--- Log opened Mon Aug 08 00:00:19 2016 | ||
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 244 seconds] | 00:03 | |
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards | 00:09 | |
-!- da2ce7 [~da2ce7@opentransactions/dev/da2ce7] has quit [Quit: ZNC - http://znc.in] | 00:23 | |
-!- da2ce7_mobile [~da2ce7@opentransactions/dev/da2ce7] has quit [Quit: ZNC - http://znc.in] | 00:23 | |
-!- laurentmt [~Thunderbi@80.215.138.34] has joined #bitcoin-wizards | 00:28 | |
-!- da2ce7_mobile [~da2ce7@opentransactions/dev/da2ce7] has joined #bitcoin-wizards | 00:31 | |
-!- da2ce7 [~da2ce7@opentransactions/dev/da2ce7] has joined #bitcoin-wizards | 00:33 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 00:34 | |
-!- JackH [~Jack@79-73-188-45.dynamic.dsl.as9105.com] has joined #bitcoin-wizards | 00:35 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Ping timeout: 265 seconds] | 00:38 | |
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards | 00:41 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 00:42 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Ping timeout: 258 seconds] | 00:47 | |
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 250 seconds] | 00:50 | |
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards | 00:50 | |
-!- da2ce7_mobile [~da2ce7@opentransactions/dev/da2ce7] has quit [Quit: ZNC - http://znc.in] | 00:54 | |
-!- FNinTak [~jonhbit@tsarviajado.media.mit.edu] has quit [Quit: Leaving] | 00:56 | |
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 258 seconds] | 00:57 | |
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards | 00:57 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 00:59 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 258 seconds] | 01:04 | |
-!- da2ce7 [~da2ce7@opentransactions/dev/da2ce7] has quit [Quit: ZNC - http://znc.in] | 01:05 | |
-!- da2ce7 [~da2ce7@opentransactions/dev/da2ce7] has joined #bitcoin-wizards | 01:14 | |
-!- arowser [~quassel@106.120.101.38] has quit [Quit: No Ping reply in 180 seconds.] | 01:17 | |
-!- arowser [~quassel@106.120.101.38] has joined #bitcoin-wizards | 01:18 | |
-!- pro [~pro@unaffiliated/pro] has joined #bitcoin-wizards | 01:33 | |
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 258 seconds] | 01:53 | |
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards | 01:57 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 276 seconds] | 02:08 | |
-!- Giszmo [~leo@ip5f5ac08d.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards | 02:18 | |
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Quit: :)] | 02:22 | |
-!- jonasschnelli [~jonasschn@unaffiliated/jonasschnelli] has quit [Excess Flood] | 02:28 | |
-!- jonasschnelli [~jonasschn@unaffiliated/jonasschnelli] has joined #bitcoin-wizards | 02:29 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards | 02:42 | |
-!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards | 02:42 | |
-!- jtimon [~quassel@55.31.134.37.dynamic.jazztel.es] has joined #bitcoin-wizards | 02:46 | |
-!- toktok [~tim@37.139.12.32] has joined #bitcoin-wizards | 02:46 | |
-!- Jaamg [jhpiloma@brute.org.aalto.fi] has quit [Remote host closed the connection] | 03:01 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 03:01 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 250 seconds] | 03:06 | |
-!- aalex [~aalex@64.187.177.58] has quit [Ping timeout: 244 seconds] | 03:14 | |
-!- aalex [~aalex@64.187.177.58] has joined #bitcoin-wizards | 03:15 | |
-!- edvorg [~edvorg@14.169.57.10] has joined #bitcoin-wizards | 03:20 | |
Taek | One-time costs can sort of be reasoned about as the ultimate extension of the hardware vs operation cost structure | 03:24 |
---|---|---|
Taek | Quantum hashing for example poses a risk, because if one company puts down (in stealth mode) hundreds of millions in R&D over the course of like 5 years, and then they release an ASIC, they've got a full monopoly on hashing until some other group can slug through the same up-front cost | 03:25 |
Taek | and the first-to-market will have that X years of dominant income that nobody else will ever have, their amortization will perpetually be ahead | 03:25 |
-!- toktok [~tim@37.139.12.32] has quit [Quit: leaving] | 03:26 | |
Taek | granted, I think it's pretty safe to say that if someone like BitFury were to announce a monopoly-grade ASIC, Bitcoin would threaten with a hardfork, and follow through if the tech was not made accessible to everyone | 03:26 |
-!- rubensayshi [~ruben@82.201.93.169] has joined #bitcoin-wizards | 03:36 | |
-!- dEBRUYNE [~dEBRUYNE@unaffiliated/debruyne] has joined #bitcoin-wizards | 03:41 | |
-!- thesnark [~mike@unaffiliated/thesnark] has joined #bitcoin-wizards | 04:01 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 04:02 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 264 seconds] | 04:02 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 240 seconds] | 04:06 | |
-!- domwoe [~domwoe@209-6-39-253.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has joined #bitcoin-wizards | 04:16 | |
-!- domwoe [~domwoe@209-6-39-253.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has quit [Remote host closed the connection] | 04:26 | |
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 244 seconds] | 04:40 | |
-!- jtimon [~quassel@55.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 276 seconds] | 04:41 | |
-!- stonecoldpat [~a9380004@janus-nat-128-240-225-56.ncl.ac.uk] has quit [Read error: Connection reset by peer] | 04:54 | |
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards | 04:54 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards | 04:57 | |
waxwing | trying to grok MW, seems like sender will have to send blinding factors and amount, and then receiver can construct and attach kG signature, so it's kind of very weakly interactive? there aren't really round trips are there? | 04:59 |
waxwing | 0.5 RT? | 04:59 |
-!- domwoe [~domwoe@209-6-39-253.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has joined #bitcoin-wizards | 05:00 | |
Taek | That's also what I understood. Perhaps not technically interactive, but the reciever does need to be performing some action | 05:01 |
Taek | receiver could theoretically be offline though: email | 05:01 |
Taek | I guess there's a kind of bonus. The sender can redact the send if the receiver never collects | 05:02 |
waxwing | right, it's certainly not nothing, if that's a correct characterisation. | 05:02 |
Taek | so, you'd never send money to a mis-typed address, because the receiver would never collect | 05:02 |
-!- dEBRUYNE_ [~dEBRUYNE@unaffiliated/debruyne] has joined #bitcoin-wizards | 05:02 | |
-!- dEBRUYNE [~dEBRUYNE@unaffiliated/debruyne] has quit [Ping timeout: 250 seconds] | 05:04 | |
-!- malte [Qcpr92R2DN@alkaid.uberspace.de] has quit [Max SendQ exceeded] | 05:09 | |
-!- malte [2MBzcfp3WB@alkaid.uberspace.de] has joined #bitcoin-wizards | 05:10 | |
-!- edvorg [~edvorg@14.169.57.10] has quit [Remote host closed the connection] | 05:13 | |
-!- edvorg [~edvorg@14.169.57.10] has joined #bitcoin-wizards | 05:16 | |
-!- jtimon [~quassel@55.31.134.37.dynamic.jazztel.es] has joined #bitcoin-wizards | 05:27 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 276 seconds] | 05:29 | |
-!- domwoe [~domwoe@209-6-39-253.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has quit [Remote host closed the connection] | 05:47 | |
-!- byteflame [~byteflame@70-89-65-45-little-rock-ar.hfc.comcastbusiness.net] has joined #bitcoin-wizards | 05:47 | |
-!- domwoe [~domwoe@209-6-39-253.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has joined #bitcoin-wizards | 05:47 | |
