2016-09-06.log

--- Log opened Tue Sep 06 00:00:46 2016
-!- kyletorpey [~kyle@pool-173-53-94-96.rcmdva.fios.verizon.net] has quit [Quit: Leaving.]		00:02
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]		00:12
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards		00:13
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards		00:15
-!- nullfxn [~nullFxn@107-147-108-164.res.bhn.net] has quit [Ping timeout: 276 seconds]		00:26
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Ping timeout: 260 seconds]		00:26
-!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 265 seconds]		00:28
-!- laurentmt [~Thunderbi@80.215.234.107] has joined #bitcoin-wizards		00:34
-!- laurentmt [~Thunderbi@80.215.234.107] has quit [Client Quit]		00:35
-!- rubensayshi [~ruben@82.201.93.169] has joined #bitcoin-wizards		00:38
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		00:53
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Quit: Leaving]		01:14
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards		01:32
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]		01:40
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards		01:44
-!- bildramer [~bildramer@p2003004D2B377800DC0EF287F6F3C682.dip0.t-ipconnect.de] has quit [Ping timeout: 258 seconds]		02:23
-!- bildramer [~bildramer@2001:0:5ef5:79fb:3846:3d7:b019:bd1d] has joined #bitcoin-wizards		02:24
-!- MoALTz [~no@user-109-243-7-50.play-internet.pl] has joined #bitcoin-wizards		02:30
-!- jannes [~jannes@178.132.211.90] has joined #bitcoin-wizards		02:35
-!- pro [~pro@unaffiliated/pro] has joined #bitcoin-wizards		02:40
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards		03:09
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 265 seconds]		03:18
-!- MoALTz [~no@user-109-243-7-50.play-internet.pl] has quit [Ping timeout: 244 seconds]		03:28
-!- edvorg [~edvorg@14.169.88.102] has joined #bitcoin-wizards		03:53
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has joined #bitcoin-wizards		03:58
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]		04:12
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]		04:14
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards		04:17
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 276 seconds]		04:28
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards		04:48
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]		04:49
-!- bildramer1 [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has joined #bitcoin-wizards		04:58
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has joined #bitcoin-wizards		04:59
-!- bildramer [~bildramer@2001:0:5ef5:79fb:3846:3d7:b019:bd1d] has quit [Ping timeout: 255 seconds]		05:01
-!- yorick_ is now known as yorick		05:17
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		05:19
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards		05:29
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards		05:33
-!- AaronvanW [~ewout@unaffiliated/aaronvanw] has joined #bitcoin-wizards		05:45
-!- Noldorin [~noldorin@unaffiliated/noldorin] has joined #bitcoin-wizards		05:50
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards		06:02
-!- bildramer1 is now known as bildramer		06:09
-!- Noldorin [~noldorin@unaffiliated/noldorin] has quit [Ping timeout: 260 seconds]		06:11
-!- paveljanik [~paveljani@79.98.72.216] has joined #bitcoin-wizards		06:16
-!- paveljanik [~paveljani@79.98.72.216] has quit [Changing host]		06:16
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards		06:16
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]		06:16
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards		06:24
-!- helo_ is now known as helo		06:28
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Client Quit]		06:28
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 244 seconds]		06:33
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Quit: leaving]		06:36
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards		06:49
-!- defrag [~defrag@95.215.44.99] has joined #bitcoin-wizards		06:53
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]		06:57
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards		06:58
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Read error: Connection reset by peer]		07:11
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards		07:11
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards		07:16
-!- superkuh [~superkuh@unaffiliated/superkuh] has joined #bitcoin-wizards		07:26
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]		07:30
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]		07:34
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		07:34
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]		07:41
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards		07:42
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards		07:43
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards		07:43
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 265 seconds]		07:47
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards		07:48
-!- bildramer1 [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has joined #bitcoin-wizards		07:50
-!- bildramer [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has quit [Ping timeout: 250 seconds]		07:51
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds]		08:25
-!- rubensayshi [~ruben@82.201.93.169] has quit [Remote host closed the connection]		08:35
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]		08:43
-!- edvorg [~edvorg@14.169.88.102] has quit [Remote host closed the connection]		08:44
-!- MoALTz [~no@78-11-247-26.static.ip.netia.com.pl] has joined #bitcoin-wizards		08:45
-!- Guyver2_ [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards		08:47
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		08:48
-!- edvorg [~edvorg@14.169.88.102] has joined #bitcoin-wizards		08:48
-!- edvorg [~edvorg@14.169.88.102] has quit [Remote host closed the connection]		08:50
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Ping timeout: 252 seconds]		08:50
-!- Guyver2_ is now known as Guyver2		08:50
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 265 seconds]		09:00
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		09:06
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		09:10
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards		09:12
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards		09:16
