jbenet has quit [Remote host closed the connection]
CryptoGoon has quit [Remote host closed the connection]
mappum has quit [Remote host closed the connection]
vonzipper has quit [Remote host closed the connection]
platinuum has quit [Remote host closed the connection]
runeks has quit [Remote host closed the connection]
kumavis has quit [Write error: Broken pipe]
CryptOprah has quit [Remote host closed the connection]
adams__ has quit [Remote host closed the connection]
dasource has quit [Remote host closed the connection]
artifexd has quit [Write error: Broken pipe]
mikolalysenko has quit [Remote host closed the connection]
Muis has quit [Write error: Broken pipe]
<Taek>
It would be interesting for the first proof-of-concept sidechain to have 20mb blocks
Madars has quit [Ping timeout: 272 seconds]
sbos99 has joined #bitcoin-wizards
<sipa>
Taek: its performance characteristics are very different from Bitcoin's; it wouldn't offer a useful comparison
<Taek>
I am misunderstanding something then. (slide 10/34). I thought sidechains were essentially alternate blockchains that used the bitcoin currency
<sipa>
they are
<Taek>
if it's nearly an exact fork, why would the performance characteristics be 'very different'?
<sipa>
but Elements Alpha (which Greg is presenting) has very different validation rules than Bitcoin itself, so things like propagation/validation time, and cost for running a full node are not comparable to Bitcoin
<gwillen>
Taek: a sidechain won't have the same volume of users, miners, transactions, etc. as bitcoin itself
<gwillen>
so the performance characteristics won't necessarily be similar
<Taek>
gwillen: that is true, but it would relieve political pressure I believe. Perhaps it wouldn't. sipa: hadn't gotten that far, is EA the cryptosystem greg mentioned earlier this week?
Madars has joined #bitcoin-wizards
<sipa>
yes
Cory has quit [Remote host closed the connection]
<sipa>
Taek: how would it relieve political pressure?
nemild has joined #bitcoin-wizards
<Taek>
currently, many people believe that the only way Bitcoin is going to survive is by increasing the block size to 20mb. With a sidechain implementation that's identical to bitcoin, they can move their coins to a blockchain with more room without forking the original network.
<Taek>
if recognizing this new chain just requires a client update by the merchants, it's no more difficult to implement than a hardfork
<sipa>
Taek: that's in no way a better solution than just increasing Bitcoin's block size
<Taek>
(*for the merchants)
<Taek>
sipa: it leaves the old 1mb chain intact, not everybody has to switch to the new chain if they don't like the consequences
Guest53541 has joined #bitcoin-wizards
<sipa>
If people expect that resulting sidechain to be actually usable, ~everyone will need to validate it just the same as they have to validate Bitcoin, and it comes at a huge security cost.
<Taek>
merchants could choose to only accept the 1mb coins
<sipa>
and they'll lose every customer
<Taek>
it also would not seem so difficult for merchants to accept both, then users who prefer the 1mb could keep using their 1mb coins
<sipa>
I agree it has significantly lower risk, but massive security trade-off.
<sipa>
our purpose with sidechains is unlocking experimentation with new technology
<sipa>
it's not a substitute for a stable main chain
<Taek>
security tradeoff as in mining security, or another type of security?
<Taek>
Using homorphic encryption to hide transfer amounts is very interesting
<moa>
elements has implemented homomorphic encryption?
<sipa>
Yup.
<moa>
!!! wut
<gribble>
Error: "!!" is not a valid command.
<Taek>
(wait this is all implemented???)
<moa>
yous guise been busy
<sipa>
Taek: yes
<Taek>
wow! congrats
<sipa>
I'm not sure homomorphic encryption is the correct term, though. But yes, EA has a feature called Confidential Transactions, which blind the amounts transferred, while retaining cryptographic proofs that the values add up.
<sipa>
Downside: ~kilobytes per output, and significantly slower to validate
<sipa>
These don't go into the UTXO set, though.
<moa>
makes sense
<gwillen>
it's not fully-homomorphic, but it allows homomorphic addition of values
<gwillen>
so you can add blinded values and get blinded results
<sipa>
ironically, the hardest part of confidential values is guaranteeing that no negative amounts were used
rusty has joined #bitcoin-wizards
<moa>
yeah I got that partial homomorphic ... but good enough for what we want to do, nice job
<moa>
sipa: why's that, the negative sign bit handling?
