<gmaxwell>
HostFat_: if you know you'll win a race even with a later announcement you should withhold your block, this makes it so the strategic ('selfish') mining has substantial returns starting at 25% hashpower.
<gmaxwell>
(this is a well known problem with any block preference scheme except smaller)
nessence has joined #bitcoin-wizards
<HostFat_>
wait, tt depends, if you wait longer, all nodes will still receive the bigger block first
<HostFat_>
it*
<HostFat_>
I don't see it as a win strategy
nessence has quit [Remote host closed the connection]
user7779078 has quit [Remote host closed the connection]
<HostFat_>
the smaller blocks only win on the downloading phase, so this is the way to avoid a dos attack from bigger blocks
<gmaxwell>
HostFat_: also, I think you've still failed to grasp a point made the other day... that it doesn't matter if j-random-node does this or that, assuming they don't outright reject them, miners don't care if it takes minutes for a j-random-node to get them.
<HostFat_>
they care if they know that if a smaller block will come after their block, nodes will prefer to download the later one
<HostFat_>
one miner can make a 1 GB block if he wants, and nodes will start do download it ... but if after few seconds it arrives a new block of 1 MB (example), nodes will pause the download of the one of 1 GB, and will give all the bandwitch to download the smaller one
<HostFat_>
the block of 1 GB will be orphan
<gmaxwell>
HostFat_: Again (1) it doesn't matter what random non-mining nodes do. has no influence on miner income unless nodes outright reject the blocks, and (2) if you can construct a block that you _know_ will be prefered even if accepted later, you should do that and selfish mine and win every 'race'; having an advantage on everyone else by the amount of time you keep the 'best' chain secret.
<gmaxwell>
I'm sorry if I'm failing to make these concepts clear enough; they're well understood by many people.-- I have too much else to do right now, perhaps someone else will explain (though #bitcoin might be a better venue).
<dgenr8>
HostFat: to be clear, you DL the smaller one preferentially until you have the samebuffer of both, then download equally, is that what you propose?
<HostFat_>
I mean all the nodes should have these rules, and if a miner wait longer, he will lose the race, even with a smaller block, because all the nodes will have already dowloaded another one
mkarrer has quit [Remote host closed the connection]
user7779078 has joined #bitcoin-wizards
<HostFat_>
no, all nodes will download the smaller first, if they receive more than one block
<HostFat_>
it's really risky to wait to release your block, to do selfish mine, because you can lose the race if all the nodes will have already downloaded other blocks
gmaxwell has left #bitcoin-wizards [#bitcoin-wizards]
<dgenr8>
some problems with that. nodes don't know what the size is until they download it. And, the later one isn't smaller, once it's become bigger ;)
wallet42 has joined #bitcoin-wizards
wallet42 has quit [Client Quit]
<HostFat_>
maybe this can be arranged by asking the block size first, and then block the IP of the possible liar
<justanotheruser>
HostFat_: blocks don't have IP addresses
<HostFat_>
but the sender yes, and the sender is the only one that maybe has malicious intent
<HostFat_>
to fake size to give more priority to the block that it is sending
sipa has left #bitcoin-wizards [#bitcoin-wizards]
user7779078 has quit [Remote host closed the connection]
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
c0rw1n is now known as c0rw|zZz
<justanotheruser>
oh, well sending an invalid block already bans you
<justanotheruser>
iirc
<justanotheruser>
at the very least, it increases your ban score
<justanotheruser>
but if you aren't making the blocks invalid, just "unideal" or whatever, it doesn't help
bramc has joined #bitcoin-wizards
nessence has joined #bitcoin-wizards
frankenm_ has joined #bitcoin-wizards
nessence has quit [Ping timeout: 240 seconds]
justanotheruser has quit [Ping timeout: 258 seconds]
frankenm_ has quit [Remote host closed the connection]
frankenm_ has joined #bitcoin-wizards
maraoz has quit [Quit: Leaving]
Guest81362 is now known as DanielBTC
jae_ has quit [Remote host closed the connection]
felipelalli has quit [Quit: felipelalli]
justanotheruser has joined #bitcoin-wizards
felipelalli has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
justanotheruser has quit [Quit: Reconnecting]
justanot1eruser has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
Dr-G2 has quit [Ping timeout: 264 seconds]
NewLiberty__ has quit [Ping timeout: 255 seconds]
NewLiberty has quit [Ping timeout: 245 seconds]
frankenm_ is now known as frankenmint
frankenmint has quit []
nessence has joined #bitcoin-wizards
jae_ has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 240 seconds]
NewLiberty__ has joined #bitcoin-wizards
nessence has quit [Ping timeout: 240 seconds]
NewLiberty has quit [Ping timeout: 255 seconds]
joecool has joined #bitcoin-wizards
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
zmachine has quit [Max SendQ exceeded]
Transisto2 has quit [Ping timeout: 245 seconds]
user7779078 has joined #bitcoin-wizards
[7] has quit [Disconnected by services]
TheSeven has joined #bitcoin-wizards
<Jaamg>
tx fees currently seem to accumulate around 20 BTC / day. if we assume that one day there will be 1000x more blockchain transactions, is there a reason to believe that tx fees will not increase to 20,000 BTC / day?
