--- Log opened Wed Dec 04 00:00:27 2019
00:14 -!- kabaum [~kabaum@185.224.57.161] has joined #bitcoin-wizards
00:16 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has joined #bitcoin-wizards
00:23 -!- Netsplit *.net <-> *.split quits: bxbxb, Nebraskka, dEBRUYNE, nsh, wraithm, mryandao, gambpang, x-warrior, exho, morcos,  (+8 more, use /NETSPLIT to show all of them)
00:24 -!- Netsplit *.net <-> *.split quits: jnewbery, Krellan_, OhGodAGirl__, spinza, jamesob, Hansie, nothingmuch, DougieBot5000, ChristopherA___, nejon,  (+206 more, use /NETSPLIT to show all of them)
00:24 -!- Netsplit over, joins: Guyver2, kabaum, tromp, sanket1729, slivera__, Kiminuo, serAphim, ppisati, justan0theruser, jb55 (+224 more)
00:24 -!- so [~so@unaffiliated/so] has quit [Max SendQ exceeded]
00:24 -!- RusAlex [~Chel@unaffiliated/rusalex] has quit [Max SendQ exceeded]
00:25 -!- so [~so@unaffiliated/so] has joined #bitcoin-wizards
00:25 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has quit [Remote host closed the connection]
00:25 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has joined #bitcoin-wizards
00:25 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has quit [Remote host closed the connection]
00:26 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has joined #bitcoin-wizards
00:26 -!- RusAlex [~Chel@unaffiliated/rusalex] has joined #bitcoin-wizards
00:36 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has quit [Remote host closed the connection]
00:39 -!- marcoagner [~user@2001:8a0:6a55:8f00:81e3:c539:c514:2d18] has joined #bitcoin-wizards
00:47 -!- kabaum [~kabaum@185.224.57.161] has quit [Ping timeout: 268 seconds]
00:56 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
01:00 -!- serAphim [~serAphim@217.151.98.168] has quit []
01:00 -!- kabaum [~kabaum@ec2-52-212-246-229.eu-west-1.compute.amazonaws.com] has joined #bitcoin-wizards
01:02 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 240 seconds]
01:03 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
01:06 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has joined #bitcoin-wizards
01:08 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 250 seconds]
01:10 -!- openoms [~quassel@cpc115066-stok20-2-0-cust313.1-4.cable.virginm.net] has joined #bitcoin-wizards
01:11 -!- openoms [~quassel@cpc115066-stok20-2-0-cust313.1-4.cable.virginm.net] has quit [Client Quit]
01:13 -!- amueller [~amueller@185.204.1.185] has joined #bitcoin-wizards
01:14 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards
01:14 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
01:18 -!- CryptoDavid [uid14990@gateway/web/irccloud.com/x-hihmkxhqkvwuajcz] has joined #bitcoin-wizards
01:19 -!- pinheadmz [~matthewzi@pool-100-33-69-78.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds]
01:20 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 265 seconds]
01:20 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
01:20 -!- Kiminuo2 [~mix@141.98.103.238] has joined #bitcoin-wizards
01:24 -!- Kiminuo [~mix@141.98.103.206] has quit [Ping timeout: 252 seconds]
01:27 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 276 seconds]
01:30 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
01:34 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
01:36 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
01:36 -!- kabaum [~kabaum@ec2-52-212-246-229.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 240 seconds]
01:45 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
01:45 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
01:47 -!- Kiminuo2 [~mix@141.98.103.238] has quit [Quit: Leaving]
01:47 -!- Kiminuo [~mix@141.98.103.238] has joined #bitcoin-wizards
01:51 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 240 seconds]
01:53 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
02:01 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 276 seconds]
02:02 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
02:07 -!- orlovsky [~dr-orlovs@2a02:1205:500f:2e90:44e8:6142:feef:d44f] has joined #bitcoin-wizards
02:08 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
02:09 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 265 seconds]
02:09 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
02:10 -!- dr-orlovsky [~dr-orlovs@2a02:1205:500f:2e90:d009:4f2d:a9d0:a572] has quit [Ping timeout: 276 seconds]
02:13 -!- queip_ [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
02:14 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 240 seconds]
02:14 -!- queip_ is now known as queip
02:17 -!- Guest30500 is now known as murrayn
02:17 -!- murrayn [~murray@static.56.37.130.94.clients.your-server.de] has quit [Changing host]
02:17 -!- murrayn [~murray@unaffiliated/murrayn] has joined #bitcoin-wizards
02:19 -!- kabaum [~kabaum@ec2-52-212-246-229.eu-west-1.compute.amazonaws.com] has joined #bitcoin-wizards
02:20 -!- echonaut3 [~echonaut@46.101.192.134] has quit [Remote host closed the connection]
02:21 -!- echonaut [~echonaut@46.101.192.134] has joined #bitcoin-wizards
02:25 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 276 seconds]
02:26 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Quit: Leaving.]
