<gmaxwell>
If your limit is bandwidth vs CPU depends on how much bandwidth you can tolerate the node using. OpenSSL can process signatures at about IIRC 11MBit-of-transaction-data/sec. libsecp256k1, once we can deploy it, increases that about 5-6x-- assuming you have a 3.2GHz quad core cpu dedicated to verifying transactions; and that you never go offline or fall behind (because if the offered load is actua
<gmaxwell>
lly that great you can never catch up if you fall behind).
<gmaxwell>
Also assuming that we never deploy new features that shift the cost per byte processed up at all. E.g. no cryptographic confidentiality for transactions. If we do then that twizzles those numbers around.
<HostFat>
by this way it seems that the problem are the tx that can be too many ... and the blocks are used to limit them on the network, to limit the CPU works on nodes ...
<HostFat>
work*
<HostFat>
it's late here, I'll think about it more tomorrow
<akrmn>
andytoshi: I read most of the sidechains paper (I was talking to you on Saturday). Is a waiting period really necessary? If you force all miners mining on a subchain to also mine on the parent chain, and always take priority of what the parent chain says (in case of conflicts), then I don't see what the problem is. The miners on the parent chain can decide themselves whether to accept a transaction from a child chain, and then the
<gmaxwell>
"if you force"; yes no waiting is required if you eliminate the isolation between the networks (and the system becomes one security domain). Loss of isolation is explicitly called out as a risk in the sidechains whitepaper; because the motivation for the design is to allow a seperation of concerns.
<akrmn>
gmaxwell: But what is the risk to the top chain?
<gmaxwell>
Otherwise it's isomorphic to just softforking in the sidechain into the main chain. Which is what it is. (e.g. brings up the problem that bad software or resource usage causes harm)
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
<gmaxwell>
akrmn: in that model you cannot mine it (know that it is valid) without validing the data below it, exposing you to the costs and risks asscoiated with doing so.
<akrmn>
gmaxwell: The top chain miners don't have to mine the subchains
<akrmn>
Just the other way around
<akrmn>
Well ya, you can validate the bottom transactions, but it's your choice, and you will get fees if you do, so there's an incentive
hashtag_ has joined #bitcoin-wizards
<akrmn>
o ok, ya I guess you have to validate
<akrmn>
but if someone pays for a transaction, I don't see any problem with validating it, or any risk, but maybe I'm missing something.
llllllllll has quit []
<gmaxwell>
akrmn: "if someone pays" -- they emphatically do not pay, and cannot pay. Every verifier in the network takes the cost of verifying data. Only the miner choosing to admit a transaction can get paid.
<gmaxwell>
So e.g. one party accepts the transaction, gets paid, and 100,000 nodes take a cost. (plus all the future nodes who haven't even joined yet)
<GGuyZ>
gmaxwell: Thanks. I'm actually doing just that, but I also wanted to allow some amount of public verification without sending the entire transcript of commitments and operations (should have been more clear about succinctness).
<akrmn>
well I'll think about it
<GGuyZ>
Anyway, I basically solved it by creating a commitment to the final output (blinding it) and have those shares publicly verifiable (everyone can reconstruct). Then, the entire transcript can also be inspected but only if something seems suspicious.
<nsh>
\o/
<GGuyZ>
And it is additively homomorphic (simple Shamir's scheme) with multiplication solved using beaver triplets, so it should work.
<GGuyZ>
andytoshi: Thanks as well! Will look into it out of curiosity, though I don't think it's the best fit for my use case.
* gmaxwell
hits the words "semi-honest" and closes the window
<gmaxwell>
:P
<gmaxwell>
(not really, just so frustrated by the focus on the useless semi-honest moderl; I do see that that paper (atypically) goes beyond that toy model)
<GGuyZ>
:D
<GGuyZ>
Semi-honest is a great starting point. It just can't be the finish line.
<petertodd>
GGuyZ: semi-honest is a great starting point, in the same way that kindergarden is a solid foundation for a phd
<GGuyZ>
nsh: Yeah, the full proof is surprisingly recent. I even remember reading somewhere that they've been working on it for years.