licnep has joined #bitcoin-wizards
<justanot1eruser>
yes, we don't know what fees will be in the future
HostFat_ has quit [Ping timeout: 256 seconds]
p15_ has quit [Read error: Connection reset by peer]
p15 has joined #bitcoin-wizards
nessence has joined #bitcoin-wizards
jae_ has quit [Remote host closed the connection]
<Jaamg>
justanot1eruser: do you perhaps refer to bitcoin value rising which might give downwards pressure to tx fees? if yes, i repeat my question by adding "20,000 BTC / day, measured in today's btc price"
<Jaamg>
or do you refer to something else?
nessence has quit [Ping timeout: 256 seconds]
<justanot1eruser>
I think 1000x more blockchain transactions either will never happen or is too far off to predict
<Jaamg>
justanot1eruser: that was an assumption
joecool has quit [Ping timeout: 256 seconds]
wallet42 has joined #bitcoin-wizards
wallet42 has quit [Client Quit]
NewLiberty__ is now known as NewLiberty
jae_ has joined #bitcoin-wizards
jae_ has quit [Remote host closed the connection]
joecool has joined #bitcoin-wizards
DanielBTC has quit [Quit: Leaving]
nessence has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
wallet42 has quit [Client Quit]
nessence has quit [Ping timeout: 256 seconds]
p15x has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 250 seconds]
p15x has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
NewLiberty has quit [Ping timeout: 272 seconds]
jcorgan has left #bitcoin-wizards [#bitcoin-wizards]
jmcn_ has joined #bitcoin-wizards
nessence has joined #bitcoin-wizards
jmcn has quit [Ping timeout: 276 seconds]
Populus has joined #bitcoin-wizards
Populus has joined #bitcoin-wizards
nessence has quit [Ping timeout: 265 seconds]
p15x has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
a5m0 has quit [Remote host closed the connection]
a5m0 has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
justanotheruser has joined #bitcoin-wizards
justanot1eruser has quit [Quit: Reconnecting]
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 255 seconds]
NewLiberty has joined #bitcoin-wizards
<bramc>
Jaamg, The blockchain as it stands currently just plain can't handle 100x as many transactions. It's disallowed as an anti-ddos measure. There's a hard limit on the maximum size of a block. Hence all the discussion about raising that. But in answer to your question, transaction fees are fairly close to zero today because the demand is less than the supply (or rather, parties who have considered writing applications which
<bramc>
would have dramatically increased the demand have kindly refrained from doing so). If demand goes up to exceed supply transaction fees will jump dramatically. How dramatically depends on how much people care about doing those transactions
<Jaamg>
bramc: "if we assume that one day"
<bramc>
Jaamg, I didn't use that turn of phrase
joecool has quit [Ping timeout: 256 seconds]
<bramc>
Jaamg, You can't assume that the transaction rate goes up by 100x. It isn't allowed
<Jaamg>
bramc: i know
p15x_ has quit [Remote host closed the connection]
user7779078 has quit [Remote host closed the connection]
cosmo has quit [Remote host closed the connection]
<Jaamg>
my assumption obviously includes the condition "Blocksize is more than 1MB OR size of an average tx is significantly smaller than today
<NewLiberty>
or rather tx rate can go up 100x but they won't be incl in blocks
<Jaamg>
likely the former
<Jaamg>
but i would still like to hear an answer to original question
<bramc>
Jaamg, If you assume that a 100x transaction rate is achieved by raising the block size to large enough that it has more than enough capacity for that, then no, transaction fees won't have gone up
<bramc>
Jaamg, If you assume that a 100x transaction rate is achieved by raising the block size to 50x what it is now, thus allowing 100x as many transactions as there are currently, but capacity is being met, then transaction fees are likely to be vastly larger.
ThomasV has quit [Ping timeout: 272 seconds]
<Jaamg>
bramc: i'm not talking about fee/tx going up, i'm talking about the sum of all fees going up, because of increased blockchain traffic
<bramc>
Jaamg, My previous comments were about the aggregate fees, not the individual fees
<bramc>
The fees right now are so close to zero that they're more social convention than economic mechanism.
<Jaamg>
bramc: fees are close to zero, but they still accumulate around 20 BTC / day. is there a reason to believe that 1000x blockchain traffic would not increase that number to 20,000 BTC / day?
<Jaamg>
or if that feels to far in the future, we can also talk about 10x traffic and number increasing to 200 BTC / day
<bramc>
Jaamg, If the capacity is continuously increased to stay ahead of demand, there's no reason to expect the per-transaction fee to stay the same as the number of transactions goes up
<bramc>
Current mining rewards, if I recall correctly, are 1800 BTC/day, so transaction fees are around 1%
<Jaamg>
bramc: if we assume that one day blockchain security is provided by scarcity-induced high tx fees, what will happen to network security if blockchain traffic for whatever reason drops?
<Jaamg>
it's 3600 currently
<bramc>
Jaamg, As long as demand exceeds the limit, then the amount of blockchain traffic will remain fixed at the limit, and the fees will fluctuate with demand.
<bramc>
The security parameter of the block chain will vary in linear proportion to the transaction fees (and time, you can always wait longer to have greater security)
<Jaamg>
bramc: with security i'm referring to the network hash rate and not to the confirms (if that's what you meant)
<bramc>
Jaamg, It's a bit smoothed out because the costs of buying asics are amortized over time, but to a first approximation the network hash rate is linearly proportional to the mining rewards.
