2016-09-08.log

--- Log opened Thu Sep 08 00:00:48 2016
-!- rubensayshi [~ruben@82.201.93.169] has joined #bitcoin-wizards00:04
-!- PeterR [cf5125a7@gateway/web/freenode/ip.207.81.37.167] has quit [Ping timeout: 264 seconds]00:06
-!- danrobinson [~danrobins@cpe-68-175-4-89.nyc.res.rr.com] has quit [Quit: Textual IRC Client: www.textualapp.com]00:09
-!- r0ach [~r0ach@107-217-214-192.lightspeed.jcvlfl.sbcglobal.net] has quit []00:09
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards00:11
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 244 seconds]00:12
-!- sipi [~sipi@165.64.broadband12.iol.cz] has joined #bitcoin-wizards00:28
-!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Quit: oleganza]00:32
-!- daddinuz [~daddinuz@212.91.77.78] has joined #bitcoin-wizards00:34
-!- ThomasV [~ThomasV@unaffiliated/thomasv] has quit [Ping timeout: 276 seconds]00:46
-!- gmaxwell [greg@wikimedia/KatWalsh/x-0001] has left #bitcoin-wizards []00:47
-!- moli [~molly@unaffiliated/molly] has quit [Ping timeout: 250 seconds]00:51
-!- daddinuz [~daddinuz@212.91.77.78] has quit [Quit: Leaving]01:08
-!- jannes [~jannes@178.132.211.90] has joined #bitcoin-wizards01:12
amillerTaek, pipelining wouldn't increase the throughput, at least the assumption there at least is that the slowest node on a path is the one that constrains the throughput01:14
Taekso, my guesstimate of the network propagation that was happening there is that a node would get a block in full, validate it, then propagate it01:14
Taekwhich means that if a block was large, it'd download the *whole* block before doing any validation or uploading, and that would cause a severe bottleneck01:15
Taekelsewhere in the paper it was stated that the bandwidth for the 90 percentile nodes was 3mbps01:15
Taekbut I could see where a single node bottleneck could cause issues01:16
TaekI still imagine that pipelining would get you large gains01:16
Taekalso, would it be safe to assume in a continuous bandwidth scenario that the slowest node could be routed around via other peers?01:17
Taekperhaps that's too optimistic01:17
midnightmagicOh, what a surprise. Ban-evading again.01:17
-!- alan_ [~alan@flyingarm.bar] has joined #bitcoin-wizards01:33
-!- alan_ is now known as Alanius01:34
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 260 seconds]01:36
-!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has quit [Read error: Connection reset by peer]01:36
-!- sipi [~sipi@165.64.broadband12.iol.cz] has quit [Quit: Leaving]01:37
sipaTaek: fibre relays before receiving the full block01:43
sipaand it seems to help a lot01:43
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards01:44
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards01:59
-!- cdecker [~cdecker@2a02:aa16:1105:4a80:8c99:8bd4:ce43:c5e7] has quit [Ping timeout: 264 seconds]01:59
-!- tripleslash [~triplesla@unaffiliated/imsaguy] has quit [Ping timeout: 265 seconds]01:59
-!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has joined #bitcoin-wizards02:03
-!- cdecker [~cdecker@2a02:aa16:1105:4a80:8c99:8bd4:ce43:c5e7] has joined #bitcoin-wizards02:05
-!- Hunger- [~hunger@prodevops.net] has quit [Ping timeout: 260 seconds]02:12
-!- Hunger- [~hunger@prodevops.net] has joined #bitcoin-wizards02:22
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Read error: Connection reset by peer]02:25
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards02:26
-!- tripleslash [~triplesla@unaffiliated/imsaguy] has joined #bitcoin-wizards02:26
vega4Taek: thank you for posting the paper, I haven't seen it before02:40
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 260 seconds]02:41
-!- pro [~pro@unaffiliated/pro] has joined #bitcoin-wizards02:41
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards02:43
-!- Emcy_ [~MC@unaffiliated/mc1984] has quit [Quit: Leaving]02:54
-!- Emcy [~MC@unaffiliated/mc1984] has joined #bitcoin-wizards02:54
-!- lmatteis_ is now known as lmatteis03:04
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has joined #bitcoin-wizards03:06
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 260 seconds]03:11
-!- JackH [~Jack@79-73-191-94.dynamic.dsl.as9105.com] has quit [Ping timeout: 240 seconds]03:20
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards03:21
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 260 seconds]03:30
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards03:39
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards03:45
-!- moli [~molly@unaffiliated/molly] has joined #bitcoin-wizards03:53
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 265 seconds]04:08
-!- BashCo_ [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards04:12
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Ping timeout: 244 seconds]04:15
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 260 seconds]04:20
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards04:25
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 260 seconds]04:38
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards04:44
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 260 seconds]05:01
-!- laurentmt [~Thunderbi@80.215.210.95] has joined #bitcoin-wizards05:01
-!- molz [~molly@unaffiliated/molly] has joined #bitcoin-wizards05:04
-!- moli [~molly@unaffiliated/molly] has quit [Ping timeout: 264 seconds]05:08
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has quit [Quit: No Ping reply in 180 seconds.]05:09
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards05:11
-!- laurentmt [~Thunderbi@80.215.210.95] has quit [Quit: laurentmt]05:12
-!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #bitcoin-wizards05:16
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has joined #bitcoin-wizards05:17
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards05:17
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards05:21
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 260 seconds]05:41
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards05:47
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards05:50
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has quit [Ping timeout: 250 seconds]05:59
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has quit [Quit: Newyorkadam]06:12
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has joined #bitcoin-wizards06:19
-!- Guyver2_ [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards06:19
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has joined #bitcoin-wizards06:19
-!- cdecker [~cdecker@2a02:aa16:1105:4a80:8c99:8bd4:ce43:c5e7] has quit [Ping timeout: 260 seconds]06:20
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Ping timeout: 252 seconds]06:22
-!- Guyver2_ is now known as Guyver206:22
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has quit [Ping timeout: 260 seconds]06:23
-!- veleiro [~veleiro@fsf/member/veleiro] has quit [Ping timeout: 250 seconds]06:24
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards06:34
-!- grubles [~grubles@unaffiliated/grubles] has joined #bitcoin-wizards06:50
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has joined #bitcoin-wizards06:55