-!- domwoe [~domwoe@209-6-39-253.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has quit [Ping timeout: 244 seconds] | 05:52 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards | 05:57 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 06:02 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 276 seconds] | 06:07 | |
-!- laurentmt [~Thunderbi@80.215.138.34] has quit [Ping timeout: 240 seconds] | 06:17 | |
-!- domwoe [~domwoe@dhcp-18-189-35-89.dyn.MIT.EDU] has joined #bitcoin-wizards | 06:27 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 276 seconds] | 06:31 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards | 06:35 | |
-!- dEBRUYNE_ is now known as dEBRUYNE | 06:37 | |
-!- laurentmt [~Thunderbi@80.215.234.129] has joined #bitcoin-wizards | 06:53 | |
-!- instagibbs [~instagibb@pool-100-15-118-244.washdc.fios.verizon.net] has joined #bitcoin-wizards | 06:57 | |
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards | 06:57 | |
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has quit [Ping timeout: 250 seconds] | 07:01 | |
-!- Tiraspoll is now known as Tiraspollll | 07:23 | |
-!- stonecoldpat [~a9380004@janus-nat-128-240-225-56.ncl.ac.uk] has joined #bitcoin-wizards | 07:27 | |
-!- MoALTz [~no@78-11-183-124.static.ip.netia.com.pl] has joined #bitcoin-wizards | 07:46 | |
-!- Emcy [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards | 07:48 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards | 07:54 | |
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has joined #bitcoin-wizards | 07:54 | |
-!- domwoe [~domwoe@dhcp-18-189-35-89.dyn.MIT.EDU] has quit [Remote host closed the connection] | 08:02 | |
-!- domwoe [~domwoe@dhcp-18-189-35-89.dyn.MIT.EDU] has joined #bitcoin-wizards | 08:02 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 08:03 | |
-!- domwoe_ [~domwoe@dhcp-18-189-35-89.dyn.mit.edu] has joined #bitcoin-wizards | 08:05 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 276 seconds] | 08:06 | |
-!- domwoe [~domwoe@dhcp-18-189-35-89.dyn.MIT.EDU] has quit [Ping timeout: 276 seconds] | 08:07 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 258 seconds] | 08:08 | |
kanzure | http://diyhpl.us/wiki/transcripts/mimblewimble-podcast/ | 08:11 |
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has quit [Ping timeout: 240 seconds] | 08:12 | |
-!- Noldorin [~noldorin@unaffiliated/noldorin] has joined #bitcoin-wizards | 08:15 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 258 seconds] | 08:16 | |
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection] | 08:18 | |
domwoe_ | awesome kanzure! | 08:19 |
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has joined #bitcoin-wizards | 08:28 | |
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-eoeeyhtxichmgjyj] has joined #bitcoin-wizards | 08:30 | |
bsm117532 | Nice, thanks kanzure! | 08:30 |
-!- bildramer [~bildramer@ppp-94-67-116-162.home.otenet.gr] has quit [Ping timeout: 244 seconds] | 08:30 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards | 08:36 | |
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards | 08:38 | |
-!- laurentmt [~Thunderbi@80.215.234.129] has quit [Quit: laurentmt] | 08:45 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 244 seconds] | 08:45 | |
-!- rubensayshi [~ruben@82.201.93.169] has quit [Remote host closed the connection] | 08:47 | |
-!- zooko [~user@c-73-217-16-2.hsd1.co.comcast.net] has joined #bitcoin-wizards | 08:50 | |
-!- mdavid613 [~Adium@cpe-172-251-161-231.socal.res.rr.com] has joined #bitcoin-wizards | 08:55 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards | 08:58 | |
-!- Sleepnbum [Sleepnbum@72.67.47.196] has joined #bitcoin-wizards | 09:02 | |
kanzure | .title https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/012948.html | 09:13 |
yoleaux | [bitcoin-dev] Hiding entire content of on-chain transactions | 09:13 |
-!- domwoe_ [~domwoe@dhcp-18-189-35-89.dyn.mit.edu] has quit [Remote host closed the connection] | 09:14 | |
kanzure | https://bitcointalk.org/index.php?topic=1574508.0 | 09:15 |
maaku | aka colored coins | 09:17 |
-!- jtimon [~quassel@55.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 276 seconds] | 09:18 | |
-!- dEBRUYNE_ [~dEBRUYNE@unaffiliated/debruyne] has joined #bitcoin-wizards | 09:18 | |
kanzure | why is this claiming that you can't do OP_RETURN taint analysis? | 09:19 |
-!- dEBRUYNE [~dEBRUYNE@unaffiliated/debruyne] has quit [Ping timeout: 265 seconds] | 09:21 | |
-!- domwoe [~domwoe@dhcp-18-189-27-226.dyn.MIT.EDU] has joined #bitcoin-wizards | 09:33 | |
-!- domwoe [~domwoe@dhcp-18-189-27-226.dyn.MIT.EDU] has quit [Client Quit] | 09:33 | |
-!- dEBRUYNE_ is now known as dEBRUYNE | 09:37 | |
-!- Greybits [~Greybits@unaffiliated/greybits] has quit [Ping timeout: 244 seconds] | 09:43 | |
-!- jaekwon [~jaekwon@2601:645:c001:263a:cd83:70eb:992c:718c] has joined #bitcoin-wizards | 09:56 | |
-!- N0S4A2 [~weechat@174.127.172.104] has joined #bitcoin-wizards | 10:03 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 10:04 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 265 seconds] | 10:09 | |
andytoshi | waxwing: yes, 0.5 RT between sender and receiver | 10:19 |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards | 10:25 | |
-!- edvorg [~edvorg@14.169.57.10] has quit [Ping timeout: 244 seconds] | 10:27 | |
waxwing | andytoshi: so your (k+k') trick, i have trouble understanding, is the idea that k' is publically known? | 10:27 |
waxwing | oh i think i get it from reading the copied chat log | 10:30 |
andytoshi | waxwing: the idea is that after merging, only (k + k') is publicly known | 10:33 |
andytoshi | but i'm thinking now that maybe all both of k, k' should be kept around while the transactions are in transit, so that when people try to merge overlapping transactions they're able to cancel out the intersection | 10:34 |
-!- pro [~pro@unaffiliated/pro] has quit [Ping timeout: 264 seconds] | 10:34 | |
andytoshi | this exposes the original transactions to monitors | 10:34 |
-!- pro [~pro@unaffiliated/pro] has joined #bitcoin-wizards | 10:34 | |
andytoshi | to avoid this, you'd have to send your tx to at most one aggregation service (hopefully there'd be several) .. and this service could even interact with you to merge the kG values as well | 10:35 |
waxwing | i'm lost at why (k+k') is public; i thought the idea was to publish kG and k' ? | 10:37 |
waxwing | then the network can sum the k'Gs and add it in | 10:37 |
andytoshi | waxwing: oh sorry, i'm overloading notation | 10:38 |
-!- execute [~execute@52.68.0.151] has quit [Ping timeout: 244 seconds] | 10:40 | |
andytoshi | waxwing: lemme restart from your first question :) | 10:42 |
andytoshi | yes. k' is publicly known | 10:42 |
andytoshi | then if you have a second transaction with k2G and k2' | 10:42 |
andytoshi | you can combine the transaction and you have kG, k2G, (k' + k2') | 10:43 |
waxwing | right | 10:43 |
andytoshi | and the latter -sum- is the only thing that's publicly known, and given only this, you can't know k' or k2', and you therefore can't discern the original transaciton boundaries | 10:43 |
waxwing | i see, like hiding in the addition, so that's why you're talking about "aggregation service" | 10:44 |
andytoshi | yeah | 10:45 |
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-eoeeyhtxichmgjyj] has quit [Quit: Connection closed for inactivity] | 10:45 | |
andytoshi | so the problem (and also a problem with OWAS like what the first anonymous guy did) is if i have transactions A, B, C and you have transactions A, B, D and we both give these to a miner | 10:46 |
andytoshi | the miner is sorta screwed, he can't combine these, he has to pick one | 10:46 |
