--- Log opened Wed Dec 26 00:00:04 2018
00:04 -!- harrymm [~harrymm@mx-ll-223.204.198-37.dynamic.3bb.co.th] has joined #bitcoin-wizards
00:35 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has quit [Ping timeout: 260 seconds]
00:37 -!- harrymm [~harrymm@mx-ll-223.204.198-37.dynamic.3bb.co.th] has quit [Ping timeout: 246 seconds]
00:39 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has joined #bitcoin-wizards
00:50 -!- harrymm [~harrymm@69.161.195.103] has joined #bitcoin-wizards
01:01 -!- elichai2 [uid212594@gateway/web/irccloud.com/x-nrgbenpcgnfxidig] has joined #bitcoin-wizards
01:03 < elichai2> Hey, Question, why are people more afraid of rangeproofs/bulletproofs being broken than ECC? is it because the math is more complicated? because it is way newer math? or is it completely illogical?
01:07 < sipa> their security assumptions are exactly the same
01:07 < sipa> so not sure what you mean
01:08 < elichai2> sipa: yeah I know that the security assumptions are the same, but at least I feel on twitter and social media that people are more afraid of "hidden inflation" due to range proofs being broken than they are afraid of someone stealing bitcoins by breaking ECC
01:08 < sipa> oh, sure
01:08 < elichai2> maybe it's the same reason as why satoshi used ECDSA instead of Schnorr? because it was older and had more time for bugs to be discovered?
01:09 < sipa> forged signatures are detectable
01:09 < sipa> hidden inflation is not
01:09 < elichai2> So i'm just trying to understand if this fear is logical at all
01:10 < elichai2> but still, if it's possible to forge ECDSA sigs all your bitcoins are worth nothing now
01:10 < sipa> that's far less scary than someone inflating the currency for years without being detected
01:10 < sipa> if forged signatures are detected you can create a new chain with post quantum crypto in theory, with a snaoshot of the utxo set before the forgery
01:11 < elichai2> hmm maybe, idk, I personally not afraid of DLP breaking soon
01:11 < elichai2> but how could you know which signatures are forged and which are real?
01:11 < elichai2> I mean only the owner of the key can know
01:11 < sipa> sure
01:11 < sipa> but in case of inflation nobody will know
01:11 < sipa> ever
01:11 -!- gakonst [5e43662b@gateway/web/freenode/ip.94.67.102.43] has joined #bitcoin-wizards
01:12 < elichai2> So as a dev that does HF how do you know at which block all the money is legitimate? an attack like this undermines the whole monetary
01:12 < sipa> devs don't do HFs, a community does :)
01:12 < elichai2> yeah but I'm not sure the fact that you don't know is any more devastating than if you do know
01:13 < elichai2> haha yeah but some dev will need to make the change so the community can run the new software, he'll probably need to hard code the last trusted block before when he thinks the forgery happenned
01:14 < sipa> ok, another one: an ECC break we see coming we can prepare for by introducing quantum secure signature slowly ahead of time
01:15 < sipa> as a softfork, even
01:15 < elichai2> but if you see it coming than you can try to introduce some quantom security to the rangeproofs too
01:16 < elichai2> e.g. switching to ElGamal commitments or maybe something entirely else: https://eprint.iacr.org/2018/046.pdf
01:17 < elichai2> *different
01:17 < cjd> also consider the fact that even if ECDSA is broken, that's only usable against keys which have received *and* spent money, keys which are just holding money are safe because nobody actually knows the key, only the hash of the key
01:17 < sipa> cjd: i think that's a bogus argument :)
01:18 < sipa> key reuse is so rampant that a very significant portion of the monetary base is at risk, enough to destroy trust in the remainder
01:18 < cjd> You have a point, but for a reclusive millionaire who is obsessed with quantum computers, that is a sort of answer
01:19 < sipa> it also relies on making a weird assumotion about a theoretival device that does not exist
01:20 < sipa> namely that it somehow can be used to break keys in the timeframe of >days, but not in <=hours
01:21 < cjd> The answer which our obsessive millionaire would use is that their cold wallet keys are secret and if there is a break, people will know it pretty quickly and they will then hold tight until a proper fork was made
01:21 < sipa> i think that as bitcoin is used right now, if a sufficiently powerful QC (for some value of sufficiently powerful) appears, bitcoin has a problem
01:21 < cjd> agreed
01:21 < sipa> it's not quite as bad as the possibly-hidden-inflation-for-years... but still it would be very dramatic
01:22 < cjd> but QC is important later, optics and warm-and-fuzzies are important now :)
01:22 < sipa> maybe
01:23 < sipa> the solution to QC and bitcoin imho is taking the time to research possible solutions properly
01:24 < cjd> That said, what I hear from the quantum space is that hashes are not necessarily safe, we just don't know them to be broken, so PQ algorithms are not necessarily PQ
01:25 < cjd> My intuition is that they will be at risk because the amount of entropy is not as much as it appears to be and for a hash to function properly, it needs to destroy some, but that's just an intuition
01:26 < sipa> elichai2: properly allowing amount commitments to be upgradable to be unconditionally sound requires having the scheme worked out fron the start; you can't switch later to a secure schene you don't know yet as a SF
01:26 < sipa> elielialso, such schemes have inevitably another downside; either the QC can forge the amounts, or it can break privacy of past transactions
01:27 < elichai2> btw, I didn't talk specifically about a quantum computer, I talked about generally abusing ECC, being broken in one of these ways: 1. Breaking DLP. 2. Finding a way to break ECC without breaking DLP. 3. Quantum Computer
01:27 < elichai2> cjd: for a reclusive millionaire this isn't a solution, as long as most of the monetary base is at risk his coins will be worthless
01:27 < sipa> elichai2: all the same
01:28 < sipa> elichai2: any such system will either permit an ECC break to perform hidden inflation, or to break privacy of past transactions
01:28 < elichai2> sipa: maybe it will be possible to reveal  the amounts and "burn" the coins into a new commitment?
