2016-09-06.log

--- Log opened Tue Sep 06 00:00:46 2016
-!- kyletorpey [~kyle@pool-173-53-94-96.rcmdva.fios.verizon.net] has quit [Quit: Leaving.]00:02
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]00:12
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards00:13
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards00:15
-!- nullfxn [~nullFxn@107-147-108-164.res.bhn.net] has quit [Ping timeout: 276 seconds]00:26
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Ping timeout: 260 seconds]00:26
-!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 265 seconds]00:28
-!- laurentmt [~Thunderbi@80.215.234.107] has joined #bitcoin-wizards00:34
-!- laurentmt [~Thunderbi@80.215.234.107] has quit [Client Quit]00:35
-!- rubensayshi [~ruben@82.201.93.169] has joined #bitcoin-wizards00:38
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards00:53
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Quit: Leaving]01:14
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards01:32
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]01:40
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards01:44
-!- bildramer [~bildramer@p2003004D2B377800DC0EF287F6F3C682.dip0.t-ipconnect.de] has quit [Ping timeout: 258 seconds]02:23
-!- bildramer [~bildramer@2001:0:5ef5:79fb:3846:3d7:b019:bd1d] has joined #bitcoin-wizards02:24
-!- MoALTz [~no@user-109-243-7-50.play-internet.pl] has joined #bitcoin-wizards02:30
-!- jannes [~jannes@178.132.211.90] has joined #bitcoin-wizards02:35
-!- pro [~pro@unaffiliated/pro] has joined #bitcoin-wizards02:40
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards03:09
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 265 seconds]03:18
-!- MoALTz [~no@user-109-243-7-50.play-internet.pl] has quit [Ping timeout: 244 seconds]03:28
-!- edvorg [~edvorg@14.169.88.102] has joined #bitcoin-wizards03:53
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has joined #bitcoin-wizards03:58
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]04:12
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]04:14
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards04:17
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 276 seconds]04:28
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards04:48
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has quit [Remote host closed the connection]04:49
-!- bildramer1 [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has joined #bitcoin-wizards04:58
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has joined #bitcoin-wizards04:59
-!- bildramer [~bildramer@2001:0:5ef5:79fb:3846:3d7:b019:bd1d] has quit [Ping timeout: 255 seconds]05:01
-!- yorick_ is now known as yorick05:17
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards05:19
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards05:29
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards05:33
-!- AaronvanW [~ewout@unaffiliated/aaronvanw] has joined #bitcoin-wizards05:45
-!- Noldorin [~noldorin@unaffiliated/noldorin] has joined #bitcoin-wizards05:50
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards06:02
-!- bildramer1 is now known as bildramer06:09
-!- Noldorin [~noldorin@unaffiliated/noldorin] has quit [Ping timeout: 260 seconds]06:11
-!- paveljanik [~paveljani@79.98.72.216] has joined #bitcoin-wizards06:16
-!- paveljanik [~paveljani@79.98.72.216] has quit [Changing host]06:16
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards06:16
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]06:16
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards06:24
-!- helo_ is now known as helo06:28
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Client Quit]06:28
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 244 seconds]06:33
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Quit: leaving]06:36
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards06:49
-!- defrag [~defrag@95.215.44.99] has joined #bitcoin-wizards06:53
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]06:57
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards06:58
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Read error: Connection reset by peer]07:11
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards07:11
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards07:16
-!- superkuh [~superkuh@unaffiliated/superkuh] has joined #bitcoin-wizards07:26
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]07:30
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]07:34
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards07:34
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]07:41
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards07:42
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards07:43
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards07:43
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 265 seconds]07:47
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards07:48
-!- bildramer1 [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has joined #bitcoin-wizards07:50
-!- bildramer [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has quit [Ping timeout: 250 seconds]07:51
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds]08:25
-!- rubensayshi [~ruben@82.201.93.169] has quit [Remote host closed the connection]08:35
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]08:43
-!- edvorg [~edvorg@14.169.88.102] has quit [Remote host closed the connection]08:44
-!- MoALTz [~no@78-11-247-26.static.ip.netia.com.pl] has joined #bitcoin-wizards08:45
-!- Guyver2_ [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards08:47
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards08:48
-!- edvorg [~edvorg@14.169.88.102] has joined #bitcoin-wizards08:48
-!- edvorg [~edvorg@14.169.88.102] has quit [Remote host closed the connection]08:50
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Ping timeout: 252 seconds]08:50
-!- Guyver2_ is now known as Guyver208:50
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 265 seconds]09:00
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]09:06
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards09:10
-!- lvns [~lvns@pool-100-38-50-26.nycmny.fios.verizon.net] has joined #bitcoin-wizards09:12
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards09:16