<bramc>
When is the hash rate halving again? I thought it was supposed to earlier this year, but maybe I'm misremembering and it's early next year.
<bramc>
I mean the mining rewards, pardon my freudian typo.
<bramc>
Rusty is working on lightning networks? Are the lightning networks guys employed at blockstream as well?
<moa>
block #420k
<phantomcircuit>
bramc, they're not
RoboTeddy has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
<bramc>
When the mining rewards halve again, I'm going to get the local environmentalist groups to organize a celebration
<phantomcircuit>
lol
nessence has joined #bitcoin-wizards
<moa>
block #420k should have numerous groups partying
<bramc>
Are things in motion to get a relative timelock opcode added to bitcoin?
p15x has joined #bitcoin-wizards
<moa>
bramc: appears to be
arubi_ has joined #bitcoin-wizards
nessence has quit [Ping timeout: 246 seconds]
<phantomcircuit>
bramc, yes
gmaxwell has joined #bitcoin-wizards
<phantomcircuit>
lots of review effort is required which realistically translates to lots of time
<gmaxwell>
bramc: there is a proposal for a potential first step in a relative checklocktime verify on the bitcoin-development list (if you can find it amid all the non-development political traffic :) )
<bramc>
petertodd, Question still applies. If nVersion failed to get the appropriate threshold to make 3 required, what's the mechanism for giving up? And how would you distinguish acceptance of a new thing from attempted acceptance of the old thing?
<bramc>
Does BIP66 succeed in making signatures fully canonical?
<petertodd>
bramc: in the existing scheme there isn't a mechanism; sipa aims to fix that problem with his new scheme
<petertodd>
bramc: remember that it is *not* a vote
<bramc>
Okay that's a dumb question, obviously it doesn't. Does it succeed in making the simplest types of signatures fully canonical?
<petertodd>
bramc: there's very specific reasons for BIP66 and they aren't rellated directly to malleability
Mably has quit [Ping timeout: 272 seconds]
GAit has quit [Remote host closed the connection]
<bramc>
Or rather, does it succeed in making it so that someone who doesn't want to allow third parties to mutate their signatures to keep that from happening?
DougieBot5000 has quit [Quit: Leaving]
<petertodd>
no
<bramc>
No to which of my questions?
<petertodd>
no, it doesnt succeed
<bramc>
At any of it?
<phantomcircuit>
iirc bip 66 prevents all know mutations of the der ecdsa signatures
<phantomcircuit>
petertodd, is this wrong?
<petertodd>
like I said, BIP66 is to fix issues with openssl, not to prevent malleability
<petertodd>
that it happens to be a subset of bip62 which aims to fix malleability is an accident
<petertodd>
anyway, bbl, going for a hike with my parents :)
<moa>
take a hike
<bramc>
All these years and we're still dealing with the shittiness of openssl
<petertodd>
moa: exactly!
<bramc>
Nobody's commented on my scheme to screw over anyone who accepts zeroconf. Maybe that's too uncontroversial around here to provoke discussion.
hktud0 has quit [Read error: Connection reset by peer]
<bramc>
Mind you, I'm not advocating stealing, just pointing out how it could be done very effectively and that *somebody* will inevitably do it.
hktud0 has joined #bitcoin-wizards
<bramc>
Interesting, bip62 requires a new signature type, instead of just stricter acceptance like bip66
<moa>
bramc: some outfit announced a service to provide double-spend confidence ratings
<bramc>
moa, *sigh*
<bramc>
The unstoppable attack is that people can post 'legit' transactions to the network, then post transactions with different targets including kickbacks to old mining reward targets to some darknet
<bramc>
Or maybe the signatures for old mining rewards are used to give new targets to preserve the anonymity of the, ahem, service provider
<bramc>
There's not much which can be done about this: If the miners are conspiring against your idiotic zeroconf acceptance, then you're fucked, and there's no reason for them not to do it.
gill3s has joined #bitcoin-wizards
<bramc>
This practice wouldn't even be illegal, and would be very unlikely to be made illegal if clueful people explained to regulators what was going on.
<p15>
could you just not accept zeroconf when an old mining reward was involved?
<bramc>
p15, No it works like this: I post a transaction sending something to you. This is a completely legit transaction, nothing weird about it. It comes from me it goes to you. It goes through the bitcoin network properly. Separately, I post to some darknet a bunch of competing transactions, which all have the same input but their outputs split between a key I have and a kickback for the same key as will claim one of the old
<bramc>
mining rewards. I post one of these for each of the last couple thousand mining operations
<bramc>
So you accept the as legit as it can be zeroconf operation, and it gets magically undone by a miner who is, ahem, optimizing their mining rewards.
<p15>
ok I see
<p15>
it sounds pretty similar to a normal attack on zeroconf
<p15>
just a new way to reward a miner
<p15>
the killer attack would be one that didn't include a complicit miner
<bramc>
You can do an 'okay' job of zeroconf if you assume that the miners are diligently trying to make everything fair and just and are acting as charitable entities
<bramc>
Of course, that view is hopelessly naive.
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<p15>
if you could do a good job of zeroconf what we would we need miners for :D
<CoinMuncher>
bramc: Hadn't heard your proposal before. Interesting. petertodd has a whole double-spend python library with even higher claimed success rates than yours.
<CoinMuncher>
bramc: In the end zeroconf should just go to Lightning Network I guess.