01:29 < cjd> I think re anonymity, the ideal model is to allow people to transfer their money into and out of a black box, the black box has a balance and if ever the math which makes the black box work fails, the box fails but other money is still safe
01:30 < sipa> cjd: there is an argument to be made that if an ECC break is the end of bitcoin (not a position i necessarily agree with, but it's a reasonable thing to say), that it's better to have it break comoletely going forward, but protect privacy of the past
01:31 < sipa> as the alternative is that the box remains secure but nonprivate... and now things that were supposed to be private get revealed, and eventually the system breaks anyway
01:31 < cjd> Agreed, but I think this is why the NSA is so hot for making QC work
01:32 < cjd> anonymous capital is going to be problematic for states in the medium term
01:32 < sipa> so it's a choice between an insecure future and private past, or a mostly insecure future and a revealed past
01:32 < elichai2> cjd: is that even technically possible? to monitor the balance of the box as a whole?
01:32 < sipa> elichai2: extension block
01:32 < elichai2> I mean you can easily monitor what goes inside the box and what comes back from it and make sure that there are no inflation that way
01:33 < sipa> i think it's the only somewhat feasible way to deploy hidden amounts in bitcoin
01:33 < elichai2> sipa: yeah, but I'm saying does CT math let you somehow check a "balance"?
01:33 < sipa> of course not
01:33 < sipa> by definition
01:33 < cjd> you check the balance of the whole box, not everyone whose in it
01:33 < cjd> *who is
01:33 < sipa> that wouldn't be zero knowledge
01:33  * cjd -> coffee, brb
01:33 < elichai2> yeah that's why I askede
01:34 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
01:35 < elichai2> cjd is suggesting to check the balance of the whole box. how can this be possible? (e.g. in Liquid if you inflate lbtc's you won't be able to withdraw more than is pegged but it will still be hidden lbtc inflation )
01:35 < cjd> right, so if the box fails then the last person to withdraw from it loses
01:35 < elichai2> yes
01:35 < sipa> elichai2: you solve it by having a different currency on each side
01:36 < cjd> but that's a contained failure
01:36 < sipa> and the exchange rate between the two reflects the trust the public has that the cryptography is not broken
01:36 < cjd> I would just allow people to withdraw 1:1 until the balance reaches zero
01:36 < elichai2> sipa: it's completely invalid to say that we're afraid of range proofs because it was studied less and hence more possible that we're missing some weaker assumption?
01:37 < cjd> if the balance reaches zero and there are more valid withdrawals, the math broke
01:37 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has quit [Ping timeout: 252 seconds]
01:37 < sipa> elichai2: there is engineering complexity of course
01:37 < elichai2> yeah
01:37 < elichai2> cjd: yeah, but that's assumes it will ever be zero
01:37 < sipa> which brings attack vectors and risks
01:37 < cjd> kind of like a Swiss Bank, it protects your privacy but it might go bankrupt
01:37 < elichai2> sipa: I'm not saying imeplemention faults, only pure math
01:38 < sipa> elichai2: no, they're provably sexure as long as ECC isn't broken
01:38 < cjd> in any case, it allows people to make a choice, which I think is the right thing to do
01:38 < sipa> *secure
01:39 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has joined #bitcoin-wizards
01:40 < elichai2> hmm ok, I'm still not convinced that breaking ECC any less devestating than breaking range-proofs but I get the psychology
01:42 < sipa> elichai2: there is also a very pragmatic argument... rangeproofs in-chain (without a separate extension area) requires a HF inevitably
01:42 < elichai2> sipa: yeah that's talking about bitcoin, I had grin in mind but you're right
01:42 < sipa> doesn't grin already have CT and more?
01:43 < sipa> it's mimblewimble which is based on CT
01:43 < sipa> (i know very little about grin)
01:43 < elichai2> grin is pretty straight forward MW
01:43 < elichai2> but with bulletproofs, and some graph search PoW
01:44 < sipa> then i don't understand the question
01:44 < cjd> I think it would be nice to have  ECDSA + NTRU  signatures on everything, since the address is hash(key) it doesn't require longer addresses, just more data in a tx
01:44 < cjd> or (again) give people a choice
01:44 < sipa> cjd: can't do any of the cool things that nake it practical though :(
01:44 < sipa> no public derivation of keys
01:44 < elichai2> People out there trust the math of grin less than of bitcoin and I wasn't sure if it's logical or psychological
01:45 < sipa> no taproot
01:45 < sipa> elichai2: i think it's engineering :)
01:45 < sipa> not math
01:45 < cjd> oh you mean the stuff with point addition to get keys and plain addition to get private keys ?
