2016-08-03.log

--- Log opened Wed Aug 03 00:00:15 2016
-!- supasonic [~supasonic@172-11-188-177.lightspeed.rcsntx.sbcglobal.net] has quit [Quit: Leaving]00:08
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has joined #bitcoin-wizards00:08
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards00:16
-!- ennui [~user@unaffiliated/ennui] has joined #bitcoin-wizards00:24
-!- laurentmt [~Thunderbi@80.215.210.147] has joined #bitcoin-wizards00:25
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Quit: Leaving]00:26
-!- edvorg [~edvorg@113.172.154.4] has joined #bitcoin-wizards00:41
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards00:41
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 258 seconds]00:42
-!- aalex__ [~aalex@64.187.177.58] has quit [Ping timeout: 244 seconds]00:48
nsh'Pass the hash for peace, love and security in the quantum computing age -- Boffins smokin' idea to share parts of keys to cook quantum-proof crypto' - http://www.theregister.co.uk/2016/08/02/protect_signatures_from_quantum_computers_shor_say_cryptoboffins/00:48
nsh-> 'Unconditionally Secure Signatures' - https://eprint.iacr.org/2016/739.pdf00:49
nshMAC generalisation using hash fragments00:49
-!- [7] [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 258 seconds]00:50
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards00:50
-!- btcdrak [uid165369@gateway/web/irccloud.com/x-uamxzsilsqmqncvu] has joined #bitcoin-wizards00:51
-!- aalex__ [~aalex@64.187.177.58] has joined #bitcoin-wizards00:51
-!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards00:52
-!- laurentmt [~Thunderbi@80.215.210.147] has quit [Quit: laurentmt]01:02
-!- edvorg [~edvorg@113.172.154.4] has quit [Remote host closed the connection]01:03
-!- edvorg [~edvorg@113.172.154.4] has joined #bitcoin-wizards01:08
-!- dan_ [495d8cc9@gateway/web/freenode/ip.73.93.140.201] has joined #bitcoin-wizards01:12
-!- dan_ [495d8cc9@gateway/web/freenode/ip.73.93.140.201] has quit [Client Quit]01:12
-!- edvorg [~edvorg@113.172.154.4] has quit [Remote host closed the connection]01:15
-!- edvorg [~edvorg@113.172.154.4] has joined #bitcoin-wizards01:20
-!- laurentmt [~Thunderbi@80.215.210.147] has joined #bitcoin-wizards01:23
-!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has quit [Quit: Leaving]01:37
-!- fabianfabian [~fabianfab@5ED15F42.cm-7-2b.dynamic.ziggo.nl] has joined #bitcoin-wizards01:39
-!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards01:40
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-wwfgwikdpjjnebbp] has joined #bitcoin-wizards02:02
-!- edvorg [~edvorg@113.172.154.4] has quit [Remote host closed the connection]02:20
-!- bitcoin-wizards5 [b4b7ca66@gateway/web/freenode/ip.180.183.202.102] has joined #bitcoin-wizards02:20
-!- bitcoin-wizards5 [b4b7ca66@gateway/web/freenode/ip.180.183.202.102] has quit [Ping timeout: 250 seconds]02:31
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-wwfgwikdpjjnebbp] has quit [Ping timeout: 264 seconds]02:46
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-zewmibbcbynqswok] has joined #bitcoin-wizards02:48
-!- aalex__ [~aalex@64.187.177.58] has quit [Ping timeout: 250 seconds]02:54
-!- licnep [uid4387@gateway/web/irccloud.com/x-kqhbjcwmmejgojyy] has joined #bitcoin-wizards02:56
-!- aalex__ [~aalex@64.187.177.58] has joined #bitcoin-wizards02:56
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection]03:01
-!- laurentmt [~Thunderbi@80.215.210.147] has quit [Quit: laurentmt]03:02
-!- qpm [~qpm@unaffiliated/midnightmagic/bot/qpm] has quit [Ping timeout: 276 seconds]03:10
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 264 seconds]03:15
-!- sneak [~sneak@unaffiliated/sneak] has quit [Ping timeout: 264 seconds]03:16
-!- jonasschnelli [~jonasschn@unaffiliated/jonasschnelli] has quit [Ping timeout: 264 seconds]03:16
-!- sneak [~sneak@2a01:4f8:151:84cb:d0cc:242:61a6:bf0d] has joined #bitcoin-wizards03:17
-!- sneak [~sneak@2a01:4f8:151:84cb:d0cc:242:61a6:bf0d] has quit [Changing host]03:17
-!- sneak [~sneak@unaffiliated/sneak] has joined #bitcoin-wizards03:17
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards03:17
-!- jonasschnelli [~jonasschn@2a01:4f8:200:7025::2] has joined #bitcoin-wizards03:19
-!- AaronvanW [~ewout@unaffiliated/aaronvanw] has quit [Read error: Connection reset by peer]03:21
-!- dasource [uid48409@gateway/web/irccloud.com/x-xokalngyyothkjsn] has joined #bitcoin-wizards03:24
-!- AaronvanW [~ewout@198pc231.sshunet.nl] has joined #bitcoin-wizards03:26
-!- AaronvanW [~ewout@198pc231.sshunet.nl] has quit [Changing host]03:26
-!- AaronvanW [~ewout@unaffiliated/aaronvanw] has joined #bitcoin-wizards03:26
-!- laurentmt [~Thunderbi@80.215.210.147] has joined #bitcoin-wizards03:36
-!- laurentmt [~Thunderbi@80.215.210.147] has quit [Client Quit]03:37
-!- ruby32 [~ruby32@ool-4a59b2e2.dyn.optonline.net] has quit [Ping timeout: 260 seconds]03:37
-!- edvorg [~edvorg@113.172.154.4] has joined #bitcoin-wizards03:39
-!- execute [~execute@52.68.0.151] has joined #bitcoin-wizards03:39
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards03:40
-!- ruby32 [~ruby32@184-207-10-82.pools.spcsdns.net] has joined #bitcoin-wizards03:41
-!- ruby32 [~ruby32@184-207-10-82.pools.spcsdns.net] has quit [Client Quit]03:42
-!- c0rw1n [~c0rw1n@193.47-244-81.adsl-dyn.isp.belgacom.be] has quit [Quit: Konversation terminated!]03:43
-!- c0rw1n [~c0rw1n@193.47-244-81.adsl-dyn.isp.belgacom.be] has joined #bitcoin-wizards03:43
-!- c0rw1n_ [~c0rw1n@193.47-244-81.adsl-dyn.isp.belgacom.be] has quit [Read error: Connection reset by peer]03:44
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards03:44
-!- c0rw1n_ [~c0rw1n@193.47-244-81.adsl-dyn.isp.belgacom.be] has joined #bitcoin-wizards03:44
-!- aalex__ [~aalex@64.187.177.58] has quit [Ping timeout: 258 seconds]03:49
-!- aalex__ [~aalex@64.187.177.58] has joined #bitcoin-wizards03:51
-!- qpm [~qpm@unaffiliated/midnightmagic/bot/qpm] has joined #bitcoin-wizards03:54
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 252 seconds]03:57
-!- laurentmt [~Thunderbi@80.215.210.147] has joined #bitcoin-wizards03:57
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards04:22
-!- devylon [~devylon@HSI-KBW-095-208-024-121.hsi5.kabel-badenwuerttemberg.de] has joined #bitcoin-wizards04:28