andytoshi | but if everyone avoided doing the summing (and privacy conscious people -only- used a service that privately did the summing before broadcasting anything at all), you could avoid this | 10:46 |
andytoshi | at the cost of privacy, ofc | 10:46 |
waxwing | i guess there's no way to throw other nums basepoints at this since the whole point is that all the k-s are supposed to be in the same summation set. | 10:48 |
waxwing | proslogion was just reminding me about proof of discrete log equivalence, hmm | 10:49 |
-!- jannes [~jannes@178.132.211.90] has quit [Quit: Leaving] | 10:50 | |
andytoshi | i've thought about this a bit but i haven't come up with anything | 10:51 |
-!- proslogion [~proslogio@130.159.61.235] has joined #bitcoin-wizards | 10:53 | |
-!- pro [~pro@unaffiliated/pro] has quit [Quit: Leaving] | 10:55 | |
-!- pro [~pro@unaffiliated/pro] has joined #bitcoin-wizards | 10:56 | |
-!- zooko [~user@c-73-217-16-2.hsd1.co.comcast.net] has quit [Ping timeout: 264 seconds] | 11:05 | |
-!- N0S4A2 [~weechat@174.127.172.104] has quit [Quit: WeeChat 1.5] | 11:09 | |
maaku | https://eprint.iacr.org/2015/1028.pdf | 11:10 |
-!- mdavid6131 [~Adium@cpe-172-251-161-231.socal.res.rr.com] has joined #bitcoin-wizards | 11:13 | |
-!- mdavid613 [~Adium@cpe-172-251-161-231.socal.res.rr.com] has quit [Ping timeout: 265 seconds] | 11:15 | |
@gmaxwell | maaku: these schemes for incremental hashing do not support efficient membership proofs, right? | 11:19 |
-!- jaekwon [~jaekwon@2601:645:c001:263a:cd83:70eb:992c:718c] has quit [Remote host closed the connection] | 11:20 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 11:22 | |
bsm117532 | I'm not aware of one that does, I've also looked into this. I'd also like to find one that was constant size. | 11:22 |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 260 seconds] | 11:24 | |
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has left #bitcoin-wizards ["http://quassel-irc.org - Chat comfortably. Anywhere."] | 11:25 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Ping timeout: 250 seconds] | 11:26 | |
-!- dEBRUYNE [~dEBRUYNE@unaffiliated/debruyne] has quit [Ping timeout: 265 seconds] | 11:28 | |
bsm117532 | I've been wondering if there's an information-theoretic argument that an incremental hash function must be log(n) in terms of the number of stored elements, as this seems to be the case in the paper maaku linked. | 11:28 |
-!- dEBRUYNE [~dEBRUYNE@unaffiliated/debruyne] has joined #bitcoin-wizards | 11:29 | |
-!- mn3monic_ [~guido@176.9.68.68] has joined #bitcoin-wizards | 11:50 | |
-!- o3u [o3u@unaffiliated/o3u] has joined #bitcoin-wizards | 11:50 | |
-!- so_ [~so@unaffiliated/so] has joined #bitcoin-wizards | 11:50 | |
-!- livegnik_ [~livegnik@bnw.7c0.nl] has joined #bitcoin-wizards | 11:50 | |
-!- Netsplit *.net <-> *.split quits: BonyM, mn3monic, Fistful_of_Coins, luke-jr, so, livegnik, RedEmerald, Guyver2, mr_burdell | 11:50 | |
-!- Netsplit over, joins: mr_burdell | 11:50 | |
-!- Netsplit over, joins: RedEmerald | 11:50 | |
-!- Netsplit over, joins: luke-jr | 11:51 | |
-!- BonyM1 [~BonyM-I@ua-83-227-211-4.cust.bredbandsbolaget.se] has joined #bitcoin-wizards | 11:52 | |
-!- qpm [~qpm@unaffiliated/midnightmagic/bot/qpm] has quit [Ping timeout: 240 seconds] | 11:52 | |
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards | 11:53 | |
-!- qpm [~qpm@unaffiliated/midnightmagic/bot/qpm] has joined #bitcoin-wizards | 11:54 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 12:05 | |
-!- proslogion [~proslogio@130.159.61.235] has quit [Ping timeout: 240 seconds] | 12:08 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 250 seconds] | 12:09 | |
-!- bildramer [~bildramer@80.106.204.148] has joined #bitcoin-wizards | 12:17 | |
-!- bildramer [~bildramer@80.106.204.148] has quit [Read error: Connection reset by peer] | 12:20 | |
-!- bildramer [~bildramer@80.106.204.148] has joined #bitcoin-wizards | 12:29 | |
Taek | I've thought some about the monitor issue with regards to OWAS/JoinMarket/MW/etc, and perhaps you could do some peer assignment | 12:38 |
Taek | meaning, you have some method for selecting peers each block that are in charge of merging everything | 12:39 |
Taek | you let those peers access (as little as possible) the de-anonymizing data, and then rely on them to merge everything into one giant transaction without sharing the data | 12:39 |
Taek | maybe you also slip them a little something in transaction fees | 12:40 |
Taek | sometimes monitors/enemies *will* end up as the selected peer / one of the selected peers | 12:40 |
Taek | but this is still better than situations where the monitor gets to view most everything all of the time | 12:40 |
Taek | and, a lot of forensics really relies on being able to see multiple steps | 12:40 |
Taek | if a monitor is only able to view the transaction history every other block, it's more likely that they will have critical gaps which prevent them from doing full de-anonymization | 12:41 |
Taek | The method for selecting peers would need some Sybil resistence, and given the miner centralization I would not use PoW to determine who to choose as the de-anonymizer | 12:43 |
Taek | plus you'd have to accept a DoS vulnerability, as occasionally peers may refuse to participate without you realizing that you should move on to the next peer | 12:44 |
Taek | Maybe you could employ some sort of WoT technique. You ~approx trust the 8 peers you are connected to, so you sign off on their uptime/reliability. Every node does this, so you can form an approximate graph of the network based on peer uptime | 12:45 |
Taek | you can ignore any weightings over N hops, perhaps 2. | 12:45 |
Taek | This gives you *some* resistance to Sybil attacks. Then you have some technique for using the peer id (either a pubkey or an ip address) and the hash of the most recent block for determining which has the highest score | 12:46 |
Taek | If your pool is 8^3 large, and most of those nodes have high uptime, there's a good chance that a large number of other nodes are sending the winner transactions as well | 12:47 |
Taek | (*handwave*) | 12:47 |
Taek | Then you still need the winning nodes to have a way to talk to eachother and combine transactions, but at that point the anonymity set is greatly improved | 12:48 |
instagibbs | Trusted mixers will most likely work fine, imo. | 12:49 |
waxwing | like Bitcoin VPNs? :) | 12:50 |
instagibbs | Guard Nodes, but for aggregating transactions | 12:50 |
instagibbs | Run them over Tor, on a hardened HSM | 12:50 |
* instagibbs handwaves | 12:51 | |
instagibbs | Any wallets with co-signing services already get a bunch of protection, and why wouldn't each service gossip to each other first before releasing batches, etc. | 12:52 |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards | 12:55 | |
-!- MoALTz [~no@78-11-183-124.static.ip.netia.com.pl] has quit [Quit: Leaving] | 13:00 | |
Taek | Would be interesting to have something like guard node HSMs that get distributed by a company like Blockstream, where the HSM public key is signed by multiple members of the ecosystem | 13:05 |
Taek | then all transactions get encrypted such that only the HSM can decrypt them | 13:05 |
kanzure | you mean PKI things? | 13:08 |
kanzure | er, CA things | 13:08 |
Taek | similar, except that the CA in this case is authenticating an HSM instead of a tls key | 13:09 |
andytoshi | neat, so the idea is that encrypted transactions go out, the HSMs are the only ones that can decode these, and they only output merged transactions | 13:12 |
Taek | yeah. With the idea being that an adversary with an HSM is not going to be able to use it to figure out what the decrypted inputs are | 13:13 |
Taek | I'm not sure how hard it is to pull the key out of an HSM | 13:13 |