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards09:18
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Ping timeout: 250 seconds]09:21
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]09:22
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]09:23
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards09:27
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards09:34
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]09:47
-!- laurentmt [~Thunderbi@80.215.234.31] has joined #bitcoin-wizards09:51
-!- laurentmt [~Thunderbi@80.215.234.31] has quit [Client Quit]09:54
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]09:56
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards10:01
-!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards10:03
petertoddHas anyone investigated the security of SHA256 midstates? Seems sketchy to essentially let the attacker pick the initialization constants.10:04
petertoddFor example, if you were to create a timestamp commitment via a midstate, can the attacker choose one that makes a preimage attack easier?10:04
petertodd0 retweets 0 likes10:04
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards10:04
e0_When is someone allowed to pick the midstates?10:05
e0_do you mean chaining variable?10:06
petertodde0_: if you are the verifier, and you don't have the full data, then the attacker can pick the midstate at will without you being able to know10:06
-!- PaulCape_ [~PaulCapes@204.28.124.82] has quit [Ping timeout: 264 seconds]10:07
e0_ok, so someone sends you a SHA256 chaining variable and the inputs that extend the chaining-variable to the final output?10:07
petertodde0_: yup10:07
petertodde0_: case in point being timestamp proofs, where the attacker would want to choose the midstate such that finding a second message with the same hash is made easier10:08
-!- wangchun [~wangchun@li414-193.members.linode.com] has quit [Remote host closed the connection]10:08
katupetertodd: yes. your "midstate" generally fall into the category of length extension attacks (not the simple case of bypassing authentication though).10:09
e0_Midstate clearly leverages length extention but granting an attacker the ability to pick a chaining variable without having to show how that chaining variable was generated is pretty powerful.10:10
katuchosen-iv is practical only for sha1 at the moment, though.10:10
e0_yes, free state collisions10:10
@gmaxwellpetertodd: it seems almost certian to me that it reduces security, which is one of the reasons I've shyed away from constructions that use that trick.10:10
petertoddkatu: they're similar to length extension attacks, but they may be even worse: remember that sha256 starts with a nothing-up-my-sleeve number, and midstates let the attacker bypass that and choose the initialization conditions at will10:11
e0_exactly10:11
katupetertodd: if it's pure chosen-iv that sounds incredibly dangerous. as i said, sha1 is already broken under that precondition.10:12
petertoddgmaxwell: yeah, it's a surprisingly big change to the algorithm10:12
@gmaxwellkatu: sha1 is a much more linear construction, however.10:12
e0_as someone involved in hash function cryptanalysis, such a protocol would make my job easier10:12
petertoddkatu: you're familiar with what the midstate concept is right? it's simply where you provide the internal state of the SHA256 computation as your "prefix", and the suffix is the rest of the message. So yes, it's basically a chosen-iv10:13
sipabut we're still only interested in preimage attacks, right?10:14
sipaso the case where an attacker sees an existing published hash, and constructs an initial state + suffic that hash to that published value10:14
e0_@katu and it isn't just choosen-IV, as the length of the message is included to the padding10:14
petertoddsipa: for timestamping, yes! because a birthday collission still proves that both messages existed prior to some point in time!10:14
katupetertodd: im not sure where that scenario arises, though, ie attacker having completely free choice. taking apart hash function for spare parts like that and doing something silly with it ... isnt that explicitly forbidden via "dont roll your own crypto if you dont need to"? :)10:15
sipaan attacker being able to construct two different initial states + suffix that both hash to the same thing... well, good for him, now he can timestamp two values from the price of one10:15
petertoddkatu: this is used in production by p2pool to make shares more compact, and I've seen people propose it for timestamping10:15
sipathe relevant of length extension attacks is usually wrt collisions, not preimages10:16
katuouch10:16
petertoddkatu: I'm not sure it actually would matter for p2pool, but using it for timestamping seems very unwise to me...10:16
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]10:17
petertoddsipa: yeah, timestamping is weird that way :)10:17
katuanother scenario (with sha1) is compactly representing single file in a torrent10:17
sipaso the question is really whether you're able to invert a single sha256 transform10:17
e0_p2pool is basically rolling their own crypto primatives. Without someone spending a very long time thinking about it, no one knows how secure it is.10:17
katuyou need to keep sha1 midstate for preceding and trailing chunk.10:17
petertoddsipa: yup10:18
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards10:18
@gmaxwelle0_: for that if it were somewhat broken it would hardly matter.10:18
sipaif the data being hashed (or claimed to be hashed) is unconstrained, this is essentially a problem with 256 bits known, and 768 bits variable10:19
sipaas opposed to the typical preimage attack problem where you have 256 bits known and only 512 bits variable10:19
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 250 seconds]10:19
katue0_: it's ok if it is some hack on top of existing protocol (ie see the example of representing file in a torrent - there simply isnt other option), i just cant imagine why p2pool would actually need it.10:19
@gmaxwellkatu: because its a hack on top of the bitcoin protocol.10:20
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards10:20
petertoddsipa: right, because you get the extra degree of freedom in the 256 bits of midstate10:20
sipaexactly10:20