-!- Guyver2_ [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards07:05
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]07:07
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Ping timeout: 252 seconds]07:08
-!- Guyver2_ is now known as Guyver207:08
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards07:08
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has quit [Quit: Newyorkadam]07:10
-!- assder [2e3b026a@gateway/web/freenode/ip.46.59.2.106] has joined #bitcoin-wizards07:17
-!- blkdb [~blkdb@2a01:4f8:140:1407::2] has joined #bitcoin-wizards07:23
-!- BashCo_ [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection]07:28
-!- contrapumpkin is now known as copumpkin07:30
-!- face_ [~face@mail.hmel.org] has joined #bitcoin-wizards07:35
bsm1175321Just caught up on that conversation... Taek keep in mind that the "fastest block time" as defined by creating a total-ordering on the braid (finding cohorts) is around 10 seconds.  Pushing the block time down below that results in exponentially-increased time between total-ordering (cohort) events, because you're waiting for the network to be accidentally quiescent for a time proportional to the network size.07:37
bsm1175321That result can be found at the bottom of: https://rawgit.com/mcelrath/braidcoin/master/Braid%2BExamples.html07:38
-!- face_ is now known as face07:39
bsm1175321(so confirmation time goes up exponentially fast at that point...maybe that was your point?)07:40
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:b8e2:1c9c:fe32:8ba2] has quit [Ping timeout: 250 seconds]07:47
-!- edvorg [~edvorg@14.169.88.102] has joined #bitcoin-wizards07:51
-!- MoALTz [~no@78-11-247-26.static.ip.netia.com.pl] has joined #bitcoin-wizards07:55
-!- edvorg [~edvorg@14.169.88.102] has quit [Remote host closed the connection]07:59
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:6030:44b1:fd43:a0c4] has joined #bitcoin-wizards08:08
-!- edvorg [~edvorg@14.169.88.102] has joined #bitcoin-wizards08:09
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has quit [Ping timeout: 265 seconds]08:11
-!- rubensayshi [~ruben@82.201.93.169] has quit [Remote host closed the connection]08:11
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has joined #bitcoin-wizards08:12
-!- mol [~molly@unaffiliated/molly] has joined #bitcoin-wizards08:12
trompmake08:14
-!- molz [~molly@unaffiliated/molly] has quit [Ping timeout: 265 seconds]08:16
vega4have you got any papers at hand related to the subject of incentives which would enchance exchange of transactions among full nodes?08:18
assderWhat are the components of MimbleWimble I should read up on to understand it properly?08:22
andytoshiassder: there's not much out there yet aside from the original 'paper'08:22
sipathe only building block that matters is CT, i think08:23
assderDidn't it utilize "cut-through" something?08:23
kanzurethere are OWAS and signature aggregation things that you could look at08:23
kanzurelike http://diyhpl.us/~bryan/papers2/bitcoin/Increasing%20anonymity%20in%20bitcoin%20using%20one-way%20aggregatable%20signatures.pdf08:24
andytoshiassder: https://download.wpsoftware.net/bitcoin/wizardry/mimblewimble.txt is the MW paper08:24
sipabut OWAS is not a building block for MW08:24
sipathough it may help understand things, as it works similarly08:24
assderOk, thanks for the links! I'll buckle down and study.08:25
kanzurealso there are some other explanations available here:08:25
kanzurehttps://www.reddit.com/r/Bitcoin/comments/4vub3y/mimblewimble_noninteractive_coinjoin_and_better/08:25
kanzurehttps://www.reddit.com/r/Bitcoin/comments/4woyc0/mimblewimble_interview_with_andrew_poelstra_and/08:25
kanzurehttps://www.reddit.com/r/Bitcoin/comments/4xge51/mimblewimble_how_a_strippeddown_version_of/08:25
kanzurehttps://www.reddit.com/r/Bitcoin/comments/4y4ezm/mimblewimble_how_a_strippeddown_version_of/08:25
kanzurehttp://diyhpl.us/wiki/transcripts/mimblewimble-podcast/08:25
assderkanzure: Wow, thank you08:26
kanzurealso there was a big section on signature aggregation here https://bitcoincore.org/logs/2016-05-zurich-meeting-notes.html08:26
kanzureand here http://diyhpl.us/wiki/transcripts/simons-institute/pairing-cryptography/08:26
kanzureand a little bit here http://diyhpl.us/wiki/transcripts/2016-july-bitcoin-developers-miners-meeting/dan-boneh/ although i think the previous one is more canonical08:27
-!- bsm117532 [~mcelrath@38.121.165.30] has quit [Remote host closed the connection]08:32
-!- bsm117532 [~mcelrath@38.121.165.30] has joined #bitcoin-wizards08:32
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 265 seconds]08:37
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards08:52
-!- AaronvanW [~ewout@unaffiliated/aaronvanw] has quit [Remote host closed the connection]08:55
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 244 seconds]08:55
-!- AaronvanW [~ewout@77pc231.sshunet.nl] has joined #bitcoin-wizards08:58
-!- AaronvanW [~ewout@77pc231.sshunet.nl] has quit [Changing host]08:58
-!- AaronvanW [~ewout@unaffiliated/aaronvanw] has joined #bitcoin-wizards08:58
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards08:58
-!- jannes [~jannes@178.132.211.90] has quit [Quit: Leaving]09:02
-!- Sosumi [~Leon@bl10-113-190.dsl.telepac.pt] has quit [Ping timeout: 276 seconds]09:03
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]09:04
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards09:25
Taek<bsm1175321> Taek keep in mind that the "fastest block time" as defined by creating a total-ordering on the braid (finding cohorts) is around 10 seconds09:34
Taekour ordering algorithms are different09:34
bsm117532Well the fundamental time scale of consensus is the size of the network, and is ~few seconds, you can't get faster than that and maintain consensus.09:35
Taekmine can :)09:35
Taektotal ordering is based on the highest block that you know about09:35
bsm117532Uh...no, if I'm on the other side of the Earth, I can't possibly know...09:35
bsm117532Consensus is defined globally.09:36
Taekright, so instead of getting consensus on the immediate block, you get consensus on a block with X confirmations09:36
Taekbeyond X confirmations, I can prove that causing a reorg would require Y much work, and I can show that, assuming no 51% attackers, Y much work is practically impossible to achieve09:36
Taekall that without requiring that we aren't actually seeing the same list of confirmations09:37
Taekas long as we each have X confirmations, the merging takes care of the rest09:37
bsm117532Can you define "confirmation" for you in the context of a DAG?09:37
TaekWhere X confirmations needs to be sufficiently large, on the order of 5-30 minutes09:37
Taekthe number of confirmations on a block is all known descendents of that block09:38
bsm117532I'm using "cohort" = total order as the definition of "confirmation" -- you mean something different.09:38
Taekyes09:38
Taekthat is perhaps what is causing the confusion then09:38
Taekmy merging algorithm doesn't have any cohorts09:38
Taekactually, I've completed the full description of my merging algorithm. I'll post it to pastebin09:39
Taekthe security proofs and txn fee handling isn't finished yet09:39
