--- Day changed Tue Dec 03 2019
00:15 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Quit: jonatack]     
00:30 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined ##taproot-bip-review     
00:51 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Quit: jonatack]     
00:54 -!- davterra [~dulyNoded@195.242.213.120] has quit [Ping timeout: 240 seconds]     
00:58 -!- b10c [~Thunderbi@i577BC647.versanet.de] has joined ##taproot-bip-review     
01:06 -!- yaslama [~yaslama@bzq-218-78-150.red.bezeqint.net] has joined ##taproot-bip-review     
01:55 -!- jonatack [~jon@134.19.179.139] has joined ##taproot-bip-review     
03:34 -!- andytoshi [~apoelstra@unaffiliated/andytoshi] has quit [Read error: Connection reset by peer]     
04:05 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined ##taproot-bip-review     
04:40 -!- davterra [~dulyNoded@2601:603:4f00:63d0:5de2:17:8541:36ee] has joined ##taproot-bip-review     
04:42 -!- jonatack [~jon@134.19.179.139] has quit [Ping timeout: 240 seconds]     
04:46 -!- davterra [~dulyNoded@2601:603:4f00:63d0:5de2:17:8541:36ee] has quit [Ping timeout: 250 seconds]     
04:48 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 240 seconds]     
04:51 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined ##taproot-bip-review     
04:58 -!- davterra [~dulyNoded@195.242.213.120] has joined ##taproot-bip-review     
05:15 -!- andytoshi [~apoelstra@wpsoftware.net] has joined ##taproot-bip-review     
05:15 -!- andytoshi [~apoelstra@wpsoftware.net] has quit [Changing host]     
05:15 -!- andytoshi [~apoelstra@unaffiliated/andytoshi] has joined ##taproot-bip-review     
06:11 -!- pyskell [~pyskell@unaffiliated/pyskell] has joined ##taproot-bip-review     
06:35 -!- arik_ [~arik@rrcs-184-74-243-124.nyc.biz.rr.com] has joined ##taproot-bip-review     
06:47 -!- arik_ [~arik@rrcs-184-74-243-124.nyc.biz.rr.com] has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]     
07:05 -!- yaslama_ [~yaslama@bzq-218-78-150.red.bezeqint.net] has joined ##taproot-bip-review     
07:06 -!- yaslama [~yaslama@bzq-218-78-150.red.bezeqint.net] has quit [Ping timeout: 240 seconds]     
07:15 -!- pyskl [~pyskell@194.36.111.51] has joined ##taproot-bip-review     
07:19 -!- pyskell [~pyskell@unaffiliated/pyskell] has quit [Ping timeout: 268 seconds]     
07:47 -!- yaslama_ [~yaslama@bzq-218-78-150.red.bezeqint.net] has quit [Remote host closed the connection]     
08:16 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined ##taproot-bip-review     
08:41 -!- _andrewtoth_ [~andrewtot@gateway/tor-sasl/andrewtoth] has quit [Ping timeout: 260 seconds]     
08:55 -!- arik_ [~arik@4.53.92.114] has joined ##taproot-bip-review     
09:25 -!- nehan [~nehan@41.213.196.104.bc.googleusercontent.com] has joined ##taproot-bip-review     
09:44 -!- _andrewtoth_ [~andrewtot@gateway/tor-sasl/andrewtoth] has joined ##taproot-bip-review     
10:13 -!- davterra [~dulyNoded@195.242.213.120] has quit [Remote host closed the connection]     
10:46 -!- Moller40 [~mr@82.103.130.178] has joined ##taproot-bip-review     
11:00 < pyskl> hi     
11:00 -!- pyskl is now known as pyskell     
11:00 < kabaum> hi     
11:00 -!- pyskell [~pyskell@194.36.111.51] has quit [Changing host]     
11:00 -!- pyskell [~pyskell@unaffiliated/pyskell] has joined ##taproot-bip-review     
11:01 < jonatack> hi     
11:01 < instagibbs> hi     
11:03 < Moller40> hi     
11:04 < kabaum> Ok, I'll just ask it.
