Krellan@2601:640:4000:9258:58fb:4a88:df0c:e568] has quit [Read error: Connection reset by peer]
01:54 -!- wildermind [uid300433@gateway/web/irccloud.com/x-yekrzxjbfwsrsrxt] has joined #bitcoin-wizards
02:00 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has quit [Remote host closed the connection]
02:13 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has joined #bitcoin-wizards
02:32 < jl2012> Do we know which points are valid on the curve, but not a multiple of G?
02:33 < jl2012> I think there are (p - n) of such points?
02:35 < sipa> G is a generator for the curve; by definition every point is a multiple of it
02:36 < sipa> (this is true for secp256k1, but not for all curves - in particular EC groups with cofactors it isn't true)
02:40 < sipa> jl2012: there are p possible x and y coordinates, but only n (x,y) pairs are on the curve
02:48 < jl2012> sipa: thanks!
02:49 < sipa> jl2012: in some EC systems only s subgroup of the curve is used, i  that case not every group element is a multiple of the generator
02:50 < sipa> however group theory says that a subgroup of a finite group must always be a divisor of its size
02:52 < jl2012> sipa: for things like g'root that requires another generator, it must also be a multiple of G?
02:54 < sipa> indeed
02:54 < sipa> but it must be an unknown multiple of G
02:59 < jl2012> We could take a hash of a trivial message, and see if it is a valid x value?
03:03 < sipa> yup, that's how you do it
03:03 < sipa> also include G in the message
03:04 < sipa> so that nobody can claim you secret are the author of G, and picked it in function of this newgenerator you're just proposing
03:04 < sipa> for CT in Elements we just used SHA256(G.x)
03:04 < sipa> iirc
03:04 < sipa> or something like that
03:33 < jl2012> Thanks
03:33 < nsh> called "nothing up my sleeves" constructions
03:33 < nsh> or numbers
03:37 < sipa> nums!
03:37 < sipa> (not confusing at all)
03:38 -!- TheoStorm [~dnaleor@host-lzquwqj.cbn1.zeelandnet.nl] has quit [Quit: Leaving]
03:49 < nsh> :)
03:49 < nsh> nums numbs
03:49 -!- TheoStorm [~dnaleor@host-lzquwqj.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
03:57 < waxwing> sometimes called coerce-to-point; a kind of cryptographer's micro-aggression
04:02 -!- Zenton [~user@unaffiliated/vicenteh] has quit [Read error: Connection reset by peer]
04:02 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
04:09 -!- thrmo [~thrmo@gateway/tor-sasl/thrmo] has joined #bitcoin-wizards
04:28 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Quit: Leaving]
05:11 -!- laurentmt [~Thunderbi@194.59.249.21] has joined #bitcoin-wizards
05:37 -!- laurentmt [~Thunderbi@194.59.249.21] has quit [Quit: laurentmt]
06:19 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
06:24 -!- nuncanada [~dude@187.65.68.135] has joined #bitcoin-wizards
06:35 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #bitcoin-wizards
07:04 -!- deusexbeer [~deusexbee@093-092-177-112-dynamic-pool-adsl.wbt.ru] has quit [Quit: Konversation terminated!]
