--- Log opened Mon Mar 11 00:00:12 2019
00:28 < luke-jr> well, you still need to fetch the file, and at that point you could just use RPC.. using the conf file would require a restart
00:54 -!- scoobybejesus [sid271506@gateway/web/irccloud.com/x-emfvqvaoiafpqavh] has quit [Ping timeout: 264 seconds]
00:54 -!- scoobybejesus [sid271506@gateway/web/irccloud.com/x-mabzcsclyszocmft] has joined #bitcoin-wizards
00:58 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has quit [Read error: Connection reset by peer]
01:00 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has joined #bitcoin-wizards
01:21 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
01:25 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 246 seconds]
01:29 -!- JackH [~laptop@185.155.119.193] has joined #bitcoin-wizards
01:36 -!- enemabandit [~enemaband@185.227.37.188.rev.vodafone.pt] has joined #bitcoin-wizards
02:02 -!- jungly [~quassel@79.8.200.97] has joined #bitcoin-wizards
02:11 -!- yokwe__ [sid51352@gateway/web/irccloud.com/x-mpcocpsvfkedhato] has quit [Ping timeout: 264 seconds]
02:12 -!- yokwe__ [sid51352@gateway/web/irccloud.com/x-vbkfeldyfggxtjxh] has joined #bitcoin-wizards
02:34 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has joined #bitcoin-wizards
02:34 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
02:36 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
02:37 -!- setpill [~setpill@unaffiliated/setpill] has joined #bitcoin-wizards
02:40 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
03:04 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Remote host closed the connection]
03:26 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
03:57 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
04:03 -!- TheoStorm [~TheoStorm@host-g4sn8hj.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
04:09 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
04:59 -!- mryandao [~mryandao@gateway/tor-sasl/mryandao] has quit [Remote host closed the connection]
05:00 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
05:00 -!- mryandao [~mryandao@gateway/tor-sasl/mryandao] has joined #bitcoin-wizards
05:01 -!- Aaronvan_ [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
05:04 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 255 seconds]
05:26 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
05:26 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
05:31 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
05:34 -!- Aaronvan_ [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 244 seconds]
06:05 -!- gie_ is now known as gie
06:20 -!- shesek [~shesek@unaffiliated/shesek] has quit [Quit: Leaving]
06:30 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards
07:02 -!- rafalcpp [~racalcppp@84-10-11-234.static.chello.pl] has quit [Remote host closed the connection]
07:30 -!- setpill [~setpill@unaffiliated/setpill] has quit [Quit: o/]
07:41 -!- rafalcpp [~racalcppp@84-10-11-234.static.chello.pl] has joined #bitcoin-wizards
07:51 -!- son0p_ [~son0p@181.136.99.9] has joined #bitcoin-wizards
08:20 -!- d_t [~d_t@108-65-77-11.lightspeed.sntcca.sbcglobal.net] has quit [Ping timeout: 244 seconds]
08:35 -!- son0p_ [~son0p@181.136.99.9] has quit [Remote host closed the connection]
08:37 -!- pinheadmz [~matthewzi@96-82-67-198-static.hfc.comcastbusiness.net] has joined #bitcoin-wizards
08:42 -!- rh0nj [~rh0nj@88.99.167.175] has quit [Remote host closed the connection]
08:43 -!- rh0nj [~rh0nj@88.99.167.175] has joined #bitcoin-wizards
09:27 -!- pinheadmz [~matthewzi@96-82-67-198-static.hfc.comcastbusiness.net] has quit [Quit: pinheadmz]
09:29 -!- pinheadmz [~matthewzi@96-82-67-198-static.hfc.comcastbusiness.net] has joined #bitcoin-wizards
10:19 -!- jimpo_ [~jimpo@ec2-13-57-39-52.us-west-1.compute.amazonaws.com] has joined #bitcoin-wizards
10:19 -!- jimpo [~jimpo@ec2-13-57-39-52.us-west-1.compute.amazonaws.com] has quit [Quit: ZNC 1.7.1 - https://znc.in]
10:37 -!- jungly [~quassel@79.8.200.97] has quit [Remote host closed the connection]