02:27 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
02:32 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 276 seconds]
02:33 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
02:38 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 245 seconds]
02:44 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
02:50 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 265 seconds]
02:51 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
02:53 -!- reallll [~belcher@unaffiliated/belcher] has quit [Ping timeout: 265 seconds]
02:58 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 265 seconds]
02:59 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
03:06 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 240 seconds]
03:08 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
03:12 -!- pinheadmz [~matthewzi@5.181.234.196] has joined #bitcoin-wizards
03:12 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined #bitcoin-wizards
03:15 -!- queip_ [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
03:16 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards
03:16 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 268 seconds]
03:16 -!- queip_ is now known as queip
03:19 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
03:25 -!- pinheadmz [~matthewzi@5.181.234.196] has quit [Quit: pinheadmz]
03:27 -!- pinheadmz [~matthewzi@5.181.234.196] has joined #bitcoin-wizards
03:34 -!- nijynot [~nijynot@83-233-23-98.cust.bredband2.com] has joined #bitcoin-wizards
03:34 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 268 seconds]
03:35 -!- Kiminuo [~mix@141.98.103.238] has quit [Quit: Leaving]
03:35 -!- Kiminuo [~mix@141.98.103.238] has joined #bitcoin-wizards
03:35 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
03:49 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 252 seconds]
03:52 -!- pinheadmz [~matthewzi@5.181.234.196] has quit [Quit: pinheadmz]
03:53 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Ping timeout: 276 seconds]
03:58 -!- slivera__ [slivera@gateway/vpn/privateinternetaccess/slivera] has quit [Remote host closed the connection]
04:00 -!- amueller [~amueller@185.204.1.185] has quit []
04:00 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
04:04 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 268 seconds]
04:04 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
04:08 -!- TheoStorm [~TheoStorm@host-p8vu8h.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
04:15 -!- setpill [~setpill@unaffiliated/setpill] has joined #bitcoin-wizards
04:17 -!- freakofmimsy [~freakofmi@84.39.117.57] has joined #bitcoin-wizards
04:20 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 240 seconds]
04:24 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Read error: Connection reset by peer]
04:24 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
04:25 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
04:30 -!- potatoe_face [~potatoe_f@157.230.27.253] has quit [Ping timeout: 240 seconds]
04:43 -!- potatoe_face [~potatoe_f@157.230.27.253] has joined #bitcoin-wizards
04:46 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 276 seconds]
04:57 -!- pinheadmz [~matthewzi@45.152.180.252] has joined #bitcoin-wizards
05:01 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
05:05 -!- kabaum [~kabaum@ec2-52-212-246-229.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 240 seconds]
05:12 -!- pinheadmz [~matthewzi@45.152.180.252] has quit [Quit: pinheadmz]
05:17 -!- pinheadmz [~matthewzi@45.152.180.252] has joined #bitcoin-wizards
05:21 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 265 seconds]
05:22 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
05:28 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 268 seconds]
05:30 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
05:30 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
05:39 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 250 seconds]
05:42 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
05:46 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
05:51 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 245 seconds]
05:52 -!- kabaum [~kabaum@93.182.128.34] has joined #bitcoin-wizards
05:55 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
06:00 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 240 seconds]
06:02 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
06:04 -!- Netsplit *.net <-> *.split quits: x-warrior, gambpang, GAit, forrestv, bxbxb, Nebraskka, exho, dEBRUYNE, wraithm, chjj
06:06 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]
06:06 -!- CryptoDavid [uid14990@gateway/web/irccloud.com/x-hihmkxhqkvwuajcz] has quit [Quit: Connection closed for inactivity]
06:09 -!- Netsplit over, joins: wraithm, GAit, Nebraskka, gambpang, exho, chjj, forrestv, bxbxb, dEBRUYNE, x-warrior
06:10 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
06:13 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 252 seconds]
06:14 -!- Netsplit *.net <-> *.split quits: x-warrior, gambpang, GAit, forrestv, bxbxb, Nebraskka, exho, dEBRUYNE, wraithm, chjj