01:45 < sipa> they have 10 years of experience that the bitcoin ecosystem went through to battle harden against various important and less important attacks to reinvent
01:46 < elichai2> sipa: grin is Rust which makes some specific bugs less likely
01:46 < sipa> elichai2: and others more likely
01:46 < elichai2> but I agree that bitcoin have way more refinment and edge cases handling than any other coin out there
01:47 < sipa> but i'm more talking about DoS attacks
01:47 < sipa> and about practices of develooment that reduce risks
01:47 < sipa> not so much the code itself
01:47 < elichai2> yeah I agree with you on that
01:47 < elichai2> I like grin because it's the first not commercial DLP only coin
01:48 < sipa> i'm biased of course, here
01:48 < sipa> huh?
01:48 < elichai2> yeah haha
01:48 < mryandao> why is a DLP only coin a good thing?
01:48 < mryandao> when the QC threat is very real.
01:48 < sipa> what about bitcoin?
01:48 < elichai2> because other ZKP's are weaker assumptions (CRH)
01:49 < sipa> mryandao: QC is trading expoentntial runtime for exponential engineering time :)
01:50 -!- e4xit [~e4xit@cpc123762-trow7-2-0-cust7.18-1.cable.virginm.net] has joined #bitcoin-wizards
01:50 < mryandao> that might be the case today, give it a couple of years there might be breakthroughs in QC. (shrugs)
01:50 < sipa> cjd: i also don't agree that giving people a choice between ec and ntru (or whatever) is a good idea; it's a gratuitous loss of fungibility when people need to expose their preferences about the security needed for coins
01:51 < mryandao> w.r.t DLP problems, bitcoin also needs hash collisions to be fully compromised.
01:51 < sipa> mryandao: no
01:51 < cjd> hm, interesting point
01:51 < sipa> cjd: plus if it's mixed within the same 'domain', and you personally believe that some TLA is going to have a WC in the near future, you don't want anyone to still use ecdsa even, because it threatens your monetary base as well
01:52 < sipa> s/WC/QC/
01:52 < mryandao> sipa: no? if i dont know the preimage of the hash, how'd can i reliably be able to reproduce a witness to spend a targeted output.
01:52 < sipa> mryandao: plenty of coins have their public keys known
01:52 < sipa> that's enough
01:52 < sipa> even if yours don't
01:53 < mryandao> oh well.
01:53 < mryandao> everyone should just use scripthash
01:53 < sipa> i don't think so
01:54 < sipa> i think we should research PQ solutions, to deploy when necessary
01:54 < cjd> My understanding of it is that it used to be a physics problem, now it's considered an engineering problem.. when QC exists we will have a lot of new ways to encrypt things which we don't today, but also it's going to be a mess for a lot of different types of encryption and Shor attack is not likely to be the end of it
01:55  * sipa is slightly skeptical and beliefs researchers who say that sort of thing might have an easier time finding funding :)
01:56 < sipa> that said, i'm not an expert at all
01:56 < cjd> That's a good point, it might be a big ruse and a lot of smoke-blowing in order to get funding, because from a state perspective it is a Fountain of Youth
01:57 < cjd> I've spent a fair amount of time behind the curtain in the research world, but unfortunately not behind that particular curtain
01:58 < mryandao> sipa: regarding the choices you mentioned earlier, isnt script hash v. exposing public key the same thing?
01:59 < sipa> mryandao: i just don't think that hashes can be counted on to protect against anything in a PQ world
01:59 < sipa> they may, or they may not
01:59 < cjd> ^^ this is agreeing with what I've heard
01:59 < sipa> but who knows what kind fo characterisics such a hypothetical device has
02:00 < mryandao> is there anything about QC making finding pre-images easier? o.O
02:00 < cjd> yes
02:01 < sipa> yes, it halves the security level
02:01 < sipa> but also, who knows what the constant factors are?