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards		09:18
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Ping timeout: 250 seconds]		09:21
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]		09:22
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]		09:23
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		09:27
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards		09:34
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]		09:47
-!- laurentmt [~Thunderbi@80.215.234.31] has joined #bitcoin-wizards		09:51
-!- laurentmt [~Thunderbi@80.215.234.31] has quit [Client Quit]		09:54
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]		09:56
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		10:01
-!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards		10:03
petertodd	Has anyone investigated the security of SHA256 midstates? Seems sketchy to essentially let the attacker pick the initialization constants.	10:04
petertodd	For example, if you were to create a timestamp commitment via a midstate, can the attacker choose one that makes a preimage attack easier?	10:04
petertodd	0 retweets 0 likes	10:04
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards		10:04
e0_	When is someone allowed to pick the midstates?	10:05
e0_	do you mean chaining variable?	10:06
petertodd	e0_: if you are the verifier, and you don't have the full data, then the attacker can pick the midstate at will without you being able to know	10:06
-!- PaulCape_ [~PaulCapes@204.28.124.82] has quit [Ping timeout: 264 seconds]		10:07
e0_	ok, so someone sends you a SHA256 chaining variable and the inputs that extend the chaining-variable to the final output?	10:07
petertodd	e0_: yup	10:07
petertodd	e0_: case in point being timestamp proofs, where the attacker would want to choose the midstate such that finding a second message with the same hash is made easier	10:08
-!- wangchun [~wangchun@li414-193.members.linode.com] has quit [Remote host closed the connection]		10:08
katu	petertodd: yes. your "midstate" generally fall into the category of length extension attacks (not the simple case of bypassing authentication though).	10:09
e0_	Midstate clearly leverages length extention but granting an attacker the ability to pick a chaining variable without having to show how that chaining variable was generated is pretty powerful.	10:10
katu	chosen-iv is practical only for sha1 at the moment, though.	10:10
e0_	yes, free state collisions	10:10
@gmaxwell	petertodd: it seems almost certian to me that it reduces security, which is one of the reasons I've shyed away from constructions that use that trick.	10:10
petertodd	katu: they're similar to length extension attacks, but they may be even worse: remember that sha256 starts with a nothing-up-my-sleeve number, and midstates let the attacker bypass that and choose the initialization conditions at will	10:11
e0_	exactly	10:11
katu	petertodd: if it's pure chosen-iv that sounds incredibly dangerous. as i said, sha1 is already broken under that precondition.	10:12
petertodd	gmaxwell: yeah, it's a surprisingly big change to the algorithm	10:12
@gmaxwell	katu: sha1 is a much more linear construction, however.	10:12
e0_	as someone involved in hash function cryptanalysis, such a protocol would make my job easier	10:12
petertodd	katu: you're familiar with what the midstate concept is right? it's simply where you provide the internal state of the SHA256 computation as your "prefix", and the suffix is the rest of the message. So yes, it's basically a chosen-iv	10:13
sipa	but we're still only interested in preimage attacks, right?	10:14
sipa	so the case where an attacker sees an existing published hash, and constructs an initial state + suffic that hash to that published value	10:14
e0_	@katu and it isn't just choosen-IV, as the length of the message is included to the padding	10:14
petertodd	sipa: for timestamping, yes! because a birthday collission still proves that both messages existed prior to some point in time!	10:14
katu	petertodd: im not sure where that scenario arises, though, ie attacker having completely free choice. taking apart hash function for spare parts like that and doing something silly with it ... isnt that explicitly forbidden via "dont roll your own crypto if you dont need to"? :)	10:15
sipa	an attacker being able to construct two different initial states + suffix that both hash to the same thing... well, good for him, now he can timestamp two values from the price of one	10:15
petertodd	katu: this is used in production by p2pool to make shares more compact, and I've seen people propose it for timestamping	10:15
sipa	the relevant of length extension attacks is usually wrt collisions, not preimages	10:16
katu	ouch	10:16
petertodd	katu: I'm not sure it actually would matter for p2pool, but using it for timestamping seems very unwise to me...	10:16
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		10:17
petertodd	sipa: yeah, timestamping is weird that way :)	10:17
katu	another scenario (with sha1) is compactly representing single file in a torrent	10:17
sipa	so the question is really whether you're able to invert a single sha256 transform	10:17
e0_	p2pool is basically rolling their own crypto primatives. Without someone spending a very long time thinking about it, no one knows how secure it is.	10:17
katu	you need to keep sha1 midstate for preceding and trailing chunk.	10:17
petertodd	sipa: yup	10:18
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards		10:18
@gmaxwell	e0_: for that if it were somewhat broken it would hardly matter.	10:18
sipa	if the data being hashed (or claimed to be hashed) is unconstrained, this is essentially a problem with 256 bits known, and 768 bits variable	10:19
sipa	as opposed to the typical preimage attack problem where you have 256 bits known and only 512 bits variable	10:19
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 250 seconds]		10:19
katu	e0_: it's ok if it is some hack on top of existing protocol (ie see the example of representing file in a torrent - there simply isnt other option), i just cant imagine why p2pool would actually need it.	10:19
@gmaxwell	katu: because its a hack on top of the bitcoin protocol.	10:20
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards		10:20
petertodd	sipa: right, because you get the extra degree of freedom in the 256 bits of midstate	10:20
sipa	exactly	10:20