<sipa>
moa: because you could cancel out things (have a 1 BTC inputs, and a 3 BTC + -2 BTC output... and never reveal the -2 BTC one)
phantomcircuit has quit [Ping timeout: 264 seconds]
<Taek>
so, the idea is to test new concepts in a sidechain, and then potentially implement them in the main chain after they've been battle-hardened in a less-critical economy?
<moa>
sipa: so elements is a fork of Core it looks like, does the depends build work?
<sipa>
moa: unlikely
phantomcircuit has joined #bitcoin-wizards
<moa>
Euclids elements?
GGuyZ has joined #bitcoin-wizards
Tebbo` has joined #bitcoin-wizards
TheSeven has quit [Disconnected by services]
[7] has joined #bitcoin-wizards
Tebbo has quit [Ping timeout: 256 seconds]
<maaku>
Taek: maybe, in the very very long term
<maaku>
for now, experiment
<maaku>
moa: frankly a lot of the integration is alpha quality
<maaku>
(groan)
<moa>
it built fine here
<moa>
not sure what I built though :)
<maaku>
well i hope it does build! but if 'make check' works it's because we commented out a bunch of tests ;)
<maaku>
this isn't a polished product. it is an opening up of development into an open source project that we hope will be larger than ourselves
<moa>
yeah i see that
<maaku>
moa: there should be a readme in the root directory
<morcos>
at what point is it forked from Core? 0.10?
<moa>
so there is a chain running on port 18332?
<maaku>
morcos: somewhere between 0.10 and 0.11. getting it rebased to 0.11 is a near-term thing to do
<maaku>
moa that's testnet3's rpc port, which the alpha sidechain connects to to perform verification
<moa>
ah ok
<maaku>
alpha p2p port is 4242, rpc port 4241
<moa>
how is testnet3 significantly different to testnet?
<maaku>
moa it is bitcoin testnet
<maaku>
bitcoin testnet has been reset twice in the past, the current version is 3
jinglebellz has quit [Remote host closed the connection]
<morcos>
this looks like a lot of fantastic work. congratulations guys! i look forward to diving in when i can get back in front of a computer.
GGuyZ has quit [Quit: GGuyZ]
Guest53541 has quit [Remote host closed the connection]
mjerr has joined #bitcoin-wizards
Guest53541 has joined #bitcoin-wizards
jinglebellz has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
p15x has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
frankenmint has joined #bitcoin-wizards
bliljerk101 has quit [Ping timeout: 265 seconds]
bliljerk101 has joined #bitcoin-wizards
sbos99 has quit [Ping timeout: 272 seconds]
p15x has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
jinglebellz has quit [Remote host closed the connection]
<amiller>
is there a clear figure on what's the size of these transactions?
catlasshrugged has quit [Ping timeout: 265 seconds]
catlasshrugged has joined #bitcoin-wizards
SubCreative has joined #bitcoin-wizards
<kanzure>
amiller: in the transcript search for "kilobytes"
<amiller>
"2.5 kilobytes"
<kanzure>
well, for zero-knowledge range proofs
fenn has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
catlasshrugged_ has joined #bitcoin-wizards
zooko has quit [Remote host closed the connection]
catlasshrugged has quit [Ping timeout: 265 seconds]
tromp has quit [Ping timeout: 250 seconds]
felipelalli has quit [Ping timeout: 265 seconds]
shesek has quit [Ping timeout: 272 seconds]
SubCreative has quit [Read error: Connection timed out]
antanst has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
<sipa>
amiller: the ouputs need a range proof, which is several kilobytes in size, depending on the log of the number of possible range values
<sipa>
amiller: 2.5 kb for 32-bit
gill3s has joined #bitcoin-wizards
<amiller>
i see.... i guess it could go down very low if i only want to like, hide my most significant few bits or something
<sipa>
indeed
SubCreative has joined #bitcoin-wizards
<sipa>
the implementation supports up to 64-bit, though there is a consensus limit to 52 bits
<Luke-Jr>
kanzure: unfortunately, I've no clue how that is supposed to be setup; I think warren would be the one to poke
<sipa>
indeed, it is known to be broken currently
lnsybrd has quit [Quit: lnsybrd]
<kanzure>
well let me know if you have any errors and i can look at those if you post them in the issue tracker
* kanzure
proceeds to sleep with one eye open
frankenmint has left #bitcoin-wizards [#bitcoin-wizards]
<sipa>
amiller: also, 80% of the range proof data size can be used as private communication channel between sender and receiver
orperelman has joined #bitcoin-wizards
<amiller>
sipa, i missed that part.... so even with a 32-bit range is the on-chain proof size is 2.5kb or less?
