NkWsy has quit [Remote host closed the connection]
shen_noe has joined #bitcoin-wizards
shen_noe has quit [Client Quit]
kmels has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 250 seconds]
NewLiberty_ has joined #bitcoin-wizards
hktud0 has quit [Read error: Connection reset by peer]
NewLiberty has quit [Ping timeout: 264 seconds]
priidu has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
hktud0 has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
DrWat has quit [Ping timeout: 272 seconds]
Giszmo has quit [Quit: Leaving.]
fanquake has quit [Ping timeout: 276 seconds]
fanquake has joined #bitcoin-wizards
llllllllll has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 256 seconds]
u7654dec has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
CoinMuncher has joined #bitcoin-wizards
rubensayshi has joined #bitcoin-wizards
andy-logbot has quit [Remote host closed the connection]
andy-logbot has joined #bitcoin-wizards
* andy-logbot
is logging
gielbier has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
nuke1989 has quit [Remote host closed the connection]
dEBRUYNE has quit [Ping timeout: 244 seconds]
damethos has quit [Ping timeout: 258 seconds]
kmels has quit [Ping timeout: 264 seconds]
damethos has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
priidu has quit [Ping timeout: 272 seconds]
dc17523be3 has quit [Ping timeout: 255 seconds]
dc17523be3 has joined #bitcoin-wizards
CoinMuncher1 has joined #bitcoin-wizards
fanquake has quit [Read error: Connection reset by peer]
fanquake has joined #bitcoin-wizards
CoinMuncher has quit [Ping timeout: 272 seconds]
dc17523be3 has quit [Ping timeout: 255 seconds]
dc17523be3 has joined #bitcoin-wizards
damethos has quit [Ping timeout: 265 seconds]
fanquake has quit [Read error: Connection reset by peer]
fanquake has joined #bitcoin-wizards
c0rw|sleep is now known as c0rw1n
priidu has joined #bitcoin-wizards
wallet42 has quit [Read error: Connection reset by peer]
wallet42 has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
Adlai` has joined #bitcoin-wizards
adlai has quit [Disconnected by services]
Adlai` is now known as adlai
Mably_ has joined #bitcoin-wizards
Mably has quit [Ping timeout: 272 seconds]
Mably_ is now known as Mably
fanquake1 has joined #bitcoin-wizards
btcdrak has joined #bitcoin-wizards
fanquake has quit [Ping timeout: 256 seconds]
bsm117532 has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 256 seconds]
Guyver2 has joined #bitcoin-wizards
fanquake has joined #bitcoin-wizards
u7654dec has quit [Ping timeout: 272 seconds]
fanquake1 has quit [Ping timeout: 264 seconds]
KINGG has joined #bitcoin-wizards
adlai has quit [Ping timeout: 265 seconds]
KINGG has quit [Remote host closed the connection]
afk11 has quit [Ping timeout: 252 seconds]
stonecoldpat has quit [Ping timeout: 258 seconds]
frankenmint has quit [Remote host closed the connection]
antgreen has quit [Ping timeout: 245 seconds]
afk11 has joined #bitcoin-wizards
p15 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
dasource has joined #bitcoin-wizards
dasource has quit [Changing host]
dasource has joined #bitcoin-wizards
dasource has joined #bitcoin-wizards
HostFat has joined #bitcoin-wizards
adlai has joined #bitcoin-wizards
kaykurokawa has joined #bitcoin-wizards
stonecoldpat has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
fanquake has quit [Read error: Connection reset by peer]
fanquake has joined #bitcoin-wizards
damethos_ has joined #bitcoin-wizards
antgreen has joined #bitcoin-wizards
damethos has quit [Ping timeout: 264 seconds]
chmod755 has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
p15x_ has quit [Max SendQ exceeded]
p15x has joined #bitcoin-wizards
NewLiberty_ is now known as NewLiberty
kaykurokawa has quit [Quit: Leaving]
adlai has quit [Ping timeout: 272 seconds]
waxwing has quit [Quit: Leaving]
GGuyZ has joined #bitcoin-wizards
waxwing has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
GGuyZ has quit [Quit: GGuyZ]
bsm117532 has quit [Quit: Leaving.]