Taekhopefully today though09:39
bsm117532But consider a DAG where one node branches to two, and then merges (a diamond).  Now take one side of that diamond and insert several nodes.09:39
-!- PaulCapestany [~PaulCapes@204.28.124.82] has quit [Read error: Connection reset by peer]09:39
bsm117532Yeah I've been ignoring txn fees too :-/09:39
-!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards09:40
TaekThis week I came up with a pretty great solution to ensure miner fairness when including txn fees09:40
bsm117532The diagram I describe has two notions of "confirmations" seen by different participants, before the merge.  You don't have consensus until the merge.09:40
Taekpastebin sadly does not render markdown09:40
Taekso you'll have to navigate to the beautiful pictures manually09:41
Taekhttp://pastebin.com/HzCgGhVx09:41
bsm117532github renders markdown :-D09:41
Taekmaybe I can find a trash repo then for it09:41
bsm117532(the "merge" defines a cohort, and a global notion of consensus)09:42
Taekha kindly forgive me for the other dumb stuff in this repo09:42
Taekhttps://github.com/DavidVorick/Experimental/blob/master/jute-merging.md09:43
sipaTaek: gist.github.com09:44
bsm117532All of your diagrams are complete cohorts (in other words they start and end with a single block).  Sure, you can further define an ordering within a cohort if you desire.09:45
bsm117532But that ordering is impossible until the merge happens.09:45
Taeksipa: thanks09:46
Taekhttps://gist.github.com/DavidVorick/20a1f9f47fa56390039144d7f8dec07409:46
Taekbsm117532: these cohorts can be assumed to be incomplete09:47
Taeke.g. people on the other side of the network may be viewing a different set of blocks09:47
Taekthe 6th image sort of demonstrates that09:47
Taekit shows what happens when a block gets 100 confirmations, and then 200 new blocks are added to the longest known chain09:48
bsm117532And they could be seeing double spends.  You can't know what you don't know, and you don't have consensus until you do.09:48
Taekthe handling of double spends is explained at the bottom09:49
Taekand then it says 'we'll restore SPV later' because you're only seeing an excerpt of the full post09:49
Taekthe part where we bring back SPV is not fully written yet09:49
Taekbut basically, we make it so that you don't need to know if there's a double spend or not, you just include all the blocks and all the transactions09:50
Taekthen you use post-processing to determine which parts of the block get included in consensus.09:50
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has quit [Quit: Leaving]09:51
bsm117532What I'm saying is that you do post processing when a merge happens (or more generally, when a cohort is formed).  Prior to the merge you can't order the blocks.09:52
bsm117532Ordering, (within a cohort) for the purpose of resolving double spends can be done in many ways, I'm just using the usual "highest difficulty" rule.  I'm not sure why you need to invent a new ordering...09:54
-!- bsm117532- [~AndChat70@172.56.36.131] has joined #bitcoin-wizards09:59
bsm117532-Any other ordering will be gamed using mining hash power anyway. So "highest difficulty" is really the only ordering should use.10:00
bsm117532-e.g. you can order a cohort just using block hashes. But someone will grind that hash to dictate the order in their favor.10:01
bsm117532-I can show how to compute "highest work" in the presence of a DAG, and in the presence of non-constant difficulty targets among the blocks to be ordered.10:03
Taekwell, you always have an ordering based on the full list of blocks you know about10:03
Taekmy ordering description is also highest-work10:03
katuone fun approach is to make the grind itself the PoW function. each block projection into the future is still 1 bit of difficulty...10:03
bsm117532-Take: there's exactly one correct answer to "highest work" and if that's what you have it will be identical to mine. :-)10:04
bsm117532-*Taek damn autocorrect10:04
katu(imposes limit on minimum unique inputs and block size)10:04
TaekI count work by summing all of the work of all known unique ancestors10:05
Taekso any given block has a 'relative height' determined by all known ancestors directly for that block10:05
bsm117532-A sum only works for constant difficulty (a la Satoshi's longest chain rule)10:05
Taekwell, if that given block is the highest work block you know about, relative height is the same as absolute height10:06
Taekno you take into account the difficulty differences10:06
bsm117532-Now we have to talk about how retargets happen...10:06
Taekyou sum the difficulties of the ancestors10:06
Taeknaively, retargets can work just the same as in Bitcoin10:07
Taekyou get some funky incentives, but it ends up making a difference of only a small percent, and only applies a small percent of the time, so imho it's not worth worrying about10:08
Taekbut that's also dicussed in a portion of my writeup that's incomplete atm10:08
bsm117532-Retargets are a synchronous event, and the DAG is intended to be asynchronous. It's not so trivial. :-)10:11
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards10:11
Taekyou use a block's relative height (the parents it was pointing at) to determine which side of the retarget it is on10:11
Taekafter the merge, it may be on the other side of the retarget, but you just forgive the block10:12
Taekthe funky incentives come in because if the difficulty goes up, miners will want to have their blocks be on the pre-adjustment side of the fork10:12
bsm117532-I've moved to a window of acceptable difficulty targets, so that retargets are continuous (the window changes over time)10:12
Taekwhich means you'll get a bunch of blocks with high gaps as the miners compete for that extra revenue10:12
TaekI was at one point trying to design a continuous difficulty adjustment10:13
Taekbut decided it added too much complexity10:13
Taekprimarlily for the purposes of making it more easily understandable, I've chosen to accept the awkward incentive tradeoff, because ultimately it only makes a difference of like 0.1% in revenue for a miner that is strategically mining around the diffiulty gap vs. a miner that is not10:14
bsm117532-It's not so hard... Basically the size of the network can be directly translated into the window. Just a little math...10:14
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has joined #bitcoin-wizards10:15
katuhuh?10:16
katui thought the only gauging factor of network size is miner competition, assuming you allow it to manifest somehow (orphans etc)10:16
katuand that its often a prtetty unstable guess10:16
-!- bsm117532- [~AndChat70@172.56.36.131] has quit [Read error: Connection reset by peer]10:17
-!- bsm117532- [~AndChat70@172.56.36.131] has joined #bitcoin-wizards10:17
-!- AndChat-7049 [~AndChat70@38.121.165.30] has joined #bitcoin-wizards10:17
bsm117532"size" is measured in seconds, and is the transit time for data across the network.10:18
bsm117532Your reward schedule is a function of time R(t), and given a window of time dt defined by the network size, you can compute dR, the reward window, from the derivative dR/dt10:19