06:14 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
06:15 -!- pinheadmz [~matthewzi@45.152.180.252] has quit [Quit: pinheadmz]
06:19 -!- Netsplit over, joins: wraithm, GAit, Nebraskka, gambpang, exho, chjj, forrestv, bxbxb, dEBRUYNE, x-warrior
06:19 -!- pinheadmz [~matthewzi@45.152.180.252] has joined #bitcoin-wizards
06:20 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 250 seconds]
06:22 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 265 seconds]
06:24 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
06:33 -!- kabaum [~kabaum@93.182.128.34] has quit [Ping timeout: 240 seconds]
06:38 -!- pinheadmz [~matthewzi@45.152.180.252] has quit [Ping timeout: 265 seconds]
06:42 -!- pinheadmz [~matthewzi@45.152.180.252] has joined #bitcoin-wizards
06:42 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
06:47 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Ping timeout: 265 seconds]
07:00 -!- freakofmimsy [~freakofmi@84.39.117.57] has quit []
07:01 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
07:01 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 265 seconds]
07:03 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
07:07 -!- nijynot [~nijynot@83-233-23-98.cust.bredband2.com] has quit [Ping timeout: 250 seconds]
07:09 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 265 seconds]
07:10 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
07:15 -!- jonatack [~jon@213.152.162.154] has joined #bitcoin-wizards
07:19 -!- andytoshi [~apoelstra@wpsoftware.net] has joined #bitcoin-wizards
07:19 -!- andytoshi [~apoelstra@wpsoftware.net] has quit [Changing host]
07:19 -!- andytoshi [~apoelstra@unaffiliated/andytoshi] has joined #bitcoin-wizards
07:19 -!- wxss [~user@mail.deeplinkmedia.com] has joined #bitcoin-wizards
07:22 -!- kabaum [~kabaum@185.224.57.161] has joined #bitcoin-wizards
07:39 -!- mdunnio [~mdunnio@38.126.31.226] has joined #bitcoin-wizards
07:43 -!- pinheadmz [~matthewzi@45.152.180.252] has quit [Ping timeout: 250 seconds]
07:45 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
07:46 -!- pinheadmz [~matthewzi@195.181.168.216] has joined #bitcoin-wizards
07:47 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 250 seconds]
07:48 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
07:49 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has joined #bitcoin-wizards
07:50 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 250 seconds]
07:52 < Chris_Stewart_5> In oconnor's post here, what does he mean by position? Index of the OP_CHECKSIG op? https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-November/017495.html
07:53 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 250 seconds]
07:55 -!- queip [~queip@unaffiliated/rezurus] has joined #bitcoin-wizards
07:59 < sipa> yes
08:00 -!- queip [~queip@unaffiliated/rezurus] has quit [Ping timeout: 250 seconds]
08:01 -!- Iriez [wario@distribution.xbins.org] has quit [Remote host closed the connection]
08:17 -!- ferringb [~ferringb@84.39.117.57] has joined #bitcoin-wizards
08:20 -!- pinheadmz [~matthewzi@195.181.168.216] has quit [Quit: pinheadmz]
08:31 < andytoshi> i'm musing on whether there's an actual attack you could come up with, where you're creating a script with a counterparty, and you use your counterparty's keys in your own part of the policy to somehow create a spending condition they didn't expect to exist
08:32 < andytoshi> the idea being, they sign for some branch, then you can copy their sig and cause a different branch to be taken
08:32 < andytoshi> i don't think there is anything .. unless you consider "taking a different branch" to be an attack in itself, for auditability reasons or something
08:32 < andytoshi> because if someone signs a tx, conceptually that means they ACK the tx, so it doesn't matter what weird shenanigans are used
08:33 < andytoshi> maybe you can change the feerate out from under somebody, but this is a small part of a larger problem of worst-case fee estimation
08:39 -!- kabaum [~kabaum@185.224.57.161] has quit [Ping timeout: 250 seconds]
08:44 < Chris_Stewart_5> well isn't the problem in that you can't commit to a scriptSig so if you have n possible branches you can never be certain which one will be taken?
08:45 < Chris_Stewart_5> while i agree conceptually that is what a current tx is now -- an ACK -- it seems it would be better if we commit to a specific branch?
08:48 < Chris_Stewart_5> maybe you aren't rotating your keys in multiple branches for some security reason?
08:48 -!- davispuh [~quassel@95.68.86.131] has joined #bitcoin-wizards
09:03 -!- pinheadmz [~matthewzi@195.181.168.216] has joined #bitcoin-wizards
09:18 -!- setpill [~setpill@unaffiliated/setpill] has quit [Quit: o/]
09:24 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 246 seconds]
09:31 -!- roconnor [~roconnor@host-23-91-187-201.dyn.295.ca] has joined #bitcoin-wizards
09:31 < roconnor> andytoshi: The scenario is where you wish to sign a tx under the condition that some hash-preimage is revealed (in the witness data) or some other similar constraint.