sipa	i don't know whether this matters, but it may be important to realize that this is fundamentally an easier problem than a preimage attack	10:21
sipa	(though, even in the presence of known collision attacks, this construction is not necessarily broken)	10:21
-!- CocoBTC [~coco@c-703b71d5.136-1-64736c10.cust.bredbandsbolaget.se] has joined #bitcoin-wizards		10:21
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		10:21
katu	gmaxwell: ah, is it this? https://github.com/forrestv/mm2-spec	10:22
@gmaxwell	not quite. that was forrestv trying to generalize it.	10:22
e0_	katu: I don't think it is ok, These things are really tricky, just understanding the exact security properties you want is an involved task. Determining if a modification of a crypto primative meets that property requires long term research. There is a reason that SHA-3 was run as a multi-year contest with many cryptographers looking at each hash function.	10:23
@gmaxwell	When you attempt a share, you need to reveal the user-id and sharechain root that it commits to. This information is at the end of the coinbase transaction, which is some 15kbytes of data. It's not important to communicate that first 15kb when initially connecting the share to the share chain. Once you've verified it, and connected it, the rest of the data in the coinbase transaction is a funct	10:23
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds]		10:23
@gmaxwell	ion of the sharechain, and all that is verified too.	10:23
@gmaxwell	So as-I-vaguely-recall the way it's used in p2p is even if it's totally busted it only results in a CPU exhaustion DOS attack against p2pool nodes at worse (by flooding them with non-p2pool shares that you've made look like p2pool shares)	10:24
katu	e0_: in both cases, there is clear cost benefit. the hash is broken apart to achieve something, and explicitly acknowledging 'yep, that breaks the hash'. but both in case of merged mining and bittorrent, it seems the widened attack surface is worth it.	10:24
@gmaxwell	s/used in p2p/used in p2pool'	10:24
katu	e0_: most importantly, in neither case the hash is used to hash a secret, but only commitment. commitment which is later re-verified by doing proper hash.	10:25
@gmaxwell	but people have tried to do this elsewhere, where stronger properties were needed and where the use had greater consequences, and I've discouraged it for the reasons e0_ mentions.	10:26
e0_	katu: I have no idea of the cost benefit analysis. My only point is that may not be safe or secure.	10:27
@gmaxwell	katu: fwiw, 'don't make your own constructs' I think that is advice which is causing harm. At one level it's obviously good but the way people apply it is that they can take random black box standardized cryptographic objects found on github and apply them and then think they're doing fine.	10:30
-!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards		10:31
@gmaxwell	At least in the realm of open protocols on the internet it has been well over a decade since there was a major example of someone cooking up their own blockcipher. But over and over again we see people every day cooking up busted protcols and using implementations of standard constructs with gratitious sidechannel vulerabilities in places where it might matter.	10:31
@gmaxwell	So I liken that advice to "abstence only" cryptography education, it has similar failure modes to its parallel in human sexuality.	10:32
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]		10:32
bsm117532	gmaxwell: I've been thinking that for some time. The adage "don't roll your own crypto" is really incompatible with crypto-financial engineering. Instead we need to figure out how to do software engineering, using cryptography, in a secure manner.	10:32
katu	gmaxwell: you're criticizing fundamental problem of computer engineering. yes, commodity solutions are sub-optimal, but typically with better outcomes than people rolling stuff on their own.	10:32
katu	from scratch. every time.	10:33
bsm117532	Just passing the buck sucks.	10:33
@gmaxwell	katu: no.. it's orthorgonal.	10:33
-!- laurentmt [~Thunderbi@80.215.234.31] has joined #bitcoin-wizards		10:33
petertodd	incidentally, it occures to me that for some applications, it to require the midstate to be followed by a fixed "pseudo-iv" - although whether or not that's actually secure is beyond my paygrade	10:35
petertodd	*it'd be feasible to require the	10:35
@gmaxwell	katu: I'm not complaining that AES isn't the best fit function for some application or whatnot. But rather the mindset that you are safe _if_ and only if you use something that you think is standardized. The overwhelming majority of cryptographic breaks come from bad protocol design, and there are virtually no well studied protocols for pratically any engineering. So people just say 'the crypto i	10:35
@gmaxwell	s the [AES] the protocol is not crypto. I can write that without understanding crypto.' with bad results.	10:35
sipa	i think what gmaxwell is saying that people who just take off-the-shelf crypto primitive also make mistakes... for example AES without authentication, or with sidechannels	10:35
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards		10:35
sipa	jinxed	10:35
sipa	so the advice should be to always research the various attack vectors and security assumptions	10:36
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		10:36
sipa	and when you're digging deeper in the stack, the difficulty of that goes up	10:37
katu	gmaxwell: fiar enough. the advice for crypto-ignorant people should definitely extend to usage too. which is, adhere to predefined protocol spec, just like primitives.	10:37
sipa	but it's not a boolean	10:37
@gmaxwell	Yes, there is no replacement for having a degree of understanding. And if you do, you will also realize that there is no way you're going to cook up your own replacement for AES.	10:37
petertodd	gmaxwell: note how far NaCl has to go to create an API that's "sufficiently safe" to use without a solid understanding of it, and in the process they've made something where it's not clear how you'd use it for consensus - as an example	10:37
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards		10:37
katu	sipa: worst with AES i've seen in practice is key-similiarity attacks.	10:38
katu	its not often stressed enough, just dont have similiar keys for aes, ie hash those before using.	10:39
@gmaxwell	katu: uh. no. people use AES-CTR and then reuse keys/iv.	10:39