02:01 < cjd> Well, I know a guy who is writing theoretical programs for these type of machines and simulating them on a supercomputer, there is a fair amount known from them because in theory we're able to factor numbers like 15 (if you believe what the QC builder companies say)
02:02 < sipa> maybe breaking an EC signature takes 10 years on a QC
02:02 < sipa> in which case there is not much under threat
02:02 < sipa> or maybe it takes 1 minute, and then hashes won't save you
02:02 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
02:02 < cjd> hm, I don't think that's really under question
02:03 < cjd> My understanding is the complexity of keeping particals entangled grows with the number of particles
02:04 < cjd> With an 8 qbit QC, you're only going to factor 8 bit numbers, so that's not much fun
02:04 < sipa> yes the biggest question is whether a sufficiently large number of qbits can be kept consist for long enough iirc
02:05 < cjd> We might find that states get 128 or 256 qbit machines in 10 years but it takes 30 years to get 1024 qbit machines, so all we really need to do is keep the same boring crypto but with longer keys
02:05 < sipa> or otherwise whether it can be grown so much that error correction can be built in to keep the consistency around for longer
02:06 < cjd> *nod*
02:07 < cjd> maybe we find that RSA 2048 remains quite safe
02:07 < sipa> iirc 256-bit EC requires 2000 ish qbits
02:14 < cjd> ahh, cool
02:14 < cjd> that I didn't know
02:17 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has quit [Ping timeout: 250 seconds]
02:19 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has joined #bitcoin-wizards
02:21 < elichai2> cjd: I'm not a physicist, but as far as I know QC is a very hard engineering  problem now, and they hope for a better physics solution to make the engineering easier
02:21 < cjd> sounds about right
02:39 -!- DeanGuss [~deanguss@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
02:39 -!- DeanGuss [~deanguss@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
02:41 -!- DeanGuss [~deanguss@gateway/tor-sasl/deanguss] has quit [Client Quit]
02:41 -!- gakonst [5e43662b@gateway/web/freenode/ip.94.67.102.43] has quit [Quit: Page closed]
02:46 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
02:56 -!- harrymm [~harrymm@69.161.195.103] has quit []
03:02 -!- rh0nj [~rh0nj@136.243.139.96] has quit [Remote host closed the connection]
03:03 -!- rh0nj [~rh0nj@136.243.139.96] has joined #bitcoin-wizards
03:35 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
03:41 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
04:06 -!- ghost43 [~daer@gateway/tor-sasl/daer] has quit [Quit: Leaving]
04:06 -!- ghost43 [~daer@gateway/tor-sasl/daer] has joined #bitcoin-wizards
04:25 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
04:32  * nsh tips hat at cjd 
04:36 < nsh> "one-more-DLP" - as very much used/overloaded in bulletproofs - is a very nominally slightly different security computational hardness assumption than ecDLP in ECDSA in bitcoin but no published results make it quantitatively easier or harder in terms of proven bounds afaik
04:38 < nsh> but the security proof reductions are not trivial either and some claims reductive proofs are less obviously correct than as written: https://eprint.iacr.org/2007/442.pdf
04:38 < nsh> *claimed
04:41 < sipa> nsh: sure yiu're not confusing with the first musig paper draft?
04:45 < nsh> (also in a zero-knowledge system there's a choice of failure mode - the hiding or the blinding - and bulletproofs fails open in the sense that a break wouldn't allow the unmasking of historical transactions -- but would stop the system being usable anymore)
04:45 < nsh> i'm pretty sure bulletproofs falls under 1MDLP
04:45 < sipa> bulletproofs afaik rely one just DLP
04:47 < nsh> well, it's a non-trivial DLP relation that would have to be found
04:47 < nsh> but it's not the preimage of a single exponentiation
04:48 < nsh> but the distinction isn't very meaningful in terms of known security consequences
04:49 < cjd> howdy nsh
04:49 < nsh> hope you're well and season's &c. :)
04:50 < cjd> I am thanks, and same to you
04:52 < cjd> I've been working on CPU-hard mining algorithms and I happened upon a low clock speed high parallelism processor arch which I think ruins any hope of long term asic resistance
04:53 < cjd> diagram here: https://pixelfed.social/p/cjd/24845
04:54 -!- dvknv_ [~dvknv@cpe-174-102-9-136.cinci.res.rr.com] has quit []
04:54 < cjd> Replace "GPU core" with "bunch of little ALUs with no registers nor caches" and you can do it in hardware
04:56 < nsh> sipa, i think you're right actually. must have been confusing something but as written bootle's work relies on just DLP via pederson multicommitments to an inner-product relation and a polynomial in vectors evaluated at a point but i feel like it's a bit of a gloss still to trivialise the geometric structure that is reduced to the zk proof of the openability of the inner-product pederson commitment
04:57 < nsh> but there's no accepted terms of art for how the DLP assumption is being overloaded and more research is indicated, is my opinion at least
05:03 < nsh> cjd, maybe try and estimate how that arch would perform against e.g. new monero mining algorithm [CryptoNight Variant 2 i think it is now]
05:04 < cjd> should "keep all available circuits busy" if it was made as an ASIC
05:04 < nsh> i think the game at the moment is saturating PC cpu cache line performance as well as having serial reads of the large scatch space
05:05 < nsh> i haven't got my head around where the optimality comes from yet
05:05 < cjd> of my design ?
05:06 < nsh> of cryptonightv2 being PC CPU-easy via memory bandwidth
05:06 < cjd> ahh
05:06 < nsh> 'Is 4 times more demanding for memory bandwidth. This means that older GPUs might experience a hashrate reduction of up to 20%.