<GGuyZ>
petertodd: can't argue with that :)
<GGuyZ>
I might actually steal that ;)
<petertodd>
GGuyZ: hehe, go it; I want credit :)
<GGuyZ>
Will be rightfully attributed
hashtag_ has joined #bitcoin-wizards
<gmaxwell>
GGuyZ: depends on what you're doing, but I usually encounter things where semi-honest is very nearly worthless and where the protocols to boost semi-honest to malicious security dwarf the complexity/assumptions. I think this is actually a serious problem for cryptosystem research which has contributed to the near total lack of industrial deployment.
<gmaxwell>
... because the research keeps coping up with constructs that engineers respond to "wait, I have to assume they'll follow the protocol? Why don't I just assume they don't keep logs too", and the like.
<GGuyZ>
gmaxwell: I'm inclined to agree. I'd argue that there's a positive change in attitude in recent years (Bitcoin is some sort of a catalyst).
adam3us has quit [Quit: Leaving.]
<gmaxwell>
Well at least with Bitcoin I can tell people with complete confidence "I _will_ use this, if it's secure in the malicious model, and won't consider it otherwise." wherease pre-bitcoin it was more like "Maybe I'll use it someday."
<petertodd>
GGuyZ: haha, amazing
<GGuyZ>
I was in SP15 last week and you can see a more realistic attitude in general
<petertodd>
GGuyZ: maybe make my name a shade lighter :P
<gmaxwell>
There are a lot of ZK protocols where the semi-honest is so complex that its complexity alone is a serious impediment to any deployment.
<GGuyZ>
petertodd: Blame those cheap online generators :). Don't worry, if it's ever in my presentation it will be in shining gold :D
<petertodd>
GGuyZ: heh
<GGuyZ>
gmaxwell: Got an example? Anyway, I think part of the problem is the modeling of the assumptions.
<GGuyZ>
They are either too strict for proving correctness or too light like semi-honest. In any case, they tend to become so detached from real-world assumptions that they stay within the community
<GGuyZ>
research community that is, but are never deployed.
<gmaxwell>
GGuyZ: well people also like showing properties that are needlessly strong. Like, there is a huge emphasis on standard model assumptions, because you can break some random oracle secure protocols in a completely contrived setup. Or some domains focus on information theoretic privacy, which is basically never pratical (any implementation will use a CSPRNG).. and sometimes those decisions force th
<gmaxwell>
ings into a weaker (e.g. semi-honest model).
<GGuyZ>
Exactly, but this is obviously a spectrum. For example, it doesn't make sense to focus on the standard model and I.T security, and then assume semi-honesty.
<gmaxwell>
GGuyZ: I think, in general, that anything more complex than a schnorr signature is complex enough that it risks no one being willing to implement it. You can see this in the wild-- there are basically no implementations for more complex protocols. It's not a bright line, but the space of people willing to implement drops of spectacularly; at about that complexity. (There are exceptions, e.g. pe
<gmaxwell>
rcy++ implements a bunch of non-trivial PIR: But I know of _no_ publically available usable implementations of, say even a simple polynomial private set intersection)
<GGuyZ>
Better to make some realistic model assumptions (random oracle, computational security, CRS, etc ...) and not assume that everyone's following the rules
* nsh
is mentally trying to compare gmaxwell's progress-pace frustrations with how people (or himself, at least) felt about the semantic web that never happened
<nsh>
i'd say you're making stellar progress, comparatively
<gmaxwell>
GGuyZ: except people go and do that. They prove in the standard model, and then the lack of a RO ends up needing a trusted setup or a n honest verifier or whatever; which implies semi-honest of some kind. If they instead took an RO assumption, then perhaps the semi-honest falls away. Schnorr ID protocol is an example of this. It's HVZK, but if you repliace the verifier challenge with a random o
<gmaxwell>
racle, you get a schnorr signature and it's secure against a malicious challenger.
bosma is now known as pennies
pennies is now known as bosma
<GGuyZ>
You're preaching to the choir :).
<GGuyZ>
I'm a bit optimistic because there are some (not the majority) that are trying to change that.