<bramc>
If I'd made a ranty post calling zeroconf supporters stupid and just covering that one point it might have gotten some press. Putting it in the middle of a dense information-filled post not so much.
Mably has joined #bitcoin-wizards
<bramc>
And yes, lightning network or green transactions are a much better way to get immediate payments. That's a boringly uncontroversial statement around these parts.
shesek has quit [Ping timeout: 264 seconds]
<CoinMuncher>
ah right still need to finish reading that post. Looked like a good summary. Putting a nice little candy in the middle is actually a good trick, teaches people to read your stuff. You don't want to play the sensationalist journalism headlines game, do you?
sparetire_ has quit [Quit: sparetire_]
<bramc>
Sometimes I play the sensationalist journalism game by accident when I'm a little too glib
nessence has joined #bitcoin-wizards
andy-logbot has quit [Remote host closed the connection]
<bramc>
moa, Yeah the point of the attack that I propose is that you could seem to have nearly 100% confidence that you're out there based on the data they collect and still be completely fucked.
<moa>
hmmm, seems like they might like to know about it?
Mably has quit [Ping timeout: 246 seconds]
<bramc>
moa, It tends to be very hard to convince someone of something when their funding is dependent on them not understanding it.
<moa>
lol
<moa>
conflicted
damethos has quit [Ping timeout: 245 seconds]
<moa>
stomach neural mass rules cerebral cortex every time
SDCDev has quit [Ping timeout: 256 seconds]
antanst has quit [Ping timeout: 240 seconds]
antanst has joined #bitcoin-wizards
bosma has quit [Ping timeout: 265 seconds]
belcher has quit [Ping timeout: 250 seconds]
justanotheruser has quit [Quit: Reconnecting]
justanotheruser has joined #bitcoin-wizards
AaronvanW_ has joined #bitcoin-wizards
mkarrer has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
RoboTeddy has quit [Remote host closed the connection]
SDCDev has joined #bitcoin-wizards
SDCDev has quit [Ping timeout: 264 seconds]
p15 has quit [Max SendQ exceeded]
p15 has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
<stonecoldpat>
bramc: if i understand correctly, so you get the public key from an old coinbase, and send the miner that transaction directly? (splitting the bitcoins between yourself and the miner)? this just seems like a non-interactive way to stop the miner needing to send you his public key and creates a link on the blockchain. Please correct me if i'm wrong with understanding what you proposed. Although -you could derive a new publ
<stonecoldpat>
(and since the public key is sent out of bounds and not stored in the OP_RETURN, its not an obvious stealth address).
dEBRUYNE has joined #bitcoin-wizards
bramc has quit [Quit: This computer has gone to sleep]
Mably has quit [Ping timeout: 246 seconds]
gill3s has joined #bitcoin-wizards
<CoinMuncher>
stonecoldpat: s/public key/address and I don't see how you would derive a new address.
<CoinMuncher>
bramc: Also, why would you send the double spend directly to one particular miner address instead of just having a large fees so that *any* miner can pick it up? That makes it more deniable by the miner as well: it's just a fee.
<stonecoldpat>
CoinMuncher: fair point, you would need to find where the coinbase has been spent to get the public key - and the fee does seem a more obvious way to do it, but it does look strange if the 'fee' is very large and it was not visible on the network before going into the blockchain (if its just a large fee, youd expect everyone to hear about it), whereas a transaction would be less supicious
<stonecoldpat>
or may be less suspicious* (always arguable)
mkarrer has quit [Remote host closed the connection]
Mably has joined #bitcoin-wizards
<CoinMuncher>
yeah still suspicious, but a bit more plausible deniability for the miner than a straight transaction. (if you even consider this illegal or morally wrong...).
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
bosma has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 272 seconds]
metamarc has quit [Read error: Connection reset by peer]
GibsonA has joined #bitcoin-wizards
rubensayshi has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 256 seconds]
shinohai has joined #bitcoin-wizards
c0rw|zZz is now known as c0rw1n
adlai has quit [Ping timeout: 255 seconds]
lmatteis has quit [Ping timeout: 246 seconds]
jtimon has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
bosma has quit [Read error: Connection reset by peer]
jtimon has quit [Remote host closed the connection]
adlai has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
HostFat has joined #bitcoin-wizards
thrasher` has joined #bitcoin-wizards
GibsonA has quit [Ping timeout: 264 seconds]
thrasher` has quit [Remote host closed the connection]
thrasher` has joined #bitcoin-wizards
adam3us has quit [Read error: Connection reset by peer]
lmatteis has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
GibsonA has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 244 seconds]
p15x has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 272 seconds]
felipelalli has quit [Ping timeout: 244 seconds]
SDCDev has joined #bitcoin-wizards
moa has quit [Quit: Leaving.]