damethos_ has quit [Quit: Bye]
damethos has joined #bitcoin-wizards
Tiraspol has quit [Ping timeout: 272 seconds]
shen_noe has joined #bitcoin-wizards
shen_noe has quit [Client Quit]
Tiraspol has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
shen_noe has joined #bitcoin-wizards
shen_noe has quit [Client Quit]
temujin has joined #bitcoin-wizards
maraoz has joined #bitcoin-wizards
Starduster has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
damethos has quit [Ping timeout: 240 seconds]
stonecoldpat has quit [Ping timeout: 264 seconds]
priidu has quit [Ping timeout: 255 seconds]
priidu has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
hashtag has joined #bitcoin-wizards
antanst has quit [Quit: Leaving.]
<maraoz>
IDK if this is the right place to discuss this, let me know.. would it make sense to create a script type similar to p2sh but without requiring the redeemScript to be included in the scriptSig? (it could be obtained via other means just with the script hash, for example, from a DHT)
<maraoz>
I don't see the need to include the full script in the blockchain other than convenience of access, with extra costs to the network (storage, bandwidth, etc)
<Taek>
sounds like it would be vulnerable to withholding attacks
DougieBot5000 has joined #bitcoin-wizards
LeMiner has quit [Ping timeout: 240 seconds]
SDCDev has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
dasource has quit [Quit: Connection closed for inactivity]
DrWat has joined #bitcoin-wizards
d1ggy_ has joined #bitcoin-wizards
d1ggy has quit [Ping timeout: 272 seconds]
temujin has quit [Ping timeout: 246 seconds]
shen_noe has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
maraoz has quit [Ping timeout: 264 seconds]
adam3us has quit [Ping timeout: 258 seconds]
LeMiner has joined #bitcoin-wizards
temujin has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
fanquake has quit [Quit: Leaving.]
NewLiberty has quit [Ping timeout: 258 seconds]
NewLiberty_ is now known as NewLiberty
stonecoldpat has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 264 seconds]
<CoinMuncher1>
Any wizards around?
NewLiberty has joined #bitcoin-wizards
<CoinMuncher1>
Please shoot me down if I'm talking old news or bullocks. Currently receivers of a new block header can't immediately start mining on top of that block before they fully receive and verify the block (mostly for DOS attack reason I believe).
<CoinMuncher1>
However: I was wondering what could be done if a miner puts a transaction sending x of his own BTC to fees (himself in most cases) in the block he's working on.
<CoinMuncher1>
Basically he's saying: "I'm risking x BTC of my own as a guarantee that this block is valid, please build on it when you receive my blockheader+this special transaction."
<CoinMuncher1>
Of course if his block gets orphaned he still loses that money anyway as the next miner can run with his transaction, but it might convince people to trust him to not be doing a DOS attack?
<CoinMuncher1>
I'm not smart enough to oversee the deeper incentives and implications of this, so I'm just throwing it out there to the wolves...
<Taek>
I'm not sure what the current mining software landscape is like, but I imgaine that the vast majority of blocks with valid headers (which require a lot of hashing to create) are going to be completely valid
<Taek>
it should be profitable for a miner to immediately start mining on a new header and then validate after receiving the rest of the block
adlai has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 244 seconds]
<Taek>
the only risk is that the rest of the block never shows up, but you can just set a 10s timeout
<Taek>
that would be very expensive to DoS, because each 10s that you waste requires an entire valid block header
<CoinMuncher1>
yeah, but it's dangerous for a miner to start mining without verifying (according to core devs). They're assisting a DOS attack (even doublespend attack?) if it turns out to be invalid. I don't know the full details tbh. I wouldn't be surprised if a lot of miners do that anyway, but that's a different story.