-!- Emcy [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards04:42
-!- roidster [~chatzilla@71-95-217-105.static.mtpk.ca.charter.com] has joined #bitcoin-wizards04:42
-!- roidster is now known as Guest3885604:42
-!- libertalis [~libertali@c-73-207-38-154.hsd1.ga.comcast.net] has quit [Read error: Connection reset by peer]04:42
-!- aalex__ [~aalex@64.187.177.58] has quit [Ping timeout: 250 seconds]04:44
-!- aalex__ [~aalex@64.187.177.58] has joined #bitcoin-wizards04:46
-!- lmacken [~lewk@fedora/lmacken] has joined #bitcoin-wizards04:51
-!- Guest38856 [~chatzilla@71-95-217-105.static.mtpk.ca.charter.com] has quit [Quit: ChatZilla 0.9.92 [SeaMonkey 2.39/20151103191810]]05:07
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 258 seconds]05:16
-!- King_Rex [~King_Rex@unaffiliated/king-rex/x-3258444] has joined #bitcoin-wizards05:19
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards05:21
-!- b-itcoinssg [uid41629@gateway/web/irccloud.com/x-khdlbmssssgsiynb] has quit [Quit: Connection closed for inactivity]05:22
-!- hashtag_ [~hashtag@cpe-174-97-254-80.ma.res.rr.com] has joined #bitcoin-wizards05:27
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 264 seconds]05:28
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards05:30
-!- devylon [~devylon@HSI-KBW-095-208-024-121.hsi5.kabel-badenwuerttemberg.de] has quit [Quit: Lingo: www.lingoirc.com]05:30
-!- fabianfabian [~fabianfab@5ED15F42.cm-7-2b.dynamic.ziggo.nl] has quit [Quit: why]05:31
-!- edvorg [~edvorg@113.172.154.4] has quit [Remote host closed the connection]05:31
-!- aalex__ [~aalex@64.187.177.58] has quit [Ping timeout: 276 seconds]05:41
-!- aalex__ [~aalex@64.187.177.58] has joined #bitcoin-wizards05:41
-!- blackwraith [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards06:04
-!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 260 seconds]06:06
-!- blackwraith [~priidu@unaffiliated/priidu] has quit [Ping timeout: 260 seconds]06:09
-!- skyraider [uid41097@gateway/web/irccloud.com/x-bknnswquleyykzrf] has joined #bitcoin-wizards06:19
-!- xissburg [~xissburg@unaffiliated/xissburg] has quit [Quit: leaving]06:21
-!- byteflame [~byteflame@70-89-65-45-little-rock-ar.hfc.comcastbusiness.net] has joined #bitcoin-wizards06:24
-!- xissburg [~xissburg@unaffiliated/xissburg] has joined #bitcoin-wizards06:27
-!- laurentmt1 [~Thunderbi@80.215.234.51] has joined #bitcoin-wizards06:33
-!- laurentmt [~Thunderbi@80.215.210.147] has quit [Ping timeout: 258 seconds]06:34
-!- laurentmt1 is now known as laurentmt06:34
-!- jonasschnelli [~jonasschn@2a01:4f8:200:7025::2] has quit [Changing host]06:35
-!- jonasschnelli [~jonasschn@unaffiliated/jonasschnelli] has joined #bitcoin-wizards06:35
-!- Noldorin [~noldorin@unaffiliated/noldorin] has joined #bitcoin-wizards06:45
-!- licnep [uid4387@gateway/web/irccloud.com/x-kqhbjcwmmejgojyy] has quit [Quit: Connection closed for inactivity]06:47
-!- Jaamg [jhpiloma@brute.org.aalto.fi] has joined #bitcoin-wizards06:52
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards06:53
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has quit [Ping timeout: 240 seconds]07:12
-!- jtimon [~quassel@55.31.134.37.dynamic.jazztel.es] has joined #bitcoin-wizards07:17
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards07:17
-!- JackH [~Jack@79-73-188-45.dynamic.dsl.as9105.com] has joined #bitcoin-wizards07:32
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 258 seconds]07:40
-!- shesek [~shesek@bzq-84-110-208-155.cablep.bezeqint.net] has quit [Ping timeout: 244 seconds]07:44
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has joined #bitcoin-wizards08:06
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has quit [Ping timeout: 244 seconds]08:10
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 244 seconds]08:14
-!- JackH [~Jack@79-73-188-45.dynamic.dsl.as9105.com] has quit [Ping timeout: 244 seconds]08:21
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has joined #bitcoin-wizards08:23
amillerdoes this mimble wimble thing really work08:30
amilleri really wish we could talk about these things in terms of zk proofs rather than signatures with related keys08:30
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards08:30
andytoshiamiller: i think it works. agreed, would be easier to talk about in terms of zk proofs (tho this would require reframing some things)08:30
amillercan you summarize the scheme with your privacy improvement inlined?08:32
andytoshii think so .. one sec08:32
andytoshiso to start, every utxo has a CT pedersen commitment associated to it, vH + rG, and `r` is the secret blinding factor that only the owner knows (nobody else, no auditors, etc)08:33
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards08:34
andytoshiif i send you money, i produce a half-transaction that has everything except your outputs in it (so one change and some inputs), and i also give you the (r, v) pair such that (output commit - input commits = vH + rG.08:34
-!- JackH [~Jack@79-73-188-45.dynamic.dsl.as9105.com] has joined #bitcoin-wizards08:35
-!- thepumpernickle1 [~duphass@65.78.54.2] has quit [Ping timeout: 260 seconds]08:35
andytoshiyou, the recipient, then add your own outputs so that (output commits - input commits = kG) for some k that you know. split k into k = k1 + k2. then publish a signature with k1G as well as k208:35
-!- thepumpernickle1 [~duphass@65.78.54.2] has joined #bitcoin-wizards08:36
andytoshiso k1G has a sig which is a zk proof that you know k1, and k2 is a full-knowledge proof that you know k2, and this proves that the excess kG does not have any H component, which in turn proves that the whole transaction adds up08:36
andytoshidoes this make sense so far? can you see a clean way to discribe this whole tx in terms of zk proofs (i do not, it really seems like this interaction is necessary but only the participants can be usre that this interaction happened..)08:37
-!- oneeman [~oneeman@ip254-177-15-186.ct.co.cr] has joined #bitcoin-wizards08:37
amillerhm08:38
andytoshii guess, i give *you* a full-knowledge proof that i know the blinding key for (change minus inputs). then you produce a zk proof that you know the blinding key for the entire (outputs - inputs)08:38