andytoshi | for a proper HSM you need an electron microscope and you need to know how to dissemble it without it triggering key erasure | 13:13 |
andytoshi | you could also do this in a way that you can detect if an HSM has not included your transaction (and won't), then you can encrypt to another HSM without worrying about causing conflicts | 13:16 |
kanzure | i wonder if you could make it so that for transaction merging you could split it among multiple machines without any machine seeing the pre-merged transaction itself | 13:16 |
kanzure | er, see the entire pre-merged transactions | 13:17 |
Taek | oh hmm. So you give an output to 1 machine, another output to another, input to another, etc, and then when they all combine they get the right answer? | 13:17 |
Taek | seems easy to DoS though, just make a transaction that's missing an output | 13:18 |
kanzure | like all denial-of-service problems this one can be solved by requiring a fee | 13:18 |
-!- marcinja [~marcinja@dhcp-18-111-88-96.dyn.mit.edu] has joined #bitcoin-wizards | 13:23 | |
nickler | There's probably no need to trust the HSM. There are lots of protocols that prevent revealing input/output relationships the the centralized mixer like coinshuffle++ or tumblebit. With mimblewimble they can probably be simplified. | 13:25 |
waxwing | good point, but coinshuffle++ has a fair amount of interactivity right (dc-net) | 13:26 |
-!- zooko [~user@73.95.139.83] has joined #bitcoin-wizards | 13:27 | |
instagibbs | reintroducing interactivity makes baby Voldemort cry | 13:29 |
waxwing | just thinking, why not have a ring signature over multiple kG values? | 13:29 |
kanzure | instagibbs: some forms of interactivity are tolerable, like in p2p transactions before broadcast, might not be end of world | 13:31 |
-!- zooko` [~user@c-73-14-173-69.hsd1.co.comcast.net] has joined #bitcoin-wizards | 13:39 | |
-!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has quit [Quit: Leaving] | 13:40 | |
-!- zooko [~user@73.95.139.83] has quit [Ping timeout: 265 seconds] | 13:40 | |
-!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards | 13:43 | |
nsh | andytoshi, would it be possible to create a MW-merged transaction of [some subset of] existing alpha-CT blockchain retrospectively? | 13:44 |
-!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has quit [Ping timeout: 240 seconds] | 13:46 | |
-!- contrapumpkin is now known as copumpkin | 13:47 | |
andytoshi | nsh: nope, unfortunately, becuase the exsting alpha-CT chain uses scriptsigs for authentication | 13:48 |
* nsh nods | 13:50 | |
-!- LeMiner2 [LeMiner@unaffiliated/leminer] has quit [Read error: Connection reset by peer] | 13:55 | |
-!- LeMiner2 [LeMiner@5ED1AFBF.cm-7-2c.dynamic.ziggo.nl] has joined #bitcoin-wizards | 13:55 | |
-!- jtimon [~quassel@55.31.134.37.dynamic.jazztel.es] has joined #bitcoin-wizards | 14:00 | |
-!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has joined #bitcoin-wizards | 14:02 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 14:05 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 258 seconds] | 14:08 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 276 seconds] | 14:10 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards | 14:24 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 14:26 | |
-!- byteflame [~byteflame@70-89-65-45-little-rock-ar.hfc.comcastbusiness.net] has quit [Ping timeout: 260 seconds] | 14:27 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 244 seconds] | 14:30 | |
-!- bildramer [~bildramer@80.106.204.148] has quit [Ping timeout: 276 seconds] | 14:31 | |
-!- marcinja [~marcinja@dhcp-18-111-88-96.dyn.mit.edu] has quit [Remote host closed the connection] | 14:35 | |
-!- bildramer [~bildramer@ppp-94-67-125-5.home.otenet.gr] has joined #bitcoin-wizards | 14:35 | |
nsh | as a node syncing with MW, i construct eventually from honest nodes a chain that has all explicit inputs, a current UTXOset in the form of pederson commitments, with merkle proofs that each commitment reallocated r-values representing spending authority in such a way that ownership of spendable r-values derive ultimately from explicit inputs through a series of steps [of indeterminate number] keepin | 14:40 |
nsh | g total value invariant? | 14:40 |
nsh | and i settle upon this chain because it has the longest PoW still? | 14:40 |
nsh | the k-values i get with the latest block allow me to prove that the commitments sum to zero and there is a non-inflationary history from genesis | 14:41 |
nsh | but i am aghostic of the possible histories in terms of ownership [re]allocation and output age | 14:42 |
nsh | however, transactors can prove a transaction occurred at what chain height and can give a minimum age to an implicit output | 14:43 |
nsh | is that roughly accurate, andytoshi? | 14:43 |
nsh | as far as i'm concerned the genesis could have been followed by a single block that merged all the transactions, but i know the extent of history still from block height [assuming things about block discovery time distribution] and i know something about the complexity of the transaction graph from the merkle proofs and cumulative k-values? | 14:45 |
nsh | [as far as i'm concerned regarding non-inflation and non-theft] | 14:46 |
-!- proslogion [~proslogio@2.217.2.220] has joined #bitcoin-wizards | 14:46 | |
proslogion | it's perhaps trivial, that if everyone using mimblewimble signs with the same nonce, then all k_n*G signatures can be aggregated into one | 14:47 |
proslogion | which of course has serious problems | 14:47 |
cjd | oh cool mw conversaion :D | 14:50 |
bsm117532 | How do forks work with MW? Does one choose to keep a (sub)set of past blocks, and then discard them when you're reasonably sure that a reorg can't happen? Is there a danger that history is lost and a reorg can't be performed? | 14:51 |
cjd | bsm117532: AFAICT you can basically just scrap everything and revalidate from zero if there is a reorg | 14:51 |
cjd | 22:40 < nsh> and i settle upon this chain because it has the longest PoW still? <-- yes | 14:52 |
cjd | 22:43 < nsh> however, transactors can prove a transaction occurred at what chain height and can give a minimum age to an implicit output <-- no because the transaction outputs are unglued from the inputs and unglued from the block, all you know is that they're valid | 14:53 |
-!- Emcy_ [~MC@cpc3-swan1-0-0-cust1003.7-3.cable.virginm.net] has joined #bitcoin-wizards | 14:53 | |
-!- Emcy_ [~MC@cpc3-swan1-0-0-cust1003.7-3.cable.virginm.net] has quit [Changing host] | 14:53 | |
-!- Emcy_ [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards | 14:53 | |
cjd | I am speaking from what I understand, I might also be very wrong | 14:54 |
sipa | cjd: if you have 'merged' multiple blocks together, you don't have the ability to only validate part of it | 14:54 |
sipa | you could download it again from the network of course, assuming someone kept the non-merged blocks | 14:54 |
cjd | You have only outputs in memory and you just reorg the header chain then add everything up, no? | 14:55 |
sipa | but you don't know the outputs that were spent by the blocks that are reorged | 14:55 |
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-egccbcfottwkanyi] has joined #bitcoin-wizards | 14:56 | |
nsh | i think if you store your receipt rangeproof and blinding value, then you can prove afterwards that you participated in a transaction by signing the blinding value and showing that it rewinds the proof | 14:56 |
-!- Emcy [~MC@unaffiliated/mc1984] has quit [Ping timeout: 265 seconds] | 14:56 | |
cjd | ahh indeed so when you reorg you both add and remove utxos | 14:56 |
nsh | but this still depends on some nodes storing more than is required for consensus | 14:56 |