<Taek>
it's certainly dangerous if you don't verify asap. I think the core-devs are mostly talking about miners that never verify the block, not miners with start mining a block a few seconds before verifying
Emcy has quit [Read error: Connection reset by peer]
rubensayshi has quit [Ping timeout: 245 seconds]
gielbier has quit [Read error: No route to host]
gielbier has joined #bitcoin-wizards
maraoz has joined #bitcoin-wizards
p15x has quit [Ping timeout: 256 seconds]
<tromp>
I don't see how you can DOS attack with PoW satisfying headers, you could only produce only a few headers per hour?!
maraoz has quit [Quit: Leaving]
<Taek>
tromp: it's a DoS if they are headers to invalid blocks and the miner doesn't verify the blocks
<tromp>
right; but like you said, miners would not want to wait more than a few secs for getting the whole black to verify
<Taek>
right. As long as they are verifying quickly after, it should be fine
chmod755 has quit [Quit: Leaving]
<tromp>
miners verify not because they fear this kind of attack but because they fear invalid blocks as result of stupidity or misconfigured miners
<tromp>
would be nice to see statistics on invalid blocks with satisfying PoW...
<tromp>
must be super-rare nowadays
DrWat has quit [Quit: Actually, she wasn't really my girlfriend, she just lived next door and never closed her curtains.]
stonecoldpat has quit [Ping timeout: 246 seconds]
antanst has joined #bitcoin-wizards
<CoinMuncher1>
yeah, I'm probably mistaken that it's for anti-DOS purposes. I mean any receiver of the headers would obviously check the hash. I'm fairly certain there is a good reason though for miners to wait until it's fully verified. Or maybe not for the miner individually, but for the Bitcoin network as a whole.
<CoinMuncher1>
That's one of the reasons why block propagation of bigger blocks is such a big deal now, right? If everyone could just wait 20 sec for the full block but in the meantime mine the next block, it wouldn't be such a big deal. Plus that the new miner can't put any transactions into the new block if he doesn't know which ones are already in the existing block.
arubi_ has quit [Quit: Leaving]
shen_noe2 has joined #bitcoin-wizards
maraoz has joined #bitcoin-wizards
shen_noe has quit [Ping timeout: 255 seconds]
Emcy has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
SDCDev has quit [Ping timeout: 272 seconds]
GGuyZ has joined #bitcoin-wizards
mkarrer_ has joined #bitcoin-wizards
kmels has joined #bitcoin-wizards
mkarrer has quit [Ping timeout: 258 seconds]
shen_noe2 has quit [Read error: Connection reset by peer]
shen_noe2 has joined #bitcoin-wizards
nuke1989 has joined #bitcoin-wizards
CoinMuncher1 has quit [Quit: Leaving.]
spinza has quit [Excess Flood]
lclc has joined #bitcoin-wizards
Relos has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
Quanttek has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
damethos has joined #bitcoin-wizards
Tiraspol has quit [Ping timeout: 245 seconds]
damethos has quit [Remote host closed the connection]
damethos has joined #bitcoin-wizards
antanst has quit [Ping timeout: 256 seconds]
arubi_ has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 264 seconds]
dc17523be3 has joined #bitcoin-wizards
Mably has quit [Ping timeout: 276 seconds]
damethos has quit [Quit: Bye]
damethos has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
NewLiberty has quit [Ping timeout: 245 seconds]
shen_noe3 has joined #bitcoin-wizards
lclc has quit [Ping timeout: 255 seconds]
NkWsy has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
shen_noe2 has quit [Ping timeout: 246 seconds]
GGuyZ has quit [Quit: GGuyZ]
Tiraspol has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 264 seconds]
dc17523be3 has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
Giszmo has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
<gmaxwell>
CoinMuncher1: verifying a newly recieved block normally takes virtually no time, because the transactions/signatures are already cached.
priidu has quit [Ping timeout: 250 seconds]
<gmaxwell>
Failing to validate it, if widely done, would severely undermine the security of bitcoin from the perspective of common SPV wallets; because no confirmation count "1" and dozens would be meaningful anymore... since once a bad transaction made it in there would be a potentially unbounded amount of time before that chain was abandoned.