Guyver2 has joined #bitcoin-wizards
GibsonA is now known as thrasher`
thrasher` has quit [Changing host]
thrasher` has joined #bitcoin-wizards
mkarrer has joined #bitcoin-wizards
thrasher` has quit [Remote host closed the connection]
thrasher` has joined #bitcoin-wizards
thrasher` has quit [Changing host]
thrasher` has joined #bitcoin-wizards
p15 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
GibsonA has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 258 seconds]
lmatteis has quit [Ping timeout: 272 seconds]
lmatteis has joined #bitcoin-wizards
thrasher` has joined #bitcoin-wizards
GibsonA has quit [Ping timeout: 246 seconds]
HaltingState has joined #bitcoin-wizards
Emcy_ has joined #bitcoin-wizards
Emcy has quit [Ping timeout: 256 seconds]
binaryFate has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
SDCDev has quit [Ping timeout: 246 seconds]
Relos has quit [Ping timeout: 256 seconds]
GibsonA has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 246 seconds]
damethos has joined #bitcoin-wizards
thrasher` has joined #bitcoin-wizards
GibsonA has quit [Ping timeout: 255 seconds]
adam3us1 has joined #bitcoin-wizards
GibsonA has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 246 seconds]
Relos has joined #bitcoin-wizards
SDCDev has joined #bitcoin-wizards
adam3us has quit [Ping timeout: 246 seconds]
Quanttek has joined #bitcoin-wizards
hashtag has joined #bitcoin-wizards
Relos has quit [Ping timeout: 258 seconds]
hearn has joined #bitcoin-wizards
thrasher` has joined #bitcoin-wizards
GibsonA has quit [Ping timeout: 264 seconds]
Relos has joined #bitcoin-wizards
GibsonA has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 256 seconds]
hashtag has quit [Quit: Leaving]
hashtag has joined #bitcoin-wizards
adam3us1 has quit [Quit: Leaving.]
GibsonA has quit [Ping timeout: 258 seconds]
thrasher` has joined #bitcoin-wizards
thrasher` has quit [Remote host closed the connection]
thrasher` has joined #bitcoin-wizards
afk11 has joined #bitcoin-wizards
hashtag_ has joined #bitcoin-wizards
hashtag_ has quit [Client Quit]
GibsonA has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 256 seconds]
thrasher` has joined #bitcoin-wizards
GibsonA has quit [Ping timeout: 264 seconds]
ThomasV has quit [Ping timeout: 240 seconds]
GibsonA has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 250 seconds]
GibsonA has quit [Remote host closed the connection]
thrasher` has joined #bitcoin-wizards
thrasher` has quit [Remote host closed the connection]
thrasher` has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
GibsonA has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
adam3us1 has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 250 seconds]
thrasher` has joined #bitcoin-wizards
Relos has quit [Ping timeout: 245 seconds]
GibsonA has quit [Ping timeout: 258 seconds]
StephenM347 has joined #bitcoin-wizards
GibsonA has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 265 seconds]
adam3us1 has quit [Quit: Leaving.]
thrasher` has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 264 seconds]
justanotheruser has quit [Quit: Reconnecting]
justanotheruser has joined #bitcoin-wizards
GibsonA has quit [Ping timeout: 265 seconds]
Relos has joined #bitcoin-wizards
anchatter has joined #bitcoin-wizards
GibsonA has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 264 seconds]
adam3us has joined #bitcoin-wizards
thrasher` has joined #bitcoin-wizards
GibsonA has quit [Ping timeout: 255 seconds]
GibsonA has joined #bitcoin-wizards
thrasher` has quit [Ping timeout: 246 seconds]
DougieBot5000 has joined #bitcoin-wizards
jae has joined #bitcoin-wizards
jae is now known as Guest81298
afk11 has quit [Ping timeout: 272 seconds]
adam3us has quit [Quit: Leaving.]
ThomasV has quit [Ping timeout: 245 seconds]
adam3us has joined #bitcoin-wizards
antanst has quit [Quit: Leaving.]
thrasher` has joined #bitcoin-wizards
GibsonA has quit [Ping timeout: 244 seconds]
adam3us has quit [Quit: Leaving.]
sbos99 has quit [Ping timeout: 276 seconds]
thrasher` has quit [Remote host closed the connection]
thrasher` has joined #bitcoin-wizards
thrasher` has quit []
afk11 has joined #bitcoin-wizards
lmatteis has quit [Ping timeout: 256 seconds]
lmatteis has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
afk11 has quit [Remote host closed the connection]
Guyver2 has quit [Ping timeout: 264 seconds]
eudoxia has joined #bitcoin-wizards
b_lumenkraft has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
sbos99 has joined #bitcoin-wizards
DrWatto has quit [Quit: Actually, she wasn't really my girlfriend, she just lived next door and never closed her curtains.]
justanotheruser has quit [Quit: Reconnecting]
mkarrer has quit [Remote host closed the connection]
<kanzure>
"Democoin: A publicly verifiable and jointly serviced cryptocurrency"
antanst has joined #bitcoin-wizards
kmels has joined #bitcoin-wizards
<kanzure>
hmm what's the utility of a proof of guilt
kmels has quit [Read error: Connection reset by peer]
ThomasV has joined #bitcoin-wizards
CoinMuncher has quit [Quit: Leaving.]
<kanzure>
why would they care if they have a proof-of-guilt floating around?
Mably has quit [Quit: Page closed]
<gmaxwell>
It doesn't appear to specify. It may be an implicit assumptions that participants have known, issued identities, and are subject to some effective external process. Or it's a rehashing of the fraud proofs motivations we'd discussed previously.
<kanzure>
it's also not clear what their actual goals are, so it's hard to evaluate their design against that
<gmaxwell>
Their centeral coin design sounds essentially identical the very first thing discussed in this channel. (though we answered what you'd do with the fraud proofs, you'd use them to claim fidelity bonds)
<kanzure>
this seems to be their criticism of bitcoin :P "However, these systems require a public file (”ledger”) that is very big and very inefficient to maintain and update. As a result, these systems too may not be too useful, particularly if the number of users and transactions grows."