05:06 < nsh> '
05:07 < cjd> I think the idea was that CPUs pull a 64 byte cache line every time you touch 1 bit, so better just use the whole thing
05:07 < nsh> right
05:08 < cjd> tune to the hardware you have, that model still works for the most part.. but if one transistor on your proc is idle then someone will make an ASIC without that transistor
05:08 < nsh> the battle is lead time really vs the expected time to even returns for taping out an ASIC
05:08 < nsh> if the PoW can be tweaked in a 6 month release cycle
05:09 < cjd> My finding is that general purpose problems like "compile linux" are not really safe against ASICs as long as they can be parallelized, and unless verification is highly expensive, they can
05:09 < cjd> Also my design is a general purpose processor, so tweaking the algorithm will stop working
05:10 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
05:11 < cjd> This is basically a 10mhz processor running a million threads, or something like that
05:15 < nsh> hmm, i wonder if you can do recursive PoW (ie any parallelism has to chase the tip of a hash tree in the same way that individual miners do on the bitcoin network [abandon hashing, reverify and recommence hashing over new valid tip]
05:15 < nsh> )
05:16 < cjd> hm, you mean create a dataset which you can use for a while but then you have to switch ?
05:16 < nsh> yeah, whenever a thread wins some hash difficulty on the scratch data
05:17 < cjd> how do you verify ?
05:17 < cjd> I think if verification is cheap, the whole thing devolves into simple guess-and-check
05:18 < nsh> maybe hmm
05:18 < nsh> the problem is that if one ASIC/GPU+CPU is running all the threads they they can compare notes on what nonces they're tried already
05:18 < nsh> which we assume isn't happening with diverse miners
05:19 < cjd> well, if it's an advantage, a pool can give out nonce ranges
05:20  * nsh nods
05:21 < cjd> You might try to reuse some of the verification expense from verifying the transactions themselves as expense for verifying the PoW
05:22 < cjd> If it takes 1MB to verify, you can mine DRAM_SIZE / 1MB parallel threads
05:22 < nsh> oh yeah you can use the @satoshi trick to kinda rotate all the transaction sigs
05:22 < nsh> and then they all have to be reverified again
05:23 < nsh> (ECDSA property where you can modify a real signature over a message to be another valid signature over a new uncontrollable message)
05:23 < cjd> on neat
05:23 < nsh> or message determined by the extension of a valid msg+sig pair
05:24 < nsh> so if everything that must be validated is rotated in an inherently serial way (through iterated hashing) then it at least replicates the verification load each time
05:25 < nsh> then you add a hash lottery and individual threads can win and it resets the validation and obviates the work done by other threads
05:25 < cjd> yup, but nobody can verify a block in parallel anymore :)
05:26 < nsh> well you can add this difficulty within mining but not for actual network level block validation i think
05:26 < cjd> IMO no
05:26 < nsh> hm, need to think harder about it
05:26 < cjd> because otherwise the mining is reduced to guess and check using the verification algorithm
05:27 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
05:28 < cjd> neat thing is that a lot of things in the world are reasonably parallelizable, if you have thousands of threads available, stuff like verifying transactions in a block is worth a revisit
05:30 -!- bsm117532 [~mcelrath@c-24-61-184-150.hsd1.ma.comcast.net] has quit [Quit: Leaving.]
05:30 -!- bsm117532 [~mcelrath@c-24-61-184-150.hsd1.ma.comcast.net] has joined #bitcoin-wizards
05:31 < cjd> and intuitively, I expect that with Ghz hardware clock speed, this arch can probably achieve as much as 100 MIPS with programs where each instruction is dependent on the output of the last
05:31 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Ping timeout: 240 seconds]
05:32 < nsh> would be good to simulate your arch over GPU (or something like the epiphany coproc on the parallela board, of which i have one but might be too bad/slow at coding on it to knock up a sketch of your proposal)
05:32 < cjd> yes, I'm definitely going to try it on a GPU in the next few months/years
05:33 < cjd> I plan to go forward with the hardest CPU-bound work I can think of, with the hope that my PoW will help encourage this processor to be created
05:35 < nsh> cool :)
05:35 < cjd> It's also encouraging to see where languages (e.g. Rust) are going, because this type of language lends itself to parallel execution
05:39  * nsh nods
05:44 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has quit [Ping timeout: 250 seconds]
05:49 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has joined #bitcoin-wizards
06:04 -!- e4xit [~e4xit@cpc123762-trow7-2-0-cust7.18-1.cable.virginm.net] has quit [Quit: quit]
06:07 -!- e4xit [~e4xit@cpc123762-trow7-2-0-cust7.18-1.cable.virginm.net] has joined #bitcoin-wizards
06:29 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has quit [Ping timeout: 250 seconds]
06:29 -!- nephyrin [~neph@2601:600:817f:f46a:e41d:6f5c:e3be:b8ad] has joined #bitcoin-wizards
06:31 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 250 seconds]
06:59 -!- fabianfabian [~fabianfab@D9656CCE.cm-27.dynamic.ziggo.nl] has joined #bitcoin-wizards
07:04 -!- rh0nj [~rh0nj@136.243.139.96] has quit [Remote host closed the connection]
07:05 -!- rh0nj [~rh0nj@136.243.139.96] has joined #bitcoin-wizards
07:21 -!- ryanofsky [~russ@jumpy.yanofsky.org] has quit [Quit: ZNC 1.7.1 - https://znc.in]
07:24 -!- ryanofsky [~russ@jumpy.yanofsky.org] has joined #bitcoin-wizards
07:59 -!- kinlo [~peter@unaffiliated/kinlo] has quit [Quit: !]
