--- Day changed Wed Jun 27 2018
00:20 -!- meshcollider [uid246294@gateway/web/irccloud.com/x-taelvzozbnphflex] has joined #secp256k1     
00:35 -!- midnightmagic [~midnightm@unaffiliated/midnightmagic] has quit [Ping timeout: 255 seconds]     
01:12 -!- midnightmagic [~midnightm@unaffiliated/midnightmagic] has joined #secp256k1     
02:30 -!- meshcollider [uid246294@gateway/web/irccloud.com/x-taelvzozbnphflex] has quit [Quit: Connection closed for inactivity]     
03:00 -!- echonaut [~echonaut@46.101.192.134] has quit [Remote host closed the connection]     
03:00 -!- echonaut [~echonaut@46.101.192.134] has joined #secp256k1     
05:06 -!- jtimon [~quassel@40.28.134.37.dynamic.jazztel.es] has joined #secp256k1     
07:34 -!- roconnor [~roconnor@host-45-58-224-191.dyn.295.ca] has joined #secp256k1     
08:27 -!- belcher [~belcher@unaffiliated/belcher] has joined #secp256k1     
10:18 < roconnor> I found another constraint @ https://github.com/bitcoin-core/secp256k1/blob/0b7024185045a49a1a6a4c5615bf31c94f63d9c4/src/field_10x26_impl.h#L765
10:18 < roconnor> so maybe the magintude 8 restriction is to prevent that line from overflowing.
10:18 < roconnor> I'm looking into it more carefully.
10:51 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 276 seconds]     
10:55 -!- belcher [~belcher@unaffiliated/belcher] has joined #secp256k1     
10:58 -!- belcher [~belcher@unaffiliated/belcher] has quit [Max SendQ exceeded]     
10:59 -!- belcher [~belcher@unaffiliated/belcher] has joined #secp256k1     
11:10 -!- belcher [~belcher@unaffiliated/belcher] has quit [Read error: Connection reset by peer]     
11:48 -!- belcher [~belcher@unaffiliated/belcher] has joined #secp256k1     
11:55 < andytoshi> jimmy song is asking why ECDSA doesn't make the signer invert s. is this just a historical accident?
11:57 < gmaxwell> though it seems surprising from our perspective, a lot of applications want the signer to be cheaper than the verifier.
11:58 < roconnor> andytoshi: my undrestanding is that ECDSA is for smart cards and the signers don't have enough power to invert.
11:58 < gmaxwell> Because e.g. the signer is anticipated to be some terrible smart card.
11:58 < gmaxwell> what roconnor said.
11:59 < andytoshi> ah, right. thanks. i sent him an email saying exactly that
11:59 < roconnor> However it seems best to have the hardware not do the inversion, but have the "channel" do the inversion;  I.e. have the untrusted computer connected to the hardware perform the inversion.
12:00 < andytoshi> yeah, it seems like a lot of crypto stuff could use "bridge nodes" who can add/modify witness data for easier consumption, potentially at the cost of bandwidth
12:01 < roconnor> Right.  I've never seen this detailed elsewhere before.
12:03 < gmaxwell> Well one limitation is that you couldn't have the smartcard produce anything that had signatures of signatures they produced, not without round trips.
12:03 < gmaxwell> So for example, a certificate chain
12:04 < andytoshi> right, bitcoin is similar where you can't just invert all the s-values without breaking the blockchain commitments
12:05 < andytoshi> so you could have a node tack-on the inverses and then the validator will still have to check them, which is somewhat valuable
12:05 < gmaxwell> if bandwidth is cheap and cpu is expensive, yes
12:06 < gmaxwell> but generally the opposite is true.  (even things like smart cards, both bandwidth and cpu is expensive. :) )
15:14 -!- roconnor [~roconnor@host-45-58-224-191.dyn.295.ca] has quit [Ping timeout: 240 seconds]     
16:36 -!- belcher [~belcher@unaffiliated/belcher] has quit [Quit: Leaving]     
17:13 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Excess Flood]     
17:13 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1     
17:53 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Excess Flood]     
17:53 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1     
18:25 -!- roconnor__ [~roconnor@host-45-58-224-191.dyn.295.ca] has joined #secp256k1     
20:46 -!- roconnor__ [~roconnor@host-45-58-224-191.dyn.295.ca] has quit [Ping timeout: 248 seconds]     
22:17 -!- meshcollider [uid246294@gateway/web/irccloud.com/x-ousphcxwzteoczwe] has joined #secp256k1     
23:11 -!- arubi [~ese168@gateway/tor-sasl/ese168] has quit [Remote host closed the connection]     
23:12 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #secp256k1     
23:17 -!- jtimon [~quassel@40.28.134.37.dynamic.jazztel.es] has quit [Ping timeout: 256 seconds]