<gmaxwell>
if they only verified later then it effectively means everyone needs to wait for more confirmations to have equal security; which might be tolerable-- but why?
hashtag_ has joined #bitcoin-wizards
hashtag has quit [Ping timeout: 255 seconds]
zooko has joined #bitcoin-wizards
NkWsy has quit [Remote host closed the connection]
Starduster_ has joined #bitcoin-wizards
Starduster has quit [Ping timeout: 258 seconds]
spinza has quit [Ping timeout: 256 seconds]
dasource has joined #bitcoin-wizards
Tiraspol has quit [Read error: Connection reset by peer]
zooko` has joined #bitcoin-wizards
felipelalli has quit [Ping timeout: 272 seconds]
Tiraspol has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
c-cex-yuriy has joined #bitcoin-wizards
Emcy_ has joined #bitcoin-wizards
<temujin>
I'm not sure if there would be any amount of BTC you can put up as guarantee that would convince other miners to build upon your block; in fact I think the opposite would be the case, they'd simply reject that block and work on their own to try to capture the fee and avoid the risk of building upon a possibly invalid chain
<nsh>
our favourite TLA pals indisputably spend a lot of resources undermining virtual private network security, by as many means as fit into their budget (and secret budget)
<nsh>
i'm not sure what's cynical except the behaviour of leaders of the free world
KuDeTa has quit [Quit: KuDeTa]
HostFat has quit [Ping timeout: 276 seconds]
dEBRUYNE has quit [Read error: Connection reset by peer]
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<moa>
nsh: exploiting an obsolete compromised behaviour arising from laws enacted by their bidding
<moa>
not to say that the current set of laws enacted by their bidding wont be cyncially exploited far into the future
<moa>
either
<moa>
you seem to think the 'leaders' of the free world have technical input into these laws :)
<nsh>
ah, right; we're on the same page. i mistook that you were suggesting that commenters were being over-cynical
gielbier has quit [Ping timeout: 250 seconds]
<nsh>
well, to keep [vaguely] on topic. why did all these VPN implementations use standardized primes in the first place?
<moa>
TIL: predicting the future is difficult, predicting human reaction to the future is next to impossible
<moa>
srry OT
akrmn has joined #bitcoin-wizards
gielbier has joined #bitcoin-wizards
llllllllll has quit []
<moa>
nsh: good question ... because "people shouldn't roll their own crypto"?
<moa>
maybe the standardised ones are different from the standardized ones
<hulkhogan_>
nsh: i thought it was b/c DHE export laws purposely demanded for crippled crypto
<gmaxwell>
16:25 < nsh> well, to keep [vaguely] on topic. why did all these VPN implementations use standardized primes in the first place?
<gmaxwell>
because generating acceptable numbers for a DH group is computationally expensive.
<gmaxwell>
(worse than generating RSA keys)
<gmaxwell>
And assuming your group is good there is no known harm in using a standarized one--- (if your group is weak enough that doing the precomputation to crack many keys makes sense, then next year it'll be weak enough that just cracking single keys makes sense)
* nsh
nods
<gmaxwell>
Also, if you'll note-- some of this logjam stuff has pointed out that things using their own groups are actually using groups which aren't safe primes or aren't even primes!
<nsh>
why are DH group primes more expensive to generate/filter than primes for RSA exponents?
<gmaxwell>
Because you need to check that p-1/2 is prime as well; also the primes you're looking for are larger (as for RSA you find half-sized P and Q)
<nsh>
(goes into some detail)
<nsh>
ah, right
<nsh>
i think strong prime generation should be a public service under the auspices of the UN or some such organization that is maybe less bureaucratic and useless
<gmaxwell>
these days its not really much of a consideration. But you could just as well ask why ECC stuff doesn't use per user random curves.
<nsh>
i'd hazard there are more ways to pick a bad ECC curve than a bad DH prime
<nsh>
but it's economies-of-scale that are the real problem here
<nsh>
(combined with a network adversary that also has massive storage and computation resources)
<gmaxwell>
nsh: just like picking acceptable DH primes-- if you only care about security and not speed-- there are a few known things to test for. otherwise random is fine.