11:04 < kabaum> Why is taproot called taproot? I understand that taproot is a class of roots as described in https://en.wikipedia.org/wiki/Taproot. Why is that a good analogy for Q, the witness program in taproot bip?
11:05 < instagibbs> gmaxwell, ^
11:05 < sipa> it taps a (merkle root) into a key
11:05 < sipa> is how i always interpreted it
11:07 < pyskell> it also sounds cool
11:07 < sipa> certainly better than any name i'd come up with
11:08 < kabaum> sipa: What is meant by "tap" in that interpretation?
11:09 < sipa> i don't know :p
11:10 < kabaum> sipa: ok
11:10 < jonatack> Original presentation (I believe) of taproot doesn't go into details on the name: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-January/015614.html
11:10 < sipa> tap     
11:10 < sipa> verb
11:10 < sipa> 2. exploit or draw a supply from (a resource).
11:10 < sipa> "clients from industry seeking to tap Philadelphia's resources of expertise"
11:11 < sipa> seems vaguely appropriate
11:12 < instagibbs> re:schnorr threshold: does BLS make threshold sigs significantly easier? or do they all suffer from roughly similar complexity
11:12 < jonatack> "a special delegating CHECKSIG which I call Taproot"
11:13 < sipa> instagibbs: signing and any kind of multisignature is easier with BLS due to not needing interaction rounds to agree on a nonce
11:14 < instagibbs> I see, that probably makes it impervious to signers saying they'll sign, then not as a DoS
11:14 < instagibbs> (for one)
11:15 < sipa> but i don't know enough to say for sure
11:30 < kabaum> Is there hope to get threshold signatures to work securely with schnorr?
11:30 < kabaum> For cases where k-1>=n/2
11:31 < sipa> ping nickler, real_or_random, andytoshi
11:32 < andytoshi> pong
11:32 < sipa> kabaum: from what i've heard, yes
11:33 < andytoshi> kabaum: yes, definitely hope :)
11:33 < sipa> traditional solutions try to guarantee low bandwidth/complexity with unbounded sizes of participants, even when some are malcious
11:33 < sipa> which makes proving all properties very hard
11:34 < andytoshi> in some circumstances - like if you aren't concerned about byzantine actors - like in a typical "2 of 3 parties, one of which is a key in cold storage" or "k of n parties, all of whom are actual humans who can be phoned or sued" it's actually not too bad
11:34 < sipa> but if you accept solutions where you just run one protocol instance per combination of potential set of signers (which for things like 5-of-8 is just 56...) in parallel, it's much easier
11:34 < sipa> or accept that a malicious participant can make you stall and start over (once per malicious actor)
11:35 < andytoshi> i think we're making things seem harder than they are, by simultaneously trying to get a full BFT-secure scheme, implemented as a safe API that you can't abuse to leak keys even when talking to gapped HSMs, that also works with a minimum of state or randomness
11:35 < sipa> yeah
11:35 < andytoshi> also yeah, you can seriously just run n-choose-k musig instances in parallel which will be practical for almost all quorums you'll use in practice
11:37 < andytoshi> but unfortunately(?) blockstream's usecase for this has all of these requirements (big quorums, bft security, autonomous operation) ... and blockstream is paying most of the people working on implementing threshold sigs rn
11:37 < andytoshi> and also we're perfectionists about safe apis..
11:38 < andytoshi> instagibbs: yes, BLS makes all this stuff waay easier. no randomness, which eliminates almost all of the attack vectors, and no interaction, which eliminates the rest of them
11:39 < andytoshi> i'm actually not sure how you could screw up a bls threshold scheme implementation without making it fail to work..
11:39 < sipa> sounds like a challenge
11:40 < andytoshi> lol     
11:40 < sipa> but i agree; you're never sending around scalars
11:40 < andytoshi> jonatack: kabaum: regarding the name, as i recall we (gmax sipa and i) literally were brainstorming "what's something that sounds kinda like a merkle root but it's hidden" and greg knew the word taproot
11:40 < andytoshi> from his past like as a botanist or something
11:41 < sipa> ah     
11:41 < sipa> so it really means "hidden tree" ?