09:39 -!- TheoStorm [~TheoStorm@host-p8vu8h.cbn1.zeelandnet.nl] has quit [Quit: Leaving]
09:40 < roconnor> It isn't even a necessarily a matter of rotating your public keys.  Your public keys are public and anyone can use them in a protocol as if they were their own.
09:40 -!- moo13 [6dc0c3b2@HSI-KBW-109-192-195-178.hsi6.kabel-badenwuerttemberg.de] has joined #bitcoin-wizards
09:40 -!- moo13 [6dc0c3b2@HSI-KBW-109-192-195-178.hsi6.kabel-badenwuerttemberg.de] has left #bitcoin-wizards []
09:40 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
09:54 -!- nirved [~nirved@2a02:8071:b58a:3c00:3ca6:9fb9:2e23:4e12] has joined #bitcoin-wizards
09:57 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has quit [Remote host closed the connection]
10:00 -!- ferringb [~ferringb@84.39.117.57] has quit []
10:17 -!- henrikbjorn [~henrikbjo@185.204.1.185] has joined #bitcoin-wizards
10:19 -!- pinheadmz [~matthewzi@195.181.168.216] has quit [Quit: pinheadmz]
10:29 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
10:31 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has joined #bitcoin-wizards
10:36 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has quit [Ping timeout: 276 seconds]
10:42 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has joined #bitcoin-wizards
10:55 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has quit [Remote host closed the connection]
10:56 < andytoshi> roconnor: can you construct a specific attack?
10:56 < andytoshi> like, suppose i want to sign but only if a preimage is revealed
10:56 < andytoshi> and then somebody copies my signature over to a different branch without that preimage
10:56 < andytoshi> what did i think that other branch was doing??
10:57 < andytoshi> if i put my pubkey over there then i was obviously asking for trouble; if a counterparty put my pubkey there, oh well, it sounds like i thought that branch was controlled by the counterparty
10:57 < andytoshi> which would also have been a vulnerability
10:58 < andytoshi> like, i'm confused as to what plausible belief i could've had about this script, such that i was willing to participate in the protocol and then subsequently got burned by it
10:59 -!- Zenton [~user@unaffiliated/vicenteh] has quit [Ping timeout: 268 seconds]
11:04 < roconnor> You might be right about this.  I was only thinking along the lines of if I have a script and I want to prove that my signature ensure that a hash preimage is revealed, I need to do a whole program anaysis to conclude this rather than a local anaysis.
11:04 -!- pinheadmz [~matthewzi@195.181.168.216] has joined #bitcoin-wizards
11:05 -!- shush [~pawn@2605:e000:1c02:c564:b5cf:48cb:fdff:3db1] has joined #bitcoin-wizards
11:05 < roconnor> But maybe if someone copies my pubkey, all they are doing is hampering their ability to sign under their conditions.
11:06 < roconnor> Still, I'm struggling to find the distinction between this scenario and https://bitcoin.stackexchange.com/a/85665
11:07 < andytoshi> i think the difference there is that the coinjoin example violates the "one signature one utxo" invariant of bitcoin
11:07 < roconnor> what invariant is that?
11:08 < andytoshi> in bitcoin today, if you sign a transaction, this signature can only be used to spend at most one utxo
11:09 < andytoshi> so you can e.g. make blind signatures if you know that all the UTXOs you control have the same value, and you are willing to transfer that much value
11:09 < andytoshi> or alternately you can participate in a coinjoin without checking other inputs, provided you are sure to sign only the inputs you intended
11:11 < roconnor> yes but a signature after a hash preimage reveal funciton isn't saying "you are willing to transfer that much value."  It has more intension than that.
11:12 < andytoshi> right. so in this case what you want to say is "i will not allow these coins to be spent unless the hash preimage is revealed". and so what you need to check is that (a) you are necessary, i.e. your key appears in all branches; (b) all branches containing your key have a hashlock condition
11:12 < andytoshi> at least, at time 0
11:13 < andytoshi> ah, i suppose you might instead check "(b') some branch containing your key has a hashlock condition"
11:14 -!- tromp [~tromp@2a02:a210:1585:3200:14e9:f35d:511:c20c] has joined #bitcoin-wizards
11:17 -!- pinheadmz [~matthewzi@195.181.168.216] has quit [Quit: pinheadmz]
11:17 < roconnor> Right given (a) you become responsible for ensuring you aren't subsitituting your own key.  I'm willing to accept that (even though it is a little bit of a foot gun); for this argument I'm only worried about checking other people haven't reused your keys (a la https://bitcoin.stackexchange.com/a/85665).