-!- [7] [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 255 seconds]10:19
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards10:20
katuso, you mean adjusting window to observed latency of propagation. again, how do you actually plan to measure latency?10:20
bsm117532That latency is measured implicitly by the orphan rate in bitcoin, and the "width" of a braid/DAG -- average number of siblings.10:21
-!- bsm117532- [~AndChat70@172.56.36.131] has quit [Ping timeout: 260 seconds]10:21
-!- BashCo [~BashCo@unaffiliated/bashco] has joined #bitcoin-wizards10:22
katuwell, in bitcoin it's clear cut - adversary does not have much incentive to inflate orphan rate, as they'd hurt themselves.10:22
katubut with dag, the whole point is to reward "orphans"10:22
bsm117532Yes.  I argue for "Equal pay for equal (proof-of-) work"...all valid PoW hashes get rewarded.10:24
bsm117532Because an asymmetry in rewards creates the selfish mining incentive.10:24
katujust saying that using the dag width to influence *anything* does not strike me as good idea10:25
katugiven that said width can be inflated at no cost, since you explicitly adjust for it10:25
bsm117532Good point.10:26
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has quit [Ping timeout: 264 seconds]10:27
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Remote host closed the connection]10:27
* bsm117532 ponders10:27
katui suppose it can be fixed by still slightly disincentivizing wide dag, but unsure how10:28
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has joined #bitcoin-wizards10:28
NewLibertySo it becomes what could be considered a traditional block chain at each old-enough merged braid?10:29
-!- laurentmt [~Thunderbi@176.158.157.202] has joined #bitcoin-wizards10:29
bsm117532NewLiberty: yes.  By defining total-ordering events (what I call a "cohort" -- a group of blocks) those transactions can be grouped and organized into a chain.10:29
-!- laurentmt [~Thunderbi@176.158.157.202] has quit [Client Quit]10:30
bsm117532The simplest merging event is having a block where *all* previous blocks are its ancestors.  But you can have a 2-block parallel merge if both blocks have all preceeding blocks as ancestors.  And so on for 3, 4, etc.10:31
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards10:34
NewLibertythis complicates references to braid states somewhat, except at cohorts.  To refer to a transaction within several blocks at differing heights from the most previous cohort.10:35
katuhmm, this sounds almost like fast chain of blocks + slow superblocks in p2pool fashion10:37
bsm117532A transaction can be mined into multiple blocks, but by the "highest work" rule or Taek's ordering, only the first one is considered.  The second appearance of the same transaction doesn't modify the UTXO set.10:37
bsm117532katu: it is indeed very similar10:37
Taek(in the simple organization)10:38
Taek(to deal with transaction fees fairly... you establish 'consensus points' and then select transactions at random to be the 'real' transaction)10:38
bsm117532So NewLiberty I'd say, don't hand out references to the second appearance of the transaction...10:38
katubsm117532: so, the "slow" superblock (which tries to canonicalize all precedeing transactions, if possible) would behave pretty much same as bitcoin, like NewLiberty said.10:39
katutheir orphaning could be rare, but it could still happen.10:39
NewLibertydefining second appearance is the complication was contemplating10:39
Taekkatu: depending on how you define when a cohort counts as a 'superblock', you can make orphaning extremely rare, like 1-in-quintillion rare10:39
NewLibertyIt works only from a reference frame10:39
Taek*assuming no 51% attacker10:40
bsm117532katu: There is no synchronous point where a single actor can create said superblock.  The superblocks (cohorts) are decided by examining the graph structure instead.10:40
bsm117532There can be no orphaning of cohorts.10:40
katuTaek: superblocks can't be reliably paced, typically they're simply blessed by bing, say, 1 in 256 blocks by blessing all blocks with 256x higher difficulty as blessed, in same way as p2pool does.10:41
katuor is there a way to pace those non-stochastically?10:41
Taekbsm117532: what happens if a completely new alternate history is provided where no blocks are in common, but the new history has substantially more work?10:41
bsm117532Cohorts are stochastically paced, since they're derived from individual blocks, which are themselves stochastically paced.10:41
katuthen you'll inevitably get close races10:41
katuand orphans10:41
Taekkatu: at least in my merging process, a 'superblock' is more of a rolling idea, and it's essentially 'anything with X confirmations', where X is on the order of 60010:42
Taek*30010:42
Taekbut block times are on the order of 1 second10:42
Taekso you get confirmations in about 5 minutes10:42
Taek*10:42
bsm117532Taek: When a block appears naming your new chain and the old one, their UTXO sets are merged.  Double-spends are decided in favor of the side with higher work.10:42
NewLibertyIf the number of threads grows to a very large number, could there become a point past which there will never again be a cohort?10:44
bsm117532What changes is the definition of "confirmation" -- that is a calculation that takes into account the (known) amount of work, resulting in a probability.  There's no rule like "6 blocks deep" that makes sense...10:44
Taekah yeah, I'm not being perfectly consistent with the definitions. Sorry about that, I will try to keep things clear10:44
bsm117532NewLiberty: As the block time decreases, the probability of that happening goes up exponentially fast -- because you're waiting for an accidental quiescent period on a Poisson process.10:44
bsm117532NewLiberty: that's what's happening on the right side of the last graph here: https://rawgit.com/mcelrath/braidcoin/master/Braid%2BExamples.html (bottom of page)10:45
bsm117532katu: an "orphan" is just an unmerged chain tip.  Any miner can add that chain tip as one of his block's parents, merging it back into the main chain.  Miners are incentivized to do this because it increases the total work behind their own block.10:49
Taekyeah but if you allow orphans to be merged from arbitrary points back you get problems with long range attacks10:52
bsm117532How do you perform such an attack?10:52
Taeke.g. someone mines blocks for weeks and then presents hundreds of unmerged blocks all at once10:52
bsm117532How is that an attack, and what does the attacker gain by doing that?10:53
bsm117532(algorithmically, we can handle it...)10:53
Taekhow do you order blocks?10:53
Taeksay we have the historic chain, that's 50,000 blocks10:53
Taekand then we have some new parts of the chain, that's 100 blocks10:53
Taekand then the attacker dumps in 200 blocks that he's been mining for weeks10:53
bsm117532I see where you're going.10:53
Taekhow does the merging algorithm handle that?10:54
Taekif the attacker blocks ignore the 100 blocks, does the attacker's block get ordered first?10:54
Taekbut also, you get this data flood, which is a DoS attack on the network10:54