nsh | i think | 14:56 |
sipa | i expect that every node will just not merge the blocks at the tip | 14:56 |
sipa | everyone will keep some range of blocks unmerged, to deal with reorgs | 14:57 |
@gmaxwell | Assuming you only care about MW-security you can just sync the new header chain and then do set reconciliation to change to the new utxo set. | 14:57 |
cjd | ^^this | 14:57 |
@gmaxwell | Then you don't even need to deal with reorgs. | 14:57 |
sipa | what is MW security? | 14:57 |
@gmaxwell | (By MW security I mean the anti-inflation and anti-theft properties of MW, rather than, say, script validation) | 14:57 |
nsh | ( Simple Multi-Party Set Reconciliation [with invertable bloom look-up tables] -- http://arxiv.org/abs/1311.2037 ) | 14:58 |
cjd | So I also have a concern with the proposal, can't Eve just create a spend transaction for money that's not hers but then add an output for which she does not know the key and plow a little bit of money into the ground ? It seems to me that outputs must sign themselves... | 14:59 |
@gmaxwell | I'm pretty disenchanted by iblt. The constant factors kill its performance. But whatever, there are other approaches to set reconciliation. | 14:59 |
@gmaxwell | cjd: eve cannot produce a rangeproof for a junk output. | 14:59 |
nsh | this might be more suited: https://www.ics.uci.edu/~eppstein/pubs/EppGooUye-SIGCOMM-11.pdf | 14:59 |
cjd | ahh I see, I had imagined it without the rangeproof since it seems not required | 15:00 |
nsh | i don't think you can prove you transacted without saving the range-proof | 15:00 |
nsh | but i could be wrong | 15:00 |
cjd | ehhh hang on a sec | 15:00 |
cjd | you range proof vG but you still can add arbitrary rH | 15:00 |
nsh | (you can prove by letting people spend your currently-spendable outputs but that's less fun) | 15:00 |
@gmaxwell | nsh: this is what I like: https://www.cs.bu.edu/~reyzin/code/fuzzy.html | 15:00 |
cjd | you don't know r so you make up a number to balance the budget... | 15:01 |
nsh | oh right, you can use another knapsack | 15:01 |
nsh | that's fine then | 15:01 |
nsh | gmaxwell, cool, ty | 15:01 |
cjd | hmm it seems that somehow you need to prove knowledge of v *and* r in order to not be making up magical numbers to balance the sum | 15:03 |
proslogion | that's what k*G is for | 15:07 |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds] | 15:07 | |
cjd | maybe I'm being silly here but this is my attack: I make a transaction which pays out a zillion coins to myself and I tag on a little signature | 15:09 |
cjd | I add up the outputs and subtract the inputs and the signature, ok problem it's not zero | 15:09 |
cjd | now I add a new output which pays 0.00001 and it pays it to a key which I don't have the private key but the public key is the sum of all the above plus the new output value (times H) which I just added | 15:10 |
cjd | presto valid transaction | 15:10 |
cjd | or not ? | 15:10 |
nsh | you don't pay to keys in CT | 15:11 |
cjd | CT ? | 15:11 |
nsh | confidential transactions | 15:11 |
cjd | ok what do you call them? They're things which you point-multiply | 15:12 |
nsh | so inputs and outputs are points, you interactive create a commitment that proves the sum to zero | 15:12 |
nsh | *interactively | 15:12 |
nsh | *they | 15:12 |
cjd | right, and I can make it zero by adding an arbitrary output which I cannot spend... | 15:13 |
nsh | so the recipient choses their outputs | 15:13 |
nsh | after the sender has committed | 15:13 |
nsh | or pre-half-committed, i don't know | 15:14 |
cjd | If you don't make me prove knowledge of the private key somehow, I will always be able to balance anything to zero | 15:14 |
cjd | by private key I mean "the value of r", in practice it is effectively a private key | 15:15 |
nsh | sure | 15:16 |
nsh | you prove knowledge of the private keys for unspent outputs by committing to a blinding multiple of the H-generator that cancels out the amount multiple of the G generator | 15:16 |
nsh | (you inherit this ability to match G and H multiples from when you were paid those outputs) | 15:17 |
cjd | ok you lost me, what exactly is it that the sender and recipient broadcast to the rest of the world ? [ inputID, r*G, v*H, proof_v_is_in_range ] ? | 15:19 |
cjd | that and a signature across emptystring to prove knowledge of the difference ? | 15:20 |
cjd | If that's all you're sending then you're not proving knowledge of r and if I can put multiple outputs in a transaction then your protocol is going to be funny | 15:20 |
nsh | well, in alpha's CT txs are broadcast more like bitcoin. in MW you'd broadcast the pederson commitment, the excess blinding value and the empty string signed with its discrete logarithm | 15:21 |
cjd | I don't know CT at all, I only read MW | 15:21 |
cjd | oh in leu of the range proof, you could make v be a 256 bit number where the lower 64 bits are the value and then sign v*H using v | 15:23 |
cjd | that's a proof of knowledge | 15:23 |
cjd | and if r*G is signed with r then I can nolonger add silly crap to balance the sum | 15:23 |
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Quit: :)] | 15:35 | |
-!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has quit [Quit: Leaving] | 15:37 | |
nsh | letting any of the v be chosen by either participant breaks the security model. v must be dictated by the prior inputs, the sender's precommitment and recipient's blinding factor choices for their outputs | 15:38 |
-!- Giszmo [~leo@ip5f5ac08d.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.] | 15:40 | |
cjd | yeah I guess you're right | 15:43 |
cjd | it sounded nice | 15:43 |
-!- mdavid6131 [~Adium@cpe-172-251-161-231.socal.res.rr.com] has quit [Quit: Leaving.] | 15:48 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 15:52 | |
-!- Emcy_ [~MC@unaffiliated/mc1984] has quit [Ping timeout: 252 seconds] | 16:06 | |
-!- Emcy [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards | 16:12 | |
-!- mdavid613 [~Adium@cpe-172-251-161-231.socal.res.rr.com] has joined #bitcoin-wizards | 16:13 | |
-!- zooko` [~user@c-73-14-173-69.hsd1.co.comcast.net] has quit [Ping timeout: 276 seconds] | 16:14 | |
-!- proslogion [~proslogio@2.217.2.220] has quit [Ping timeout: 258 seconds] | 16:16 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 244 seconds] | 16:22 | |
-!- renlord [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 16:26 | |
-!- proslogion [~proslogio@130.159.234.219] has joined #bitcoin-wizards | 16:29 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 16:46 | |
andytoshi | nsh: you can fix the age thing by means of having each block commit to the utxoset. but yep, that sounds right | 16:47 |
andytoshi | lol proslogion, if i know your nonce then i know your secret key | 16:47 |
andytoshi | cjd: the CT rangeproof forces you to know r | 16:50 |
cjd | ok thanks, I guessed that it must be such after thinking more, certainly such an elementry error would not go overlooked | 16:51 |
andytoshi | yep. and you definitely can't sign the excess values with the r value from an output, that links all the outputs :) | 16:51 |
cjd | So my understanding is that MW requires these signatures of emptystring to persist forever, is this correct ? | 16:52 |
andytoshi | cjd: but even without that, observe that if every output has a rangeproof of being in [0, 2^64], you can't make outputs with negative values anyway | 16:52 |
andytoshi | cjd: correct | 16:52 |
cjd | Ahh no, I meant to sign the output itself using the output's r which would not link it to stuff but might reveal things | 16:52 |
andytoshi | unless they can be aggregated somehow (if it used a pairing based curve this could be done) | 16:52 |