11:18 < roconnor> And if there is a branch that you don't control, it doesn't matter that your key gets reused there because you have not control over it...
11:18 < roconnor> well those other branches you don't control could have their own requirements attached.
11:19 < andytoshi> sure, but you don't control them
11:19 < andytoshi> oh, i see... maybe you sign, expecting some condition to be met
11:19 < roconnor> This seems like a problem that I should be either able to convince myself it is never a problem or come up with a concrete (if even contrived) example of the issue.
11:19 < andytoshi> then unexpectedly a -different- condition is met instead
11:20 < andytoshi> and maybe you're in some complicated protocol where this matters to you
11:21 < sipa> but signatures sign the script being executed
11:21 -!- shush [~pawn@2605:e000:1c02:c564:b5cf:48cb:fdff:3db1] has quit []
11:21 < sipa> and if someone puts your key in a branch unbeknownst to you without the hashlock, you'd know this at signing time
11:21 < sipa> and refuse to sign
11:23 < sipa> oh, by branch you mean conditional branch inside a script, rather than merkle branch?
11:23 < andytoshi> yeah .. but i don't think it matters
11:23 < roconnor> yes this is all within a single Script.
11:23 < andytoshi> so, suppose you have a script like or( and(your_pk, hashlock1), and(other_pk, hashlock2) )
11:23 < andytoshi> so absent your cooperation, hashlock2 needs to be met
11:23 < roconnor> the tapleaf branches themselves are already signed, so there is no issue there.
11:24 < sipa> roconnor: right, i see; single script ok
11:24 < sipa> this is already an issue today
11:24 < andytoshi> out of band, somebody convinces you that hashlock2 is no longer valuable to you, but hashlock1 *is*
11:24 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
11:24 < andytoshi> so you say, sigh, fine, i'll sign, so you have to release hashlock1
11:24 < roconnor> yes it is an issue today.  It is a much worse problem in legacy script.
11:24 < roconnor> only tempered by the fact that legacy script is so inexpressive.
11:24 < andytoshi> oh, no, ignore me
11:24 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
11:25 < roconnor> (I mean, assuming my issue is actually a real problem)
11:25 < andytoshi> i already would refuse to participate in this example because and(other_pk, hashlock2) is always (in my view) available for the counterparty to take
11:26 < andytoshi> so by signing, i'm changing the spend condition from "hashlock2 necessary" to "hashlock2 not necessary". but i can't assume anything about hashlock1.
11:29 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 245 seconds]
11:29 < roconnor> andytoshi: I'm not sure that is the right way to look at it.  The issue is that when you sign any policy your signature doesn't endorse any particular branch of that policy.
11:31 < roconnor> But usually your intention is to endorse a particular branch (aka clause) of that policy.
11:32 < roconnor> usually gaps like this between what you sign and what your intention is is enough to cause a security issue.  I'm a bit frusterated that I cannot quite construct a coherent example of a security issue.
11:33 < sipa> my biggest reason for not wanting to make checksig-position always signed is that there may be cases where this dramatically increases signing complexity, because there are many potential sets of signers and you don't actually care which ones sign off, but the different branches have a single key verified by a different checksig operator
11:34 < sipa> however, i also can't actually construct an example of this
11:34 < roconnor> It would probably be best to have a sighash flag to disable signing of the position.
11:35 < sipa> on the other hand: the only reason in taproot to even have multiple branches in a script is probably because the alternative is intractable (combinatorial explosion of branches)
11:35 < roconnor> That and I agree that signing the enclosing OP_IF/OP_NOTIF/OP_ELSE position is better.
11:36 < sipa> roconnor: but then you might think (i know, far hypothetical) that every kind of branching is covered and you don't need to worry about this class of attack at all anymore
11:36 < sipa> and you're bitten by a branch that determines the key the verify against, but only has a checksig
11:37 < roconnor> That's a one of those anti-seatbelt-law type arguments. :)
11:37 < roconnor> I mean you aren't wrong.
11:37 < sipa> yeah, i know
11:37 < sipa> i think my only argument is that if we had a solution that categorically solved all these classes of problems, it would be much easier to argue for
11:38 < sipa> that doesn't mean seatbelts are a bad idea
11:38 < roconnor> I mean we do.  we can sign the trace of the computation. ^_^
11:39 < roconnor> But that actually seems likely to be problematic.