10:37 -!- pinheadmz [~matthewzi@96-82-67-198-static.hfc.comcastbusiness.net] has quit [Quit: pinheadmz]
10:39 -!- pinheadmz [~matthewzi@96-82-67-198-static.hfc.comcastbusiness.net] has joined #bitcoin-wizards
10:40 -!- enemabandit [~enemaband@185.227.37.188.rev.vodafone.pt] has quit [Ping timeout: 245 seconds]
10:40 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Remote host closed the connection]
10:54 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
10:55 -!- ghost43 [~daer@gateway/tor-sasl/daer] has quit [Ping timeout: 256 seconds]
10:57 -!- elichai2 [uid212594@gateway/web/irccloud.com/x-dgjuhnfslgicarss] has joined #bitcoin-wizards
11:00 -!- ghost43 [~daer@gateway/tor-sasl/daer] has joined #bitcoin-wizards
11:36 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has quit [Remote host closed the connection]
11:37 -!- _whitelogger [~whitelogg@uruz.whitequark.org] has joined #bitcoin-wizards
11:38 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has joined #bitcoin-wizards
11:43 -!- Zenton [~user@unaffiliated/vicenteh] has quit [Ping timeout: 246 seconds]
12:10 < adiabat> Hi - I remember this paper being discussed / critiqued here a few months ago: https://arxiv.org/abs/1809.09044
12:10 < adiabat> (Fraud Proofs: Maximising Light Client Security and Scaling Blockchains with Dishonest Majorities)
12:11 < adiabat> I remember people having problems with it, if anyone has pointers to what those were, or maybe even just IRC logs that'd be a good place for me to start
12:14 < belcher> adiabat the channel logs are in the topic
12:15 < adiabat> ah! so they are :)
12:15 < adiabat> (had to scroll to see that :)
12:19 < sarang> Here's a question I've been thinking about regarding Bulletproofs' MPC construction... suppose you want to take part in an MPC but that any other player could be malicious
12:20 < sarang> In each round of the MPC, the other players (if they don't precommit to their proof shares) could modify their shares relative to yours; you then use them to compute supposed aggregate F-S challenges
12:21 < sarang> I can't identify a way that the other players could conspire to practically leak information about your (honest) values, but I wonder if it's possible to construct a simulator to show that provable zk is still possible (I think not)
12:22 < sarang> (we could also assume that the other players can't convince you to rewind)
12:35 < gmaxwell> the bullet proof is still ZK without being compacted.
12:46 < sarang> Honest-verifier ZK...
12:46 < sarang> But each aggregate F-S challenge is a hash of the sum of all the players' partial proof elements
12:47 < gmaxwell> Yep. I get what you're saying.
12:48 < gmaxwell> I think I would reflecively add a precommitment or delinerization there, but I'm not sure if it actually breaks it.
12:48 < sarang> I'm quite sure that precommitment to proof shares makes everything a-ok, but it doubles the rounds
12:49 < sarang> I wonder if you can get away with avoiding precommitment, using straight-up sums (as listed in the protocol), and still be confident of ZK
13:27 < andytoshi> you could get away if you generated all your randomness deterministically and provided a zkp proving that you'd done so
13:28 < andytoshi> you need to be bold in zkps. If you find your protocol doesn't work and think to turn back, don't!, the correct answer is to just add even more ZKPs
13:28 < andytoshi> ;)
13:28 < sarang> lol
13:29 < sarang> It is unfortunate for CoinJoin-style applications that the 3-round version assumes honest-but-curious adversaries only, which seems like a non-starter as a trust model
13:41 -!- son0p_ [~son0p@181.136.99.9] has joined #bitcoin-wizards
13:42 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
13:58 -!- Dyaheon [~Dya@dsl-trebng21-58c18d-23.dhcp.inet.fi] has quit [Ping timeout: 250 seconds]
14:01 -!- Dyaheon [~Dya@dsl-trebng21-58c18d-23.dhcp.inet.fi] has joined #bitcoin-wizards
14:16 < gmaxwell> sarang: huh, for coinjoins if someone jams the protocol, everyone is forced to open their commitments, and anyone who fails to do so (or whos openin was bogus) is kicked out.