<GGuyZ>
Which is something that started less than a decade ago
<GGuyZ>
(and it will probably take some more time before we see things really change in practice)
hashtag_ has quit [Ping timeout: 244 seconds]
ryanxcharles has quit [Ping timeout: 264 seconds]
dc17523be3 has quit [Ping timeout: 244 seconds]
Guest95228 has quit [Ping timeout: 255 seconds]
Guest95228 has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
wonk_unit has quit [Ping timeout: 256 seconds]
nemild has joined #bitcoin-wizards
tromp_ has quit [Remote host closed the connection]
jeremyrubin has quit []
antgreen has joined #bitcoin-wizards
wonk_unit has joined #bitcoin-wizards
rht_ has quit [Quit: Connection closed for inactivity]
<nsh>
yeah, i'd have loved to go to that conf. but USA still off-limits for me indefinitely for silly reasons
nemild has joined #bitcoin-wizards
<nsh>
i'll try and coerce them into having one in europe soon
<zooko>
Hm.
* zooko
looks at crema.
nemild has quit [Client Quit]
<GGuyZ>
I think they mentioned something about having EURO S&P next year
<GGuyZ>
It may have been just a proposal though
* zooko
casts Summon Daira.
tromp has joined #bitcoin-wizards
<zooko>
Hiya tromp!
daira2 has joined #bitcoin-wizards
<daira2>
hello
<gmaxwell>
nsh: interesting link, will read. My frustration is that it appears that to subset far enough to make program _equivilence_ decidable, you have to be very limited. And man, decidablity of equivilence would be really nice.
<tromp__>
hi, Zooko
<zooko>
Hello daira! Sub-Turing proglang for langsec!
<zooko>
/msg daira <nsh> ( Crema: A Sub-Turing Programming Language --
<gmaxwell>
roconnor ^ the crema links above may be to your interest.
PRab has quit [Read error: Connection reset by peer]
<daira2>
"Whereas traditional verification problems implicitly assume that the underlying computational model of the code they target cannot be substantially simplified, LangSec posits that such simplification can and should be considered for input-parsing routines—as an important step toward security assurance."
PRab has joined #bitcoin-wizards
tromp has quit [Ping timeout: 264 seconds]
<daira2>
btw I think that conventional wisdom about needing Turing-complete languages for most tasks, is entirely wrong...
<daira2>
not just for parsing or input validation, but in general
<zooko>
+1
* daira2
continues reading
<bsm117532>
Can anyone provide a one-sentence description of how they break turing completeness? I'm at the end of their talk and don't see a concise statement.
belcher has quit [Quit: Leaving]
<gmaxwell>
daira2: it's trivially probably wrong in the context of Bitcoin Script. The task of bitcoin script is to decide that certian (arbritarily complex) conditions are met for permitting a transaction. _Verification_ of the truth of an NP statement which the prover has a witness to is a task in _P_ itself, not NP. Q.E.D.
<daira2>
actually you need more than a Turing a-machine in many cases (for interaction with an environment and nondeterminism), and less in other cases
<tromp__>
bsm117532: i think they forbid revisiting TM machine states already visited
<gmaxwell>
But that kind of argument isn't constructive, so it doesn't guide e.g. what shape a language should have for optimal expression of the kinds of tests which are useful for transactions.
<GGuyZ>
daira2: +2
<daira2>
gmaxwell: are you aware of total functional programming? it seems like a good fit here
<gmaxwell>
daira2: I am! this was also maaku's suggestion.
<GGuyZ>
gmaxwell: Could still do a lot more then verifying NP statements. Plenty other problems in P that don't require TC :)
<bsm117532>
tromp__: Is that enough to solve the halting problem?
<gmaxwell>
GGuyZ: I know, I just mean that there is litterally nothing that anyone could ever _require_ of bitcoin script that requires NP; because what bitcoin script is doing is fundimentally verification not computation.
frankenmint has joined #bitcoin-wizards
<tromp__>
it would seem to limit runtime to the number of finite control states
<bsm117532>
Revisiting a previously visited state is an indication of an infinite loop. But I can also just write integers to the tape, increasing its length...also doesn't halt. But perhaps it enables provable termination?