cjd | Ok I believe I have a solution | 16:52 |
andytoshi | cjd: ah, yeah, understood. that is not necessary, the rangeproof itself is effectively a signature with r | 16:53 |
cjd | perfect | 16:53 |
cjd | Suppose I make a payment to you and so I pass you the sum of inputs and outputs for you to add in your output, then you and I both bcast the transaction incomplete with the sum of all of our input and output private values and the remaining value (fee) | 16:54 |
cjd | the miner is a participant in the transaction, he adds another output to take the fee and thus he is the one who makes the signature on emptystring | 16:54 |
cjd | but then he can produce only one per block | 16:54 |
cjd | am I talking shit? | 16:54 |
andytoshi | cjd: he can put as many outputs as he likes. he's gotta add another k*G value to be sure that nobody else can know this output's key | 16:55 |
andytoshi | and he can do a single output for every transaction that he's received | 16:55 |
cjd | right | 16:56 |
cjd | and if I am not mistaken, he needs only one signature to balance the entire block | 16:56 |
andytoshi | yep | 16:56 |
-!- JackH [~Jack@79-73-188-45.dynamic.dsl.as9105.com] has quit [Ping timeout: 252 seconds] | 16:57 | |
proslogion | andytoshi: sorry, only meant the pubkey of the nonce | 16:57 |
andytoshi | proslogion: ah, yes, though this requires interaction | 16:57 |
proslogion | true | 16:57 |
cjd | furthermore, we can as a matter of protocol, we can require that he rebalances out that signature in order to spend the fee money | 16:57 |
-!- rhett [~rhett@c-73-223-86-218.hsd1.ca.comcast.net] has joined #bitcoin-wizards | 16:57 | |
cjd | but if we are paying 64 bytes per block, we have already made a breakthrough | 16:58 |
cjd | Now, can we make this post-quantum ? :) | 16:58 |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Remote host closed the connection] | 17:00 | |
cjd | or wait, do we even need to add the signature at all? can we not just make that value become one of the outputs for the miner ? | 17:00 |
-!- rhett [~rhett@c-73-223-86-218.hsd1.ca.comcast.net] has quit [Client Quit] | 17:00 | |
-!- jaekwon [~jaekwon@108-239-230-147.lightspeed.sntcca.sbcglobal.net] has joined #bitcoin-wizards | 17:01 | |
cjd | assuming the miner mines pays out to at least 2 outputs and he knows the sum of secrets, he can make the first value be secret and the second value is what is needed to balance the numbers, he will need to be sure to store this secret key to disk as soon as he mines the block | 17:01 |
cjd | but being a miner he should be capable of handing that | 17:01 |
andytoshi | cjd: the sum of secrets is sufficient knowledge to spend both outputs at once | 17:02 |
andytoshi | so if the rest of the block was created by one person, and the miner does not add a kG, his money can be stolen by that person | 17:02 |
cjd | argh right :) 3 | 17:02 |
andytoshi | yup :( | 17:02 |
andytoshi | i had a similar scheme before MW came out that made exactly this mistake | 17:02 |
cjd | requiring the miner to produce 3 outputs is not a serious harm though | 17:02 |
-!- blockzombie [~blockzomb@eth59-167-133-100.static.internode.on.net] has joined #bitcoin-wizards | 17:03 | |
cjd | now what about post-quantum? have you looked at it at all ? | 17:03 |
andytoshi | cjd: 3 outputs doesn't help, one output plus an extra kG value is sufficent | 17:05 |
andytoshi | as far as post-quantum, oleganza tells me he has a scheme for making CT quantum-safe, but i don't know any details yet | 17:05 |
andytoshi | and i haven't thought at all about how that would affect mimblewimble | 17:06 |
cjd | ok if you find pederson type stuff that runs post-quantum, please ping me | 17:06 |
andytoshi | probably mimblewimble would be screwed, because "quantum safe" simply means that inflation remains impossible | 17:06 |
-!- proslogion [~proslogio@130.159.234.219] has quit [Ping timeout: 260 seconds] | 17:06 | |
-!- Emcy_ [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards | 17:06 | |
andytoshi | it does -not- mean that the commitments stay hidden | 17:06 |
andytoshi | i will absolutely. this interests me as well | 17:06 |
andytoshi | i might hafta go back to school and talk to the lattice people, i'm sure something similar can be done.. | 17:07 |
cjd | right | 17:07 |
cjd | lattice or polynomials | 17:07 |
andytoshi | maybe even LWE | 17:08 |
cjd | I got really excited by HElib which does homomorphic and is thought by some people to be post-quantum but alas it does not have communitive behavior | 17:08 |
cjd | but I got to brush up on C++ and have fun with polynomials | 17:08 |
andytoshi | use rust ;) | 17:09 |
cjd | no, you have to write things in other languages so you can *rewrite* them in rust | 17:09 |
-!- Emcy [~MC@unaffiliated/mc1984] has quit [Ping timeout: 276 seconds] | 17:10 | |
cjd | (it's a meme, rust community people are constantly asking for everyhing to be rewritten in rust) | 17:10 |
andytoshi | oh, ofc, otherwise you'll never be able to rewrite everything in rust | 17:10 |
andytoshi | yep :P | 17:10 |
cjd | ok I see the problem re sum of secrets | 17:10 |
cjd | I'm annoyed that there is no solution and you have to sum entries for each block but dammit, 64 bytes per block is not bad | 17:11 |
andytoshi | welll, with a pairing-friendly curve you can aggregate all the kG values and their signatures | 17:11 |
-!- Sleepnbum [Sleepnbum@72.67.47.196] has quit [Ping timeout: 250 seconds] | 17:12 | |
cjd | I'd rather KISS because I want everything to run twice, once over a curve and second time using something post-quantum | 17:12 |
cjd | if we're going to do another blockchain, IMO it's mandatory | 17:12 |
@gmaxwell | it appears to be currently impossible to construct schemes like this that are usefully 'post-quantum'. | 17:14 |
-!- dEBRUYNE [~dEBRUYNE@unaffiliated/debruyne] has quit [Quit: Leaving] | 17:14 | |
@gmaxwell | The kind of homomorphism that makes this work is also what makes discrete log easy on quantum computers. | 17:14 |
cjd | that's... annoying | 17:15 |
sipa | there is not even an efficient equivalent to diffie-hellman exchange in PQC, right? | 17:17 |
@gmaxwell | sipa: depends on how you define efficient. | 17:17 |
@gmaxwell | The isogenies ladder thing is kind of efficient. I've linked to it in here before. | 17:18 |
cjd | This: https://en.wikipedia.org/wiki/Supersingular_isogeny_key_exchange claims to be DH like | 17:18 |
@gmaxwell | thats what I'm referring to. | 17:18 |
sipa | oh, ok | 17:18 |
@gmaxwell | who knows if its even classically secure... | 17:19 |
* sipa hides in a superposition of corners | 17:19 | |
cjd | But we need what is effectively homomorphic encryption but with communitivity | 17:19 |
@gmaxwell | probably only a few dozen people in the world really understand it at a level enough to begin to evaluate its security. | 17:19 |
cjd | IMO it's not harmful to roll out something without fully understanding it as long as you're backed up by well understood curves | 17:20 |
sipa | commutativity? | 17:20 |
sipa | or what is communitivity | 17:20 |
cjd | x + y == y + x | 17:21 |
-!- Tiraspollll is now known as Tiraspolll | 17:21 | |
sipa | yes, commuativity, not communitivity | 17:21 |
cjd | oh, I can't spell - as usual, sorry | 17:21 |
sipa | seems i can't either | 17:21 |
@gmaxwell | cjd: if you just define the requirement as have commuativity, then that alone is pretty much sufficient to make it insecure against quantum computers. | 17:22 |
cjd | I'm probably using the wrong word here, I mean that basically for any given plaintext there is a single ciphertext | 17:22 |
sipa | gmaxwell: did you copy paste my misspelling? | 17:22 |
cjd | yeah, that's annoying | 17:22 |