katu	gmaxwell: thats not aes as such, but ctr :)	10:39
@gmaxwell	Or they use CBC without an IV and yield fingerprinting attacks (linux disk encryption and truecrypt too)	10:39
sipa	AES-ECB is totally safe, right?	10:39
@gmaxwell	or they use AES-ECB	10:40
katu	all the chained modes are pretty tricky	10:40
sipa	gmaxwell: which reminds me, we should add CBC to ctaes	10:40
@gmaxwell	katu: but aes without a chaining mode is not fit for basically any application.	10:40
katu	or generally the poor understanding of word 'nonce'	10:40
katu	that which should not appear twice	10:40
sipa	nwice	10:41
katu	(bitcoin with its 'nonce' isnt helping, shouldnt that be serial or something :)	10:41
-!- laurentmt [~Thunderbi@80.215.234.31] has quit [Quit: laurentmt]		10:41
petertodd	sipa: I use ECB because I believe in block equality	10:42
e0_	If you are designing cryptographic protocols you need an expert. I'm all for experimentation and playing around with building your own crypto, but getting it right and knowing when you got it wrong requires a person that has dedicated many years of the life as a full time job learning how to securely engineer crypto.	10:43
katu	e0_: yeah, just make robust cookiecutters for protocols too	10:43
katu	isnt that basically what nacl is all about?	10:43
e0_	I think robust cookiecutters are good idea, but often projects will require a usercase not supplied by the cookiecutter.	10:44
e0_	Even standardized protocols have serious problems.	10:44
bsm117532	e0_ let's educate, instead of passing the buck though. Lots of dev shops have obtuse (non-crypto) programming rules and frameworks that try to prevent programmers from shooting themselves in the foot -- I think this is largely foolish. Don't treat people like idiots, educate them instead.	10:45
@gmaxwell	e0_: but that isn't the standard advice, the standard advice is some kind of abstence cult; not a hire an expert cult. :P	10:45
e0_	If apple can't get imessage right, and they couldn't, who can?	10:45
@gmaxwell	There are basically no secure standardized protocols for anything non-trivial.	10:46
e0_	gmaxwell: I don't agree with the abstence view.	10:46
e0_	right	10:46
katu	bsm117532: the midstte sha is a good example though. it goes against advice "dont reinvent crypto". but in cases when it is actually used, it is acknowledged the hash is broken. for cases such as those, i'd simply standardize use of mid-hashes for sha1/sha2.	10:46
waxwing	apparently we are abstaining from spelling out the word abstinence too :)	10:46
katu	also possibly have cryptanalist outlien to which degree is the hash broken.	10:47
katu	damn, too many typos to regex through	10:47
bsm117532	I think there do not exist enough cryptographers in the world to transition to cryptographic finance. We're all going to have to bite the bullet and learn more about midstates...	10:48
@gmaxwell	I don't think midstate compression is much _more_ an "act of cryptography" than, say, coming up with your hashtree structure.	10:48
@gmaxwell	even when your hashtree doesn't peel back the crypto black box boundaries at all.	10:49
-!- wangchun [~wangchun@li414-193.members.linode.com] has joined #bitcoin-wizards		10:49
katu	gmaxwell: depends, it's just a single primitive with valid use (put a wedge to hashlist/md tree).	10:49
e0_	midstate compression is very dangerous because it opens the door to fine grained control of variables in the hash function which are assumed to not be under the control of an attacker	10:49
katu	s/to/into/	10:49
e0_	like BLAKE has "interesting" behavior if an attacker can control the chaining variables	10:50
katu	e0_: it needs to be evaluated to which degree it is hard to produce evil states. as it is now, it is assumed "reasonably hard to stave off DoS"	10:50
@gmaxwell	for example, we sit here and cringe with the midstate compression but haven't encountered a pratical attack. But the hashtree construction used in Bitcoin has _three_ known vulnerabilties, and one is pratical and easily exploited.	10:50
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]		10:50
@gmaxwell	So I think being horrified by one but not blinking at the other is being pennywise and pound foolish.	10:51
* sipa googles "pennywise -band"		10:51
petertodd	gmaxwell: one potential difference, is that explaining the vulnerabilities in bitcoin's hashtree is easy - for that matter, even a relatively unsophisticated person could find them too	10:51
e0_	I wasn't aware of the problems with the hashtree, but that sounds bad as well =/	10:52
@gmaxwell	petertodd: many attacks sound pretty obvious in hindsight, look at the attacks on 64-bit block ciphers in SSL.	10:52
petertodd	gmaxwell: I feel perfectly confident designing a hashtree precisely because the vulnerabilities in bitcoin's one are obvious to me with my current level of knowledge; I don't have a damn clue what makes sha256 work	10:52
petertodd	gmaxwell: sure, what I mean is simply that my level of knowledge for hashtrees is likely a lot closer to that of experts in the field than it is for designing hash functions from scratch	10:53
sipa	well there is no clear algorithmic hardness assumption for sha256	10:53
sipa	it's just a mix of permutations and non-linear operations	10:54
petertodd	sipa: aka, black magic :P	10:54
sipa	yes, pretty much	10:54
sipa	there is a large collection of understanding about what kinds of constructions lead to easy attacks	10:54
@gmaxwell	yes, but consider, if sha256 midstate compression were _completely_ broken it would very likely have manifest itself in other ways and would have been noted elsewhere. The midstate extension property is not intended interface of sha256 but it's highly related to extension attacks.	10:55
sipa	and hash function design is mostly just avoiding that, and then doing enough of it :)	10:55
katu	sipa: those can be definitely expressed and mathematically solved, as a SAT problem or polynomial in extended gf(2)	10:55
katu	the trick is, how big are those sat/poly?	10:55
katu	satcoin might hint some interesting answers	10:55
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		10:56
@gmaxwell	there is no strong argument provided by anyone that I'm aware of that says that second preimages results in a sat problem which is hard. Other than the hope that if it didn't the extensive cryptanalysis so far would have uncovered it.	10:56
sipa	assuming sha256 is not broken in any way that isn't known now, i don't expect midstates to be trivially attackable	10:56