11:39 < sipa> or sign the set of all hashlocks/timelocks that are enforced by the branch... if only those were explicit
11:39  * sipa proposes OP_MINISCRIPT
11:39 < roconnor> we could redesign script to be declaritive.
11:39 < roconnor> right
11:39 < roconnor> just replace script with miniscript.
11:54 < gmaxwell> roconnor: in the taproot channel I had suggested that it sign the enclosing IF, -- moving in the computation trace direction.  But as pieter mentioned it's really important to preserve 0 interaction signing, esp since tapscript is the solution for multisig when you need zero interaction so you can't use a schnorr threshold.
11:56 < sipa> gmaxwell: yeah i agree, but i can't come up with a useful example where either signing op_checksig position or enclosing op_if position would actually increase signing interaction
11:57 < sipa> even the 3-of-10000 multisig script we came up with a while ago isn't affected
11:57 -!- justan0theruser [~justanoth@unaffiliated/justanotheruser] has quit [Ping timeout: 276 seconds]
11:57 -!- jonatack [~jon@213.152.162.154] has quit [Ping timeout: 268 seconds]
11:57 < sipa> (as the position where a signature with any given key is verified doesn't change depending on the set of signers)
11:58 < gmaxwell> sipa: signing the whole transcript certantly would.
11:58 < sipa> oh yes, that's not going to happen :)
12:00 < gmaxwell> I had another idea... associate a monotone-incrementing counter with every push onto the stack... and include the counter of the relevant pubkey in the signature.
12:00 < gmaxwell> since roconnor's attack is more of a "you think you're signing for this one key, but you're really signing for this copy over there" you can think of this as some kind of pubkey malleability.
12:00 < sipa> gmaxwell: i thought about that too, but that only affects scripts where the same pubkey is pushed twice... something that you'd generally try to avoid for cost reasons anyway
12:01 < sipa> ah i see
12:02 < gmaxwell> Other than maybe being easy to implement it leaves open leaving which checksig is used malleable so long as you're sure to only push the pubkey once.
12:03 < gmaxwell> sipa: as far as what it breaks... imagine a policy where your key is common subexpression that occurs more than once.
12:03 < sipa> gmaxwell: define it
12:03 < sipa> (we've been talking about 4 different ideas here)
12:04 < gmaxwell> signing the checksig or if position.
12:04 < gmaxwell> Like an ((A or B) and C) or (A and D)
12:05 < sipa> right, but you'd very much try to rewrite that in a way such that a is only pushed/checked once
12:05 < sipa> though for sufficiently complex things that may indeed not be possible
12:05 < gmaxwell> (it takes a little twiddling to get one that isn't remappable to a simple threshold)
12:05 < gmaxwell> well miniscript for example can't eliminate common subexpressions, ever.
12:05 < sipa> in this example you'd expand it out to tree leaves, of course
12:06 < gmaxwell> Tree expanding doesn't help when A doesn't know who else is signing.
12:06 < gmaxwell> since we sign which branch we're using. (I mean ignoring when it's small enough that its reasonable to concurrently sign a bunch of branches)
12:06 < sipa> ?
12:07 < sipa> since we sign the merkle leaf we're executing, there shouldn't be a problem
12:08 < gmaxwell> The problem in that case is that knowing which one we're executing is interaction.  I'm assuming A had no idea who the other signers will be when they sign.
12:08 < sipa> oh i see, yes of course tree expanding means either more interaction or doing multiple signing attempts in parallel... which may become infeasible
12:08 < gmaxwell> now for that concrete example, sure you could make it branches and just simultaniously sign every branch including A, but that doesn't work if there would be many.
12:09 < sipa> yes, that was my point: this example is sufficiently simple that expanding wouldn't be a big issue
12:09 < sipa> but with more complex examples i can imagine that is not an option
12:09 < gmaxwell> yes, though because you can't always expand and parallel sign there is less reason for software to support doing it.
12:10 -!- justan0theruser [justanothe@gateway/vpn/nordvpn/justanotheruser] has joined #bitcoin-wizards
12:11 < sipa> for nontrivial cases, branches inside a script may be annoying for other reasons
12:12 < sipa> like having a witness size that depends on the branch taken, and thus needing to know which one will be taken in order to do fee estimation for the transaction
12:12 < gmaxwell> I dunno, even in those cases the size differences are usually not the large, so you can estimate the size rounding up and potentially end up overpaying a bit.