bsm117532Define the notion of "cohort" recursively (so, sub-cohorts).  Use the network size parameter to define when you switch algorithms from including things in the cohort, to creating sub-cohorts.10:55
NewLibertyA DoS attack with quite a large reward for resolving it however, yes?10:55
bsm117532IOW if a bunch of blocks appear late, it's one giant cohort, according to my definition.10:55
Taekif the tip of those 200 blocks have references to the 100 recent blocks, does it create a giant cohort of 300 blocks?10:55
Taekwith the 100 block sub-cohort?10:56
bsm117532So you need a second definition of "sub-cohorts" so that you can recurse.10:56
bsm117532Taek: correct.10:56
Taekwouldn't that cause problems with achieving consensus? When do you know that a transaction is confirmed if there's this constant threat of 200+ blocks being dumped into the network?10:57
NewLibertyIt sort of relies upon the transactions and the mining using a similar network, so that information about transactions flows in the same ways that the mining does.10:58
bsm117532Confirmation is defined by using the visible hashpower compared to the "high water mark" of the highest hashpower ever seen.  When I see 95% of the hashpower, an attacker with 5% won't be able to reverse any transactions.  When he broadcasts his 100 blocks, they will be a minority fork.10:58
NewLibertyOr that the mining has better flow or not much worse10:58
katui still like satoshi's fix to selfish mining more10:59
bsm117532katu: what's that?10:59
katuit "fixes" itself over time with decreasing reward and higher fees10:59
-!- laurentmt [~Thunderbi@176.158.157.202] has joined #bitcoin-wizards11:04
katubsm117532: still, that does not invalidate what you're doing, especially for new altcoins, selfish mining could prove destructive way before diminishing coinbase reward incentive kicks in11:05
katubut for bitcoin, fees already start being somewhat lucrative, they account for what, 5-10% now?11:05
bsm117532I had some argument that a fee-only coin was unworkable.  It's escaping me now though...11:06
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]11:07
katuyeah, all other bootstrap schemes seem just less appaling than fair mining race11:07
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards11:08
-!- Wazza [~Wazza@2001:41d0:2:2766::1] has joined #bitcoin-wizards11:08
NewLibertyThis system could resolve some otherwise problematic very far distant edge cases.  Like science fiction edge... consider interplanetary crypto-currencies with travelers to and from...11:15
-!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Ping timeout: 250 seconds]11:15
-!- mdavid6131 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #bitcoin-wizards11:15
bsm117532I've thought a bit about that...the timescale I'm referencing is fundamentally related to the size of the Earth.  Expanding to interplanetary usage would increase the network size, and cohort time.  I think you'd want planetary coin networks, and a sidechain-like interconnection between them.11:19
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #bitcoin-wizards11:19
katuNewLiberty: or more realistically - blockchains which can work over sneakernet11:20
katuwith enormous latencies11:20
NewLibertyEither way it is a novel solution to problems that we don't really have in practice now.11:24
bsm117532I'm trying to think of a use for a sneakernet coin.  Your mining hardware could be totally offline, and occasionally you grab the latest blocks and transmit your own.  The network can measure the speed of the sneakernet by the width of the braid...(yeah it's slow, but measurable)11:26
katuyeah, confirm times would be proportionally large too11:26
katuie matters of days/weeks11:26
katubut hey, its a sneakernet, it basically works offline11:26
bsm117532Yeah, fundamentally, the braid is asynchronous where the blockchain is synchronous.  And it really doesn't care about the time scale of that asynchronicity...11:31
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has quit [Ping timeout: 255 seconds]11:31
-!- laurentmt [~Thunderbi@176.158.157.202] has quit [Quit: laurentmt]11:32
katubsm117532: well, i'd definitely focus on that. dont you make some assumptions about partitioning, though?11:34
-!- cdecker [~cdecker@2a02:aa16:1105:4a80:8c99:8bd4:ce43:c5e7] has joined #bitcoin-wizards11:36
bsm117532katu: yes, to define recursive cohorts I need a timescale at which to group things into a single cohort, or break them into sub-cohorts.  It can be a constant factor times the (measured) network size though.11:37
katusneakernets have very pronounced latency long trails. you get 80% reachability in a day, but 99% in a month11:38
katuwill the lagged "backwater" partitions be able to participate, or would whole network need to lag to include those?11:39
Taekkatu: in this sneakernet do you care about that extra 20% being able to be effective miners?11:39
TaekA lot of the assumptions here is that your 90% propagation rate is hitting *miners* and not just normal nodes11:40
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has quit [Ping timeout: 255 seconds]11:40
Taekif your miners are a little tighter than your general nodes, then you can have fast consensus without risk11:40
bsm117532katu: As long as that long tail is a minority, they don't affect everyone else's confirmation times.  But their transactions can never take priority over another one appearing faster.11:40
bsm117532Confirmation times are basically defined by time scale at which the sneakernet reaches 50% hashpower.11:41
bsm117532If one adopts my "Equal pay for equal (proof-of-)work" then the tail *can* be effective miners.11:42
Taekuntil revenue is dominated by transaction fees11:44
katubsm117532: im more thinking of local partitions operating completely independently, and reconciling with rest of network when they happen to sync. this scenario would most likely be pow/pos mixed system, as the local communities are unlikely to have the hashpower.11:44
katuit can be modelled somewhat as a sidechain already11:45
bsm117532Taek: if revenue is dominated by tx fees, a "tail miner" is still profitable unless he broadcasts the transactions he's mining for other miners to mine before him.11:45
bsm117532If he's doing that, why is he on the (latency) tail?11:46
Taekpresumably he's drawing his transactions from the mempool11:46
Taekthe other miners are going to have similar mempools11:46
bsm117532Only if they're online ;-)11:46
Taekwhy wouldn't they be?11:46
bsm117532It's a sneakernet!  ;-)11:46
Taekoh11:46
katuminers are incentivized to be well connected of course, but the operating assumption is that real time communication cost is extremely high11:46
Taekbut I also mean in a non-sneakernet environment11:47
-!- edvorg [~edvorg@14.169.88.102] has quit [Ping timeout: 265 seconds]11:47
-!- arubi_ [~ese168@unaffiliated/arubi] has quit [Ping timeout: 244 seconds]11:47
Taekkatu: the goal (at least for me) is equitable mining - as long as you meet some minimum requirement for connectivity, your expected revenue per-hash is identical, regardless of connectivity or hashpower11:47