14:17 < gmaxwell> and then you redo, with new addresses.
14:17 < sarang> Sure, it works but I'd say fails the 3-round advertisement :)
14:18 < gmaxwell> I don't think any protocol can do better there.
14:18 < gmaxwell> If a protocol is actively secure but someone sends garbage, you still have to kick them out and restart.
14:19 < sarang> I suppose it would be fine if it were still provably ZK in the face of maliciously-generated challenges
14:19 < sarang> but otherwise it's really a 6-round protocol for trustless MPC operations
14:25 < real_or_random> sarang by the way https://eprint.iacr.org/2014/764.pdf Theorem 1 shows that special HVZK => (malicious) witness-indistinguishable for (3-round) sigma protocols
14:26 < real_or_random> but we have 5 round (can be generalized maybe?) and WI is not enough here
14:26 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
14:27 < real_or_random> at least WI is not enough *in general* to make confidential transaction work... I had a counter example somehwere
14:30 < sarang> Hmm interesting
14:31 < sarang> The practical requirement here is really that the adversary not have a statistical advantage in determining the pedersen blinder, of course (amount themselves being quite limited in practice)
14:33 -!- DougieBot5000_ [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards
14:34 < real_or_random> okay counter example why WI rangeproofs are not enough for CT: assume for simplicity we have a transaction with one input and one output (you don't need a range proof there but the example can be extended to larger transactions)
14:35 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Ping timeout: 245 seconds]
14:36 -!- son0p_ [~son0p@181.136.99.9] has quit [Quit: leaving]
14:37 < real_or_random> input c1 = h^x2 * g^r2, output c2 = h^x2 * g^r2, and two rangeproofs. say the range proof is WI but additionally leaks s^r1 (and the second range proof leaks s^r2) for another generator s
14:37 < real_or_random> (and yes, I use multiplicative notation :P)
14:38 < real_or_random> no scratch that leakage... too stupid to read from my board
14:39 < real_or_random> new attempt: input c1 = h^x2 * g^r2, output c2 = h^x2 * g^r2, and two rangeproofs. say the range proof with witness x,r is WI but additionally leaks f(x,r) =  if |x| = 5 then s^r else random group element
14:40 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
14:40 < real_or_random> (that should be possible if the proof is WI)
14:42 < real_or_random> now for CT you will reveal r1+r2 to open the sum commitment. and then everybody can check whether f(x1,r1)*f(x2,r2)=s^(r1+r2)
14:42 < real_or_random> if so, then the transaction amount  was 5
14:44 < real_or_random> note that this counter example does not work if we prove in zero-knowledge that we know r1+r2 as the opening of the sum commitment to 0.
14:44 < sarang> In our case that's what you do, though
14:45 < real_or_random> in general, composing zero-knowledge proofs with other zero-knowledge proofs is fine. composing WI proofs with different WI proofs and other stuff can have weird interactions
14:45 < real_or_random> yes indeed. maybe that's an interesting approach to look at
14:46 < real_or_random> the problem is that multi-transaction CT is very difficult to formalize then. if everything is ZK, I'm somewhat more confident that there are no weird interactions
14:47 -!- DougieBot5000_ is now known as DougieBot5000
14:47 < sarang> The easy solution must be to construct a simulator in the face of adaptively-chosen challenges :D
14:51 < real_or_random> yes the problem is that we don't even know have a proof that the schnorr identification protocol is zero-knowledge (against malicious verifiers)
14:52 < real_or_random> it will be interesting to have a look at variants where the (malicious) verifier outputs x and the challenge is H(x) for a random oracle H. I don't think people considered this case so far
14:53 < sarang> That is surprising
14:53 < sarang> In the case of such an MPC that's the case you'd be in without precommitment
14:54 < real_or_random> with H(x)? yes that's why I'm thinking about this case
14:54 < sarang> other players send you A1, A2, ..., An and you include your own share A0 to form commitment H(A0 + A1 + ...)