12:12 < sipa> agreed
12:12 < gmaxwell> thus is the price of non-interaction.
12:13 < gmaxwell> Though it's interesting to note that "parallel sign all possibilities" also lets you adjust the fees.
12:13 < andytoshi> semi-relatedly -- given that you have to sign the tapbranch, if i'm doing a noninteractive 2-of-3 with three branches, as a signer, do i need to produce 3 signatures to sign noninteractively?
12:13 < sipa> andytoshi: yep
12:13 < andytoshi> and is the plan simply to bite the bullet, regarding the scaling of this
12:13 < gmaxwell> Yes.
12:13 < andytoshi> ok, just checking
12:13 -!- slivera [slivera@gateway/vpn/privateinternetaccess/slivera] has joined #bitcoin-wizards
12:14 < gmaxwell> for 2 of 3 thats totally reasonable, and probably just as efficient as anything else you might do (like an interactive byzantine robust threshold signature)
12:14 < sipa> it is one of the reasons why tree expansion isn't always desirable
12:16 -!- justan0theruser [justanothe@gateway/vpn/nordvpn/justanotheruser] has quit [Ping timeout: 265 seconds]
12:35 -!- justan0theruser [~justanoth@unaffiliated/justanotheruser] has joined #bitcoin-wizards
12:46 -!- Jackielove4u [uid43977@gateway/web/irccloud.com/x-joggembgebpqjpgl] has joined #bitcoin-wizards
12:54 -!- pinheadmz [~matthewzi@195.181.168.216] has joined #bitcoin-wizards
13:00 -!- henrikbjorn [~henrikbjo@185.204.1.185] has quit []
13:14 -!- TheoStorm [~TheoStorm@host-p8vu8h.cbn1.zeelandnet.nl] has joined #bitcoin-wizards
13:14 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #bitcoin-wizards
13:24 -!- Kiminuo [~mix@141.98.103.238] has quit [Ping timeout: 268 seconds]
13:27 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
13:34 -!- Zenton [~user@unaffiliated/vicenteh] has joined #bitcoin-wizards
13:44 -!- Guyver2 [AdiIRC@guyver2.xs4all.nl] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
14:12 -!- davterra [~dulyNoded@195.242.213.120] has joined #bitcoin-wizards
14:15 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined #bitcoin-wizards
14:17 -!- Iriez [wario@distribution.xbins.org] has joined #bitcoin-wizards
14:39 -!- pinheadmz [~matthewzi@195.181.168.216] has quit [Read error: Connection reset by peer]
14:40 -!- pinheadmz [~matthewzi@208.69.41.72] has joined #bitcoin-wizards
14:43 -!- kermit1 [~kermit@139.28.218.198] has joined #bitcoin-wizards
14:44 -!- mdunnio [~mdunnio@38.126.31.226] has quit [Remote host closed the connection]
14:49 -!- koshii [~mike@c-68-38-246-130.hsd1.in.comcast.net] has quit [Quit: bye]
14:50 -!- davterra [~dulyNoded@195.242.213.120] has quit [Ping timeout: 250 seconds]
14:51 -!- davterra [~dulyNoded@195.242.213.120] has joined #bitcoin-wizards
15:19 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 240 seconds]
15:23 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has quit [Ping timeout: 260 seconds]
15:25 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has joined #bitcoin-wizards
15:39 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards
15:46 -!- ppisati [~ppisati@net-188-153-153-83.cust.vodafonedsl.it] has quit [Ping timeout: 240 seconds]
15:50 -!- shush [~pawn@2605:e000:1c02:c564:b5cf:48cb:fdff:3db1] has joined #bitcoin-wizards
15:53 -!- marcoagner [~user@2001:8a0:6a55:8f00:81e3:c539:c514:2d18] has quit [Ping timeout: 250 seconds]
15:54 -!- EmmyNoether [~EmmyNoeth@oasys.ch0wn.org] has joined #bitcoin-wizards
15:58 -!- mdunnio [~mdunnio@207.229.172.161] has joined #bitcoin-wizards
16:00 -!- kermit1 [~kermit@139.28.218.198] has quit []
16:10 -!- slivera [slivera@gateway/vpn/privateinternetaccess/slivera] has quit [Quit: Leaving]
16:25 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Remote host closed the connection]