07:22 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Quit: Leaving]
07:34 -!- jb55 [~jb55@S010660e327dca171.vc.shawcable.net] has quit [Quit: WeeChat 2.1]
07:38 -!- jb55 [~jb55@S010660e327dca171.vc.shawcable.net] has joined #bitcoin-wizards
07:51 -!- Krellan [~Krellan@2601:640:4000:9258:58fb:4a88:df0c:e568] has joined #bitcoin-wizards
08:03 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 268 seconds]
08:11 -!- vcorm [598ad43b@gateway/web/freenode/ip.89.138.212.59] has quit [Ping timeout: 256 seconds]
08:20 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
08:46 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 268 seconds]
08:48 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
08:59 -!- nuncanada [~dude@187.65.68.135] has quit [Quit: Leaving]
09:05 -!- Krellan [~Krellan@2601:640:4000:9258:58fb:4a88:df0c:e568] has quit [Ping timeout: 250 seconds]
09:07 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 252 seconds]
09:36 -!- bildramer [~bildramer@p2003004D8D4796007021092D50D6D147.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
09:37 -!- bildramer [~bildramer@p2003004D8D007F007021092D50D6D147.dip0.t-ipconnect.de] has joined #bitcoin-wizards
09:52 -!- Giszmo [~leo@pc-72-54-46-190.cm.vtr.net] has joined #bitcoin-wizards
09:53 -!- Giszmo [~leo@pc-72-54-46-190.cm.vtr.net] has quit [Client Quit]
10:04 -!- Krellan [~Krellan@2601:640:4000:9258:58fb:4a88:df0c:e568] has joined #bitcoin-wizards
10:10 -!- Emcy [~Emcy@unaffiliated/emcy] has quit [Ping timeout: 244 seconds]
10:13 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has quit [Remote host closed the connection]
10:15 -!- Emcy [~Emcy@unaffiliated/emcy] has joined #bitcoin-wizards
10:31 -!- shesek [~shesek@unaffiliated/shesek] has quit [Ping timeout: 272 seconds]
10:33 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
10:33 -!- _tin [~tyn@c-73-222-144-23.hsd1.ca.comcast.net] has joined #bitcoin-wizards
10:40 -!- vdo [~vdo1138@unaffiliated/vdo] has quit [Ping timeout: 245 seconds]
10:52 -!- Krellan [~Krellan@2601:640:4000:9258:58fb:4a88:df0c:e568] has quit [Ping timeout: 240 seconds]
10:56 -!- nickler [~nickler@185.12.46.130] has quit [Ping timeout: 252 seconds]
11:01 -!- _tin [~tyn@c-73-222-144-23.hsd1.ca.comcast.net] has quit [Ping timeout: 252 seconds]
11:08 -!- kenshi84 [~kenshi84@p437057-ipngn4101akatuka.ibaraki.ocn.ne.jp] has quit [Ping timeout: 268 seconds]
11:09 -!- kenshi84 [~kenshi84@p10228-ipngn1701akatuka.ibaraki.ocn.ne.jp] has joined #bitcoin-wizards
11:17 -!- kenshi84 [~kenshi84@p10228-ipngn1701akatuka.ibaraki.ocn.ne.jp] has quit [Ping timeout: 252 seconds]
11:18 -!- kenshi84 [~kenshi84@p64155-ipngn2401akatuka.ibaraki.ocn.ne.jp] has joined #bitcoin-wizards
11:23 -!- kenshi84 [~kenshi84@p64155-ipngn2401akatuka.ibaraki.ocn.ne.jp] has quit [Ping timeout: 252 seconds]
11:24 -!- kenshi84 [~kenshi84@2409:11:c161:1300:9d49:cc5e:4ac2:9d49] has joined #bitcoin-wizards
11:37 -!- schmidty [~schmidty@104-7-216-111.lightspeed.austtx.sbcglobal.net] has joined #bitcoin-wizards
11:37 -!- schmidty is now known as Guest75321
11:39 -!- Guest81722 [~schmidty@104-7-216-111.lightspeed.austtx.sbcglobal.net] has quit [Ping timeout: 268 seconds]
11:43 -!- nickler [~nickler@185.12.46.130] has joined #bitcoin-wizards
11:56 -!- ghost43 [~daer@gateway/tor-sasl/daer] has quit [Remote host closed the connection]
11:56 -!- ghost43 [~daer@gateway/tor-sasl/daer] has joined #bitcoin-wizards
12:00 < jimpo> In the batch verification algorithm in BIP schnorr, why is a_1 omitted (or == 1)?