14:54 < sarang> righto
14:54 < sarang> A malicious player could force the challenge to be H(x) for any desired x that it wishes
15:02 < sarang> Is it really that different of a scenario (from a simulator perspective) as the adversary choosing whatever challenges it wants?
15:15 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 256 seconds]
15:16 -!- jimmysong__ [~jimmysong@72-48-253-51.dyn.grandenetworks.net] has joined #bitcoin-wizards
15:19 -!- jimmysong_ [~jimmysong@72-48-253-51.dyn.grandenetworks.net] has quit [Ping timeout: 244 seconds]
15:26 -!- tombusby [~tombusby@gateway/tor-sasl/tombusby] has quit [Ping timeout: 256 seconds]
15:31 -!- tombusby [~tombusby@gateway/tor-sasl/tombusby] has joined #bitcoin-wizards
15:32 < real_or_random> maybe not
15:37 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
15:40 < sarang> I'd be very surprised if the H(x) approach leaked anything about the witness, but it seems like the element distribution would look the same in the attempt to construct a malicious-verifier simulator as the adversary-picks-the-challenge case
15:40 < sarang> I'd be very curious to hear andytoshi's view since he was an author on the paper :D
15:44 -!- IGHOR [~quassel@93.178.216.72] has quit [Read error: No route to host]
15:47 -!- IGHOR [~quassel@93.178.216.72] has joined #bitcoin-wizards
16:07 -!- IGHOR [~quassel@93.178.216.72] has quit [Ping timeout: 246 seconds]
16:09 -!- IGHOR [~quassel@93.178.216.72] has joined #bitcoin-wizards
16:12 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
16:15 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Remote host closed the connection]
16:22 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
16:40 -!- Zenton [~user@unaffiliated/vicenteh] has quit [Ping timeout: 272 seconds]
16:45 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
16:52 -!- Dizzle [~Dizzle@unaffiliated/dizzle] has joined #bitcoin-wizards
16:52 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
16:56 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 252 seconds]
16:57 -!- Dizzle [~Dizzle@unaffiliated/dizzle] has quit [Quit: Leaving...]
17:01 -!- enemabandit [~enemaband@16.77.54.77.rev.vodafone.pt] has quit [Ping timeout: 268 seconds]
17:11 -!- pinheadmz [~matthewzi@96-82-67-198-static.hfc.comcastbusiness.net] has quit [Quit: pinheadmz]
17:23 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...]
17:29 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
17:34 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 245 seconds]
17:34 < gmaxwell> kanzure: is the mailing list stuck again?
17:40 -!- elichai2 [uid212594@gateway/web/irccloud.com/x-dgjuhnfslgicarss] has quit [Quit: Connection closed for inactivity]
17:44 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-wizards
17:47 < harding> gmaxwell: something I sent yesterday made it through today (just a few hours ago).  Everything seems to come at the same time about once a day, so maybe it's all being manually approved by a moderator?
17:54 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has joined #bitcoin-wizards
18:31 -!- IGHOR [~quassel@93.178.216.72] has quit [Quit: http://quassel-irc.org ? ??????????? ?????????. ????-??.]