<lmatteis>
if anybody can summarize that document i'd be grateful
<kanzure>
waste of time
<lmatteis>
plus what is up with the "(This technology is covered by three patent applications"
<kanzure>
the number of bitcoin users does not directly (and hardly indirectly) determines the size of the ledger
<gmaxwell>
kanzure: yea, a little frustrating that that cite the bitcoin whitepaper but don't appear to be even aware of the scaling tools explictly disclosed in it with their own sections; much less that subsiquent tools this community has discussed over the past 5 years.
<kanzure>
the number of bitcoin transactions can grow without insertion into the blockchain, so that's also a weird thing for them to claim
<gmaxwell>
At the same time; I suppose actually being aware of the state of the art might inhibit their ability to gain expansive patents...
<lmatteis>
it's unreal that someone can actually patent these "ideas"
<kanzure>
i suspect that this is the same in other academic fields (nobody reads the literature carefully)
<lmatteis>
their background seems more crypto-theory rather than distributed systems
damethos has quit [Quit: Bye]
AaronvanW_ has quit [Ping timeout: 246 seconds]
<lmatteis>
kanzure: you'd be surprised how stringent most top academic conferences are in terms of making sure related work is attributed
damethos has joined #bitcoin-wizards
jgarzik has quit [Quit: Leaving]
c-cex-yuriy has joined #bitcoin-wizards
shen_noe has joined #bitcoin-wizards
afk11 has quit [Read error: Connection reset by peer]
shen_noe has quit [Client Quit]
Mably has joined #bitcoin-wizards
<gmaxwell>
lmatteis: <cynically> to the reviewers and organizers </cynically> :)
<ThomasV>
lol
<gmaxwell>
really, its hard, but on papers I've done it was pretty easy to tell at least which instutions reviewers were with based on which papers they demanded you cite. :)
<ThomasV>
gmaxwell: reviewers are often chosen based on which papers you cite in your manuscript
<lmatteis>
but they're double-blinded
<ThomasV>
not always
<ThomasV>
double blind reviewing is pretty rare
<ThomasV>
at least in some fields
MoALTz_ has quit [Ping timeout: 272 seconds]
<binaryFate>
in my field most often they're not double-blinded (either journals or conference)
<ThomasV>
I saw double blind reviewing at some conferences, but never for a journal
<lmatteis>
really? most a, a* are double-blinded
<ThomasV>
nature offers it only since this year
<lmatteis>
"All submissions will be evaluated using a double-blind review process. To ensure blind reviewing, papers should be anonymized by removing author names and affiliations, as well as by masking any information about projects and bibliographic references, etc. that might reveal the authors’ identities."
<lmatteis>
this is from an "average" academic conference
<lmatteis>
actually rated C which is quite low
<kanzure>
"the rate of citations is inversely proportional to the distance of the author from the other institution"
priidu has quit [Ping timeout: 265 seconds]
<kanzure>
man that would be a terrible result to see
<ThomasV>
heh.. I remember removing the hostname of my machine manually from some pdf figures
prodatalab has quit [Ping timeout: 265 seconds]
<ThomasV>
was fun
<binaryFate>
you could insert priv keys there to bribe reviewers :)
<ThomasV>
binaryFate: ao generate them from your abstract
bramc has joined #bitcoin-wizards
<gmaxwell>
If you generated them from something other than the abstract they'd have to read something other than the abstract, win win. :P
<waxwing>
just reading about chameleon hashes/sigs, something i don't get: what does this system give you that a simple HMAC doesn't? i.e. with a shared key hmac you have a non-transferrable signature, no?
gill3s has joined #bitcoin-wizards
<gmaxwell>
waxwing: yes, HMAC works for a designated verifier system.
LeMiner has quit [Read error: Connection reset by peer]
LeMiner has joined #bitcoin-wizards
binaryFate has quit [Quit: Konversation terminated!]
zwick has joined #bitcoin-wizards
<waxwing>
oh so if i read it right it's like, with chameleon you can still get non-repudiability because if there is a dispute the signer can generate a collision which he wouldn't otherwise be able to. you don't get that with hmac.
palexander has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
Quanttek has quit [Remote host closed the connection]
nessence has quit [Remote host closed the connection]
<waxwing>
swedish gangsters lol
Quanttek has joined #bitcoin-wizards
<midnightmagic>
gmaxwell: Can both Alice and Bob publish forged contracts?
<midnightmagic>
Ah, no, nevermind.
<midnightmagic>
So if Alice can't forge a contract, then all they have to do is put a gun to Alice's head and force her to reveal the contract, correct?
<waxwing>
wouldn't it be possible to do it symmetrically, each side signs the same contract using a chameleon sig?
<midnightmagic>
Then how does anyone show what the original contract was in the event of a dispute?
<gmaxwell>
midnightmagic: they don't, you just show bob is up to some crap.
<waxwing>
Alice proves Bob has forged by demonstrating a collision. I think that works?
justanotheruser has quit [Ping timeout: 258 seconds]
<midnightmagic>
gmaxwell: Is there some property I'm missing which shows that the forgeries are forgeries after Alice publishes the original?
justanotheruser has joined #bitcoin-wizards
<gmaxwell>
midnightmagic: that fact that there are two of them! :)
<gmaxwell>
it means that one must be a forgery.