sipai don't know whether this matters, but it may be important to realize that this is fundamentally an easier problem than a preimage attack10:21
sipa(though, even in the presence of known collision attacks, this construction is not necessarily broken)10:21
-!- CocoBTC [~coco@c-703b71d5.136-1-64736c10.cust.bredbandsbolaget.se] has joined #bitcoin-wizards10:21
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards10:21
katugmaxwell: ah, is it this? https://github.com/forrestv/mm2-spec10:22
@gmaxwellnot quite. that was forrestv trying to generalize it.10:22
e0_katu: I don't think it is ok, These things are really tricky, just understanding the exact security properties you want is an involved task. Determining if a modification of a crypto primative meets that property requires long term research. There is a reason that SHA-3 was run as a multi-year contest with many cryptographers looking at each hash function.10:23
@gmaxwellWhen you attempt a share, you need to reveal the user-id and sharechain root that it commits to. This information is at the end of the coinbase transaction, which is some 15kbytes of data.  It's not important to communicate that first 15kb when initially connecting the share to the share chain.  Once you've verified it, and connected it, the rest of the data in the coinbase transaction is a funct10:23
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds]10:23
@gmaxwellion of the sharechain, and all that is verified too.10:23
@gmaxwellSo as-I-vaguely-recall the way it's used in p2p is even if it's totally busted it only results in a CPU exhaustion DOS attack against p2pool nodes at worse (by flooding them with non-p2pool shares that you've made look like p2pool shares)10:24
katue0_: in both cases, there is clear cost benefit. the hash is broken apart to achieve something, and explicitly acknowledging 'yep, that breaks the hash'. but both in case of merged mining and bittorrent, it seems the widened attack surface is worth it.10:24
@gmaxwells/used in p2p/used in p2pool'10:24
katue0_: most importantly, in neither case the hash is used to hash a secret, but only commitment. commitment which is later re-verified by doing proper hash.10:25
@gmaxwellbut people have tried to do this elsewhere, where stronger properties were needed and where the use had greater consequences, and I've discouraged it for the reasons e0_ mentions.10:26
e0_katu: I have no idea of the cost benefit analysis. My only point is that may not be safe or secure.10:27
@gmaxwellkatu: fwiw, 'don't make your own constructs' I think that is advice which is causing harm.  At one level it's obviously good but the way people apply it is that they can take random black box standardized cryptographic objects found on github and apply them and then think they're doing fine.10:30
-!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards10:31
@gmaxwellAt least in the realm of open protocols on the internet it has been well over a decade since there was a major example of someone cooking up their own blockcipher. But over and over again we see people every day cooking up busted protcols and using implementations of standard constructs with gratitious sidechannel vulerabilities in places where it might matter.10:31
@gmaxwellSo I liken that advice to "abstence only" cryptography education, it has similar failure modes to its parallel in human sexuality.10:32
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]10:32
bsm117532gmaxwell: I've been thinking that for some time.  The adage "don't roll your own crypto" is really incompatible with crypto-financial engineering.  Instead we need to figure out how to do software engineering, using cryptography, in a secure manner.10:32
katugmaxwell: you're criticizing fundamental problem of computer engineering. yes, commodity solutions are sub-optimal, but typically with better outcomes than people rolling stuff on their own.10:32
katufrom scratch. every time.10:33
bsm117532Just passing the buck sucks.10:33
@gmaxwellkatu: no.. it's orthorgonal.10:33
-!- laurentmt [~Thunderbi@80.215.234.31] has joined #bitcoin-wizards10:33
petertoddincidentally, it occures to me that for some applications, it to require the midstate to be followed by a fixed "pseudo-iv" - although whether or not that's actually secure is beyond my paygrade10:35
petertodd*it'd be feasible to require the10:35
@gmaxwellkatu: I'm not complaining that AES isn't the best fit function for some application or whatnot. But rather the mindset that you are safe _if_ and only if you use something that you think is standardized. The overwhelming majority of cryptographic breaks come from bad protocol design, and there are virtually no well studied protocols for pratically any engineering. So people just say 'the crypto i10:35
@gmaxwells the [AES] the protocol is not crypto. I can write that without understanding crypto.' with bad results.10:35
sipai think what gmaxwell is saying that people who just take off-the-shelf crypto primitive *also* make mistakes... for example AES without authentication, or with sidechannels10:35
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards10:35
sipajinxed10:35
sipaso the advice should be to always research the various attack vectors and security assumptions10:36
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards10:36
sipaand when you're digging deeper in the stack, the difficulty of that goes up10:37
katugmaxwell: fiar enough. the advice for crypto-ignorant people should definitely extend to usage too. which is, adhere to predefined protocol spec, just like primitives.10:37
sipabut it's not a boolean10:37
@gmaxwellYes, there is no replacement for having a degree of understanding. And if you do, you will also realize that there is no way you're going to cook up your own replacement for AES.10:37
petertoddgmaxwell: note how far NaCl has to go to create an API that's "sufficiently safe" to use without a solid understanding of it, and in the process they've made something where it's not clear how you'd use it for consensus - as an example10:37
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards10:37
katusipa: worst with AES i've seen in practice is key-similiarity attacks.10:38
katuits not often stressed enough, just *dont* have similiar keys for aes, ie hash those before using.10:39