12:02 < sipa> jimpo: only the ratios between the different factors need to be unpredictable
12:03 < sipa> so one of them can be chosen as 1
12:03 -!- morcos [~morcos@gateway/tor-sasl/morcos] has quit [Remote host closed the connection]
12:03 -!- morcos [~morcos@gateway/tor-sasl/morcos] has joined #bitcoin-wizards
12:09 < jimpo> Right. So it can be 1, but it would not be unsafe if there was a random a_1 coefficient?
12:11 < jl2012> it seems possible to batch validate taproot (Q = kG + P) with Schnoor (R = sG - eP) ?
12:11 < jl2012> Just replace e = n-1; and signature(r,s) = (x(Q),k)
12:11 < jl2012> But what about y(Q)?
12:14 -!- thrmo [~thrmo@gateway/tor-sasl/thrmo] has quit [Remote host closed the connection]
12:15 -!- thrmo [~thrmo@gateway/tor-sasl/thrmo] has joined #bitcoin-wizards
12:16 < jimpo> y(Q) would be known because the pubkey Q would be pushed into the script in compressed form, I assume?
12:18 < jl2012> yes, but could it work with the batch validation in bip_schnorr, which requires  jacobi(y(R)) = 1 ?
12:20 < jimpo> Yeah, I don't think that would be a problem. It's only required in the BIP so that a 32 byte x coordinate can be unambiguously mapped to a pubkey
12:20 < jimpo> And in the batch verification the group element R is reconstructed
12:21 < jimpo> so if you start with Q, I believe it's fine
12:23 -!- p0nziph0ne [p0nziph0ne@gateway/vpn/privateinternetaccess/p0nziph0ne] has quit [Quit: Leaving]
12:25 < jl2012> thanks
12:25 < sipa> jimpo: yeah, there could be a random a_1
12:31 < sipa> jl2012: and indeed if you start from the x coordinate and decompress, the jacobi symbol of y will always be 1
12:32 < sipa> also jacobi symbols are an order of magnitude less work than an EC multiplication
12:40 -!- Krellan [~Krellan@2601:640:4000:9258:30cd:8cd7:c817:eb2a] has joined #bitcoin-wizards
12:44 < jl2012> we could also "convert" a Schnorr sig into an ECDSA sig? msg = -rs/e; sig = r||-r/e
12:47 < sipa> what does that mean?
12:49 < jl2012> take a schnorr_bip sig (r,s) for e and P. We can convert it to an ECDSA sig (r, -r/e) for msg = -rs/e and P
12:49 < jl2012> the schnorr sig is valid if and only if the transformed ECDSA is valid
12:50 < sipa> e is the message, or e = H(R||P||m) ?
12:50 < jl2012> e = H(R||P||m)
12:51 < sipa> that's technically not true, as the msg in ECDSA needs to be a hash
12:52 < jl2012> yes, but libsecp256k1 allows me to inject any msg I want
12:52 < sipa> that's true
12:52 < jl2012> my point is, I could cheat libsecp256k1 to validate a Schnorr sig for me
12:53 < sipa> but if you're talking about specific schemes, ECDSA won't check that the jacobi symbol is right, and you always have overflow issues in theory
12:53 < sipa> (the R'x coordinate is stored modulo n in an ECDSA sig)
12:54 < jl2012> I'm just trying to figure out their mathematical relationship
12:54 < jl2012> it seems ECDSA, Schnorr, taproot are all related
12:55 -!- bildramer [~bildramer@p2003004D8D007F007021092D50D6D147.dip0.t-ipconnect.de] has quit [Ping timeout: 252 seconds]
12:55 -!- bildramer [~bildramer@p2003004D8D069E007021092D50D6D147.dip0.t-ipconnect.de] has joined #bitcoin-wizards
12:56 < sipa> jl2012: well they're all just an EC multiplication and soke hashes :)
12:56 < sipa> *some
12:57 < jl2012> yes, adding 2 multiplications