@gmaxwell	doesn't mean using it is a good idea generally.	10:57
sipa	but they may be somewhat easier than a full sha256 premiage	10:57
petertodd	sipa: an interesting question then, is given the desire for nothing-up-your-sleeve numbers, why didn't the sha256 designers just use zero's as the IV?	10:58
e0_	https://eprint.iacr.org/2016/374.pdf	10:58
e0_	there has been some success on free-start collisions on SHA256 in reduced round varients	10:59
sipa	petertodd: sha3 uses all zeroes as initial state :)	10:59
petertodd	sipa: lol, nice :)	10:59
@gmaxwell	sipa: I would be shocked if it weren't easier, and shocked if it made any interesting attack easy.	10:59
sipa	gmaxwell: agree	10:59
sipa	a massively easy midstate attack would likely indicate a full preimage attack	11:00
e0_	SHA3 is also a completely different construction	11:00
@gmaxwell	e0_: he wasn't giving that as a justification. :)	11:00
petertodd	e0_: yup, just reading that section now - sounds like pretty clear evidence that freedom in the IV is at least a negative	11:04
katu	sipa: well, for example in case of sha1 thats not strictly the case. chosen-ivs seem to be pretty magical, and whole security of sha1 now lies in that its difficult to arrive to this fixed point when attempting to produce real world collisions.	11:04
-!- bsm117532 [~mcelrath@38.121.165.30] has quit [Ping timeout: 250 seconds]		11:04
katu	ie what if you dont get a wide class of chosen-ivs as options, but something very very specific	11:05
-!- tucenaber [~tucenaber@unaffiliated/tucenaber] has quit [Ping timeout: 276 seconds]		11:06
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]		11:07
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards		11:07
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]		11:10
-!- bsm117532 [~mcelrath@38.121.165.30] has joined #bitcoin-wizards		11:13
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		11:15
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]		11:20
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards		11:21
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]		11:27
-!- mkarrer [~mkarrer@201.218.217.188] has joined #bitcoin-wizards		11:29
-!- mkarrer [~mkarrer@201.218.217.188] has quit [Client Quit]		11:31
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		11:32
roasbeef	andytoshi: "Pairings for Cryptographers": https://eprint.iacr.org/2006/165.pdf	11:39
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]		11:43
-!- laurentmt [~Thunderbi@176.158.157.202] has joined #bitcoin-wizards		11:46
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		11:47
-!- c0rw1n [~c0rw1n@109.128.247.136] has quit [Quit: Leaving]		11:50
andytoshi	thanks roasbeef .. though i think that is too simplified for what i'm doing, and it also predates a lot of important work in pairing-based crypto (in particular freeman's unification of several families of curves that support pairings, and lynn's thesis)	11:51
-!- c0rw1n [~c0rw1n@109.128.247.136] has joined #bitcoin-wizards		11:52
-!- c0rw1n [~c0rw1n@109.128.247.136] has quit [Read error: Connection reset by peer]		11:55
-!- c0rw1n_ [~c0rw1n@109.128.247.136] has joined #bitcoin-wizards		11:55
-!- Davasny [~quassel@78-11-193-195.static.ip.netia.com.pl] has joined #bitcoin-wizards		11:58
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 264 seconds]		11:59
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]		12:03
-!- blackwraith [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards		12:05
-!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 250 seconds]		12:07
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		12:07
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]		12:16
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		12:20
-!- parathon [~parathon@31.223.24.145] has joined #bitcoin-wizards		12:22
-!- parathon [~parathon@31.223.24.145] has quit [Client Quit]		12:24
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards		12:26
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]		12:29
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		12:34
-!- byteflam1 [~byteflame@50.25.160.41] has joined #bitcoin-wizards		12:34
-!- byteflam1 [~byteflame@50.25.160.41] has quit [Client Quit]		12:35
-!- byteflame [~byteflame@50.25.160.41] has quit [Quit: leaving]		12:35
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards		12:35
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards		12:38
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]		12:43
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 252 seconds]		12:43
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		12:48
-!- bildramer [~bildramer@2001:0:5ef5:79fb:3811:32e:b019:bd1d] has joined #bitcoin-wizards		12:51
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards		12:53
-!- bildramer1 [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has quit [Ping timeout: 250 seconds]		12:55
-!- laurentmt [~Thunderbi@176.158.157.202] has quit [Quit: laurentmt]		12:55
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards		12:56
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 250 seconds]		12:59
-!- jrayhawk_ is now known as jrayhawk		13:01
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 240 seconds]		13:06
kanzure	in dagchain designs, is there anything particularly broken about having long weak block chains that eventually get reorged into stronger chains? potentially conflicting transaction trees can be excluded (or one side can be picked/favored by the miner of the non-weak pow chain that reincorporates most of the weak chain results).	13:08
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Quit: WeeChat 0.4.2]		13:08
bsm117532	Nothing in particular and in fact I'm planning on that.	13:09
bsm117532	However it requires that you can identify conflicting transactions, so is not compatible with aggregation a la Mimblewimble.	13:09
kanzure	oh wait-- so the particular problem would have to be something like: an attacker can trivially broadcast their different transaction to different long weak chains. but this is more the fault of a user that believes a weak confirmation is valuable.	13:09
bsm117532	Correct.	13:09
kanzure	what is the value of the weak confirmation (in the context of long weak chains) at all?	13:10
bsm117532	The notion of "confirmation" changes and requires a more sophisticated calculation. I'm planning on using a "high water mark" which is an indication of the maximum hashpower that could be on a weak chain.	13:10