<midnightmagic>
hi daira2 I believe this is the first time I've seen you talk in here except for a 'nod' back in december 2013. :) yay welcome.
<GGuyZ>
Yes yes, I understand. I'm just pointing out the irony of people claiming you need TC for computation.
<bsm117532>
Is daira2 Satoshi!??!!
<daira2>
that would be telling
<GGuyZ>
(for all serious computation that is. For some, that's true)
<gmaxwell>
(I'm mostly making noise because it's a peeve of mine that people talk about turing complete script as if it added capability; ... or as if it were even possible in a pedantic sense (the nodes are time and storage bounded); or as if Bitcoin script were not already equivilent powerful as a particular-time-space-bounded universal turing machine (it has controlled swap, after all)).
<GGuyZ>
Agreed,
<daira2>
so, you probably don't need (and don't want, for security reasons) a very complicated termination prover for Bitcoin scripts
<GGuyZ>
and on another note total functional programming looks cool.
<daira2>
you probably don't even need recursion
<gmaxwell>
And mostly that irritation is because it makes people ignore the really interesting questions that lead to real advancement, like how can we make script more succinct in verification? Or how can a Bitcoin Script be constructed so as to make it most expressive while almost easy to rigorously statically analyize. "Can this contract be executed in a way I don't expect?"
<bsm117532>
gmaxwell: I've long been bothered that the Halting Problem halted serious research into provably-correct code.
nemild has quit [Quit: nemild]
<bsm117532>
See also the Godel Incompleteness theorem and all of mathematics throwing their hands up.
<GGuyZ>
If you pay per instruction or some other discrete measure, TC in any case is irrelevant, since that limits the computations anyway
<gmaxwell>
bsm117532: yea, for many things-- esp things like analyizing a smart contract just returning "I cannot tell" is a fine and highly useful result (do not use contracts your tools can't reason about!).
<daira2>
right, static analyzability is really important here
<daira2>
bsm117532: +1!
<gmaxwell>
bsm117532: the interesting thing is how much language design results in sanely constructed ordinary programs returning "I cannot tell"... and I believe that there is a huge potential for impact there.
<gmaxwell>
(er, results in analysis on sanely constructed...)
<daira2>
termination proving is not hard if you require programmers to give loop variants
<GGuyZ>
Isn't there research on bounded provably correct code?
<bsm117532>
Provable complexity tied to a calculated tx fee by static analysis would be way better than Ethereum's "gas" (and having it run out on non-halting TC code)
<gmaxwell>
plus human factors considerations, IMO Bitcoin script is actually really readable with a bit of practice (e.g. if you're already comfortable with HP calculators and RPL); but type ambiguity makes it harder to reason about formally.
<tromp__>
the simply typed lambda calculus is strongly normalizing (i.e. total) but still has no reasonable bound on reduction length
<daira2>
anyway, you don't just want termination for this application, you want bounded runtime
<gmaxwell>
bsm117532: I dunno about that, I mean, network consensus normative static analysis sounds like "box of dragons"
<bsm117532>
Indeed. Just a thought.
nemild has joined #bitcoin-wizards
nemild has quit [Client Quit]
<daira2>
let's see, I seem to remember reading some research on that topic (bounding runtime)
* daira2
googles
nemild has joined #bitcoin-wizards
<bsm117532>
I've got a plan brewing to build sidechains with different consensus rules implemented by a virtual machine.
<bsm117532>
It would be very cool if that virtual machine was not turing complete. You don't want to accidentally discover that your consensus rules do not halt.
<daira2>
oh, Lustre and QDDC
<daira2>
but they're more expressive than needed here
<daira2>
we don't need concurrency
* daira2
looks for something simpler
<daira2>
actually I'm too tired right now, will look tomorrow
<daira2>
'night all
<daira2>
oh, while I remember...
<daira2>
I think it doors make sense to use something similar to Ethereum's gas for dynamic enforcement of a bound on runtime...
<daira2>
s/doors/does/
<GGuyZ>
The problem is fire and forget.
<GGuyZ>
You need to gamble on how many steps your computation will take
<daira2>
but *also* to statically prove that the runtime check will not fail...