13:09 -!- deusexbeer [~deusexbee@093-092-177-112-dynamic-pool-adsl.wbt.ru] has joined #bitcoin-wizards
13:09 -!- jb55 [~jb55@S010660e327dca171.vc.shawcable.net] has quit [Quit: WeeChat 2.2]
13:25 -!- vdo [~vdo1138@108.61.209.80] has joined #bitcoin-wizards
13:25 -!- vdo [~vdo1138@108.61.209.80] has quit [Changing host]
13:25 -!- vdo [~vdo1138@unaffiliated/vdo] has joined #bitcoin-wizards
14:00 -!- Dizzle [~Dizzle@2605:6000:1019:41ab:594a:5720:aafd:dab8] has joined #bitcoin-wizards
14:11 -!- bitcoin-wizards3 [4a0f460f@gateway/web/freenode/ip.74.15.70.15] has joined #bitcoin-wizards
14:15 -!- bitcoin-wizards3 [4a0f460f@gateway/web/freenode/ip.74.15.70.15] has quit [Client Quit]
14:34 -!- arubi [~ese168@gateway/tor-sasl/ese168] has quit [Remote host closed the connection]
14:34 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #bitcoin-wizards
14:37 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Read error: Connection reset by peer]
14:39 -!- belcher [~belcher@unaffiliated/belcher] has quit [Read error: Connection reset by peer]
14:40 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards
14:40 -!- belcher [~belcher@unaffiliated/belcher] has quit [Remote host closed the connection]
14:42 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards
14:50 -!- wildermind [uid300433@gateway/web/irccloud.com/x-yekrzxjbfwsrsrxt] has quit [Quit: Connection closed for inactivity]
14:51 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards
14:57 -!- Krellan [~Krellan@2601:640:4000:9258:30cd:8cd7:c817:eb2a] has quit [Read error: Connection reset by peer]
14:59 -!- Krellan [~Krellan@2601:640:4000:9258:30cd:8cd7:c817:eb2a] has joined #bitcoin-wizards
15:07 -!- thrmo_ [~thrmo@gateway/tor-sasl/thrmo] has joined #bitcoin-wizards
15:07 -!- thrmo [~thrmo@gateway/tor-sasl/thrmo] has quit [Ping timeout: 256 seconds]
15:12 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 252 seconds]
15:21 -!- thrmo_ is now known as thrmo
15:22 -!- Murch [~murch@c-73-223-113-121.hsd1.ca.comcast.net] has joined #bitcoin-wizards
15:46 -!- Emcy [~Emcy@unaffiliated/emcy] has quit [Remote host closed the connection]
16:08 -!- shesek [~shesek@bzq-84-110-234-213.red.bezeqint.net] has joined #bitcoin-wizards
16:08 -!- shesek [~shesek@bzq-84-110-234-213.red.bezeqint.net] has quit [Changing host]
16:08 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-wizards
16:08 -!- thomasan_ [~thomasand@172.83.40.70] has joined #bitcoin-wizards
16:10 -!- Krellan [~Krellan@2601:640:4000:9258:30cd:8cd7:c817:eb2a] has quit [Ping timeout: 260 seconds]
16:15 -!- mn3monic [jsz@unaffiliated/mn3monic] has quit [Excess Flood]
16:16 -!- mn3monic [jsz@unaffiliated/mn3monic] has joined #bitcoin-wizards
16:21 -!- Dizzle [~Dizzle@2605:6000:1019:41ab:594a:5720:aafd:dab8] has quit [Remote host closed the connection]
16:22 -!- Dizzle [~Dizzle@2605:6000:1019:41ab:594a:5720:aafd:dab8] has joined #bitcoin-wizards
16:32 -!- thomasa__ [~thomasand@172.83.40.70] has joined #bitcoin-wizards
16:32 -!- thomasan_ [~thomasand@172.83.40.70] has quit [Read error: Connection reset by peer]
16:39 -!- thrmo_ [~thrmo@gateway/tor-sasl/thrmo] has joined #bitcoin-wizards
16:40 -!- thrmo [~thrmo@gateway/tor-sasl/thrmo] has quit [Ping timeout: 256 seconds]
16:57 -!- Murch [~murch@c-73-223-113-121.hsd1.ca.comcast.net] has quit [Quit: Snoozing.]