andytoshi"full-knowledge proof" is a term i just made up for my giving you the values .. i can stop using this if you want08:39
amillerseems ok, i also don't know better notation08:39
amillerin general there are these sort of multi-prover zk proofs and i have no notation for htem08:39
amillerlike i prove one thing, you adapt that proof plus add more to it to make a related proof but you didn't know the whole witness08:39
andytoshiyeah08:40
andytoshiso it's really not publicly verifiable that i did a key handoff here, only the recipient can verify this. what *is* publicly verifiable is that no coins were created or destroyed certainly08:40
amillerhow is this different than CT?08:40
andytoshibut there's also something stronger being shown, if i keep my own blinding factors secret then everyone knows there's no theft08:40
amilleri guess going in i thought this was going to be comparable to ringCT08:40
andytoshino, ringCT is actually orthogonal (though technically i have zero idea how to combine these)08:40
andytoshiCT just uses the blinding factors as blinding factors. this scheme uses the blinding factors for authentication. that's the moral difference08:41
andytoshi(it then uses this fact to get OWAS and massive pruning while still allowing full verification)08:41
amillerhow does it give any better pruning than CT08:41
andytoshiCT doesn't give any pruning at all, you've gotta keep every output and every rangeproof around if you want to be able to reverify the chain08:42
kanzureandytoshi: you should still look at http://diyhpl.us/wiki/transcripts/2016-july-bitcoin-developers-miners-meeting/dan-boneh/08:42
andytoshithis literally lets you delete every spent output08:42
-!- JackH [~Jack@79-73-188-45.dynamic.dsl.as9105.com] has quit [Ping timeout: 264 seconds]08:42
andytoshithanks kanzure, it's open, i will08:42
amiller"reverify the chain" ok08:43
andytoshiamiller: ...and if you give the chain to somebody, without any spent outputs or any input refs even, they can still verify that along the entire history no theft or inflation happened08:43
andytoshi(assuming everyone kept their keys secret, "theft" means something technical here..)08:43
amillerthis seems like an interesting and relevant security goal but i don't understand it clearly yet, we can talk about it independently of the scheme though08:44
amillerso like, a new node that wants to start mining and verify the whole chain08:44
amillerwithout just relying on SPV security08:44
andytoshiyeah, i'd like to talk about this. i'm trying to understand the security model here.08:44
andytoshiright08:44
amillerit's safe to ignore some information that was originally included?08:44
andytoshiyes. what this new node cares about is knowing the current chainstate (utxo set)08:44
andytoshisuppose the node *does not* care how this utxoset came to be, only that somehow the coins were always passed along honestly08:45
amillerand i can verify that this utxo set doesn't reflect any invalid transitions like a block that ignores some previous transactions08:45
andytoshiexactly08:45
andytoshithere exists a path of handoffs (where "handoff" is something we'd have to describe more precisely, but it's done by one of the transactions i described above) from coinbase inputs to the current utxos08:46
instagibbsIf you don't validate all of the blocks' contents, it's possible there is an entirely different utxo set that also seems valid. Peers can tell you about these alternative sets of utxo though.08:47
andytoshiinstagibbs: what do you mean?08:48
instagibbs(thought we discussed this already but I'll rexplain)08:48
andytoshiif you mean peers can give you different merkle paths for the same utxos, that doesn't give a different utxoset08:48
andytoshithat just attaches the utxoset to the blockchain in a different way08:48
instagibbsor different utxos08:48
instagibbslike, imagine complete disjoint post-genesis histories08:49
andytoshikk pls explain08:49
amilleri feel like there's something implicit missing, like we're implicitly assuming SPV already or osmething08:49
amillerlike i think there's something lurking here that makes the efficiency claim vs CT not actually present08:49
andytoshiinstagibbs: this scheme does not allow that, all the coinbase inputs are explicit08:49
andytoshiamiller: this has completely different goals than CT08:49
andytoshiCT was just about hiding amounts, this is about collapsing history08:49
instagibbsandytoshi, sorry can you explain why that would stop that08:50
amillerwhat is collapsing history? so far everything you described sounds like CT08:50
instagibbsmerkle trees don't prove anything about not having two different spends of the same outputs08:50
andytoshiinstagibbs: the blockchain defines a single set of inputs. the inputs are part of the history. therefore you cannot have disjoint histories08:50
amillerthe outputs are represented as commitments, the sender/receiver together make a transaction or pair of half-transactions that spend some old outputs and create so new outputs08:50
andytoshiinstagibbs: no, but the algebra prevents that (unless the "same output" appeared twice)08:50
andytoshiamiller: yes, i haven't gotten to the collapsing history yet08:51
andytoshibut nor have i made any claims of space savings yet08:51
instagibbsgenesis block makes 1 blinded output, following block has 2 transactions(ignore the fact that we can decduce double-spending from pure numbers here))08:51
andytoshii'm just trying to reframe this specific part in a way that you like, because it's critical to everything else08:51
amillerok, i think i understand the signature scheme well enough08:51
-!- skyraider [uid41097@gateway/web/irccloud.com/x-bknnswquleyykzrf] has quit [Quit: Connection closed for inactivity]08:52
instagibbsone transaction has 2 outputs, the other has 1, let's say. So they're unique in blinding factors and so on.08:52
andytoshiamiller: kk, so the next part is OWAS, which is pretty straightforward, you can just put transactions inputs and outputs together, then the sum of all outputs minus all inputs will be the sum of all these excess k*G values08:52
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:95f0:e47a:e341:4811] has joined #bitcoin-wizards08:52