11:41 < kabaum> So it's a hidden root. Like a... taproot?
11:42 < andytoshi> oh wow TIL there is actually a metal band called taproot
11:42 < andytoshi> i think the word refers to an initial "anchor" root that a plant puts down and then other roots branch from it
11:42 < andytoshi> i don't think it's particularly "hidden" other than being a root
11:43 < kabaum> hidden in soil
11:43 < andytoshi> whoa taproot has an album called "blue-sky research" this is awesome
11:43 < sipa> metal band?
11:43 < andytoshi> yep     
11:43 < sipa> sure it isn't called ŧàpřổøť or so?
11:44 < pyskell> it's taproot but their logo is entirely impossible to read
11:44 < kabaum> andytoshi: Sorry, the taproot Q isn't hidden
11:44 < sipa> https://en.wikipedia.org/wiki/Metal_umlaut
11:46 < pyskell> the schnorr bip says for threshold signatures that "most schemes in the literature have been proven secure only for the case k-1 < n/2" what's n in this case? number of participants?
11:47 < sipa> pyskell: yes, k-of-n threshold
11:47 < andytoshi> pyskell: yeah
11:47 < andytoshi> sipa has an argument for why this makes sense, academically at least
11:48 < sipa> andytoshi: i think you mean real_or_random ?
11:48 < andytoshi> oh, i might
11:48 < sipa> he explained it to me, but i forgot
11:50 < pyskell> is that integer division such that 2-of-3 wouldn't be secure because 2-1 == 3/2?
11:51 < sipa> just read it as 2*(k-1) < n
11:51 < sipa> to avoid division issues
11:52 < pyskell> ahh okay
12:07 -!- dr-orlovsky [~dr-orlovs@170.204.90.212.static.wline.lns.sme.cust.swisscom.ch] has quit [Ping timeout: 276 seconds]     
12:14 -!- Moller40_ [~mr@82.103.128.231] has joined ##taproot-bip-review     
12:18 -!- Moller40 [~mr@82.103.130.178] has quit [Ping timeout: 268 seconds]     
12:20 -!- pinheadmz_ [~matthewzi@pool-100-33-69-78.nycmny.fios.verizon.net] has joined ##taproot-bip-review     
12:23 -!- pinheadmz [~matthewzi@pool-100-33-69-78.nycmny.fios.verizon.net] has quit [Ping timeout: 265 seconds]     
12:23 -!- pinheadmz_ is now known as pinheadmz     
12:27 -!- Moller40 [~mr@82.103.130.178] has joined ##taproot-bip-review     
12:31 -!- Moller40_ [~mr@82.103.128.231] has quit [Ping timeout: 265 seconds]     
12:47 -!- rottensox [~rottensox@unaffiliated/rottensox] has quit [Remote host closed the connection]     
13:14 -!- rottensox [~rottensox@unaffiliated/rottensox] has joined ##taproot-bip-review     
13:31 -!- dr-orlovsky [~dr-orlovs@2a02:1205:500f:2e90:d009:4f2d:a9d0:a572] has joined ##taproot-bip-review     
13:49 -!- b10c [~Thunderbi@i577BC647.versanet.de] has quit [Ping timeout: 250 seconds]     
13:57 -!- pyskell [~pyskell@unaffiliated/pyskell] has quit [Quit: Leaving]     
14:08 -!- pinheadmz [~matthewzi@pool-100-33-69-78.nycmny.fios.verizon.net] has quit [Quit: pinheadmz]     
14:08 -!- pinheadmz [~matthewzi@pool-100-33-69-78.nycmny.fios.verizon.net] has joined ##taproot-bip-review     
14:08 -!- pinheadmz [~matthewzi@pool-100-33-69-78.nycmny.fios.verizon.net] has quit [Client Quit]     
14:15 -!- arik_ [~arik@4.53.92.114] has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]     
14:21 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 268 seconds]     
14:30 -!- pinheadmz [~matthewzi@pool-100-33-69-78.nycmny.fios.verizon.net] has joined ##taproot-bip-review     
14:38 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined ##taproot-bip-review     
14:43 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 268 seconds]     
15:32 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined ##taproot-bip-review     
15:36 < ddustin> Might be worth adding a space between review and ; in the status so the github link is clickable
15:46 < gmaxwell> andytoshi: The name was more inspired by the fact that it's most efficient there is one spending branch which has vastly more probablity than the others... but then it also nicely works in that it 'taps' into the key.