<daira2>
because that way, the consensus rules don't have to be dependent on the static prover
<daira2>
the parties to a contract can agree on a prover independently of anyone else
<GGuyZ>
You mean having a prover that's not the signer of the tx?
<daira2>
probably there would be some library of available provers, and the parties to a smart contract would just pick one that was powerful enough to prove that that particular contract will not run out of gas
<zooko>
gotta run you awesome folks.
<daira2>
but a bug in one of those provers wouldn't be disastrous, it would only affect contracts that has relied on it (and most contracts would use a simple one)
<daira2>
s/has/had/
<daira2>
OK, I need to sleep
<GGuyZ>
That's actually a very interesting idea
<GGuyZ>
g'night
<GGuyZ>
I'm off too.
zooko has quit [Ping timeout: 255 seconds]
<daira2>
(that idea doesn't just apply to runtime, it could be used for any similar property)
GGuyZ has quit [Quit: GGuyZ]
jae_ has quit [Remote host closed the connection]
priidu has quit [Ping timeout: 276 seconds]
TheSeven has quit [Disconnected by services]
[7] has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
rht_ has joined #bitcoin-wizards
wawawah has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
<gmaxwell>
GGuyZ: what you want, when speficying a contract, is a proof that the witness size/complexity will unconditionally be below some cost tolerance bound.
<gmaxwell>
In Bitcoin Script, as it is today, it's trivial to completely sure of that.
<gmaxwell>
I think total functional languages would also, generally, make it fairly straight forward to reason about the maximum witness size.
<gmaxwell>
As far as resource counters go, there isn't anything fundimentally ugly about them; other than if there is a limit and you don't have the above mentioned analysis, some trickster could get you to agree to a contract where some satisfaction you were counting on (e.g. refund if the counterparty cheats) has an infeasably huge size.
<gmaxwell>
There are pratical challenges with cost metrics in that the correct costing is implementation specific, but the cost behavior is network normative.
<gmaxwell>
(this applies no less to what bitcoin does-- bitcoin already costs out script: just by charging for size; but as the OP_CHECKSIG attacks show, getting the cost weights wrong can have consequences!)
<gmaxwell>
E.g. an example of this is we will eventually deploy improvements to OP_CHECKSIG that make it 6x+ faster. Had it been costed out assuming that it cost 3000x more than a OP_SHA256 after that improvement the costs would be wildly out of whack.
jae has joined #bitcoin-wizards
jae is now known as Guest42529
GGuyZ has joined #bitcoin-wizards
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
nemild has quit [Quit: nemild]
kmels has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
kgk has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
Artimage has joined #bitcoin-wizards
roconnor has quit [Quit: Konversation terminated!]
andy-logbot has quit [Remote host closed the connection]
lclc_ has joined #bitcoin-wizards
andy-logbot has joined #bitcoin-wizards
* andy-logbot
is logging
antanst has joined #bitcoin-wizards
zz_lnovy is now known as lnovy
wallet42 has joined #bitcoin-wizards
wallet42 has quit [Client Quit]
lclc_ has quit [Quit: Konversation terminated!]
lclc_ has joined #bitcoin-wizards
go1111111 has quit [Ping timeout: 240 seconds]
<nsh>
gmaxwell, zooko``, daira1: passed on your interest in CREMA to Jacob Torrey, perhaps he'll come to discuss it here; else there is [an underpopoulated] #langsec
priidu has joined #bitcoin-wizards
rubensayshi has joined #bitcoin-wizards
hearn has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
dc17523be3 has quit [Ping timeout: 265 seconds]
adam3us has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
jrayhawk has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
copumpkin has quit [Excess Flood]
copumpkin has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 264 seconds]
ThomasV has joined #bitcoin-wizards
metamarc has joined #bitcoin-wizards
metamarc has quit [Client Quit]
metamarc has joined #bitcoin-wizards
metamarc has quit [Changing host]
metamarc has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 265 seconds]
wallet42 has quit [Quit: Leaving.]