instagibbsSo I reveal one history to you, and hide the other. The math will work out.08:52
andytoshiamiller: so you keep both k1G + sig, and you add the explcit k2s, and this is OWAS08:52
instagibbsI have no idea what this means for the security model in reality08:53
andytoshiinstagibbs: lemme think about this, this seems very serious08:53
instagibbsI mean it's the same problem we have in Bitcoin... but with our scheme we get strong guarantees knowing that it is at least *a* valid non-inflationary history08:54
instagibbsour meaning wimble08:54
andytoshiyeah, sure, but we may have consensus disagreement between peers08:55
instagibbsbut peers may be on different histories, on same chain header. Peers can tell each other. I'm not sure how to converge08:55
andytoshi(which might be recoverable, maybe inputs need to have explicit merkle paths and this does it)08:55
-!- zooko [~user@73.95.137.19] has joined #bitcoin-wizards08:55
andytoshino, that's not sufficient..08:55
instagibbsyeah I thought about that too, then discounted it, but can't immediately recall08:55
kanzureandytoshi: re: OWAS things, the dan boneh transcript covers this in some gorey detail, but also it was covered near the bottom of https://bitcoincore.org/logs/2016-05-zurich-meeting-notes.html08:56
-!- JackH [~Jack@79-73-188-45.dynamic.dsl.as9105.com] has joined #bitcoin-wizards08:56
kanzurestarting near the section called "Schnorr stuff and signature aggregation" (or just search for "OWAS")08:56
instagibbsso you'd need to figure out where the first violation of the "only one spend of one output" rule is broken, invalidate back to that block, and sync from there, or something.08:58
andytoshiinstagibbs: you don't need to multispend any outputs to do this tho08:58
instagibbsoh hm?08:58
andytoshiinstagibbs: you create three outputs with commitments C1, C2, C1 + C2. when IBDing you reveal C1 and C2 to some peers, C1 + C2 to others08:58
instagibbserr right08:59
andytoshinow you've IBD'd peers in a way that they disagree on the utxo set-08:59
instagibbswell there are inputs being spent twice, in general08:59
instagibbsbut yes we care about new outputs matching up08:59
andytoshipeers who were online at the time would detect this, but that's tendermint security model08:59
andytoshiinstagibbs: what do you mean by inputs being spent twice in general?08:59
instagibbsI agree with what you're saying, it's not impt09:00
instagibbsNodes would have to reject a chain once they discover the utxo set conflicts with another one09:00
andytoshiinstagibbs: ok, maybe the outputs need to be in a merkle sum tree09:00
andytoshiso you can't do this C1, C2, C1 + C2 trick09:00
instagibbsWell, there is already DoS vector of simply being fed bad utxo set09:02
andytoshiyes that's fine, there are ways around that (basically asking peers for a quorum on what the utxos in each block actually ought to be)09:02
instagibbsAt least with this attack it would require miners making "legitimate" parallel histories09:02
instagibbswhich can/will invalidate huge swaths of blocks if caught09:03
andytoshiyes, that's worse, because then it's not detectable09:03
andytoshibut using a merkle sum tree prevents it i thin09:03
-!- zooko` [~user@2601:281:8000:8387:60e9:2e7:ca6e:7b6a] has joined #bitcoin-wizards09:03
andytoshioh, no, you can fool a merkle sum tree by putting negative outputs in. you just never reveal these to anyone09:05
instagibbsI was hoping peer gossip would be just as effective as spreading the header chain, but now not sure at all09:05
andytoshiin practice it might be09:06
andytoshibut this is a weird security model09:06
-!- zooko [~user@73.95.137.19] has quit [Ping timeout: 276 seconds]09:06
andytoshiyou can amplify from peer gossip to SPV by having miners commit to the current utxoset in every block09:07
andytoshiso you have full security in knowing that no invalid transactions have occured, but only SPV security that your history is the one that everyone else is using09:08
andytoshi(which actually, might be exactly what you want, the blockheaders define the "history that everyone else is using" anyway..)09:08
instagibbsHmm, yes I was hoping the gossip would be more holistic, but I think it's looking more fraud-proofy considering peers wouldn't even care about bad branches09:09
-!- fractex [~fractex@2602:306:cc08:25c0:bb7c:8a18:e13b:9c2d] has joined #bitcoin-wizards09:10
andytoshii don't like gossip or fraud proofs, both of these can be censored from a peer who is surrounded during IBD (and maybe the peer doesn't know to ask for it later so the effect is permanent)09:12
-!- newbie [~kvirc@80.203.141.26] has joined #bitcoin-wizards09:12
instagibbsYes09:12
instagibbsSo it sort of reminds me of a rolling utxo commitment09:13
instagibbsbut you must assume miners all start from beginning09:13
kanzurewithout gossip how are you doing initial block download?09:13
instagibbskanzure, that's what I mean, the gossip isn't as useful as it is for finding the best chain09:14
instagibbsbut the gossip for wimble will never prove to the user they are on the right chain09:15
kanzureis this concern about lack of diff and lack of knowing where the problem is in the data set?09:15
instagibbss/right/valid/09:15
andytoshikanzure: no the problem is that there can be multiple valid histories associated to the same blockheader chain09:16
instagibbsIt's the lack of knowing if you're on a valid chain/utxo set.09:16
andytoshiso you can make a "randomized merkle-sum tree" which avoids this problem i think09:17
andytoshieach internal node commits to the sum H(L)L + H(R)R where L, R are its two child nodes09:17
andytoshinow if you have C1, C2, C1 + C2 in the same merkle tree there is no way to come up with extra branches that will hide this fact09:18
andytoshi..has anyone heard of this construction before? i just made it up..09:19
iddoif you have utxoset in every block then you can "collapse" the history by trimming everything except the last k blocks (say k=1000), are you guys suggesting a way to collapse the history that gives better security guarantees than this simple approach?09:20
kanzureiddo: http://diyhpl.us/~bryan/papers2/bitcoin/mimblewimble.txt09:20