@gmaxwell | yes. | 17:22 |
@gmaxwell | I can't spell that word either, I was waiting for one of you to use it. | 17:23 |
cjd | btw is there any plan to add an opcode to do like NTRU or something ? | 17:23 |
@gmaxwell | ugh. no. | 17:23 |
* andytoshi gets to use his math degree! | 17:23 | |
andytoshi | "commutativity" | 17:23 |
@gmaxwell | There is a straightforward path to have PQ secure bitcoin-- use hash based signatures. | 17:23 |
cjd | ahh cool | 17:23 |
cjd | that would make a neat press release | 17:24 |
@gmaxwell | Virtually all other PQ signature schemes are a pile of hopes and handwaves and also slow enough to verify to be problematic. | 17:24 |
andytoshi | interestingly we can get a OWAS-like system that is also purely hash-based | 17:24 |
andytoshi | that gmaxwell wrote about a couple years ago .. lemme see if i can find it | 17:24 |
sipa | cjd: we even know how to introduce PQ crypto in such a way that the blockchain isn't burdened before EC actually becomes insecure | 17:24 |
kanzure | https://bitcointalk.org/index.php?topic=284194.0 | 17:24 |
@gmaxwell | I implemented hash based signatures eons ago, but just didn't publish it because I didn't want to deal with it showing up in idiotic altcoins. | 17:24 |
andytoshi | https://download.wpsoftware.net/bitcoin/wizards/2014-06-22.html | 17:24 |
kanzure | https://bitcointalk.org/index.php?topic=47037.0 | 17:24 |
cjd | haha | 17:24 |
sipa | cjd: by making all wallets use a 1-of-2 (EC or PQ) keys | 17:25 |
cjd | anything which is PQ should be 2 of 2 | 17:25 |
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-egccbcfottwkanyi] has quit [Quit: Connection closed for inactivity] | 17:25 | |
cjd | EC & PQ | 17:25 |
@gmaxwell | What sipa is referring to is a construction where you do a IF { AREWEPOSTQUANTUMYET_VERIFY standard checksig } ELSE { HASHBASED_PUBKEY }... and then after doomsday you just turn AREWEPOSTQUANTUMYET abort on execution. | 17:26 |
cjd | oh wait, this is hash based, so indeed it's really boring and you can trust it | 17:26 |
andytoshi | you could make it so that the 1-of-2 is softforkable into a 2-of-2 | 17:26 |
andytoshi | oh greg beat me to it | 17:26 |
sipa | into a 1-of-1, really | 17:26 |
@gmaxwell | andytoshi: well I described it a bit differently. 1 of 2 into a 1 of 1. but same kind of thinking aplies. | 17:26 |
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Read error: Connection reset by peer] | 17:26 | |
cjd | Personally I would want to have PQ addresses | 17:27 |
sipa | !hi5 gmaxwell | 17:27 |
gribble | Error: "hi5" is not a valid command. | 17:27 |
cjd | I mean we're not going to know when we're PQ, just the number of tin-hatters will grow slowly until it includes everyone | 17:27 |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 17:28 | |
sipa | nah, i'm sure there will be quantum denyers | 17:28 |
cjd | :) | 17:28 |
@gmaxwell | the address reuse problem though is especially annoying with space efficient hash based signatures. | 17:28 |
cjd | oh right, there is a security issue using an addr after you spent from it, right ? | 17:29 |
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards | 17:30 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 276 seconds] | 17:31 | |
cjd | In addition, our construction yields two more interesting features: 1) the ability to "convert" a Pedersen commitment into a lattice-based one | 17:32 |
cjd | http://eprint.iacr.org/2015/628/20150630:185350 | 17:32 |
cjd | Have not read (flipped thorough) it yet | 17:32 |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards | 17:33 | |
-!- Cloudflare [~hmullerdo@unaffiliated/cloudflare] has joined #bitcoin-wizards | 17:36 | |
Cloudflare | hi | 17:36 |
@gmaxwell | I haven't seen that paper, but I've seen one of the papers it references; and IIRC it only gave a PoK but does not have full additive homorphism. | 17:36 |
cjd | ok that's no good, I'm trying to seek in on the spot where they make their promises now... | 17:37 |
-!- Sleepnbum [~Sleepnbum@173.55.57.163] has joined #bitcoin-wizards | 17:37 | |
@gmaxwell | it's not difficult to make a plain pedersen like commitment unconditionally sound, (but not unconditionally private)-- an elgammal ciphertext is an example of that. | 17:37 |
@gmaxwell | though it's easy to prove that something cannot be both unconditionally sound and unconditionally hiding, at least one of the two must be only a computational guarentee. | 17:38 |
-!- renlord is now known as pocoyo | 17:38 | |
cjd | if you can't add them up, what is the value over a concatinate-and-hash commitment ? | 17:39 |
Cloudflare | quit | 17:40 |
Cloudflare | this | 17:40 |
Cloudflare | channel | 17:40 |
-!- Cloudflare [~hmullerdo@unaffiliated/cloudflare] has quit [Quit: WeeChat 1.5] | 17:40 | |
@gmaxwell | because their scheme is still unconditionally hiding. | 17:41 |
-!- bumtime [~Sleepnbum@173.55.57.163] has joined #bitcoin-wizards | 17:41 | |
-!- Sleepnbum [~Sleepnbum@173.55.57.163] has quit [Ping timeout: 244 seconds] | 17:41 | |
cjd | so basically they're rules-lawyering their paper into relevance :) | 17:41 |
andytoshi | this appears to be weakly additively homomorphic, if you add too many commitments together then it'll fail to be binding to the sum | 17:42 |
cjd | hmm interesting | 17:42 |
andytoshi | it's possible (though i'd have to run through their calcs precisely) that you can add two commitments together while retaining bindingness, without compromising security, and then do this "reblinding" thing | 17:42 |
cjd | right, the HElib does this | 17:43 |
cjd | they keep a noise parameter and you can reEncrypt to bring down the noise | 17:43 |
@gmaxwell | andytoshi: AFAICT though their reblinding requires you know the commited value. | 17:43 |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Remote host closed the connection] | 17:46 | |
andytoshi | maybe we don't need unblinding. if you say that within a single transaction everything has to add to a commitment to zero, maybe this forces the noise on all outputs to be small (but still hiding? i dunno) | 17:47 |
andytoshi | s/unblinding/reblinding/ | 17:47 |
andytoshi | will need to look into SVP lattice ring signatures .. *handwave handwave* this almost looks like we can import your rangeproofs into this system, it's so pedersen-like | 17:48 |
andytoshi | but the security parameters in quantum crypto are weird. it's hard to say "x bits", you've got these radii and gaussian probabilites, i don't know how to think about them | 17:49 |
cjd | hmm | 17:52 |
cjd | I'm bad at math but I caught on to this HElib and I was playing with it, it allows you to encrypt a value with a public key and then add encrypted values | 17:53 |
cjd | and it's based on NTRU | 17:53 |
-!- iwilcox [~iwilcox@unaffiliated/iwilcox] has quit [Remote host closed the connection] | 17:54 | |
cjd | I can encrypt, add, decrypt but if I encrypt and add a set of polynomials which sum to zero, I do not get the same encrypted content at a plain 0 polynomial | 17:55 |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 17:59 | |
-!- Cloudflare [~hmullerdo@unaffiliated/cloudflare] has joined #bitcoin-wizards | 18:12 | |
-!- Cloudflare [~hmullerdo@unaffiliated/cloudflare] has quit [Quit: WeeChat 1.5] | 18:12 | |
-!- Cloudflare [~cloudflar@unaffiliated/cloudflare] has joined #bitcoin-wizards | 18:15 | |
Cloudflare | yo | 18:15 |
Cloudflare | pocoyo: sup | 18:15 |
-!- jaekwon [~jaekwon@108-239-230-147.lightspeed.sntcca.sbcglobal.net] has quit [Remote host closed the connection] | 18:15 | |
-!- jaekwon [~jaekwon@108-239-230-147.lightspeed.sntcca.sbcglobal.net] has joined #bitcoin-wizards | 18:19 | |
-!- pro [~pro@unaffiliated/pro] has quit [Quit: Leaving] | 18:20 | |