bsm117532	If you're on a weak chain (any chain where the highest hashpower ever see is 100% larger than what is currently visible) -- transactions NEVER confirm.	13:11
bsm117532	...until they're merged with the stronger chain.	13:11
-!- kyletorpey [~kyle@pool-173-53-94-96.rcmdva.fios.verizon.net] has joined #bitcoin-wizards		13:11
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		13:12
kanzure	i suppose you could make handwavy incentive arguments about miners wanting to take a portion of fees that might not otherwise happen without the transaction trees included in the (longer) weak chains	13:12
bsm117532	This allows one to automatically and generically merge chains in the case of e.g. network splits.	13:12
Taek	kanzure: it depends on the algorithm that you use to merge weaker chains into longer chains	13:15
bsm117532	Miner coin allocation also uses the high-water-mark.	13:15
Taek	but, generally speaking I believe that either the weaker chain has to be orphaned, or it can cause reorgs of depth up to the size of the weaker chain	13:15
bsm117532	Though there may be other ideas, and as Taek says, it comes down to your conflict resolution at merge time.	13:15
Taek	I'm also worried about the algorithmic complexity of merging	13:16
Taek	it you can merge weak chains that are thousands of blocks behind, your conflict resolution may get intractable	13:17
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		13:22
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		13:27
-!- Tenhi_ [~tenhi@static.177.80.201.138.clients.your-server.de] has joined #bitcoin-wizards		13:31
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Read error: Connection reset by peer]		13:37
-!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 264 seconds]		13:38
-!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards		13:41
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]		13:42
-!- Tenhi_ [~tenhi@static.177.80.201.138.clients.your-server.de] has quit [K-Lined]		13:42
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		13:46
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards		13:49
oleganza	Hi there. A friend asked if we it's a good idea to slap MAC onto the payload in the CT range proof. I think the ring signature is effectively a MAC on the ciphertext (yielding "encrypt-then-mac" method), so no more integrity checks are necessary, is that right?	13:52
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 276 seconds]		13:52
-!- MoALTz [~no@78-11-247-26.static.ip.netia.com.pl] has quit [Quit: Leaving]		13:53
andytoshi	oleganza: heya. yeah, the ringsig itself is effectively a MAC. you still might wanna checksum the data as a sanity check (in case of corruption before it went into the ringsig or after it came out)	13:54
oleganza	in other words, how much is schnorr ring signature malleable by non-signers? IMHO, a simple check like "enforce low-s" should suffice	13:54
andytoshi	don't even need low-s with schnorr, it's not malleable at all	13:54
andytoshi	and there's even a proof https://download.wpsoftware.net/bitcoin/wizardry/schnorr-mall.pdf unlike ecdsa..	13:54
oleganza	andytoshi: agreed on checksum for external reasons, but just for ciphertext integrity it's not necessary, right?	13:55
andytoshi	oleganza: correct	13:55
andytoshi	(fwiw, that proof is for schnorr, so it doesn't technically apply to CT ringsigs, but really it does)	13:55
oleganza	Yeah, i can see that it's pretty obvious how to extend it to ringsigs	13:56
oleganza	awesome, thx	13:57
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]		13:59
oleganza	andytoshi: btw, since you asked about PBC a few days ago, this video was really insightful for me: https://m.youtube.com/watch?v=F4x2kQTKYFY	13:59
oleganza	also Dan Boneh, but with more behind-the-scenes reasoning and less math	13:59
oleganza	and some funny tricks with curves of non-prime RSA order (n = p*q) giving homomorphic encryption provided factorization is kept secret.	14:00
-!- musalbas [~musalbas@2001:bc8:30c2:ff00::] has quit [Ping timeout: 250 seconds]		14:02
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		14:04
-!- musalbas [~musalbas@2001:bc8:30c2:ff00::] has joined #bitcoin-wizards		14:04
-!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 260 seconds]		14:05
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has joined #bitcoin-wizards		14:06
kanzure	not nearly the same content, but this is recent (from the other day) (the video this is from is not recent though) http://diyhpl.us/wiki/transcripts/simons-institute/pairing-cryptography/	14:06
-!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards		14:08
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards		14:08
-!- blackwraith [~priidu@unaffiliated/priidu] has quit [Ping timeout: 244 seconds]		14:14
andytoshi	thanks oleganza, this is great	14:17
-!- JackH [~Jack@79-73-191-94.dynamic.dsl.as9105.com] has joined #bitcoin-wizards		14:19
e0_	I assume someone else has already thought of this but you can reduce the expected-loss of a user doublespending a 0-confirmation transaction once transactions maleability is solved.	14:19
e0_	Alice wants to pay Bob for a coffee by paying 0.001 BTC in transaction T1 but doesn't want to wait for a confirmation. Bob asks Alice to spend 10 BTC into a 2-of-2 transaction spendable only by both Alice and Bob's key. Bob creates and signs a refund transaction for the 2-of-2 which also spends 0.00001 BTC from T1. Thus, if T1 is doublespent Alice loses 10 BTC since the refund is invalid but if T1 is confirmed on the blockchain Alice can reclaim her 1	14:23
e0_	if the 2-of-2 is spendable by Bob's key alone after say 2 weeks, Bob merely needs to calculate the probability that both the 2-of-2 and T1 and doublespent and choose a 2-of-2 insurance value which gives him an expected value of 0.001 BTC.	14:25
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Remote host closed the connection]		14:28
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]		14:31
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]		14:32
-!- pavel_ [~paveljani@79.98.72.216] has joined #bitcoin-wizards		14:35
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Ping timeout: 244 seconds]		14:35
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		14:36
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has quit [Ping timeout: 240 seconds]		14:39