andytoshiiddo: yes, certainly, in that case you can literally make up the entire history before the last k blocks09:20
andytoshior make up no history, just say "the chainstate was this back then, trust me"09:21
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards09:22
iddowhat's the security guarantees that you want to have?09:22
instagibbsandytoshi, the attacker could put C1, C2 in block 2, and C1+C2 in block 3?09:22
instagibbsOriginally I described the attack as odd/even blocks, to make it clear they could be anywhere09:22
instagibbsiddo, we would like full node security without downloading the entire chain :)09:23
-!- Tiraspoll [~tiraspol@179.132.26.37.dyn.idknet.com] has joined #bitcoin-wizards09:24
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has left #bitcoin-wizards ["http://quassel-irc.org - Chat comfortably. Anywhere."]09:25
andytoshiinstagibbs: well you can always make the root of the tree have as children the "real" root as well as the previous block's root, so they are all connected09:26
andytoshibut i'm unsure now what this randomized merkle sum tree actually gets you though, i'm confused again09:28
* andytoshi goes for a run09:29
instagibbsyeah good idea, cheers09:29
iddowith the simple approach you'd get say k=1000 PoW confirmations that the utxoset is in consensus, you claim that you can verify the history from genesis after trimming the history?09:29
andytoshiiddo: yes, kanzure posted a link09:30
iddobtw you can do probabilistic proof that the utxoset is verified from genesis, but it isn't practical09:30
kanzureinstagibbs: for full node security without downloading and verifying the entire chain, you should probably work backwards from full security and then figure out what you can add to that scenario, until you work backwards to something that roughly approximates the set of features you prefer a full node to have.09:31
kanzureand ideally without saying "turn the entire system into a giant zk-snark and just query a bunch of small proofs and let the proofs battle each other for supremacy"09:32
-!- aalex_ [~aalex@64.187.177.58] has joined #bitcoin-wizards09:36
-!- laurentmt [~Thunderbi@80.215.234.51] has quit [Quit: laurentmt]09:36
-!- aalex__ [~aalex@64.187.177.58] has quit [Ping timeout: 250 seconds]09:38
gmaxwellMost bitcoin technically sophicated hacker we've seen yet? https://www.reddit.com/r/Bitcoin/comments/4vykkr/1000_btc_giveaway_from_your_friend_rekcahxfb/09:40
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]09:40
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]09:41
Tiraspollgmaxwell https://bitcointalk.org/index.php?topic=327178.msg3521657#msg352165709:41
Tiraspollthe coins are from here09:41
Tiraspollnot related to finex09:41
Tiraspoll2013 address09:41
-!- zooko` is now known as zooko09:42
gmaxwellcool.09:42
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards09:44
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards09:47
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 260 seconds]09:57
andytoshiinstagibbs: ok, so forget all that merkle sum stuff. the only thing an attacker can do with your attack is split consensus; he can't steal coins or inflate or anything (he can only split his own coins, since he'd have to rangeproof the split). so add a commit to the utxoset in each block, now such a consensus split is trivially detectable (and the longest-chain rule can take care of it)10:03
andytoshiso you have full security knowing the utxoset up to how the coins are split up (and their age), which means knowing the utxoset up to ownership, and SPV security of the exact split (i.e. whether you are on the consensus history)10:04
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 260 seconds]10:04
andytoshibut you already only have SPV security that you're on the consensus history, that's more or less what SPV security means10:04
gmaxwellit is a little obnoxious that a summary-verifier could end up on a history that had temporary theft but which was made whole at the end, while a full verifier would reject that history.10:08
gmaxwellyou could say that the full verifier should reorg to accept it too, since the end result is the same-- but that only makes sense if the only enforced rules are the rules enforcable by summary verification.10:08
-!- MaxSan_ [~one@185.103.96.151] has joined #bitcoin-wizards10:11
andytoshigmaxwell: well remember that the blockheaders untimately do commit to everything10:12
iddonot clear if you're trimming data forever, or just having a method to provide SPV proofs, if you trim forever then you're not protected against reversal of history of length greater than where you trimmed?10:12
andytoshiso if there really are alternate histories like this they will have alternate blockchains10:12
instagibbsI'm thinking along the lines of allowing multiple histories, even invalid transactions. If you had a conflicting utxo tie-breaking rule, nodes could converge by just sharing what they know, much like sharing block headers today..10:12
-!- ennui [~user@unaffiliated/ennui] has quit [Ping timeout: 244 seconds]10:12
andytoshiiddo: correct, you're basically screwed if you reorg past where you trimmed (you'll have to find the data somewhere)10:12
andytoshiiddo: but the security here is much stronger than SPV10:12
instagibbsgiven a proper utxo set you know there's no inflation, and you can be told about better histories by a single honest peer.10:13
andytoshiinstagibbs: that seems very hard to do, which history is "better"?10:13
instagibbsyes, that's the nut to crack10:13
andytoshiif i have ten utxos on one history, and ten on the other, that are simply split up differently (and i'm not limited to ten, and i'm not limited to having the same number either), neither is any better10:14
andytoshiand in general detecting this even involves solving subset-sum10:14
andytoshierr, that's not true, you'll notice when consensus splits10:14
instagibbswell you can make it arbitrarily better, like say first utxo in a conflicting history in the block10:14
instagibbs(probably not good idea but still)10:14
andytoshii think that creates the ability to retroactively invalidate blocks10:14
instagibbsinvalidates utxo state, right, and no clear way of updating, and now that i think of it, doesnt work10:15