@gmaxwellkatu: uh. no. people use AES-CTR and then reuse keys/iv.10:39
katugmaxwell: thats not aes as such, but ctr :)10:39
@gmaxwellOr they use CBC without an IV and yield fingerprinting attacks (linux disk encryption and truecrypt too)10:39
sipaAES-ECB is totally safe, right?10:39
@gmaxwellor they use AES-ECB10:40
katuall the chained modes are pretty tricky10:40
sipagmaxwell: which reminds me, we should add CBC to ctaes10:40
@gmaxwellkatu: but aes without a chaining mode is not fit for basically any application.10:40
katuor generally the poor understanding of word 'nonce'10:40
katuthat which should not appear twice10:40
sipanwice10:41
katu(bitcoin with its 'nonce' isnt helping, shouldnt that be serial or something :)10:41
-!- laurentmt [~Thunderbi@80.215.234.31] has quit [Quit: laurentmt]10:41
petertoddsipa: I use ECB because I believe in block equality10:42
e0_If you are designing cryptographic protocols you need an expert. I'm all for experimentation and playing around with building your own crypto, but getting it right and knowing when you got it wrong requires a person that has dedicated many years of the life as a full time job learning how to securely engineer crypto.10:43
katue0_: yeah, just make robust cookiecutters for protocols too10:43
katuisnt that basically what nacl is all about?10:43
e0_I think robust cookiecutters are good idea, but often projects will require a usercase not supplied by the cookiecutter.10:44
e0_Even standardized protocols have serious problems.10:44
bsm117532e0_ let's educate, instead of passing the buck though.  Lots of dev shops have obtuse (non-crypto) programming rules and frameworks that try to prevent programmers from shooting themselves in the foot -- I think this is largely foolish.  Don't treat people like idiots, educate them instead.10:45
@gmaxwelle0_: but that isn't the standard advice, the standard advice is some kind of abstence cult; not a hire an expert cult. :P10:45
e0_If apple can't get imessage right, and they couldn't, who can?10:45
@gmaxwellThere are basically no secure standardized protocols for anything non-trivial.10:46
e0_gmaxwell: I don't agree with the abstence view.10:46
e0_right10:46
katubsm117532: the midstte sha is a good example though. it goes against advice "dont reinvent crypto". but in cases when it is actually used, it is acknowledged the hash is broken. for cases such as those, i'd simply standardize use of mid-hashes for sha1/sha2.10:46
waxwingapparently we are abstaining from spelling out the word abstinence too :)10:46
katualso possibly have cryptanalist outlien to which degree is the hash broken.10:47
katudamn, too many typos to regex through10:47
bsm117532I think there do not exist enough cryptographers in the world to transition to cryptographic finance.  We're all going to have to bite the bullet and learn more about midstates...10:48
@gmaxwellI don't think midstate compression is much _more_ an "act of cryptography" than, say, coming up with your hashtree structure.10:48
@gmaxwelleven when your hashtree doesn't peel back the crypto black box boundaries at all.10:49
-!- wangchun [~wangchun@li414-193.members.linode.com] has joined #bitcoin-wizards10:49
katugmaxwell: depends, it's just a single primitive with valid use (put a wedge to hashlist/md tree).10:49
e0_midstate compression is very dangerous because it opens the door to fine grained control of variables in the hash function which are assumed to not be under the control of an attacker10:49
katus/to/into/10:49
e0_like BLAKE has "interesting" behavior if an attacker can control the chaining variables10:50
katue0_: it needs to be evaluated to which degree it is hard to produce evil states. as it is now, it is assumed "reasonably hard to stave off DoS"10:50
@gmaxwellfor example, we sit here and cringe with the midstate compression but haven't encountered a pratical attack. But the hashtree construction used in Bitcoin has _three_ known vulnerabilties, and one is pratical and easily exploited.10:50
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]10:50
@gmaxwellSo I think being horrified by one but not blinking at the other is being pennywise and pound foolish.10:51
* sipa googles "pennywise -band"10:51
petertoddgmaxwell: one potential difference, is that explaining the vulnerabilities in bitcoin's hashtree is easy - for that matter, even a relatively unsophisticated person could find them too10:51
e0_I wasn't aware of the problems with the hashtree, but that sounds bad as well =/10:52
@gmaxwellpetertodd: many attacks sound pretty obvious in hindsight, look at the attacks on 64-bit block ciphers in SSL.10:52
petertoddgmaxwell: I feel perfectly confident designing a hashtree precisely because the vulnerabilities in bitcoin's one are obvious to me with my current level of knowledge; I don't have a damn clue what makes sha256 work10:52
petertoddgmaxwell: sure, what I mean is simply that my level of knowledge for hashtrees is likely a lot closer to that of experts in the field than it is for designing hash functions from scratch10:53
sipawell there is no clear algorithmic hardness assumption for sha25610:53
sipait's just a mix of permutations and non-linear operations10:54
petertoddsipa: aka, black magic :P10:54
sipayes, pretty much10:54
sipathere is a large collection of understanding about what kinds of constructions lead to easy attacks10:54
@gmaxwellyes, but consider, if sha256 midstate compression were _completely_ broken it would very likely have manifest itself in other ways and would have been noted elsewhere.  The midstate extension property is not intended interface of sha256 but it's highly related to extension attacks.10:55
sipaand hash function design is mostly just avoiding that, and then doing enough of it :)10:55
katusipa: those can be definitely expressed and mathematically solved, as a SAT problem or polynomial in extended gf(2)10:55
katuthe trick is, how big are those sat/poly?10:55
katusatcoin might hint some interesting answers10:55
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards10:56
@gmaxwellthere is no strong argument provided by anyone that I'm aware of that says that second preimages results in a sat problem which is hard.  Other than the hope that if it didn't the extensive cryptanalysis so far would have uncovered it.10:56