-!- bumtime [~Sleepnbum@173.55.57.163] has quit [Ping timeout: 260 seconds] | 18:23 | |
@gmaxwell | Cloudflare: http://i.stack.imgur.com/dzUaZ.png | 18:23 |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Remote host closed the connection] | 18:37 | |
Cloudflare | gmaxwell: hahaha | 18:46 |
Cloudflare | that's amazing | 18:46 |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds] | 18:49 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards | 19:00 | |
-!- mdavid613 [~Adium@cpe-172-251-161-231.socal.res.rr.com] has quit [Quit: Leaving.] | 19:06 | |
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 258 seconds] | 19:06 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 258 seconds] | 19:11 | |
-!- cyphase_eviltwin [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards | 19:16 | |
-!- Sleepnbum [~Sleepnbum@173.55.57.163] has joined #bitcoin-wizards | 19:18 | |
-!- jaekwon [~jaekwon@108-239-230-147.lightspeed.sntcca.sbcglobal.net] has quit [Remote host closed the connection] | 19:21 | |
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards | 19:26 | |
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit [Remote host closed the connection] | 19:27 | |
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards | 19:27 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards | 19:28 | |
-!- pocoyo [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 244 seconds] | 19:32 | |
-!- blockzombie [~blockzomb@eth59-167-133-100.static.internode.on.net] has quit [Remote host closed the connection] | 19:33 | |
-!- blockzombie [~blockzomb@eth59-167-133-100.static.internode.on.net] has joined #bitcoin-wizards | 19:34 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 19:44 | |
-!- thesnark [~mike@unaffiliated/thesnark] has quit [Remote host closed the connection] | 19:47 | |
-!- jtimon [~quassel@55.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 258 seconds] | 19:51 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Remote host closed the connection] | 20:04 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 20:06 | |
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 258 seconds] | 20:09 | |
-!- wetdinghy [~loltastic@99-8-65-117.lightspeed.davlca.sbcglobal.net] has joined #bitcoin-wizards | 20:19 | |
-!- rodarmor [rodarmor@2600:3c01::f03c:91ff:fe61:6c68] has joined #bitcoin-wizards | 20:27 | |
-!- pocoyo [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 20:28 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards | 20:29 | |
-!- pocoyo [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Ping timeout: 252 seconds] | 20:33 | |
-!- instagibbs [~instagibb@pool-100-15-118-244.washdc.fios.verizon.net] has quit [Ping timeout: 252 seconds] | 20:33 | |
-!- pocoyo [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 20:36 | |
-!- instagibbs [~instagibb@pool-100-15-118-244.washdc.fios.verizon.net] has joined #bitcoin-wizards | 20:40 | |
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards | 20:44 | |
-!- rusty2 is now known as rusty | 20:46 | |
-!- wetdinghy [~loltastic@99-8-65-117.lightspeed.davlca.sbcglobal.net] has quit [Quit: AndroIRC - Android IRC Client ( http://www.androirc.com )] | 20:46 | |
-!- CrazyTruthYakDDS [uid67551@gateway/web/irccloud.com/x-pxbdahbgqyeqrbov] has joined #bitcoin-wizards | 20:56 | |
-!- r0ach [~r0ach@107-217-214-192.lightspeed.jcvlfl.sbcglobal.net] has quit [] | 21:04 | |
-!- pompom [~pompom36@ctngya111073.ct.ftth.ppp.infoweb.ne.jp] has joined #bitcoin-wizards | 21:11 | |
-!- pompom [~pompom36@ctngya111073.ct.ftth.ppp.infoweb.ne.jp] has left #bitcoin-wizards ["Leaving"] | 21:18 | |
-!- iddo [~idddo@hyena.cs.cornell.edu] has quit [Changing host] | 21:19 | |
-!- iddo [~idddo@unaffiliated/iddo] has joined #bitcoin-wizards | 21:19 | |
-!- arowser [~quassel@106.120.101.38] has quit [Remote host closed the connection] | 21:28 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 252 seconds] | 21:33 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Remote host closed the connection] | 21:33 | |
-!- arowser [~quassel@106.120.101.38] has joined #bitcoin-wizards | 21:41 | |
-!- cyphase_eviltwin is now known as cyphase | 21:46 | |
-!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection] | 21:48 | |
-!- contrapumpkin [~copumpkin@haskell/developer/copumpkin] has joined #bitcoin-wizards | 21:49 | |
-!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards | 21:50 | |
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Ping timeout: 258 seconds] | 21:51 | |
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has quit [Read error: Connection reset by peer] | 22:12 | |
-!- jaekwon [~jaekwon@75-101-96-71.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards | 22:12 | |
-!- asynk [~aknix@65.78.54.2] has joined #bitcoin-wizards | 22:27 | |
-!- pocoyo is now known as renlord | 22:30 | |
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards | 22:30 | |
-!- arowser_ [~quassel@106.120.101.38] has joined #bitcoin-wizards | 22:32 | |
-!- arowser_ [~quassel@106.120.101.38] has quit [Remote host closed the connection] | 22:33 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 22:34 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Ping timeout: 252 seconds] | 22:38 | |
-!- renlord is now known as pocoyo | 22:42 | |
-!- pocoyo is now known as mryandao | 22:43 | |
-!- mryandao is now known as help | 22:43 | |
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has quit [Ping timeout: 258 seconds] | 22:43 | |
-!- help is now known as mryandao | 22:43 | |
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has joined #bitcoin-wizards | 22:45 | |
-!- wumpus [~quassel@pdpc/supporter/professional/wumpus] has quit [Ping timeout: 264 seconds] | 23:07 | |
-!- AusteritySucks [~Austerity@unaffiliated/austeritysucks] has quit [Ping timeout: 276 seconds] | 23:08 | |
-!- mryandao [~renlord@14-203-125-246.static.tpgi.com.au] has quit [Read error: Connection reset by peer] | 23:09 | |
-!- Cloudflare [~cloudflar@unaffiliated/cloudflare] has quit [Read error: Connection reset by peer] | 23:09 | |
-!- wumpus [~quassel@pdpc/supporter/professional/wumpus] has joined #bitcoin-wizards | 23:11 | |
-!- Cloudflare [~cloudflar@unaffiliated/cloudflare] has joined #bitcoin-wizards | 23:11 | |
-!- CrazyTruthYakDDS [uid67551@gateway/web/irccloud.com/x-pxbdahbgqyeqrbov] has quit [Quit: Connection closed for inactivity] | 23:11 | |
-!- mryandao [~renlord@14-203-125-246.static.tpgi.com.au] has joined #bitcoin-wizards | 23:15 | |
-!- jgarzik [~jgarzik@unaffiliated/jgarzik] has quit [Read error: Connection reset by peer] | 23:23 | |
-!- Cloudflare [~cloudflar@unaffiliated/cloudflare] has quit [Quit: WeeChat 1.5] | 23:24 | |
-!- jgarzik [~jgarzik@104-178-201-106.lightspeed.tukrga.sbcglobal.net] has joined #bitcoin-wizards | 23:24 | |
-!- jgarzik [~jgarzik@104-178-201-106.lightspeed.tukrga.sbcglobal.net] has quit [Changing host] | 23:24 | |
-!- jgarzik [~jgarzik@unaffiliated/jgarzik] has joined #bitcoin-wizards | 23:24 | |
-!- yoleaux [~yoleaux@xn--ht-1ia18f.nonceword.org] has quit [Ping timeout: 244 seconds] | 23:26 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has joined #bitcoin-wizards | 23:35 | |
-!- jannes [~jannes@178.132.211.90] has joined #bitcoin-wizards | 23:39 | |
-!- tromp [~tromp@ool-944bc34f.dyn.optonline.net] has quit [Ping timeout: 250 seconds] | 23:39 | |
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection] | 23:47 | |
-!- asynk is now known as wipogee | 23:50 | |
-!- dnaleor [~dnaleor@78-23-74-78.access.telenet.be] has joined #bitcoin-wizards | 23:59 | |
--- Log closed Tue Aug 09 00:00:20 2016 |
Generated by irclog2html.py 2.15.0.dev0 by Marius Gedminas - find it at mg.pov.lt!