18:33 -!- IGHOR [~quassel@93.178.216.72] has joined #bitcoin-wizards
18:41 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 256 seconds]
18:42 -!- TheoStorm [~TheoStorm@host-g4sn8hj.cbn1.zeelandnet.nl] has quit [Quit: Leaving]
19:17 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
19:22 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 252 seconds]
19:34 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has quit [Ping timeout: 246 seconds]
19:34 -!- Belkaar [~Belkaar@xdsl-87-78-146-167.nc.de] has joined #bitcoin-wizards
19:34 -!- Belkaar [~Belkaar@xdsl-87-78-146-167.nc.de] has quit [Changing host]
19:34 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has joined #bitcoin-wizards
19:40 -!- d_t [~d_t@108-65-77-11.lightspeed.sntcca.sbcglobal.net] has joined #bitcoin-wizards
19:44 -!- mryandao [~mryandao@gateway/tor-sasl/mryandao] has quit [Remote host closed the connection]
19:55 -!- mryandao [~mryandao@gateway/tor-sasl/mryandao] has joined #bitcoin-wizards
20:05 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit []
20:14 -!- games [sid99242@gateway/web/irccloud.com/x-xbjpxcgwyjzdyjwu] has joined #bitcoin-wizards
20:51 -!- d_t [~d_t@108-65-77-11.lightspeed.sntcca.sbcglobal.net] has quit [Ping timeout: 252 seconds]
21:00 -!- CryptoDavid [uid14990@gateway/web/irccloud.com/x-jqkzddrgzaloyfgt] has quit [Quit: Connection closed for inactivity]
21:06 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
21:11 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 272 seconds]
21:20 -!- d_t [~d_t@108-65-77-11.lightspeed.sntcca.sbcglobal.net] has joined #bitcoin-wizards
21:38 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
22:01 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Quit: pinheadmz]
22:24 -!- d_t [~d_t@108-65-77-11.lightspeed.sntcca.sbcglobal.net] has quit [Ping timeout: 246 seconds]
22:54 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has joined #bitcoin-wizards
22:59 -!- tromp [~tromp@ip-217-103-3-94.ip.prioritytelecom.net] has quit [Ping timeout: 245 seconds]
22:59 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has quit [Quit: bye]
23:01 -!- Belkaar [~Belkaar@xdsl-87-78-146-167.nc.de] has joined #bitcoin-wizards
23:01 -!- Belkaar [~Belkaar@xdsl-87-78-146-167.nc.de] has quit [Changing host]
23:01 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has joined #bitcoin-wizards
23:02 -!- mryandao_ [~mryandao@gateway/tor-sasl/mryandao] has joined #bitcoin-wizards
23:02 -!- jimpo [~jimpo@ec2-13-57-39-52.us-west-1.compute.amazonaws.com] has joined #bitcoin-wizards
23:02 -!- nagirrah [~harrigan@skynet.skynet.ie] has joined #bitcoin-wizards
23:02 -!- ghost43 [~daer@gateway/tor-sasl/daer] has quit [Ping timeout: 256 seconds]
23:03 -!- mryandao [~mryandao@gateway/tor-sasl/mryandao] has quit [Remote host closed the connection]
23:04 -!- cfields [~cfields@unaffiliated/cfields] has joined #bitcoin-wizards
23:04 -!- morcos [~morcos@gateway/tor-sasl/morcos] has quit [Ping timeout: 256 seconds]
23:07 -!- harrigan [~harrigan@skynet.skynet.ie] has quit [Quit: ZNC 1.7.0 - https://znc.in]
23:07 -!- jimpo_ [~jimpo@ec2-13-57-39-52.us-west-1.compute.amazonaws.com] has quit [Quit: ZNC 1.7.1 - https://znc.in]
23:07 -!- cfields_ [~cfields@unaffiliated/cfields] has quit [Remote host closed the connection]
23:08 -!- morcos [~morcos@gateway/tor-sasl/morcos] has joined #bitcoin-wizards
23:08 -!- ghost43 [~daer@gateway/tor-sasl/daer] has joined #bitcoin-wizards
23:10 -!- Eliel [~jojkaart@163.172.153.251] has quit [Ping timeout: 252 seconds]
23:10 -!- Eliel [~jojkaart@163.172.153.251] has joined #bitcoin-wizards
23:21 -!- mryandao_ is now known as mryandao
23:48 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has joined #bitcoin-wizards
23:52 -!- pinheadmz [~matthewzi@c-76-102-227-220.hsd1.ca.comcast.net] has quit [Client Quit]
--- Log closed Tue Mar 12 00:00:13 2019