sipaassuming sha256 is not broken in any way that isn't known now, i don't expect midstates to be trivially attackable10:56
@gmaxwelldoesn't mean using it is a good idea generally.10:57
sipabut they may be somewhat easier than a full sha256 premiage10:57
petertoddsipa: an interesting question then, is given the desire for nothing-up-your-sleeve numbers, why didn't the sha256 designers just use zero's as the IV?10:58
e0_https://eprint.iacr.org/2016/374.pdf10:58
e0_there has been some success on free-start collisions on SHA256 in reduced round varients10:59
sipapetertodd: sha3 uses all zeroes as initial state :)10:59
petertoddsipa: lol, nice :)10:59
@gmaxwellsipa: I would be shocked if it weren't easier, and shocked if it made any interesting attack easy.10:59
sipagmaxwell: agree10:59
sipaa massively easy midstate attack would likely indicate a full preimage attack11:00
e0_SHA3 is also a completely different construction11:00
@gmaxwelle0_: he wasn't giving that as a justification. :)11:00
petertodde0_: yup, just reading that section now - sounds like pretty clear evidence that freedom in the IV is at least a negative11:04
katusipa: well, for example in case of sha1 thats not strictly the case. chosen-ivs seem to be pretty magical, and whole security of sha1 now lies in that its difficult to arrive to this fixed point when attempting to produce real world collisions.11:04
-!- bsm117532 [~mcelrath@38.121.165.30] has quit [Ping timeout: 250 seconds]11:04
katuie what if you dont get a wide class of chosen-ivs as options, but something very very specific11:05
-!- tucenaber [~tucenaber@unaffiliated/tucenaber] has quit [Ping timeout: 276 seconds]11:06
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]11:07
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards11:07
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]11:10
-!- bsm117532 [~mcelrath@38.121.165.30] has joined #bitcoin-wizards11:13
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards11:15
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]11:20
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards11:21
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]11:27
-!- mkarrer [~mkarrer@201.218.217.188] has joined #bitcoin-wizards11:29
-!- mkarrer [~mkarrer@201.218.217.188] has quit [Client Quit]11:31
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards11:32
roasbeefandytoshi: "Pairings for Cryptographers": https://eprint.iacr.org/2006/165.pdf11:39
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]11:43
-!- laurentmt [~Thunderbi@176.158.157.202] has joined #bitcoin-wizards11:46
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards11:47
-!- c0rw1n [~c0rw1n@109.128.247.136] has quit [Quit: Leaving]11:50
andytoshithanks roasbeef .. though i think that is too simplified for what i'm doing, and it also predates a lot of important work in pairing-based crypto (in particular freeman's unification of several families of curves that support pairings, and lynn's thesis)11:51
-!- c0rw1n [~c0rw1n@109.128.247.136] has joined #bitcoin-wizards11:52
-!- c0rw1n [~c0rw1n@109.128.247.136] has quit [Read error: Connection reset by peer]11:55
-!- c0rw1n_ [~c0rw1n@109.128.247.136] has joined #bitcoin-wizards11:55
-!- Davasny [~quassel@78-11-193-195.static.ip.netia.com.pl] has joined #bitcoin-wizards11:58
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 264 seconds]11:59
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]12:03
-!- blackwraith [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards12:05
-!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 250 seconds]12:07
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards12:07
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]12:16
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards12:20
-!- parathon [~parathon@31.223.24.145] has joined #bitcoin-wizards12:22
-!- parathon [~parathon@31.223.24.145] has quit [Client Quit]12:24
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards12:26
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]12:29
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards12:34
-!- byteflam1 [~byteflame@50.25.160.41] has joined #bitcoin-wizards12:34
-!- byteflam1 [~byteflame@50.25.160.41] has quit [Client Quit]12:35
-!- byteflame [~byteflame@50.25.160.41] has quit [Quit: leaving]12:35
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards12:35
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards12:38
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]12:43
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 252 seconds]12:43
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards12:48
-!- bildramer [~bildramer@2001:0:5ef5:79fb:3811:32e:b019:bd1d] has joined #bitcoin-wizards12:51
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards12:53
-!- bildramer1 [~bildramer@2001:0:5ef5:79fd:1c4a:91a:b019:bd1d] has quit [Ping timeout: 250 seconds]12:55
-!- laurentmt [~Thunderbi@176.158.157.202] has quit [Quit: laurentmt]12:55
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards12:56
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 250 seconds]12:59
-!- jrayhawk_ is now known as jrayhawk13:01
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 240 seconds]13:06
kanzurein dagchain designs, is there anything particularly broken about having long weak block chains that eventually get reorged into stronger chains? potentially conflicting transaction trees can be excluded (or one side can be picked/favored by the miner of the non-weak pow chain that reincorporates most of the weak chain results).13:08
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Quit: WeeChat 0.4.2]13:08
bsm117532Nothing in particular and in fact I'm planning on that.13:09
bsm117532However it requires that you can identify conflicting transactions, so is not compatible with aggregation a la Mimblewimble.13:09
kanzureoh wait-- so the particular problem would have to be something like: an attacker can trivially broadcast their different transaction to different long weak chains.    but this is more the fault of a user that believes a weak confirmation is valuable.13:09
bsm117532Correct.13:09
kanzurewhat is the value of the weak confirmation (in the context of long weak chains) at all?13:10