-!- moli [~molly@unaffiliated/molly] has joined #bitcoin-wizards		14:39
-!- belcher is now known as JM-IRCRelay		14:44
-!- JM-IRCRelay is now known as belcher		14:44
CocoBTC	Not in this way - but AFAIK pre-made transactions are a part of how Lightning network will work with "HTLCs"	14:44
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]		14:48
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		14:52
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards		14:58
e0_	CocoBTC: what do you mean by "pre-made". I was thinking that this method could be used to quickly establish a payment channel with the lightning network.	15:00
-!- xissburg [~xissburg@unaffiliated/xissburg] has quit [Quit: leaving]		15:05
-!- xissburg [~xissburg@unaffiliated/xissburg] has joined #bitcoin-wizards		15:08
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has joined #bitcoin-wizards		15:14
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has quit [Client Quit]		15:15
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has joined #bitcoin-wizards		15:15
@gmaxwell	e0_: not just thought of, but actually used, thats a payment channel.	15:16
-!- Noldorin [~noldorin@unaffiliated/noldorin] has joined #bitcoin-wizards		15:17
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		15:26
-!- Davasny [~quassel@78-11-193-195.static.ip.netia.com.pl] has quit [Read error: Connection reset by peer]		15:28
-!- CocoBTC [~coco@c-703b71d5.136-1-64736c10.cust.bredbandsbolaget.se] has quit [Quit: Leaving]		15:37
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 240 seconds]		15:38
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has quit [Quit: No Ping reply in 180 seconds.]		15:41
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards		15:42
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		15:44
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds]		15:45
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards		15:50
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		15:52
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		15:57
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has quit [Ping timeout: 250 seconds]		16:01
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has quit [Read error: Connection reset by peer]		16:03
-!- Alanius [~alan@flyingarm.bar] has quit [Remote host closed the connection]		16:05
Eliel	e0_: is the 10 BTC payment to the 2-of-2 address supposed to be confirmed beforehand or how were you planning on preventing that from being doublespent?	16:06
-!- bildramer [~bildramer@2001:0:5ef5:79fb:3811:32e:b019:bd1d] has quit [Ping timeout: 250 seconds]		16:07
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 264 seconds]		16:08
-!- bildramer [~bildramer@p2003004D2B01000000BE29B2F1B6B020.dip0.t-ipconnect.de] has joined #bitcoin-wizards		16:10
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		16:13
-!- oleganza_ [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards		16:17
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has quit [Ping timeout: 250 seconds]		16:18
-!- oleganza_ is now known as oleganza		16:18
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has joined #bitcoin-wizards		16:21
-!- NewLiberty_ [~NewLibert@107-142-8-22.lightspeed.irvnca.sbcglobal.net] has quit [Ping timeout: 240 seconds]		16:26
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]		16:29
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		16:33
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Remote host closed the connection]		16:46
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 252 seconds]		16:55
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]		16:56
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards		16:56
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		17:01
-!- andytoshi [~andytoshi@unaffiliated/andytoshi] has quit [Ping timeout: 265 seconds]		17:27
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards		17:30
-!- PRab [~chatzilla@c-68-62-95-247.hsd1.mi.comcast.net] has joined #bitcoin-wizards		17:32
-!- PRab [~chatzilla@c-68-62-95-247.hsd1.mi.comcast.net] has quit [Client Quit]		17:32
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards		17:39
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]		17:39
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards		17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Max SendQ exceeded]		17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards		17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]		17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards		17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]		17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards		17:41
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]		17:41
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards		17:41
-!- andytoshi [~andytoshi@wpsoftware.net] has joined #bitcoin-wizards		17:41
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]		17:41
-!- Illumitardi [~dave4925@unaffiliated/dave4925] has quit [Ping timeout: 255 seconds]		17:42
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Quit: Textual IRC Client: www.textualapp.com]		17:42
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		17:46
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		17:51
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]		18:01
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has quit [Quit: oleganza]		18:03
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		18:06
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has joined #bitcoin-wizards		18:14
-!- oleganza [~oleganza@172.56.39.101] has joined #bitcoin-wizards		18:17
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 276 seconds]		18:28
-!- oleganza [~oleganza@172.56.39.101] has quit [Quit: oleganza]		18:32
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]		18:37
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		18:42
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-nfzyxtmgrfwogkow] has quit [Quit: Connection closed for inactivity]		18:46
bsm1175321	Taek: there needs to be a lower bound: it is expressed as a fraction of the "high water mark". Obviously an arbitrarily low-difficulty chain can't be merged with the main one.	18:48
bsm1175321	Or you open a DDoS attack.	18:48
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		18:52
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		18:56