<sipa>
the on-chain proof for 32-bit is 2.5 kn
<sipa>
kb
shesek has joined #bitcoin-wizards
<sipa>
2kb of which can be used to transfer information from sender to recwiver, though
<sipa>
(you'll need to ask gmaxwell for details here, i don't know how that works)
p15x has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
Giszmo has quit [Quit: Leaving.]
Mably has quit [Ping timeout: 245 seconds]
jbenet has joined #bitcoin-wizards
platinuum has joined #bitcoin-wizards
kumavis has joined #bitcoin-wizards
sbos99 has joined #bitcoin-wizards
orperelman has quit [Ping timeout: 256 seconds]
orperelman has joined #bitcoin-wizards
runeks has joined #bitcoin-wizards
mariorz has quit [Ping timeout: 272 seconds]
michagogo has quit [Ping timeout: 276 seconds]
yrashk has quit [Ping timeout: 265 seconds]
btcdrak has quit [Ping timeout: 252 seconds]
prosodyContext has quit [Ping timeout: 256 seconds]
Xzibit17 has quit [Ping timeout: 276 seconds]
Muis has joined #bitcoin-wizards
mkarrer has joined #bitcoin-wizards
artifexd has joined #bitcoin-wizards
CryptOprah has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
mikolalysenko has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
ThomasV_ has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 244 seconds]
mappum has joined #bitcoin-wizards
rht__ has quit [Remote host closed the connection]
pollux-bts has quit [Remote host closed the connection]
catcow has quit [Remote host closed the connection]
pgokeeffe has quit [Remote host closed the connection]
CryptoGoon has joined #bitcoin-wizards
sbos99 has quit [Ping timeout: 246 seconds]
gill3s has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
Tebbo` has quit [Read error: Connection reset by peer]
sbos99 has joined #bitcoin-wizards
mariorz has joined #bitcoin-wizards
hktud0 has quit [Read error: Connection reset by peer]
yrashk has joined #bitcoin-wizards
dasource has joined #bitcoin-wizards
hktud0 has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
Relos has quit [Ping timeout: 276 seconds]
<gmaxwell>
amiller: yes, the size is 2 + 8 (or 0 if no minimum value) + ceil(n/8) + 5*n*32 bytes where n is the number of digits in base-4 for the mantissa of the rangeproof (if the number of bits isn't a multiple of 2, the last digit is in base two and takes 3*32 instead of 5*32)).
<gmaxwell>
The size of the mantissa is selectable in one bit increments, and there is a seperate exponent that scales the hidden part by 10^x for x in 0..18, as well as an optional minimum value that moves the zero point.
<gmaxwell>
I have a longer description, lemme see if its posted yet.
<petertodd>
gmaxwell: +1 (though hopefully it actually works!)
<gmaxwell>
petertodd: well, bugs are always possible. But the cryptographic construction itself is fairly boring, as such things go.
<gmaxwell>
I wouldn't consider it production ready, though it has had ~some~ level of review and about a cpu-year of fuzz testing.
<petertodd>
gmaxwell: just need to figure out a way for people to steal lots of money by breaking it... :/
damethos has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
<gmaxwell>
Done.
<gmaxwell>
(I mean, use it with non-testnet coins and you have that)
<petertodd>
hehe, yup
<gmaxwell>
Perhaps I've snowed myself with the nice layering, but at least it decomposes into nice subsystems that you can analyize independantly.
<gmaxwell>
Also, wrt development, basically the amount of over-design is inversely proportional to how high in the stack it is. E.g. the ring signature is quite carefully reviewed (at least as much as something new can be), while the bitcoin integration is... well. There are chunks of code that have probably never been run, and maybe only reviewed a bit by the person who wrote them. :P
<petertodd>
which is fine, given that the pool of people who can review it goes up the higher the stack you go :)
tromp has quit [Ping timeout: 246 seconds]
<gmaxwell>
In any case, matt, pieter, and luke should all understand the integration fairly well and should be able to answer questions on it as well as I can (or likely better)
adams__ has joined #bitcoin-wizards
<petertodd>
I'm going to find some time to go through all the changes in Elements sooner or later
vonzipper has joined #bitcoin-wizards
dabos has joined #bitcoin-wizards
prosodyContext has joined #bitcoin-wizards
sbos99 has quit [Ping timeout: 244 seconds]
rusty has quit [Ping timeout: 265 seconds]
pollux-bts has joined #bitcoin-wizards
orperelman has quit [Ping timeout: 256 seconds]
Xzibit17 has joined #bitcoin-wizards
btcdrak has joined #bitcoin-wizards
catcow has joined #bitcoin-wizards
mjerr has quit [Remote host closed the connection]
mjerr has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
<gmaxwell>
amiller: also if you run across anyone claiming to have a plain ECDL-assumptions range proof with efficiency better than 2.5 elements per bit, I'd love to see it. Lit on this seems kinda fragmented because the earliest schemes were not formally published; there are lots of papers on schemes with efficiency worse than that even with bilinear crypto. There are schemes for groups of unknown order
<gmaxwell>
(e.g. usually trusted setup) which are super elegant and pretty efficient for /very/ big numbers.