08:05 -!- Spartan54 [~Spartan54@2401:4900:3139:f874:fb7f:fdc6:7704:2522] has joined #bitcoin-wizards
08:05 -!- Spartan54 [~Spartan54@2401:4900:3139:f874:fb7f:fdc6:7704:2522] has quit [Client Quit]
08:06 -!- kinlo [~peter@unaffiliated/kinlo] has joined #bitcoin-wizards
08:08 -!- Spartan54 [~Spartan54@2401:4900:3139:f874:fb7f:fdc6:7704:2522] has joined #bitcoin-wizards
08:09 -!- Spartan54 [~Spartan54@2401:4900:3139:f874:fb7f:fdc6:7704:2522] has quit [Client Quit]
08:31 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:34 -!- thomasan_ [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:36 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Ping timeout: 250 seconds]
08:36 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:37 < gmaxwell> elichai2: Schnorr is much older than ECDSA and at least academically was much better studied.
08:38 -!- thomasan_ [~thomasand@207.189.31.94] has quit [Ping timeout: 245 seconds]
08:39 < elichai2> gmaxwell: really? So why didn't Satoshi used schnorr?
08:39 -!- thomasan_ [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:40 < sipa> elichai2: likely because he didn't know about it
08:40 < sipa> at the time there were no schnorr-based standardized signature schemes
08:41 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Ping timeout: 246 seconds]
08:41 < gmaxwell> elichai2: AFAIK there were no industrial grade implementations available, at least not in open source software... due to it having been patented until not long before bitcoin existed.
08:41 < gmaxwell> (ECDSA was created specifically to dodge the schnorr patent.)
08:42 -!- thomasan_ [~thomasand@207.189.31.94] has quit [Read error: Connection reset by peer]
08:43 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:44 < sipa> or rather, DSA was
08:44 < sipa> ECDzsA is just an adaptation of DSA for elliptic curves
08:45 < sipa> *ECDSA
08:46 -!- Murch [~murch@adsl-89-217-32-254.adslplus.ch] has joined #bitcoin-wizards
08:46 -!- thomasan_ [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:47 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Ping timeout: 240 seconds]
08:49 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:51 -!- thomasan_ [~thomasand@207.189.31.94] has quit [Ping timeout: 246 seconds]
08:51 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Read error: Connection reset by peer]
08:51 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:54 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Read error: Connection reset by peer]
08:54 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:56 -!- koshii [~mike@c-68-38-246-130.hsd1.in.comcast.net] has quit [Read error: Connection reset by peer]
08:57 -!- thomasan_ [~thomasand@207.189.31.94] has joined #bitcoin-wizards
08:58 -!- koshii [~mike@c-68-38-246-130.hsd1.in.comcast.net] has joined #bitcoin-wizards
08:59 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Ping timeout: 244 seconds]
08:59 -!- thomasan_ [~thomasand@207.189.31.94] has quit [Read error: Connection reset by peer]
08:59 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
09:03 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Read error: Connection reset by peer]
09:04 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
09:08 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Ping timeout: 250 seconds]
09:12 -!- grubles [~grubles@unaffiliated/grubles] has quit [Remote host closed the connection]
09:19 -!- achow101_ [~achow101@unaffiliated/achow101] has joined #bitcoin-wizards
09:19 -!- Murch [~murch@adsl-89-217-32-254.adslplus.ch] has quit [Quit: Snoozing.]
09:20 -!- achow101 [~achow101@unaffiliated/achow101] has quit [Ping timeout: 250 seconds]
09:22 -!- achow101_ is now known as achow101
09:22 -!- Murch [~murch@adsl-89-217-32-254.adslplus.ch] has joined #bitcoin-wizards
09:38 -!- Murch [~murch@adsl-89-217-32-254.adslplus.ch] has quit [Quit: Snoozing.]
09:39 -!- Dizzle [~Dizzle@unaffiliated/dizzle] has joined #bitcoin-wizards
10:09 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has quit [Remote host closed the connection]
10:10 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has joined #bitcoin-wizards
10:11 -!- Dizzle [~Dizzle@unaffiliated/dizzle] has quit [Quit: Leaving...]
10:16 -!- IGHOR [~quassel@93.178.216.72] has quit [Quit: http://quassel-irc.org ? ??????????? ?????????. ????-??.]
10:29 -!- IGHOR [~quassel@93.178.216.72] has joined #bitcoin-wizards
10:40 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has joined #bitcoin-wizards
10:40 -!- Zenton [~user@unaffiliated/vicenteh] has quit [Ping timeout: 240 seconds]
10:48 -!- Guyver2_ [~Guyver@2001:985:f3f:1:3973:8912:183b:55da] has joined #bitcoin-wizards
10:51 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has quit [Ping timeout: 264 seconds]
11:06 -!- rh0nj [~rh0nj@136.243.139.96] has quit [Remote host closed the connection]
11:08 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
11:09 -!- rh0nj [~rh0nj@136.243.139.96] has joined #bitcoin-wizards
11:37 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
12:06 -!- IGHOR [~quassel@93.178.216.72] has quit [Quit: http://quassel-irc.org ? ??????????? ?????????. ????-??.]