go1111111 has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 250 seconds]
ThomasV has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 252 seconds]
luny`` has joined #bitcoin-wizards
luny` has quit [Ping timeout: 276 seconds]
wallet42 has joined #bitcoin-wizards
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
Logicwax has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 272 seconds]
c0rw|zZz is now known as c0rw1n
LeMiner2 has joined #bitcoin-wizards
LeMiner has quit [Ping timeout: 240 seconds]
LeMiner2 is now known as LeMiner
dc17523be3 has joined #bitcoin-wizards
hulkhogan_ has quit [Ping timeout: 256 seconds]
dc17523be3 has quit [Ping timeout: 276 seconds]
hulkhogan_ has joined #bitcoin-wizards
hulkhogan_ has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
antgreen has quit [Ping timeout: 255 seconds]
p15_ has joined #bitcoin-wizards
Apocalyptic_ has joined #bitcoin-wizards
waxwing has quit [Ping timeout: 245 seconds]
waxwing has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
Apocalyptic has quit [Ping timeout: 250 seconds]
p15 has quit [Ping timeout: 250 seconds]
Apocalyptic_ is now known as Apocalyptic
stonecoldpat has quit [Ping timeout: 265 seconds]
priidu has quit [Quit: Leaving]
NewLiberty has joined #bitcoin-wizards
moa has quit [Quit: Leaving.]
stevenroose has joined #bitcoin-wizards
lclc_ has quit [Ping timeout: 256 seconds]
spinza has quit [Excess Flood]
HostFat has joined #bitcoin-wizards
cdecker has quit [Remote host closed the connection]
spinza has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
stonecoldpat has joined #bitcoin-wizards
Artimage has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
hearn has quit [Read error: Connection reset by peer]
hearn has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 265 seconds]
GGuyZ has quit [Quit: GGuyZ]
thrasher` has quit [Remote host closed the connection]
thrasher` has joined #bitcoin-wizards
hearn has quit [Ping timeout: 245 seconds]
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
hearn has joined #bitcoin-wizards
stonecoldpat has quit [Ping timeout: 272 seconds]
arubi_ has quit [Quit: Leaving]
jae has joined #bitcoin-wizards
jae is now known as Guest3654
c0rw1n is now known as c0rw|away
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
<StephenM347>
If a transaction spends from two outputs with same P2PKH address, then will the SignatureHash (SIGHASH) when signing each of the inputs individually be the same?
<StephenM347>
It has signatures with the same R values
<StephenM347>
Wondering if it has anything to do with RFC 6979 (deterministic signatures), or if the signer was using bad software that used the same k value in signing
NewLiberty__ has quit [Ping timeout: 244 seconds]
antanst has quit [Quit: Leaving.]
gill3s has joined #bitcoin-wizards
Guest3654 has quit [Remote host closed the connection]
<wumpus>
deterministic signing will indeed generate the same signature twice for the same input data and key. But if it concerns different inputs, different data should be being signed.
frankenmint has left #bitcoin-wizards [#bitcoin-wizards]
maraoz has quit [Quit: Leaving]
spinza has quit [Excess Flood]
o84wb76g has joined #bitcoin-wizards
lclc_ has joined #bitcoin-wizards
<StephenM347>
wumpus: makes sense, that transaction must have signed using the same k value
<StephenM347>
to get the same R
spinza has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
o84wb76g has quit [Client Quit]
wallet42 has quit [Client Quit]
daira1 has joined #bitcoin-wizards
stonecoldpat has joined #bitcoin-wizards
rht_ has quit [Quit: Connection closed for inactivity]
Quanttek has quit [Remote host closed the connection]
ThomasV has joined #bitcoin-wizards
arubi_ has joined #bitcoin-wizards
kmels has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
Quanttek has joined #bitcoin-wizards
arubi has joined #bitcoin-wizards
arubi_ has quit [Ping timeout: 272 seconds]
gill3s has joined #bitcoin-wizards
hearn has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 272 seconds]
jae has joined #bitcoin-wizards
arubi__ has joined #bitcoin-wizards
jae is now known as Guest14004