andytoshii really think just committing to the utxoset in each block is the solution here, then differing utxo splits are detected by looking at the block headers10:15
iddoso i still don't see how you get better security than just utxoset in every block and trim old history, is the security just with regard to better anonymity?10:15
andytoshiiddo: have yiou read the paper?10:15
instagibbsiddo, we are discussing the paper10:15
iddono sorry :(10:16
instagibbsok, tiebreaking rule doesnt work because there's no way to compute which utxos "correspond" to others10:17
instagibbsso the added value here is with utxo commitment on top you are SPV in that you're trusting the miners to not commit to a utxo set in an invalid chain with multiple histories.10:21
instagibbseach history can not inflate or steal either way10:21
andytoshiinstagibbs: correct10:22
andytoshiyou're trusting the miners not to break consensus10:22
andytoshibut you are already trusting them not to do that10:22
andytoshikanzure: reading the boneh stuff now, thanks10:25
kanzurekk muchlongread funstuffs.10:27
andytoshihah, yes, 20 printed pages10:28
andytoshii apparently bought a printer without duplex, because i'm an idiot, and further apparently bought the heaviest paper ever made :(10:28
-!- lvns [~lvns@18265b68.cst.lightpath.net] has joined #bitcoin-wizards10:34
-!- zooko [~user@2601:281:8000:8387:60e9:2e7:ca6e:7b6a] has quit [Ping timeout: 250 seconds]10:35
-!- laurentmt [~Thunderbi@176.158.157.202] has joined #bitcoin-wizards10:43
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards10:45
-!- lvns [~lvns@18265b68.cst.lightpath.net] has quit [Remote host closed the connection]10:45
-!- lvns [~lvns@18265b68.cst.lightpath.net] has joined #bitcoin-wizards10:46
andytoshiinstagibbs: i think the way to think about this is that when you do the IBD, the security is as though every single transaction occured in the tip of the block that you IBD'd up to10:49
-!- dpr_ [68c1a9c8@gateway/web/freenode/ip.104.193.169.200] has joined #bitcoin-wizards10:55
-!- laurentmt [~Thunderbi@176.158.157.202] has quit [Quit: laurentmt]11:33
-!- MoALTz [~no@78-11-183-124.static.ip.netia.com.pl] has joined #bitcoin-wizards11:34
-!- NLNico [~NLNico@unaffiliated/nlnico] has joined #bitcoin-wizards11:34
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 264 seconds]11:40
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 276 seconds]11:54
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards11:56
-!- lvns [~lvns@18265b68.cst.lightpath.net] has quit [Quit: Leaving...]11:58
-!- Davasny [~quassel@195.150.236.122] has joined #bitcoin-wizards11:59
-!- lmacken [~lewk@fedora/lmacken] has quit [Ping timeout: 260 seconds]12:06
-!- lmacken [~lewk@fedora/lmacken] has joined #bitcoin-wizards12:06
-!- jaromil [~jaromil@unaffiliated/jaromil] has quit [Quit: http://www.dyne.org]12:07
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards12:08
-!- aalex_ [~aalex@64.187.177.58] has quit [Quit: Connection reset by beer]12:14
-!- ennui [~user@unaffiliated/ennui] has joined #bitcoin-wizards12:17
-!- NLNico [~NLNico@unaffiliated/nlnico] has quit [Quit: Leaving]12:20
-!- lvns [~lvns@18265b68.cst.lightpath.net] has joined #bitcoin-wizards12:57
-!- bildramer1 [~bildramer@2001:0:9d38:6ab8:1c54:252a:a1ba:4a97] has joined #bitcoin-wizards12:59
-!- bildramer [~bildramer@2001:0:9d38:90d7:28dd:1902:a1ba:4a97] has quit [Disconnected by services]12:59
-!- bildramer1 is now known as bildramer12:59
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 276 seconds]13:06
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards13:09
-!- Davasny_ [~quassel@78-11-193-195.static.ip.netia.com.pl] has joined #bitcoin-wizards13:15
-!- Davasny [~quassel@195.150.236.122] has quit [Ping timeout: 252 seconds]13:18
-!- Aranjedeath [~Aranjedea@unaffiliated/aranjedeath] has joined #bitcoin-wizards13:23
-!- jaromil [~jaromil@unaffiliated/jaromil] has joined #bitcoin-wizards13:28
-!- lvns [~lvns@18265b68.cst.lightpath.net] has quit [Remote host closed the connection]13:47
-!- r0ach [~r0ach@107-217-214-192.lightspeed.jcvlfl.sbcglobal.net] has quit [Ping timeout: 240 seconds]13:57
-!- b-itcoinssg [uid41629@gateway/web/irccloud.com/x-gemfsamilyeyfpuz] has joined #bitcoin-wizards13:57
-!- belcher [~user@unaffiliated/belcher] has joined #bitcoin-wizards14:07
-!- tromp_ [~tromp@rtc35-082.rentec.com] has joined #bitcoin-wizards14:09
-!- BashCo_ [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards14:10
-!- tromp [~tromp@rtc35-220.rentec.com] has quit [Ping timeout: 276 seconds]14:10
-!- thepumpernickle1 [~duphass@65.78.54.2] has quit [Ping timeout: 252 seconds]14:11
-!- thepumpernickle1 [~duphass@65.78.54.2] has joined #bitcoin-wizards14:11
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Ping timeout: 244 seconds]14:12
-!- Davasny_ [~quassel@78-11-193-195.static.ip.netia.com.pl] has quit [Remote host closed the connection]14:17
kanzure"Short randomizable signatures" http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.699.2251&rep=rep1&type=pdf14:23
-!- MoALTz [~no@78-11-183-124.static.ip.netia.com.pl] has quit [Quit: Leaving]14:24
-!- tromp_ [~tromp@rtc35-082.rentec.com] has quit [Read error: Connection reset by peer]14:29
-!- tromp_ [~tromp@rtc35-082.rentec.com] has joined #bitcoin-wizards14:30
-!- byteflame [~byteflame@70-89-65-45-little-rock-ar.hfc.comcastbusiness.net] has quit [Ping timeout: 244 seconds]14:40
-!- Burrito [~Burrito@unaffiliated/burrito] has joined #bitcoin-wizards14:49
-!- aem [AEM@gateway/shell/elitebnc/x-mbhxtyjmonsqxadw] has quit [Remote host closed the connection]14:52
-!- AEM [AEM@gateway/shell/elitebnc/x-sehsutqglzkplweu] has joined #bitcoin-wizards14:55
-!- xissburg [~xissburg@unaffiliated/xissburg] has quit [Ping timeout: 250 seconds]15:29
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards15:38
-!- xissburg [~xissburg@unaffiliated/xissburg] has joined #bitcoin-wizards15:49
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 244 seconds]15:50
-!- murch [~murch@p4FE3A9D5.dip0.t-ipconnect.de] has quit [Quit: Leaving.]15:53
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]16:04