12:11 -!- elichai2 [uid212594@gateway/web/irccloud.com/x-nrgbenpcgnfxidig] has quit [Quit: Connection closed for inactivity]
12:21 -!- fabianfabian [~fabianfab@D9656CCE.cm-27.dynamic.ziggo.nl] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:24 -!- IGHOR [~quassel@93.178.216.72] has joined #bitcoin-wizards
12:46 -!- bsm117532 [~mcelrath@c-24-61-184-150.hsd1.ma.comcast.net] has quit [Remote host closed the connection]
12:47 -!- bsm117532 [~mcelrath@c-24-61-184-150.hsd1.ma.comcast.net] has joined #bitcoin-wizards
12:55 -!- Krellan [~Krellan@2601:640:4000:a876:d5b7:d9c4:4922:5f37] has quit [Quit: Leaving...]
13:28 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
13:36 -!- Guyver2_ [~Guyver@2001:985:f3f:1:3973:8912:183b:55da] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
13:49 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Remote host closed the connection]
13:52 -!- bitcoin-wizards4 [b1e5b0d3@gateway/web/freenode/ip.177.229.176.211] has joined #bitcoin-wizards
13:56 -!- jcorgan [~jcorgan@unaffiliated/jcorgan] has quit [Read error: Connection reset by peer]
13:56 -!- jcorgan [~jcorgan@64-142-68-61.dsl.static.sonic.net] has joined #bitcoin-wizards
13:56 -!- bitcoin-wizards4 [b1e5b0d3@gateway/web/freenode/ip.177.229.176.211] has quit [Ping timeout: 256 seconds]
14:03 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
14:07 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
14:09 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
14:15 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has quit [Remote host closed the connection]
14:16 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has joined #bitcoin-wizards
14:19 -!- devdig[m] [devdigmatr@gateway/shell/matrix.org/x-yhyrtzolhesnkulf] has joined #bitcoin-wizards
14:27 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Remote host closed the connection]
14:52 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
15:04 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Remote host closed the connection]
15:06 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Remote host closed the connection]
15:10 -!- rh0nj [~rh0nj@136.243.139.96] has quit [Remote host closed the connection]
15:13 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
15:17 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
15:37 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
15:50 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
16:10 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Remote host closed the connection]
16:29 -!- skang404 [~user@216-19-185-229.dyn.novuscom.net] has joined #bitcoin-wizards
16:34 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
16:38 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 250 seconds]
16:59 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Remote host closed the connection]
17:07 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
17:08 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
17:14 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
17:18 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 250 seconds]
17:23 -!- thomasanderson [~thomasand@207.189.31.94] has joined #bitcoin-wizards
17:55 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 245 seconds]
18:42 -!- rh0nj [~rh0nj@136.243.139.96] has joined #bitcoin-wizards
18:47 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has quit [Ping timeout: 268 seconds]
18:47 -!- Belkaar [~Belkaar@xdsl-213-168-88-148.nc.de] has joined #bitcoin-wizards
18:47 -!- Belkaar [~Belkaar@xdsl-213-168-88-148.nc.de] has quit [Changing host]
18:47 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has joined #bitcoin-wizards
18:49 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy477nqtq1ryhdl.ipv6.telus.net] has joined #bitcoin-wizards
18:52 -!- thomasanderson [~thomasand@207.189.31.94] has quit [Ping timeout: 246 seconds]
19:01 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
19:05 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 245 seconds]
19:48 -!- davec [~davec@cpe-24-243-249-218.hot.res.rr.com] has quit [Ping timeout: 246 seconds]
19:55 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
20:00 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 268 seconds]
20:10 -!- davec [~davec@cpe-24-243-249-218.hot.res.rr.com] has joined #bitcoin-wizards
20:21 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has quit [Remote host closed the connection]
20:22 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has joined #bitcoin-wizards
20:30 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy477nqtq1ryhdl.ipv6.telus.net] has quit [Remote host closed the connection]
20:33 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy477nqtq1ryhdl.ipv6.telus.net] has joined #bitcoin-wizards
20:50 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy477nqtq1ryhdl.ipv6.telus.net] has quit [Remote host closed the connection]
20:52 -!- ruby32_ [~ruby32@cpe-72-227-239-168.nyc.res.rr.com] has joined #bitcoin-wizards
20:53 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy6kzvqdwti9baw.ipv6.telus.net] has joined #bitcoin-wizards
20:54 -!- ruby32 [~ruby32@2604:2000:e882:c800:b8e9:59ec:6894:62ec] has quit [Ping timeout: 250 seconds]