<midnightmagic>
gmaxwell: And.. Alice can't forge, but in the narrow world of the arrangement, we can't tell which one came from bob and which came from alice without additional constructions that defeat the purpose of the arrangement?
eliomm22 has quit []
<gmaxwell>
midnightmagic: right, a key point though is that you know both came from bob, perhaps then the convention is that bob is automatically a fraudester unless he does the alice-favorable superset of both contracts.
<waxwing>
gmaxwell: i think you're talking about your original construction, not my suggestion of it being done in both directions?
<gmaxwell>
waxwing: yea sorry, only half reading. If it's done in both directions than alice and bob can coperate to forge; which has its utility too.
<gmaxwell>
(I think I may have mentioned a bidi version in that thread? ... I know they were discussed somewhere. The problem with bidi is just more coordination required.)
<waxwing>
right. i can't see a practical problem arising from them both being able to forge, perhaps there is.
<waxwing>
(cooperatively)
<waxwing>
it has the huge advantage that they're both protected from coercion though, if i got it right
<midnightmagic>
Then the construction of a forgery shows that a forgery exists, and the creation of a forgery means Bob is evil if we all agree that constructing forgeries is evil. But we can never tell whether Bob is satisfying the contract since everything might be a forgery.
<waxwing>
midnightmagic: i can't see the scenario where they would cooperate to create a forgery and then show that to the world? How would that benefit them both?
gill3s has joined #bitcoin-wizards
hashtag_ has joined #bitcoin-wizards
<gmaxwell>
midnightmagic: you can, because you can require in the event of two contracts; both must be satisfied; and in the event of contradictory requirements alice choses.
<midnightmagic>
gmaxwell: Ah, makes sense.
hashtag has quit [Ping timeout: 258 seconds]
frankenmint has joined #bitcoin-wizards
<midnightmagic>
waxwing: Perhaps as part of the contract, Bob makes one in advance for Alice which he's willing to abide by in the event of coercion, to protect Alice.
<waxwing>
another way to put it, cooperative forging is not forging, it's agreement (another contract)
frankenmint has left #bitcoin-wizards [#bitcoin-wizards]
<midnightmagic>
"I never told him to kill anyone, I told him to make me a website."
<bramc>
stonecoldpat, Yeah the idea is that (1) the miner has authenticated themselves as a miner (2) the person doing the double-spend sends to them 'directly', possibly through a mixnet, and (3) whoever's running the mixnet can authenticate both that the transaction is going to a miner and that the transaction really is a double spend
<waxwing>
yeah, that's cool, but even more, as long as everyone understands the properties of the primitive, no one will ever try to coerce.
<bramc>
Lots of beautiful anti-spam properties in that system. There also can be kickbacks to whoever's running the mixnet.
<waxwing>
in theory :) what always worries me about deniability stuff is that it relies on criminals not being thick as a brick :)
<gmaxwell>
I object to the claim that only (or even mostly) criminals need deniability; in particular, as you not criminals tend to make poor life choices to begin with. :)
<midnightmagic>
:)
<gmaxwell>
But yes, in practice these things are not so hugely useful.. though its sad to adopt something like pay to contract in a way that _reduces_ security against some known threats.
<midnightmagic>
It was the easiest example that arrived off the top of my head.
<midnightmagic>
fwiw, I strongly think that normal people should use these sorts of constructs widely, if not this one specifically. Just to be clear.
<waxwing>
well this one is obviously hugely useful in non-criminal contexts. at least looks that way to me.
<waxwing>
wow "exposure freeness". that's cool, so the judge doesn't even have to know the contents of the contract :)
bosma has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<gmaxwell>
waxwing: the schemes we have for tree structured hashes also let you do things like prove sections of text, so you can redact most of a contract if only part is in dispute.
<gmaxwell>
(e.g. use the hash of the full contract (plus optionally a nonce) to build a tree structured CSPRNG that assigns a nonce to each byte of the message. Then make a tree structured hash over the bytes with their nonces, sign the hash root... now you can compactly prove any character ranges from the original document, without revealing the whole document.)
<waxwing>
gmaxwell: yes that's a great idea. although you'd have to make sure each *section* is signed independently.
<gmaxwell>
waxwing: nope, see above, it can be done so a signal signature lets you cover arbritary ranges, down to the bit.
<gmaxwell>
if the contract naturally has some structure like sections, the ranges could break along them too, e.g. if you wanted disclosure of certian data to always be forced.
<waxwing>
i'm thinking semantically; Alice promises A,B,C if Bob abides by D,E,F - no point exposing only the A,B,C part. sort o fthing.
sbos99 has joined #bitcoin-wizards
<gmaxwell>
yea indeed, though if the scheme is interactive and bob reveals A,B,C and D but not E and F, alice can just expose E,F (or just whatever bob isn't complying with).
<gmaxwell>
Main utility I saw in this was just a "here is my contact with them with the payment amounts, and my delivery address redacted"
<waxwing>
yes
<waxwing>
the conditional exposure solves it, or at least it's good enough. people who write legal contracts will have fun :)
antanst1 has joined #bitcoin-wizards
antanst1 has quit [Remote host closed the connection]
<waxwing>
one could imagine cases where Bob applies game theory, knowing Alice values the secrecy of C more than the fulfilment of the contract.