16:33 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-wizards
16:34 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [Client Quit]
16:34 -!- davispuh [~quassel@95.68.86.131] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
16:40 -!- mdunnio [~mdunnio@207.229.172.161] has quit [Remote host closed the connection]
16:41 -!- pinheadmz [~matthewzi@208.69.41.72] has quit [Quit: pinheadmz]
16:41 -!- mdunnio [~mdunnio@207.229.172.161] has joined #bitcoin-wizards
16:42 -!- mdunnio [~mdunnio@207.229.172.161] has quit [Remote host closed the connection]
16:46 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards
16:46 -!- flamingspinach1 [~flamingsp@77.243.177.38] has joined #bitcoin-wizards
17:16 -!- shush [~pawn@2605:e000:1c02:c564:b5cf:48cb:fdff:3db1] has quit []
18:03 -!- davterra [~dulyNoded@195.242.213.120] has quit [Quit: Leaving]
18:05 -!- davterra [~dulyNoded@c-73-221-225-225.hsd1.wa.comcast.net] has joined #bitcoin-wizards
18:11 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]
18:39 -!- satzen [7cf0d4b3@124.240.212.179] has joined #bitcoin-wizards
19:00 -!- flamingspinach1 [~flamingsp@77.243.177.38] has quit []
19:02 -!- nick_freeman [~nick_free@2001:16b8:302d:2f00:cde0:b2e2:f468:5419] has joined #bitcoin-wizards
19:06 -!- satzen [7cf0d4b3@124.240.212.179] has quit [Ping timeout: 260 seconds]
19:06 -!- nick_freeman [~nick_free@2001:16b8:302d:2f00:cde0:b2e2:f468:5419] has quit [Ping timeout: 250 seconds]
19:09 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has quit [Ping timeout: 240 seconds]
19:10 -!- Belkaar [~Belkaar@xdsl-81-173-138-63.nc.de] has joined #bitcoin-wizards
19:10 -!- Belkaar [~Belkaar@xdsl-81-173-138-63.nc.de] has quit [Changing host]
19:10 -!- Belkaar [~Belkaar@unaffiliated/belkaar] has joined #bitcoin-wizards
19:33 -!- roconnor [~roconnor@host-23-91-187-201.dyn.295.ca] has quit [Ping timeout: 246 seconds]
19:48 -!- TheoStorm [~TheoStorm@host-p8vu8h.cbn1.zeelandnet.nl] has quit [Quit: Leaving]
20:17 -!- amueller [~amueller@217.151.98.168] has joined #bitcoin-wizards
20:49 -!- BlueMatt [~BlueMatt@unaffiliated/bluematt] has quit [Ping timeout: 250 seconds]
20:50 -!- pinheadmz [~matthewzi@135-180-42-232.fiber.dynamic.sonic.net] has joined #bitcoin-wizards
20:54 -!- BlueMatt [~BlueMatt@unaffiliated/bluematt] has joined #bitcoin-wizards
21:36 -!- jb55 [~jb55@gateway/tor-sasl/jb55] has quit [Ping timeout: 260 seconds]
21:36 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has quit [Ping timeout: 260 seconds]
21:37 -!- lowentropy [~lowentrop@gateway/tor-sasl/lowentropy] has quit [Ping timeout: 260 seconds]
21:37 -!- morcos [~morcos@gateway/tor-sasl/morcos] has quit [Ping timeout: 260 seconds]
21:37 -!- DeanGuss [~dean@gateway/tor-sasl/deanguss] has quit [Ping timeout: 260 seconds]
21:58 -!- jb55 [~jb55@gateway/tor-sasl/jb55] has joined #bitcoin-wizards
21:59 -!- morcos [~morcos@gateway/tor-sasl/morcos] has joined #bitcoin-wizards
22:00 -!- amueller [~amueller@217.151.98.168] has quit []
22:02 -!- lowentropy [~lowentrop@gateway/tor-sasl/lowentropy] has joined #bitcoin-wizards
22:17 -!- solirc [~solirc@185.204.1.185] has joined #bitcoin-wizards
22:25 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has joined #bitcoin-wizards
22:34 -!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Quit: Leaving.]
22:49 -!- slivera [slivera@gateway/vpn/privateinternetaccess/slivera] has joined #bitcoin-wizards
22:58 -!- Kiminuo [~mix@141.98.103.238] has joined #bitcoin-wizards
23:10 -!- kabaum [~kabaum@2001:9b1:efd:9b00::281] has joined #bitcoin-wizards
23:42 -!- solirc [~solirc@185.204.1.185] has quit [Ping timeout: 240 seconds]
23:59 -!- ppisati [~ppisati@net-37-119-134-251.cust.vodafonedsl.it] has joined #bitcoin-wizards
--- Log closed Thu Dec 05 00:00:28 2019