15:47 < gmaxwell> oh you mostly said that.
15:48 < sipa> wow, a 3rd different interpretation that makes sense (whether you meant that or not):
15:49 < sipa> * it's adding a most-important branch to a merkle tree (similar to how the taproot is the most important branch of the root of a plant)
15:50 < gmaxwell> kabaum: What it clear what andytoshi and sipa were saying above?  The k-1>=n/2 limit exists in byzantine robust polynomial overhead signing protocols.  It's not an issue if you don't care about a byzantine attacker jamming your signing OR don't mind using exponential bandwidth/cputime in the presence of one.   I think almost all (but not quite all) multisig usage is not byzantine robust, it
15:50 < gmaxwell> could be... but the software just isn't implemented that way.
15:50 < gmaxwell> kabaum: like in bitcoin core. you can add signatures to a partial transaction but I don't think any interface will strip invalid ones or even tell you which ones failed.
15:51 < sipa> byzantine robustness also requires a BFT communication network between the participants
15:51 < sipa> often described as "reliable broadcast channel", which doesn't physically exist
15:51 < sipa> we could use a blockchain though ;)
15:51  * sipa hides
15:56 < gmaxwell> as soon as one person in the world absolutely has to have byzantine robust signing, then it makes sense to implement though... and once it exists I don't know why you wouldn't use it.
15:58 < gmaxwell> andytoshi: careful, if you go around telling people that I was a botanist, Wright is going to start telling people I was growing heroin for bin laden, https://twitter.com/AldersonBSV/status/1199160142048063488
16:09 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Ping timeout: 250 seconds]     
16:10 < ddustin> Lol!
16:10 < ddustin> Did the evidence ever come?
16:14 < gmaxwell> obviously not-- just like anything else that scammer says. (did ISIS even exist in 2010?)
16:49 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]     
16:59 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined ##taproot-bip-review     
17:12 -!- andytoshi [~apoelstra@unaffiliated/andytoshi] has quit [Ping timeout: 252 seconds]     
17:44 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 250 seconds]     
18:40 -!- ZmnSCPxj_ [~ZmnSCPxj@180.190.32.251] has quit [Quit: ZmnSCPxj_]     
19:00 -!- arik_ [~arik@rrcs-184-74-243-124.nyc.biz.rr.com] has joined ##taproot-bip-review     
19:24 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has quit [Remote host closed the connection]     
19:25 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has joined ##taproot-bip-review     
19:29 -!- reallll [~belcher@unaffiliated/belcher] has joined ##taproot-bip-review     
19:30 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 265 seconds]     
19:41 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has quit [Remote host closed the connection]     
19:42 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has joined ##taproot-bip-review     
20:57 -!- arik_ [~arik@rrcs-184-74-243-124.nyc.biz.rr.com] has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]     
21:41 -!- _andrewtoth_ [~andrewtot@gateway/tor-sasl/andrewtoth] has quit [Remote host closed the connection]     
23:05 -!- Moller40 [~mr@82.103.130.178] has quit [Quit: -a- IRC for Android 2.1.55]     
23:07 -!- sanket1729 [~sanket172@72.36.89.11] has quit [Ping timeout: 245 seconds]     
23:07 -!- sanket1729 [~sanket172@72.36.89.11] has joined ##taproot-bip-review     
23:21 -!- kabaum [~kabaum@2001:9b1:efd:9b00::281] has quit [Ping timeout: 252 seconds]