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards16:04
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards16:05
andytoshiinstagibbs: i tried to summarize my comments here in this post: https://www.reddit.com/r/Bitcoin/comments/4vub3y/mimblewimble_noninteractive_coinjoin_and_better/d62cux616:06
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:95f0:e47a:e341:4811] has quit [Ping timeout: 250 seconds]16:13
-!- MaxSan_ [~one@185.103.96.151] has quit [Remote host closed the connection]16:20
-!- Giszmo [~leo@ppp-188-174-93-152.dynamic.mnet-online.de] has joined #bitcoin-wizards16:22
-!- Giszmo1 [~leo@ppp-188-174-68-43.dynamic.mnet-online.de] has quit [Ping timeout: 244 seconds]16:24
-!- ennui [~user@unaffiliated/ennui] has quit [Ping timeout: 244 seconds]16:31
-!- b-itcoinssg [uid41629@gateway/web/irccloud.com/x-gemfsamilyeyfpuz] has quit [Quit: Connection closed for inactivity]16:42
-!- JackH [~Jack@79-73-188-45.dynamic.dsl.as9105.com] has quit [Ping timeout: 260 seconds]16:42
-!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards16:50
-!- jgarzik [~jgarzik@unaffiliated/jgarzik] has quit [Quit: This computer has gone to sleep]16:55
-!- ennui [~user@unaffiliated/ennui] has joined #bitcoin-wizards17:00
kanzureandytoshi: can you do that in the form of short research questions for bored students and newbies that pass by?17:02
andytoshikanzure: what do you mean?17:05
kanzureyour summary is good and useful, and having a pile of research questions is also useful17:06
kanzurejrayhawk: for transaction fees in a low-subsidy environment, yes there are grinding attacks and vulnerabilities. and transaction fee volatility does not help the situation.17:07
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Read error: Connection reset by peer]17:07
kanzurefee delay doesn't entirely solve the problem because miners still have an incentive to grind backwards to remine a high-fee transaction17:09
-!- r0ach [~r0ach@107-217-214-192.lightspeed.jcvlfl.sbcglobal.net] has joined #bitcoin-wizards17:11
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards17:12
andytoshikanzure: hmm, i don't think i can rewrite this as a question because i don't know the right question, my big problem is that i don't know how to think about this really. maybe i just need to let it settle in my head17:12
jrayhawkYeah, I can see temporal diffusion of reward being useful; full nodes can track and project reward sizes and split up (or advise SPV clients to split up) large transactions into components broadcast over time as confirmations come in to make all the incentives safer, and miners can pay the reward forward by the same means.17:13
jrayhawkI'm actually kinda curious if there's any robust way of solving https://www.reddit.com/r/Bitcoin/comments/4vupa6/p2shinfo_shows_movement_out_of_multisig_wallets/d61qyaj though17:14
kanzuresounds like an "incentive-related transaction delay", e.g. coin throughput is limited based on available hashrate. if there's a bunch of dark hashrate then you could maybe posit that hashrate would light up to try to grab the fee in nearby blocks if it is evenly distributed among the next n blocks but this infringes on reason to bother with transaction prioritization by fee.17:15
kanzure.. and is already close enough to "light up and grind some blocks to get the last fee" anyway.17:16
kanzurehttp://diyhpl.us/wiki/transcripts/scalingbitcoin/security-of-diminishing-block-subsidy/17:16
kanzureoh that link is not quite the one i thought it was. hrm.17:20
jrayhawkThe BFX thing seems trivially unresolvable to me without an extra identity or trust network; there's an incentive for a person spending fast (faster than the mining reward) to bribe miners to reorg to doublespend, and there's no good way to track individual people to dodge consequences of that (other than, I guess, 50% transaction fees).17:20
-!- grubles [~grubles@unaffiliated/grubles] has quit [Quit: leaving]17:21
jrayhawkAnd, as pointed out in that thread, there's no coordination cost today because the Chinese de-facto pool has >51%17:22
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Remote host closed the connection]17:27
-!- Giszmo [~leo@ppp-188-174-93-152.dynamic.mnet-online.de] has quit [Quit: Leaving.]17:36
-!- ennui [~user@unaffiliated/ennui] has quit [Ping timeout: 250 seconds]17:38
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards17:38
-!- AEM is now known as aem17:39
-!- ennui [~user@unaffiliated/ennui] has joined #bitcoin-wizards17:39
-!- Ylbam_ [uid99779@gateway/web/irccloud.com/x-bhbfzfuzyphnfmfx] has joined #bitcoin-wizards17:47
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-zewmibbcbynqswok] has quit [Ping timeout: 258 seconds]17:47
-!- Ylbam_ is now known as Ylbam17:47
-!- ennui [~user@unaffiliated/ennui] has quit [Ping timeout: 276 seconds]17:48
-!- belcher [~user@unaffiliated/belcher] has quit [Quit: Leaving]17:55
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]17:55
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards18:00
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]18:04
bsm1175321Just noticed this: http://hackingdistributed.com/2016/02/26/how-to-implement-secure-bitcoin-vaults/18:07
bsm1175321Sorry, but this seems utterly silly.  If you thought 6 confirmations were too long, now we're going to 24 hours and soon T+3.  This is the way back to the cave.18:07
bsm1175321Did I miss something with this?18:07
gmaxwellyou missed that it would be used for coins intentionally held in cold storage.18:11
bsm1175321I could achieve the same thing, and not need to bother everyone else with reversibility, by having a better cold storage key security mechanism, no?18:13
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]18:14
bsm1175321What if I'm a merchant who receives a payment 3 (6-)confirmations down the line from the original thief?  Do I deserve to get screwed over?18:14
TD-Linuxcold storage would normally fund hot storage. otherwise it's not very cold18:16
gmaxwellbsm1175321: what, ?! you've misunderstood it.18:18
bsm1175321They could have achieved that by asking BitGo to only cosign the transaction after a 24-hour waiting period, and calling the relevant principals.18:18