bsm117532Yeah in that case a high latency miner would never win transaction fees.11:48
katuso at one hand, you have to reward well-connectness in proportion to match real world well-connectness cost.11:48
katuTaek: ie fixed point cutoff, either youre in a club or not.11:49
katuim not sure that could work.11:49
TaekI am confident that it can be made to work :)11:49
Taekbecause I'm writing the propsal right now ha11:49
bsm117532What kind of proposal?11:50
Taekbut yes, it's a fixed point cutoff, if you have latency to the global network in less than X seconds, you have equal revenue per-hash11:50
-!- arubi [~ese168@unaffiliated/arubi] has joined #bitcoin-wizards11:50
Taekand if you are below the cutoff, you basically can't participate at all11:50
Taek*as a miner11:50
Taekyou can still participate as a node, you just need to wait for more confirmations11:50
-!- bsm117532- [~AndChat70@172.56.18.44] has joined #bitcoin-wizards11:51
TaekI'm working on a proposal for scaling bitcoin11:52
TaekI was hoping to have a sample implementation by the deadline tomorrrow, but that's not going to happen11:52
Taekbut maybe I can have a working implementation by Milan11:52
TaekI will have simulation code though that provides security bounds11:52
-!- AndChat-7049 [~AndChat70@38.121.165.30] has quit [Ping timeout: 244 seconds]11:54
instagibbs_Taek: for jute?11:54
Taekyes11:55
-!- AndChat-7049 [~AndChat70@38.121.165.60] has joined #bitcoin-wizards11:55
-!- bsm117532- [~AndChat70@172.56.18.44] has quit [Ping timeout: 265 seconds]11:56
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has joined #bitcoin-wizards11:58
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has quit [Quit: Newyorkadam]12:00
bsm117532We should really work together Taek12:02
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has joined #bitcoin-wizards12:02
bsm117532What's the deadline for tomorrow?12:02
TaekOur methodologies are pretty different up to this point12:02
Taekproposal deadline for Milan presentations is 7pm EST tomorrow12:03
bsm117532From the above conversation it seems like we're converging on the same thing.  :-D12:03
Taekmy goal is to have a system that is fully described by that time12:03
Taekincluding accounting for transactions fees, difficulty adjustments, etc.12:03
Taekalso including security arguments12:03
Taekonce we have that, people who have been waiting for a fully described system can join the discussion :)12:04
bsm117532I see I'm not getting any sleep tonight... *sigh*12:04
instagibbs_you don't have to have a fully finished presentation for proposal. You can if you want I guess12:05
TaekMy proposal is just going to be a blog post heh12:05
Taekhopefully that's acceptable12:06
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:6030:44b1:fd43:a0c4] has quit [Ping timeout: 250 seconds]12:12
instagibbs_*shrug* I hope so, my proposal was pretty concise12:12
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:6030:44b1:fd43:a0c4] has joined #bitcoin-wizards12:18
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has quit [Quit: Newyorkadam]12:22
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has joined #bitcoin-wizards12:36
-!- instagibbs_ [602c9182@gateway/web/freenode/ip.96.44.145.130] has quit [Ping timeout: 264 seconds]12:38
-!- assder [2e3b026a@gateway/web/freenode/ip.46.59.2.106] has quit [Ping timeout: 264 seconds]12:40
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has joined #bitcoin-wizards12:56
-!- AndChat-7049 [~AndChat70@38.121.165.60] has quit [Ping timeout: 240 seconds]12:57
-!- vega4 [~pc_rafals@c0-100.icpnet.pl] has quit [Client Quit]12:58
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has joined #bitcoin-wizards12:58
-!- vega4 [~JBouncer@static.88-198-5-245.clients.your-server.de] has joined #bitcoin-wizards13:01
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards13:14
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards13:16
-!- rusty2 is now known as rusty13:19
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 265 seconds]13:36
-!- JHistone [~JHistone@cpc104808-sgyl39-2-0-cust135.18-2.cable.virginm.net] has joined #bitcoin-wizards13:45
-!- priidu [~priidu@unaffiliated/priidu] has joined #bitcoin-wizards13:49
-!- e4xit_ [~e4xit@cpc92302-cmbg19-2-0-cust1369.5-4.cable.virginm.net] has joined #bitcoin-wizards13:59
-!- e4xit [~e4xit@cpc92302-cmbg19-2-0-cust1369.5-4.cable.virginm.net] has quit [Ping timeout: 265 seconds]14:00
-!- e4xit_ is now known as e4xit14:01
-!- e4xit [~e4xit@cpc92302-cmbg19-2-0-cust1369.5-4.cable.virginm.net] has quit [Remote host closed the connection]14:01
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has quit [Quit: Newyorkadam]14:03
-!- Wazza [~Wazza@2001:41d0:2:2766::1] has quit [Read error: Connection reset by peer]14:08
-!- kurti [~kurti@unaffiliated/kurti] has quit [Ping timeout: 276 seconds]14:10
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 265 seconds]14:15
-!- rusty [~rusty@pdpc/supporter/bronze/rusty] has left #bitcoin-wizards []14:20
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards14:22
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has joined #bitcoin-wizards14:24
-!- kurti [~kurti@unaffiliated/kurti] has joined #bitcoin-wizards14:29
-!- Newyorkadam [~Newyorkad@wikipedia/Newyorkadam] has quit [Ping timeout: 244 seconds]14:29
-!- MoALTz [~no@78-11-247-26.static.ip.netia.com.pl] has quit [Quit: Leaving]14:37
-!- JHistone [~JHistone@cpc104808-sgyl39-2-0-cust135.18-2.cable.virginm.net] has quit [Quit: Leaving]14:41
-!- JHistone [~JHistone@cpc104808-sgyl39-2-0-cust135.18-2.cable.virginm.net] has joined #bitcoin-wizards14:42
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]15:07
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards15:07
-!- Hunger- [~hunger@prodevops.net] has quit [Ping timeout: 260 seconds]15:11
-!- Hunger- [~hunger@prodevops.net] has joined #bitcoin-wizards15:12
-!- da2ce7_ [~da2ce7@opentransactions/dev/da2ce7] has quit [Ping timeout: 260 seconds]15:12
-!- da2ce7 [~da2ce7@opentransactions/dev/da2ce7] has joined #bitcoin-wizards15:14
-!- JHistone [~JHistone@cpc104808-sgyl39-2-0-cust135.18-2.cable.virginm.net] has quit [Quit: Leaving]15:23
-!- RedEmerald [~RedEmeral@c-73-231-129-86.hsd1.ca.comcast.net] has quit [Ping timeout: 244 seconds]15:44
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Remote host closed the connection]15:53
-!- RedEmerald [~RedEmeral@c-73-231-129-86.hsd1.ca.comcast.net] has joined #bitcoin-wizards16:02
-!- e4xit [~e4xit@cpc92302-cmbg19-2-0-cust1369.5-4.cable.virginm.net] has joined #bitcoin-wizards16:06
-!- r0ach [~r0ach@107-217-214-192.lightspeed.jcvlfl.sbcglobal.net] has joined #bitcoin-wizards16:09
-!- priidu [~priidu@unaffiliated/priidu] has quit [Ping timeout: 276 seconds]16:16
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards16:17
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-wgsjxxbsndygdrip] has quit [Quit: Connection closed for inactivity]16:26
-!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Remote host closed the connection]16:40
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has quit [Quit: oleganza]17:07
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards17:11