-!- xissburg [~xissburg@unaffiliated/xissburg] has quit [Quit: ZZZzzz…]		19:00
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]		19:04
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		19:05
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]		19:07
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards		19:08
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		19:09
-!- N0S4A2 [~weechat@24.35.69.143] has quit [Quit: WeeChat 1.5]		19:10
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]		19:22
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		19:28
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]		19:37
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has quit [Quit: Leaving.]		19:37
-!- Noldorin [~noldorin@unaffiliated/noldorin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		19:39
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 252 seconds]		19:40
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		19:42
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards		19:42
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		19:42
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 240 seconds]		19:48
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		19:51
-!- pro [~pro@unaffiliated/pro] has quit [Quit: Leaving]		19:55
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]		20:14
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]		20:17
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 240 seconds]		20:20
-!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]		20:30
-!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards		20:32
-!- oleganza [~oleganza@172.56.39.108] has joined #bitcoin-wizards		20:32
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		20:34
-!- oleganza [~oleganza@172.56.39.108] has quit [Ping timeout: 244 seconds]		20:37
-!- Damiana [~Damiana@rrcs-71-42-254-60.sw.biz.rr.com] has joined #bitcoin-wizards		20:38
-!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]		20:41
-!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards		20:43
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 276 seconds]		20:44
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		20:46
-!- Damiana [~Damiana@rrcs-71-42-254-60.sw.biz.rr.com] has quit [Remote host closed the connection]		20:58
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has quit [Quit: Verlassend]		20:59
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has joined #bitcoin-wizards		20:59
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has quit [Remote host closed the connection]		20:59
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]		21:03
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 264 seconds]		21:05
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		21:07
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		21:08
-!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]		21:10
-!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards		21:12
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 252 seconds]		21:13
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		21:16
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]		21:19
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		21:23
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		21:34
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds]		21:38
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		21:38
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards		21:42
-!- pavel_ [~paveljani@79.98.72.216] has quit [Quit: Leaving]		21:48
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 250 seconds]		21:50
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]		21:52
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 265 seconds]		21:54
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has quit [Ping timeout: 250 seconds]		21:55
-!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 276 seconds]		21:56
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards		21:56
-!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards		21:56
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 265 seconds]		21:56
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has joined #bitcoin-wizards		21:56
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		21:56
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		21:57
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards		21:58
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		22:08
-!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has joined #bitcoin-wizards		22:10
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has quit [Ping timeout: 244 seconds]		22:10
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds]		22:11
-!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 276 seconds]		22:11
-!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards		22:11
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has joined #bitcoin-wizards		22:12
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards		22:12
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		22:12
-!- tripleslash [~triplesla@unaffiliated/imsaguy] has quit [Ping timeout: 250 seconds]		22:46
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		22:47
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 240 seconds]		22:50
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards		22:55
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 244 seconds]		22:58
-!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Quit: oleganza]		23:10
-!- tripleslash [~triplesla@unaffiliated/imsaguy] has joined #bitcoin-wizards		23:15
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards		23:29
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]		23:34
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 260 seconds]		23:38
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-jbijoaxwxnmxqglc] has joined #bitcoin-wizards		23:39
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		23:40
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards		23:42
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 250 seconds]		23:46
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards		23:49
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection]		23:58
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]		23:58
--- Log closed Wed Sep 07 00:00:47 2016

Generated by irclog2html.py 2.15.0.dev0 by Marius Gedminas - find it at mg.pov.lt!