17:11 -!- thomasa__ [~thomasand@172.83.40.70] has quit [Remote host closed the connection]
17:13 -!- thrmo_ is now known as thrmo
17:16 -!- Krellan [~Krellan@2601:640:4000:9258:30cd:8cd7:c817:eb2a] has joined #bitcoin-wizards
17:23 -!- Emcy [~Emcy@unaffiliated/emcy] has joined #bitcoin-wizards
17:29 -!- Dizzle [~Dizzle@2605:6000:1019:41ab:594a:5720:aafd:dab8] has quit [Remote host closed the connection]
17:30 -!- Dizzle [~Dizzle@2605:6000:1019:41ab:594a:5720:aafd:dab8] has joined #bitcoin-wizards
18:07 -!- Krellan [~Krellan@2601:640:4000:9258:30cd:8cd7:c817:eb2a] has quit [Ping timeout: 252 seconds]
18:22 -!- shesek [~shesek@unaffiliated/shesek] has quit [Ping timeout: 268 seconds]
18:40 < nsh> .title https://www.youtube.com/watch?v=5nDnc9uEB7U
18:40 < yoleaux> Peter Hines: "Diagrams and Coherence Theorems in Cryptography and Cryptanalysis" - YouTube
18:52 < nsh> (yields a simple diagrammatic sanity check on [a class of] zk protocols)
18:54 -!- thrmo [~thrmo@gateway/tor-sasl/thrmo] has quit [Quit: Waiting for .007]
18:56 -!- Emcy [~Emcy@unaffiliated/emcy] has quit [Remote host closed the connection]
18:59 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit []
19:19 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has quit [Read error: Connection reset by peer]
19:19 -!- dougsland [~douglas@c-73-234-93-65.hsd1.nh.comcast.net] has joined #bitcoin-wizards
19:23 -!- Belkaar [~Belkaar@xdsl-81-173-152-141.netcologne.de] has joined #bitcoin-wizards
19:23 -!- Belkaar [~Belkaar@xdsl-81-173-152-141.netcologne.de] has quit [Changing host]
19:23 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has joined #bitcoin-wizards
19:31 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 244 seconds]
19:33 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards
19:34 -!- dougsland [~douglas@c-73-234-93-65.hsd1.nh.comcast.net] has quit [Ping timeout: 252 seconds]
20:33 -!- Emcy [~Emcy@unaffiliated/emcy] has joined #bitcoin-wizards
21:29 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has joined #bitcoin-wizards
21:33 -!- Krellan [~Krellan@2601:640:4000:9258:30cd:8cd7:c817:eb2a] has joined #bitcoin-wizards
21:41 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has quit []
21:43 -!- rmwb [~rmwb@199.178.233.220.static.exetel.com.au] has joined #bitcoin-wizards
21:46 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 252 seconds]
21:46 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards
22:10 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 240 seconds]
22:10 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards
22:44 -!- Emcy [~Emcy@unaffiliated/emcy] has quit [Quit: Leaving]
22:47 -!- Dizzle [~Dizzle@2605:6000:1019:41ab:594a:5720:aafd:dab8] has quit [Remote host closed the connection]
22:48 -!- Dizzle [~Dizzle@2605:6000:1019:41ab:594a:5720:aafd:dab8] has joined #bitcoin-wizards
22:49 -!- Emcy [~Emcy@unaffiliated/emcy] has joined #bitcoin-wizards
22:54 -!- Zenton [~user@unaffiliated/vicenteh] has quit [Ping timeout: 244 seconds]
23:19 -!- Dizzle [~Dizzle@2605:6000:1019:41ab:594a:5720:aafd:dab8] has quit [Quit: Leaving...]
--- Log closed Mon Oct 01 00:00:24 2018