arubi has quit [Ping timeout: 244 seconds]
hearn_ has joined #bitcoin-wizards
arubi__ has quit [Ping timeout: 256 seconds]
hearn has quit [Ping timeout: 258 seconds]
lclc_ has quit [Ping timeout: 256 seconds]
antanst has joined #bitcoin-wizards
GAit has quit [Remote host closed the connection]
Mably has quit [Quit: Page closed]
arubi__ has joined #bitcoin-wizards
DrWat has joined #bitcoin-wizards
luny`` is now known as luny
ThomasV has quit [Ping timeout: 265 seconds]
zooko has quit [Read error: Connection reset by peer]
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
zooko has joined #bitcoin-wizards
kmels has quit [Read error: Connection reset by peer]
hashtag has quit [Quit: Leaving]
NewLiberty has joined #bitcoin-wizards
zooko has quit [Remote host closed the connection]
maraoz has joined #bitcoin-wizards
mkarrer has quit []
NewLiberty_ has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 264 seconds]
antgreen has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
kgk has quit [Client Quit]
adam3us has joined #bitcoin-wizards
rubensayshi has quit [Remote host closed the connection]
kgk has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 264 seconds]
dc17523be3 has joined #bitcoin-wizards
d1ggy has quit [Quit: Leaving]
d1ggy has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
arubi__ has quit [Ping timeout: 264 seconds]
NewLiberty__ has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 276 seconds]
Mably has joined #bitcoin-wizards
NewLiberty__ has quit [Ping timeout: 246 seconds]
<maaku>
StephenM347: the input data would not be the same
<maaku>
*the message being signed
zooko has quit [Ping timeout: 272 seconds]
<StephenM347>
maaku: Thanks, that's what I though
<StephenM347>
thought
<maaku>
StephenM347: specifically the outpoint of the inputs would be different
<maaku>
different txid:n
arubi__ has joined #bitcoin-wizards
SDCDev has joined #bitcoin-wizards
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
NewLiberty_ has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 272 seconds]
wallet42 has joined #bitcoin-wizards
arubi__ has quit [Ping timeout: 240 seconds]
kmels has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
melvster has quit [Ping timeout: 272 seconds]
NewLiberty_ is now known as NewLiberty
arubi__ has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
priidu has quit [Max SendQ exceeded]
priidu has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
<akrmn>
As far as I understand, the lightning network is a way of enforcing bitcoin contracts where each transaction in the contract can happen instantaneously. Now, how flexible are these contracts? Can the contract be to put the bitcoin on a sidechain and bring it back when some condition is met?
GGuyZ has joined #bitcoin-wizards
<ajweiss>
does anyone in here know of any fully open source (no binary drivers) mobile phones that are available in the us?
Luke-Jr has quit [Excess Flood]
Luke-Jr has joined #bitcoin-wizards
nemild has quit [Quit: nemild]
SubCreative has quit [Ping timeout: 265 seconds]
daira2 has joined #bitcoin-wizards
<gmaxwell>
ajweiss: I think no such beast exists; even the FirefoxOS stuff repackages binary drivers from android because thats the only way to get hardware compatiblity at the moment.
<gmaxwell>
(it wasn't something that could just be fixed until Mozilla has more leverage with hardware makers)
nemild has joined #bitcoin-wizards
* helo
rehashes baseband discussion
daira1 has quit [Ping timeout: 256 seconds]
akrmn1 has joined #bitcoin-wizards
prodatalab__ has quit [Quit: Konversation terminated!]
<ajweiss>
is that still true even if you say "forget the baseband"?
akrmn has quit [Ping timeout: 256 seconds]
prodatalab has joined #bitcoin-wizards
<akrmn1>
I would like to buy a tablet that has the same size and ear speaker as a phone, and just use VoIP. I wonder if there's any good options now.
<ajweiss>
well i'd just like a phone sized device with a working camera and display that is foss. it would make an excellent platform for a secure wallet.
<akrmn1>
ya true
<ajweiss>
all the android devices have silly binary blobs. although there are foss drivers for the display for some..