bsm117532The notion of "confirmation" changes and requires a more sophisticated calculation.  I'm planning on using a "high water mark" which is an indication of the maximum hashpower that could be on a weak chain.13:10
bsm117532If you're on a weak chain (any chain where the highest hashpower ever see is 100% larger than what is currently visible) -- transactions NEVER confirm.13:11
bsm117532...until they're merged with the stronger chain.13:11
-!- kyletorpey [~kyle@pool-173-53-94-96.rcmdva.fios.verizon.net] has joined #bitcoin-wizards13:11
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards13:12
kanzurei suppose you could make handwavy incentive arguments about miners wanting to take a portion of fees that might not otherwise happen without the transaction trees included in the (longer) weak chains13:12
bsm117532This allows one to automatically and generically merge chains in the case of e.g. network splits.13:12
Taekkanzure: it depends on the algorithm that you use to merge weaker chains into longer chains13:15
bsm117532Miner coin allocation also uses the high-water-mark.13:15
Taekbut, generally speaking I believe that either the weaker chain has to be orphaned, or it can cause reorgs of depth up to the size of the weaker chain13:15
bsm117532Though there may be other ideas, and as Taek says, it comes down to your conflict resolution at merge time.13:15
TaekI'm also worried about the algorithmic complexity of merging13:16
Taekit you can merge weak chains that are thousands of blocks behind, your conflict resolution may get intractable13:17
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]13:22
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards13:27
-!- Tenhi_ [~tenhi@static.177.80.201.138.clients.your-server.de] has joined #bitcoin-wizards13:31
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Read error: Connection reset by peer]13:37
-!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 264 seconds]13:38
-!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards13:41
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]13:42
-!- Tenhi_ [~tenhi@static.177.80.201.138.clients.your-server.de] has quit [K-Lined]13:42
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards13:46
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards13:49
oleganzaHi there. A friend asked if we it's a good idea to slap MAC onto the payload in the CT range proof. I think the ring signature is effectively a MAC on the ciphertext (yielding "encrypt-then-mac" method), so no more integrity checks are necessary, is that right?13:52
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 276 seconds]13:52
-!- MoALTz [~no@78-11-247-26.static.ip.netia.com.pl] has quit [Quit: Leaving]13:53
andytoshioleganza: heya. yeah, the ringsig itself is effectively a MAC. you still might wanna checksum the data as a sanity check (in case of corruption before it went into the ringsig or after it came out)13:54
oleganzain other words, how much is schnorr ring signature malleable by non-signers? IMHO, a simple check like "enforce low-s" should suffice13:54
andytoshidon't even need low-s with schnorr, it's not malleable at all13:54
andytoshiand there's even a proof https://download.wpsoftware.net/bitcoin/wizardry/schnorr-mall.pdf unlike ecdsa..13:54
oleganzaandytoshi: agreed on checksum for external reasons, but just for ciphertext integrity it's not necessary, right?13:55
andytoshioleganza: correct13:55
andytoshi(fwiw, that proof is for schnorr, so it doesn't technically apply to CT ringsigs, but really it does)13:55
oleganzaYeah, i can see that it's pretty obvious how to extend it to ringsigs13:56
oleganzaawesome, thx13:57
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]13:59
oleganzaandytoshi: btw, since you asked about PBC a few days ago, this video was really insightful for me: https://m.youtube.com/watch?v=F4x2kQTKYFY13:59
oleganzaalso Dan Boneh, but with more behind-the-scenes reasoning and less math13:59
oleganzaand some funny tricks with curves of non-prime RSA order (n = p*q) giving homomorphic encryption provided factorization is kept secret.14:00
-!- musalbas [~musalbas@2001:bc8:30c2:ff00::] has quit [Ping timeout: 250 seconds]14:02
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards14:04
-!- musalbas [~musalbas@2001:bc8:30c2:ff00::] has joined #bitcoin-wizards14:04
-!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 260 seconds]14:05
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has joined #bitcoin-wizards14:06
kanzurenot nearly the same content, but this is recent (from the other day) (the video this is from is not recent though) http://diyhpl.us/wiki/transcripts/simons-institute/pairing-cryptography/14:06
-!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards14:08
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards14:08
-!- blackwraith [~priidu@unaffiliated/priidu] has quit [Ping timeout: 244 seconds]14:14
andytoshithanks oleganza, this is great14:17
-!- JackH [~Jack@79-73-191-94.dynamic.dsl.as9105.com] has joined #bitcoin-wizards14:19
e0_I assume someone else has already thought of this but you can reduce the expected-loss of a user doublespending a 0-confirmation transaction once transactions maleability is solved.14:19
e0_Alice wants to pay Bob for a coffee by paying 0.001 BTC in transaction T1 but doesn't want to wait for a confirmation. Bob asks Alice to spend 10 BTC into a 2-of-2 transaction spendable only by both Alice and Bob's key. Bob creates and signs a refund transaction for the 2-of-2 which also spends 0.00001 BTC from T1. Thus, if T1 is doublespent Alice loses 10 BTC since the refund is invalid but if T1 is confirmed on the blockchain Alice can reclaim her 114:23
e0_if the 2-of-2 is spendable by Bob's key alone after say 2 weeks, Bob merely needs to calculate the probability that both the 2-of-2 and T1 and doublespent and choose a 2-of-2 insurance value which gives him an expected value of 0.001 BTC.14:25
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Remote host closed the connection]14:28
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]14:31
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]14:32
-!- pavel_ [~paveljani@79.98.72.216] has joined #bitcoin-wizards14:35
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Ping timeout: 244 seconds]14:35
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards14:36