20:55 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy5s38gcokzmfh6.ipv6.telus.net] has joined #bitcoin-wizards
20:57 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy6kzvqdwti9baw.ipv6.telus.net] has quit [Ping timeout: 252 seconds]
20:58 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy4n66qdv9c3d4y.ipv6.telus.net] has joined #bitcoin-wizards
21:00 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy5s38gcokzmfh6.ipv6.telus.net] has quit [Ping timeout: 250 seconds]
21:02 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy4n66qdv9c3d4y.ipv6.telus.net] has quit [Ping timeout: 250 seconds]
21:03 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy5ahkfr9vh71zw.ipv6.telus.net] has joined #bitcoin-wizards
21:07 -!- davec [~davec@cpe-24-243-249-218.hot.res.rr.com] has quit [Ping timeout: 250 seconds]
21:08 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy5ahkfr9vh71zw.ipv6.telus.net] has quit [Ping timeout: 252 seconds]
21:08 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy564667zvwbacp.ipv6.telus.net] has joined #bitcoin-wizards
21:09 -!- ruby32_ [~ruby32@cpe-72-227-239-168.nyc.res.rr.com] has quit [Remote host closed the connection]
21:11 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy4ztllwphzffj1.ipv6.telus.net] has joined #bitcoin-wizards
21:13 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy564667zvwbacp.ipv6.telus.net] has quit [Ping timeout: 252 seconds]
21:14 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy4qwz1wdmgwkq6.ipv6.telus.net] has joined #bitcoin-wizards
21:16 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy4ztllwphzffj1.ipv6.telus.net] has quit [Ping timeout: 252 seconds]
21:16 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy47muv7jvfrslk.ipv6.telus.net] has joined #bitcoin-wizards
21:18 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy4qwz1wdmgwkq6.ipv6.telus.net] has quit [Ping timeout: 252 seconds]
21:19 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy478pq3o3l9wz5.ipv6.telus.net] has joined #bitcoin-wizards
21:21 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy47muv7jvfrslk.ipv6.telus.net] has quit [Ping timeout: 268 seconds]
21:24 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy478pq3o3l9wz5.ipv6.telus.net] has quit [Ping timeout: 268 seconds]
21:24 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy6vsat12py4rcp.ipv6.telus.net] has joined #bitcoin-wizards
21:27 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy40yf855p7y5g0.ipv6.telus.net] has joined #bitcoin-wizards
21:29 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy6vsat12py4rcp.ipv6.telus.net] has quit [Ping timeout: 268 seconds]
21:29 -!- thomasa__ [~thomasand@node-1w7jr9yc9mwy4p17l2ftr80if.ipv6.telus.net] has joined #bitcoin-wizards
21:32 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy40yf855p7y5g0.ipv6.telus.net] has quit [Ping timeout: 268 seconds]
21:34 -!- thomasa__ [~thomasand@node-1w7jr9yc9mwy4p17l2ftr80if.ipv6.telus.net] has quit [Ping timeout: 268 seconds]
21:35 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy4143ioeh4vhc0.ipv6.telus.net] has joined #bitcoin-wizards
21:37 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy45a1cyffgyo2z.ipv6.telus.net] has joined #bitcoin-wizards
21:40 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy4143ioeh4vhc0.ipv6.telus.net] has quit [Ping timeout: 260 seconds]
21:40 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy53yanhllccysh.ipv6.telus.net] has joined #bitcoin-wizards
21:42 -!- thomasanderson [~thomasand@node-1w7jr9yc9mwy45a1cyffgyo2z.ipv6.telus.net] has quit [Ping timeout: 260 seconds]
21:42 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
21:45 -!- thomasan_ [~thomasand@node-1w7jr9yc9mwy53yanhllccysh.ipv6.telus.net] has quit [Ping timeout: 260 seconds]
21:48 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 250 seconds]
21:48 -!- go1111111 [~go11111@104.156.98.86] has joined #bitcoin-wizards
21:49 -!- grubles [~grubles@unaffiliated/grubles] has joined #bitcoin-wizards
22:01 -!- grubles [~grubles@unaffiliated/grubles] has quit [Remote host closed the connection]
22:02 -!- grubles [~grubles@unaffiliated/grubles] has joined #bitcoin-wizards
22:39 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has quit [Remote host closed the connection]
22:40 -!- _whitelogger_ [~whitelogg@uruz.whitequark.org] has joined #bitcoin-wizards
22:45 -!- _whitelogger_ [~whitelogg@uruz.whitequark.org] has quit [Remote host closed the connection]
22:46 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has joined #bitcoin-wizards
23:00 -!- kenshi84 [~kenshi84@2409:11:c161:1300:69ce:75e9:85b4:9450] has quit [Ping timeout: 268 seconds]
23:06 -!- kenshi84 [~kenshi84@2409:11:c161:1300:19f5:4690:f7e5:b72a] has joined #bitcoin-wizards
23:10 -!- wizkid057 [~wk@unaffiliated/wizkid057] has quit [Read error: Connection reset by peer]
23:13 -!- ruby32 [~ruby32@cpe-72-227-239-168.nyc.res.rr.com] has joined #bitcoin-wizards
23:16 -!- wizkid057 [~wk@unaffiliated/wizkid057] has joined #bitcoin-wizards
23:30 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
23:35 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 250 seconds]
23:53 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
--- Log closed Thu Dec 27 00:00:03 2018