gmaxwellbsm1175321: the merchants couldn't be paid with those coins after they've been released... the merchant wouldn't see a payment until they're released.18:18
gmaxwellbsm1175321: still requires a TTP who could screw up, e.g. by making it easy to release the funds.18:19
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards18:19
bsm1175321But isn't that what they have with BitGo?18:19
gmaxwell"still requires" was referring to your "asking BitGo".18:20
bsm1175321So seems to me they screwed up their relationship with BitGo, and didn't successfully implement what Emin calls Covenenants/Vaults...18:21
bsm1175321It seems to me that the (now public) information that certain addresses/utxo's are being used as cold wallets is incredibly useful to an attacker.18:22
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-bhbfzfuzyphnfmfx] has quit [Quit: Connection closed for inactivity]18:25
-!- thepumpernickle1 [~duphass@65.78.54.2] has quit [Read error: Connection reset by peer]18:28
-!- thepumpernickle1 [~duphass@65.78.54.2] has joined #bitcoin-wizards18:28
-!- Noldorin [~noldorin@unaffiliated/noldorin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]18:29
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]18:35
-!- thepumpernickle1 [~duphass@65.78.54.2] has quit [Ping timeout: 240 seconds]18:48
-!- dpr_ [68c1a9c8@gateway/web/freenode/ip.104.193.169.200] has quit [Ping timeout: 250 seconds]18:49
-!- jtimon [~quassel@55.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 276 seconds]19:06
-!- King_Rex [~King_Rex@unaffiliated/king-rex/x-3258444] has quit [Remote host closed the connection]19:15
-!- FNinTak [~jonhbit@tsarviajado.media.mit.edu] has joined #bitcoin-wizards19:16
-!- bildramer [~bildramer@2001:0:9d38:6ab8:1c54:252a:a1ba:4a97] has quit [Ping timeout: 250 seconds]19:22
-!- bildramer [~bildramer@2001:0:9d38:6ab8:1c54:252a:a1ba:4a97] has joined #bitcoin-wizards19:23
-!- Emcy [~MC@unaffiliated/mc1984] has quit [Ping timeout: 244 seconds]19:50
-!- JackH [~Jack@79-73-188-45.dynamic.dsl.as9105.com] has joined #bitcoin-wizards19:53
-!- NLNico [~NLNico@unaffiliated/nlnico] has joined #bitcoin-wizards20:00
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 244 seconds]20:04
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards20:06
-!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]20:12
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]20:14
-!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards20:14
-!- Tenhi [~tenhi@static-ip-69-64-50-196.inaddr.ip-pool.com] has quit [Ping timeout: 244 seconds]20:37
-!- Tenhi [~tenhi@static-ip-69-64-50-196.inaddr.ip-pool.com] has joined #bitcoin-wizards20:38
-!- Burrito [~Burrito@unaffiliated/burrito] has quit [Quit: Leaving]20:42
-!- jgarzik [~jgarzik@12.176.89.3] has joined #bitcoin-wizards20:46
-!- jgarzik [~jgarzik@12.176.89.3] has quit [Changing host]20:46
-!- jgarzik [~jgarzik@unaffiliated/jgarzik] has joined #bitcoin-wizards20:46
FNinTak@kanzure is there a current list of questions for floating students / visitors?21:00
FNinTakDidn't see one on the core site or ninja site but I could easily be missing it21:01
-!- contrapumpkin [~copumpkin@haskell/developer/copumpkin] has joined #bitcoin-wizards21:20
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Ping timeout: 252 seconds]21:22
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has joined #bitcoin-wizards21:23
-!- FNinTak [~jonhbit@tsarviajado.media.mit.edu] has quit [Quit: Leaving]21:25
-!- contrapumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Ping timeout: 265 seconds]21:26
-!- contrapumpkin [~copumpkin@haskell/developer/copumpkin] has joined #bitcoin-wizards21:26
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Ping timeout: 244 seconds]21:28
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has joined #bitcoin-wizards21:29
-!- contrapumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Ping timeout: 244 seconds]21:31
-!- contrapumpkin [~copumpkin@haskell/developer/copumpkin] has joined #bitcoin-wizards21:36
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Ping timeout: 240 seconds]21:36
-!- contrapumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Ping timeout: 240 seconds]21:42
-!- oneeman [~oneeman@ip254-177-15-186.ct.co.cr] has quit [Quit: Leaving]21:48
kanzureFNinTak: not really. would that be helpful to you?21:54
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 240 seconds]22:00
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards22:01
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 244 seconds]22:59
-!- Aranjedeath [~Aranjedea@unaffiliated/aranjedeath] has quit [Quit: Three sheets to the wind]23:02
kanzurejrayhawk: one idea i have heard tonight is the idea that if you take too much fee in a low-subsidy environment, others will be incentivized to grind on that block until someone chooses a rational amount of transaction fees. and every miner should by default engage in that behavior, to redistribute fee more correctly, even in the presence of high transaction fee volatility. and then other tricks can be used like exponential fee decay ...23:17
kanzure... over the next n blocks or something.23:18
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has quit [Ping timeout: 258 seconds]23:19
-!- NewLiberty [~NewLibert@2602:304:5e77:11e9:d489:df86:9ca9:e316] has joined #bitcoin-wizards23:30
-!- NewLiberty_ [~NewLibert@2602:304:5e77:11e9:d489:df86:9ca9:e316] has joined #bitcoin-wizards23:35
-!- jgarzik [~jgarzik@unaffiliated/jgarzik] has quit [Read error: Connection reset by peer]23:35
-!- NewLiberty [~NewLibert@2602:304:5e77:11e9:d489:df86:9ca9:e316] has quit [Ping timeout: 260 seconds]23:39
amillerhttps://arxiv.org/pdf/1605.07524v1.pdf this paper is pretty interesting23:49
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards23:49
-!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Excess Flood]23:51
-!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards23:51
-!- aburan28 [~androirc@static-108-45-93-70.washdc.fios.verizon.net] has joined #bitcoin-wizards23:52
-!- BashCo_ [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection]23:52
--- Log closed Thu Aug 04 00:00:16 2016

Generated by irclog2html.py 2.15.0.dev0 by Marius Gedminas - find it at mg.pov.lt!