<waxwing>
but exposure only to a judge/arbiter might make that almost purely theoretical
<gmaxwell>
waxwing: sure, but without this scheme bob can do that over the whole contract; so at least its a strict improvement.
rht_ has quit [Quit: Connection closed for inactivity]
b_lumenkraft has quit [Quit: b_lumenkraft]
qawap has joined #bitcoin-wizards
Sub|afk has joined #bitcoin-wizards
SubCreative has quit [Read error: Connection reset by peer]
Populus has quit [Remote host closed the connection]
SubCreative has joined #bitcoin-wizards
HaltingState has quit [Ping timeout: 256 seconds]
Sub|afk has quit [Ping timeout: 246 seconds]
dansmith_btc has quit [Remote host closed the connection]
nessence has joined #bitcoin-wizards
spinza has quit [Excess Flood]
spinza has joined #bitcoin-wizards
eudoxia has quit [Quit: Leaving]
RoboTeddy has joined #bitcoin-wizards
<dgenr8>
bramc: yes, either the double-spends were not broadcast, or the subnetwork that monitors for double-spends happened to miss them. that's grown a lot less likely recently
<bramc>
dgenr8, Some of the red ones have very long delays between the first and second transaction, there might be some propagation problems involved, perhaps they're somewhat malformed
Guest81298 has quit [Remote host closed the connection]
lmatteis has quit [Ping timeout: 255 seconds]
arubi_ has quit [Quit: Leaving]
punsieve has joined #bitcoin-wizards
arubi_ has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 246 seconds]
Starduster_ has quit [Ping timeout: 258 seconds]
maraoz has quit [Ping timeout: 252 seconds]
MoALTz has quit [Quit: Leaving]
damethos has quit [Quit: Bye]
MoALTz has joined #bitcoin-wizards
jae has joined #bitcoin-wizards
jae is now known as Guest88257
jmcn has joined #bitcoin-wizards
jmcn_ has quit [Ping timeout: 276 seconds]
arubi_ has quit [Ping timeout: 250 seconds]
hashtag_ has quit [Ping timeout: 255 seconds]
ThomasV has joined #bitcoin-wizards
zwick has quit [Quit: WeeChat 1.2]
arubi_ has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
arubi_ has quit [Ping timeout: 250 seconds]
shinohai has quit [Quit: WeeChat 1.2]
arubi_ has joined #bitcoin-wizards
RoboTeddy has quit [Remote host closed the connection]
damethos has quit [Ping timeout: 264 seconds]
Quanttek has quit [Ping timeout: 264 seconds]
arubi_ is now known as arubi
ThomasV has quit [Ping timeout: 272 seconds]
Giszmo has joined #bitcoin-wizards
Mably has quit [Ping timeout: 265 seconds]
punsieve has quit [Quit: Leaving]
tromp__ has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 256 seconds]
tromp_ has joined #bitcoin-wizards
tromp__ has quit [Ping timeout: 265 seconds]
Sub|afk has joined #bitcoin-wizards
artiefoo has joined #bitcoin-wizards
gielbier has quit [Ping timeout: 265 seconds]
hashtag has joined #bitcoin-wizards
SubCreative has quit [Ping timeout: 265 seconds]
zooko has quit [Ping timeout: 264 seconds]
zveda has joined #bitcoin-wizards
gielbier has joined #bitcoin-wizards
Starduster has joined #bitcoin-wizards
lnovy is now known as RogerVer
RogerVer is now known as lnovy
joecool has quit [Ping timeout: 256 seconds]
ThomasV has joined #bitcoin-wizards
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
zveda has left #bitcoin-wizards ["Ex-Chat"]
StephenM347 has quit []
shen_noe has joined #bitcoin-wizards
DougieBot5000 has quit [Quit: Leaving]
SubCreative has joined #bitcoin-wizards
Sub|afk has quit [Ping timeout: 276 seconds]
ThomasV has quit [Ping timeout: 272 seconds]
d1ggy_ has quit [Quit: Leaving]
RoboTeddy has joined #bitcoin-wizards
RoboTeddy has quit [Ping timeout: 272 seconds]
RoboTeddy has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
STRML has quit [Ping timeout: 264 seconds]
Guest88257 has quit [Remote host closed the connection]
MoALTz has quit [Quit: Leaving]
STRML has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
adam3us has quit [Quit: Leaving.]
wallet42 has quit [Quit: Leaving.]
AaronvanW_ has quit [Remote host closed the connection]
adam3us has joined #bitcoin-wizards
adam3us has quit [Client Quit]
Guyver2 has quit [Remote host closed the connection]
mkarrer has quit [Remote host closed the connection]
<akrmn>
silly question: What if force miners to hash the whole block instead of the header? Would that incentivize smaller blocks?
punsieve has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 265 seconds]
akstunt600 has quit [Remote host closed the connection]
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
wumpus has quit [Ping timeout: 265 seconds]
akrmn has quit [Ping timeout: 272 seconds]
akrmn has joined #bitcoin-wizards
licnep has joined #bitcoin-wizards
DougieBot5000 has joined #bitcoin-wizards
wumpus has joined #bitcoin-wizards
<gmaxwell>
akrmn: that would be incompatible with lite clients. And it wouldn't just "icentivize" it would make it so you'd have to be stupid to include any txn at all so long as there is subsidy.