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 255 seconds]17:15
-!- PRab [~chatzilla@c-68-62-95-247.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer]17:17
-!- oleganza [~oleganza@104.193.169-200.PUBLIC.monkeybrains.net] has quit [Ping timeout: 244 seconds]17:44
-!- btcdrak [uid165369@gateway/web/irccloud.com/x-otfglfdrjaqxsnwa] has quit [Quit: Connection closed for inactivity]17:47
-!- oleganza [~oleganza@md62736d0.tmodns.net] has joined #bitcoin-wizards17:55
-!- vega4 [~JBouncer@static.88-198-5-245.clients.your-server.de] has quit [Excess Flood]17:58
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]18:00
-!- mdavid6131 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]18:03
-!- oleganza [~oleganza@md62736d0.tmodns.net] has quit [Quit: oleganza]18:08
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #bitcoin-wizards18:12
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has joined #bitcoin-wizards18:12
-!- vega4 [~pc_rafals@user-31-175-254-216.play-internet.pl] has quit [Read error: Connection reset by peer]18:14
-!- Lightsword [~Lightswor@2604:a880:1:20::1d3:9001] has quit [Quit: ZNC]18:18
-!- Lightsword [~Lightswor@2604:a880:1:20::1d3:9001] has joined #bitcoin-wizards18:18
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Remote host closed the connection]18:37
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-wizards19:11
-!- N0S4A2 [~weechat@24.35.69.143] has quit [Quit: WeeChat 1.5]19:16
-!- chjj [~chjj@unaffiliated/chjj] has quit [Ping timeout: 244 seconds]19:17
-!- gsdgdfs [~Trans@modemcable017.144-178-173.mc.videotron.ca] has quit [Ping timeout: 276 seconds]19:18
-!- Transisto2 [~Trans@modemcable017.144-178-173.mc.videotron.ca] has joined #bitcoin-wizards19:19
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards19:27
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]19:38
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards19:42
-!- Giszmo [~leo@pc-40-227-45-190.cm.vtr.net] has quit [Quit: Leaving.]19:45
amillerhi e019:45
amillertrying to understand a few parts of tumblebit better, a) if you want to create N^2 micropayments, from N senders to N receivers, how many blockchain transactions do you need, just 2N or N^2?19:50
-!- pro [~pro@unaffiliated/pro] has quit [Quit: Leaving]19:53
amillerb) you keep saying for unlinkability "we assume T does not collude with the other players" is that really necessary? it would suck if so.... if the tumbler colluded with a few payers/payees, and it wanted to try to deanonymize some other users, would it be able to?19:54
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]19:54
amilleri think whats happening is you're defining security with just a simple game A B and T, and clearly A and B must know that a payment is made between them19:54
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards19:58
amillerc) isn't a fully formed question, just trying to undersatnd the fair exchange RSA details better20:01
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 260 seconds]20:08
amillerah it's not really like a gradual fair release or anything20:13
amillerit's in principle the same as ZKCP but with a custom proof scheme rather than a generic scheme20:13
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards20:13
amilleri think you are doing amortized fair exchange though20:13
amillerthat's another way of viewing the micropayment channels20:14
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:6030:44b1:fd43:a0c4] has quit [Ping timeout: 250 seconds]20:14
e0_amiller: hi!20:15
e0_you need 4N on-chain transactions: 2 for each payer and 2 for each payee.20:16
-!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Quit: Leaving.]20:18
e0_If Alice is paying Bob and Bob colludes with T, when they can together figure out which payee Alice is.20:18
e0_The collusion only works if the party being paid works with T to reveal who the payer is.20:19
e0_"if the tumbler colluded with a few  payers/payees, and it wanted to try to deanonymize some other  users, would it be able to?20:19
e0_"20:20
e0_No, but the payees could be eliminated for the set of suspects.20:20
e0_TumbleBit in payment hub mode is very similar to the unlinkability in eCash. For instance in eCash Alice can tell the Bank the SN of her coin so that when Bob redeems that coin, the bank knows it was Alices coin.20:22
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]20:22
e0_In eCash Alice the payer can break the unlinkability of a particular payment that she participates in by colluding with the bank.20:23
e0_In TumbleBit Bob the payee can break the unlinkability of a particular payment that he receives by colluding with the Tumbler.20:23
amillerin TumbleBit that collusion can go in either direction right20:25
e0_amiller  We are doing a highly performant ZKCP. The puzzle-promise-protocol is a ZKCP for an RSA encrypted ECDSA signature on a particular Bitcoin transaction. The puzzle-solver-protocol is a ZKCP for an RSA decryption of a value choosen by Alice.20:26
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards20:27
e0_amiller Our does not claim to resist collusion in either direction, but payee can probably protect themself from the payer.20:27
e0_amiller We didn't want to worry about that case in the proofs since it didn't seem that important and there are more important features of the protocol to improve.20:28
e0_tumblebits RSA puzzles are like backwards Chaumian eCash tokens, but unlike basic Chaumian eCash the issuer of the puzzles can inspect ever puzzle it issues (similar in some respects to partially blind eCash).20:31
e0_I'm pretty tired so I might not be making total sense. Shoot me an email and I can provide more thoughtful answers at a moment of more sleep.20:33
amillerok cheers thanks for the discussion here so far that was super useful :)20:33
amilleralso i noticed you used the Ideal/Real modeling approach, i love that :) i'm working as fast as i can on a haskell implementation and a new type system so you can implement Ideal/Real protocols, a) so you can actually run them, b) so you can c) so you can use the type checker as a sanity check and catch many errors d) it's a big step towards formal verification https://github.com/amiller/haskell-saucy20:34
amillerb) was supposd to be: so you can disambiguate some of the unclear/undefined parts, like what happens when you have "reentrant functionalities"20:34
e0_woah! thats awesome!20:35
e0_ttyl20:35
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]20:35
qpmtx:<Jeremy_Rand> e0_ / amiller: I realize that the mathematical feasibility of a security property has no correlation to whether I'd like it to exist, but I think a financial anonymity system where someone whom I do business with can collude with a trusted 3rd party to deanonymize me, is a pretty big problem.  Not trying to denigrate the excellent work done here, but it does seem like something that I hope is improved in the future.20:37
-!- Chris_Stewart_5 [~Chris_Ste@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 240 seconds]20:37
amilleryeah20:39
-!- e0_ [~e0@cs10-dhcp127.bu.edu] has quit [Ping timeout: 244 seconds]20:40