<ajweiss>
but really what you need is the camera
<ajweiss>
or... even the audio
akrmn1 has quit [Quit: Leaving.]
akrmn has joined #bitcoin-wizards
Quanttek has quit [Ping timeout: 264 seconds]
DrWatto has joined #bitcoin-wizards
nessence has quit [Remote host closed the connection]
DrWat has quit [Ping timeout: 264 seconds]
arubi__ has quit [Ping timeout: 245 seconds]
felipelalli has quit [Quit: felipelalli]
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
tcrypt has joined #bitcoin-wizards
SubCreative has joined #bitcoin-wizards
SubCreative has joined #bitcoin-wizards
felipelalli has joined #bitcoin-wizards
Quanttek has joined #bitcoin-wizards
c-cex-yuriy has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
arubi__ has joined #bitcoin-wizards
lclc_ has joined #bitcoin-wizards
alferz has quit [Ping timeout: 244 seconds]
kgk has joined #bitcoin-wizards
zz_lnovy is now known as lnovy
hashtag has joined #bitcoin-wizards
paveljanik has quit [Quit: Leaving]
lnovy is now known as zz_lnovy
maraoz has quit [Ping timeout: 264 seconds]
hearn_ has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
nessence has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
tromp__ has quit [Ping timeout: 272 seconds]
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
nessence has quit [Ping timeout: 264 seconds]
tromp__ has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 246 seconds]
tromp_ has joined #bitcoin-wizards
tromp__ has quit [Ping timeout: 256 seconds]
antgreen has quit [Ping timeout: 244 seconds]
zooko has joined #bitcoin-wizards
arubi__ has quit [Ping timeout: 264 seconds]
SubCreative has quit [Read error: Connection timed out]
<ggreer>
did you guys see the papers about building time-lock encryption using the blockchain + witness encryption?
adam3us has quit [Read error: Connection reset by peer]
arubi__ has joined #bitcoin-wizards
lclc_ has quit [Ping timeout: 256 seconds]
ThomasV has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
<gmaxwell>
It's come up in here before... but trusted setup makes it much less interesting!
<gmaxwell>
(well the papers haven't but that application of witness encryption has)
<maaku>
i got very excited until i saw the trusted setup :(
SDCDev has quit [Remote host closed the connection]
<gmaxwell>
maaku: andytoshi has an informal general argument posted someplace that seems pretty convincing that any kind of obfscuation will need trusted setup.
<gmaxwell>
Doesn't make it useless, but the gap over e.g. N of M IBM cryptocards that remote attest to their config and release keys on time; is smaller but substantial: in particular even with trusted _setup_ it removes an availablity attack.
<maaku>
right
chmod755 has quit [Quit: Leaving]
<maaku>
but it's not the holy grail of awesomeness it looked like at first ;)
adam3us has joined #bitcoin-wizards
<gmaxwell>
At a protocol level doing a timelock with the bitcoin blockchain is at best non-interactive-SPV secure, with no fraud proof.
<gmaxwell>
so that would be the other limit.
<Luke-Jr>
is a fraud proof needed for this?
Giszmo has joined #bitcoin-wizards
arubi__ has quit [Ping timeout: 265 seconds]
<gmaxwell>
It's just a limitation. There is SPV security (trusts the longest chain that you can go out and fined, which is the longest one given a non-parititioning assumption), and non-interactive-SPV-with-fraud-proofs (trusts a sufficiently long chain you've been given, but have an oppturnity to learn about a longer one before its too late (which is the same as the longest given an even stronger non-censo
<gmaxwell>
rship/non-partitioning assumption), vs trust any sufficiently long chain you've been given, regardless of if its the longest or not. If this matters depends on if you're trying to just 'merge-mine' a computational timelock or if you're counting on bitcoin's adaptive difficulty control to make a very long term timelock viable.
ThomasV has quit [Ping timeout: 265 seconds]
<gmaxwell>
In the latter case, the fact that someone could feed the blackbox a fork is a significant limitation.
hearn has joined #bitcoin-wizards
moa has joined #bitcoin-wizards
nessence has joined #bitcoin-wizards
wallet42 has quit [Ping timeout: 240 seconds]
arubi__ has joined #bitcoin-wizards
nessence has quit [Ping timeout: 272 seconds]
wallet42 has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]