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has quit [Ping timeout: 240 seconds]14:39
-!- moli [~molly@unaffiliated/molly] has joined #bitcoin-wizards14:39
-!- belcher is now known as JM-IRCRelay14:44
-!- JM-IRCRelay is now known as belcher14:44
CocoBTCNot in this way - but AFAIK pre-made transactions are a part of how Lightning network will work with "HTLCs"14:44
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]14:48
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards14:52
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards14:58
e0_CocoBTC: what do you mean by "pre-made". I was thinking that this method could be used to quickly establish a payment channel with the lightning network.15:00
-!- xissburg [~xissburg@unaffiliated/xissburg] has quit [Quit: leaving]15:05
-!- xissburg [~xissburg@unaffiliated/xissburg] has joined #bitcoin-wizards15:08
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has joined #bitcoin-wizards15:14
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has quit [Client Quit]15:15
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has joined #bitcoin-wizards15:15
@gmaxwelle0_: not just thought of, but actually used, thats a payment channel.15:16
-!- Noldorin [~noldorin@unaffiliated/noldorin] has joined #bitcoin-wizards15:17
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards15:26
-!- Davasny [~quassel@78-11-193-195.static.ip.netia.com.pl] has quit [Read error: Connection reset by peer]15:28
-!- CocoBTC [~coco@c-703b71d5.136-1-64736c10.cust.bredbandsbolaget.se] has quit [Quit: Leaving]15:37
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 240 seconds]15:38
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has quit [Quit: No Ping reply in 180 seconds.]15:41
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards15:42
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards15:44
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 240 seconds]15:45
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards15:50
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]15:52
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards15:57
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has quit [Ping timeout: 250 seconds]16:01
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has quit [Read error: Connection reset by peer]16:03
-!- Alanius [~alan@flyingarm.bar] has quit [Remote host closed the connection]16:05
Eliele0_: is the 10 BTC payment to the 2-of-2 address supposed to be confirmed beforehand or how were you planning on preventing that from being doublespent?16:06
-!- bildramer [~bildramer@2001:0:5ef5:79fb:3811:32e:b019:bd1d] has quit [Ping timeout: 250 seconds]16:07
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 264 seconds]16:08
-!- bildramer [~bildramer@p2003004D2B01000000BE29B2F1B6B020.dip0.t-ipconnect.de] has joined #bitcoin-wizards16:10
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards16:13
-!- oleganza_ [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards16:17
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has quit [Ping timeout: 250 seconds]16:18
-!- oleganza_ is now known as oleganza16:18
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has joined #bitcoin-wizards16:21
-!- NewLiberty_ [~NewLibert@107-142-8-22.lightspeed.irvnca.sbcglobal.net] has quit [Ping timeout: 240 seconds]16:26
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]16:29
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards16:33
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Remote host closed the connection]16:46
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 252 seconds]16:55
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]16:56
-!- byteflame [~byteflame@50.25.160.41] has joined #bitcoin-wizards16:56
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards17:01
-!- andytoshi [~andytoshi@unaffiliated/andytoshi] has quit [Ping timeout: 265 seconds]17:27
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards17:30
-!- PRab [~chatzilla@c-68-62-95-247.hsd1.mi.comcast.net] has joined #bitcoin-wizards17:32
-!- PRab [~chatzilla@c-68-62-95-247.hsd1.mi.comcast.net] has quit [Client Quit]17:32
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards17:39
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]17:39
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Max SendQ exceeded]17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]17:40
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards17:41
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]17:41
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has joined #bitcoin-wizards17:41
-!- andytoshi [~andytoshi@wpsoftware.net] has joined #bitcoin-wizards17:41
-!- dave4925_ [~dave4925@unaffiliated/dave4925] has quit [Excess Flood]17:41
-!- Illumitardi [~dave4925@unaffiliated/dave4925] has quit [Ping timeout: 255 seconds]17:42
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has quit [Quit: Textual IRC Client: www.textualapp.com]17:42
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]17:46
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards17:51
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]18:01
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has quit [Quit: oleganza]18:03
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards18:06
-!- copumpkin [~copumpkin@haskell/developer/copumpkin] has joined #bitcoin-wizards18:14
-!- oleganza [~oleganza@172.56.39.101] has joined #bitcoin-wizards18:17
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 276 seconds]18:28
-!- oleganza [~oleganza@172.56.39.101] has quit [Quit: oleganza]18:32
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]18:37
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards18:42
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-nfzyxtmgrfwogkow] has quit [Quit: Connection closed for inactivity]18:46
bsm1175321Taek: there needs to be a lower bound: it is expressed as a fraction of the "high water mark".  Obviously an arbitrarily low-difficulty chain can't be merged with the main one.18:48
bsm1175321Or you open a DDoS attack.18:48
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]18:52
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards18:56
-!- xissburg [~xissburg@unaffiliated/xissburg] has quit [Quit: ZZZzzz…]19:00
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]19:04