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards20:40
amilleri remember thinking about this kind of thing when we were working on Mixcoin, i think in a way this is most similar to that20:41
qpmtx:<Jeremy_Rand> amiller: I'm not actually familiar with Mixcoin.  (Or if I am, I don't remember it by name.)20:41
amillerwe ended up only showing a protocol that had the server see the payer/payee addresses in plaintext20:42
amillerwe argued that you could use them in a chain like tor though20:43
amillerblindcoin was an improvement to that that did what we originally wanted to do but didn't think through20:43
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards20:44
qpmtx:<Jeremy_Rand> amiller: Yeah, Tor-like chaining would probably help, but Tor-like systems usually only are Sybil-resistant with dirauths as trusted parties.20:44
amillerwhat the tumblebit paper says matches my memory, which is that blindcoin doesn't automatically ensure you can get your collateral back20:44
amilleri wonder why you can't fix blindcoin to automatically do that?20:45
amillerblindcoin is this: http://fc15.ifca.ai/preproceedings/bitcoin/paper_3.pdf20:46
amillerMixcoin and Blindcoin provide "accountability" which i think means in general you could do this on Ethereum and make it so that the mix can't see anyone or steal funds, just as good as tumblebit20:48
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]20:48
qpmtx:<Jeremy_Rand> Interesting20:49
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards20:52
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:6030:44b1:fd43:a0c4] has joined #bitcoin-wizards20:54
amilleryou could always just mix your coin whenever you close your channel20:57
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 276 seconds]21:02
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards21:06
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has quit [Ping timeout: 244 seconds]21:10
-!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 250 seconds]21:14
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]21:16
-!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards21:17
-!- Mazz_ [~mazznilla@unaffiliated/mazznilla] has joined #bitcoin-wizards21:17
-!- bitcoin-wizards2 [6b4da102@gateway/web/freenode/ip.107.77.161.2] has joined #bitcoin-wizards21:19
-!- molz [~molly@unaffiliated/molly] has joined #bitcoin-wizards21:20
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards21:20
-!- pero [~pero@unaffiliated/pero] has joined #bitcoin-wizards21:22
-!- mol [~molly@unaffiliated/molly] has quit [Ping timeout: 244 seconds]21:23
-!- bitcoin-wizards2 [6b4da102@gateway/web/freenode/ip.107.77.161.2] has quit [Ping timeout: 264 seconds]21:26
-!- Alopex [~bitcoin@cyber.dealing.ninja] has quit [Remote host closed the connection]21:28
-!- Alopex [~bitcoin@cyber.dealing.ninja] has joined #bitcoin-wizards21:30
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards21:31
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 264 seconds]21:38
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards21:43
e0qpm To split hairs they wouldn't deanonymize you, they would link your payment. That is the Tumbler would know that a payment from addr A was made to addr B with the assistance of the person receiving the payment at addr B.21:45
e0qpm They won't learn any details of any of your other payments. I agree I wish TB protected against this and it isn't seem like an impossibility (in fact the zCash payment hub BOLT protects against this very attack).21:48
e0doesn't seem like an impossibility21:49
e0night21:50
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]21:58
qpmtx:<Jeremy_Rand> e0: I usually use the term "anonymous" to mean "no information is known about the user's identity", which implies unlinkability, whereas "pseudonymous" means that linkability is present between at least some of the user's activity.  I realize that there are varying definitions of this.21:58
qpmtx:<Jeremy_Rand> So yes, I think we're talking about the same thing, just using slightly different nomenclature.21:59
qpmtx:<Jeremy_Rand> I'm not incredibly familiar with the high-level differences between TB and BOLT (and perhaps it's not feasible for me to glean that from the papers given that my math knowledge may not be sufficient).22:01
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards22:03
e0qpm BOLT achieves stronger anonymity than TumbleBit, but requires new op codes specifically designed for BOLT to be added to zCash. TumbleBit works with today's Bitcoin and has running code that did a 800 user mix on mainnet.22:08
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:6030:44b1:fd43:a0c4] has quit [Ping timeout: 250 seconds]22:08
qpmtx:<Jeremy_Rand> e0: I see.  That's a good high-level explanation, thank you.22:09
e0qpm The real accomplishment with TumbleBit IMO is getting all this complex privacy and fairness machinary to work via a few op_hashes and to be performant (0.6 seconds of CPU time).22:11
qpmtx:<Jeremy_Rand> e0: Yes, it is definitely impressive that TB can do what it does within those script and performance constraints.22:12
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]22:16
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards22:20
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 244 seconds]22:41
-!- Samdney [~Samdney@dyn-ant666999.hawo.ipv6.uni-erlangen.de] has quit [Quit: Verlassend]22:44
-!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has joined #bitcoin-wizards22:45
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards22:46
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]22:59
-!- Ylbam [uid99779@gateway/web/irccloud.com/x-umqvfhiestmlvalq] has joined #bitcoin-wizards22:59
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards23:03
-!- chjj [~chjj@unaffiliated/chjj] has joined #bitcoin-wizards23:04
-!- assder [2e3b026a@gateway/web/freenode/ip.46.59.2.106] has joined #bitcoin-wizards23:12
-!- NewLiberty [~NewLibert@2602:306:b8e0:8160:6030:44b1:fd43:a0c4] has joined #bitcoin-wizards23:16
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 265 seconds]23:17
-!- rusty2 [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 265 seconds]23:20
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards23:21
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 250 seconds]23:34
-!- oleganza [~oleganza@c-73-170-224-149.hsd1.ca.comcast.net] has quit [Quit: oleganza]23:38
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards23:38
-!- davec [~davec@cpe-24-243-251-52.hot.res.rr.com] has quit [Ping timeout: 240 seconds]23:44
-!- davec [~davec@cpe-24-243-251-52.hot.res.rr.com] has joined #bitcoin-wizards23:45
-!- rubensayshi [~ruben@82.201.93.169] has joined #bitcoin-wizards23:48
-!- cyphase [~cyphase@unaffiliated/cyphase] has quit [Ping timeout: 255 seconds]23:54
-!- BashCo [~BashCo@unaffiliated/bashco] has quit [Remote host closed the connection]23:56
-!- cyphase [~cyphase@unaffiliated/cyphase] has joined #bitcoin-wizards23:58
--- Log closed Fri Sep 09 00:00:49 2016

Generated by irclog2html.py 2.15.0.dev0 by Marius Gedminas - find it at mg.pov.lt!