<phantomcircuit>
nsh, it takes minutes to generate 2048 bit DH primes
<phantomcircuit>
it takes many minutes for 4096
<nsh>
then *vpn developers should be politely encouraged to make this part of the configuration
<hulkhogan_>
thats quite interesting, in particular the aspect of group weakness being the spof for DH security
<gmaxwell>
in any case, ISTM that group flexiblity was actually a liability here, as the defaults were okay but locally generated groups were sometimes insecure (for unknown reasons)
<nsh>
(kaepora, i mean. i reserve the right to be mean indefinitely, or at least until i meet him and determine that he's actually a nice person)
<nsh>
*to be mean about him
GGuyZ has quit [Quit: GGuyZ]
<nsh>
and in this SE he was actually being prescient, and the answering parties myopic, to a certain extent anyway
<gmaxwell>
nsh: the thing we don't know now that would be interesting is why did the non-prime (or non-safe-prime) DH groups exist? It's not like the primality testing failed.
<nsh>
subversion perhaps?
<gmaxwell>
(the normal primality testing trivially reaches probablities thate are better than 1 failure in 2^100)
<nsh>
can they be correlated with particular software
<phantomcircuit>
nsh, oh and trying to generate large dh primes needs lots and lots of entropy
* nsh
nods
<gmaxwell>
phantomcircuit: it doesn't really just crappy software needs lots of entropy.
<nsh>
there's a perfect primality testing algorithm since 2012 or so, i believe
<gmaxwell>
The prime isn't even secret, so you don't need any entropy at all!
<kanzure>
"Actually, it's not actually true that "it doesn't matter what prime you use"; certain primes (say, primes where p−1 is smooth) are a really bad idea. In addition, it's a good to generate p so that you know a large prime factor q, so that you can generate a generator for a subgroup that size."
<nsh>
.wik AKS test primes
<yoleaux>
"The AKS primality test (also known as Agrawal–Kayal–Saxena primality test and cyclotomic AKS test) is a deterministic primality-proving algorithm created and published by Manindra Agrawal, Neeraj Kayal, and Nitin Saxena, computer scientists at the Indian Institute of Technology Kanpur, on August 6, 2002, in a paper titled "PRIMES is in P"." — http://en.wikipedia.org/wiki/AKS_primality_test
<nsh>
okay, less recently than i remembered
<phantomcircuit>
gmaxwell, openssl wants like megabytes of /dev/random output to generate a 4096 bit dh prime
<phantomcircuit>
plausibly it's just a bug though
frankenmint has joined #bitcoin-wizards
<gmaxwell>
nsh: APR is from like the 1980s.. though I guess it's not quite polynomial but it doesn't really matter.
<gmaxwell>
phantomcircuit: sure, because openssl is dumb.
<gmaxwell>
It's not even a blinking secret. You do want to not generate the same as someone else (otherwise you'd just use the RFC ones), sure but reading 100-200 bits and using a CSPRNG (or just _incrementing_) for your test points would be fine.
<nsh>
.wik Adleman–Pomerance–Rumely primality test
<yoleaux>
"In computational number theory, the Adleman–Pomerance–Rumely primality test is an algorithm for determining whether a number is prime. Unlike other, more efficient algorithms for this purpose, it avoids the use of random numbers, so it is a deterministic primality test." — http://en.wikipedia.org/wiki/Adleman%E2%80%93Pomerance%E2%80%93Rumely_primality_test
<nsh>
i wish i had enough maths to contemplate how these primality testing algorithms relate to the riemann hypothesis
<nsh>
we were discussing something recently that related to a generalized zeta function. can't remember what though now
<gmaxwell>
nsh: but really I dunno that for these applications that you care if its sound. For the probablistic ones every test iteration e.g. doubles your probablity rejecting a non-prime, so you can become arbritarily confident fast. After not many iterations its more likely that software errors, bitflips, or some fundimental misunderstanding of mathmatmatics has created greater risk than a false result f
<gmaxwell>
rom the probablistic test.
* nsh
nods
Burrito has quit [Quit: Leaving]
<nsh>
pragmatically, statistical testing to the desired confidence is fine for all intents and purposes. theoretically, deterministic testing is [possibly] more likely to help elucidate Hard Questions about number theory
<phantomcircuit>
nsh, 4096 bit dh prime 7m52.618s
<nsh>
oh, nice
dc17523be3 has quit [Ping timeout: 258 seconds]
<nsh>
might be worth someone blogging some benchmarks to dissuade any laziness on the part of VPN provider mitigations