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]19:05
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]19:07
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards19:08
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards19:09
-!- N0S4A2 [~weechat@24.35.69.143] has quit [Quit: WeeChat 1.5]19:10
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]19:22
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards19:28
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]19:37
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has quit [Quit: Leaving.]19:37
-!- Noldorin [~noldorin@unaffiliated/noldorin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]19:39
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 252 seconds]19:40
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards19:42
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards19:42
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards19:42
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 240 seconds]19:48
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards19:51
-!- pro [~pro@unaffiliated/pro] has quit [Quit: Leaving]19:55
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]20:14
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]20:17
-!- byteflame [~byteflame@50.25.160.41] has quit [Ping timeout: 240 seconds]20:20
-!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]20:30
-!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards20:32
-!- oleganza [~oleganza@172.56.39.108] has joined #bitcoin-wizards20:32
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards20:34
-!- oleganza [~oleganza@172.56.39.108] has quit [Ping timeout: 244 seconds]20:37
-!- Damiana [~Damiana@rrcs-71-42-254-60.sw.biz.rr.com] has joined #bitcoin-wizards20:38
-!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]20:41
-!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards20:43
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 276 seconds]20:44
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards20:46
-!- Damiana [~Damiana@rrcs-71-42-254-60.sw.biz.rr.com] has quit [Remote host closed the connection]20:58
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has quit [Quit: Verlassend]20:59
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has joined #bitcoin-wizards20:59
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has quit [Remote host closed the connection]20:59
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]21:03
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 264 seconds]21:05
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards21:07
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards21:08
-!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]21:10
-!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards21:12
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 252 seconds]21:13
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards21:16
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]21:19
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards21:23
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]21:34
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 240 seconds]21:38
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards21:38
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards21:42
-!- pavel_ [~paveljani@79.98.72.216] has quit [Quit: Leaving]21:48
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 250 seconds]21:50
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]21:52
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 265 seconds]21:54
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has quit [Ping timeout: 250 seconds]21:55
-!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 276 seconds]21:56
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards21:56
-!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards21:56
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 265 seconds]21:56
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has joined #bitcoin-wizards21:56
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards21:56
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards21:57
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards21:58
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]22:08
-!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has joined #bitcoin-wizards22:10
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has quit [Ping timeout: 244 seconds]22:10
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds]22:11
-!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has quit [Ping timeout: 276 seconds]22:11
-!- zxzzt [~prod@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards22:11
-!- sdaftuar [~sdaftuar@unaffiliated/sdaftuar] has joined #bitcoin-wizards22:12
-!- morcos [~morcos@static-100-38-11-146.nycmny.fios.verizon.net] has joined #bitcoin-wizards22:12
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards22:12
-!- tripleslash [~triplesla@unaffiliated/imsaguy] has quit [Ping timeout: 250 seconds]22:46
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards22:47
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 240 seconds]22:50
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards22:55
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 244 seconds]22:58
-!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Quit: oleganza]23:10
-!- tripleslash [~triplesla@unaffiliated/imsaguy] has joined #bitcoin-wizards23:15
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards23:29
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]23:34
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 260 seconds]23:38
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-jbijoaxwxnmxqglc] has joined #bitcoin-wizards23:39
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards23:40
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has joined #bitcoin-wizards23:42
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 250 seconds]23:46
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards23:49
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection]23:58
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]23:58
--- Log closed Wed Sep 07 00:00:47 2016

Generated by irclog2html.py 2.15.0.dev0 by Marius Gedminas - find it at mg.pov.lt!