<gmaxwell>
fluffypony: thanks!
andy-logbot has quit [Remote host closed the connection]
andy-logbot has joined #bitcoin-wizards
* andy-logbot
is logging
<gmaxwell>
also, anyone get it running yet? There is a faucet with coins already on the sidechain.
c0rw|zZz is now known as c0rw1n
GGuyZ has joined #bitcoin-wizards
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ_ has joined #bitcoin-wizards
rht__ has joined #bitcoin-wizards
<amiller>
gmaxwell, the borromean thing was great, i dont suppose you have a writeup in equal detail, like in between the confidential_values.txt and the code?
<gmaxwell>
amiller: not yet.
<amiller>
i want to look at the floating point algorithm really carefully
rusty has joined #bitcoin-wizards
<gmaxwell>
amiller: the borromean thing started off morely like that txt, and with illustrations like https://people.xiph.org/~greg/sign.svg and andytoshi made it awesome. Not quite there yet.
<amiller>
ok, i understand :)
rht___ has joined #bitcoin-wizards
<gmaxwell>
amiller: the decimal float works quite simply though; normaly the basis thats proved is 0 or 1; 0 or 2; 0 or 4 ... (well technically 0,1,2,3 0,4,8,12...) when the exponent is 1 instead the basis is 0/10 0/20 0/40...
pgokeeffe has joined #bitcoin-wizards
<amiller>
hm
<gmaxwell>
and so on for higher exponents. There is actually a way to make the exponents somewhat priviate (you only make their differences public when you combine them; though I don't implement that; as it has a base level of inefficiency (have to carry around a blinded exp) that makes it seem like not a win.
damethos has quit [Ping timeout: 258 seconds]
<gmaxwell>
The 'cute' optimizations in my system are this: use of base 4 OR instead of base 2, which takes the cost from 3 elements a bit to 5 for two bits. Elimination of the commitment for the last digit by reconstructing it from the value being proved and all the other bits .... and the "proof rewind" that lets someone sharing the provers coins recover a message sent by the prover 80% of the size of t
<gmaxwell>
he proof.
<gmaxwell>
the things like the variable mantissa size and exponent are more pedesterian.
<gmaxwell>
Taek: phantomcircuit was joking that we should reduce the block size to 999999 bytes just to double emphasize that this thing isn't currently a scaling expirement.
dEBRUYNE has joined #bitcoin-wizards
p15 has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
p15_ has quit [Ping timeout: 250 seconds]
rubensayshi has joined #bitcoin-wizards
CoinMuncher has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
p15 has quit [Max SendQ exceeded]
tromp has quit [Ping timeout: 264 seconds]
p15 has joined #bitcoin-wizards
GGuyZ_ has quit [Quit: GGuyZ_]
rht___ has quit []
GGuyZ has joined #bitcoin-wizards
p15 has quit [Ping timeout: 256 seconds]
p15 has joined #bitcoin-wizards
ThomasV_ has quit [Ping timeout: 244 seconds]
GGuyZ has quit [Quit: GGuyZ]
LeMiner has joined #bitcoin-wizards
kyuupichan has quit [Remote host closed the connection]
kyuupichan has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 246 seconds]
ThomasV has joined #bitcoin-wizards
orperelman has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
dabos has quit [Ping timeout: 265 seconds]
SDCDev has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
pollux-bts has quit [Quit: Connection closed for inactivity]
metamarc has quit [Read error: Connection reset by peer]
metamarc has joined #bitcoin-wizards
metamarc has quit [Changing host]
metamarc has joined #bitcoin-wizards
mjerr has quit [Ping timeout: 256 seconds]
ThomasV has quit [Ping timeout: 265 seconds]
mjerr has joined #bitcoin-wizards
c0rw1n has quit []
c0rw1n has joined #bitcoin-wizards
Relos has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
dabos has joined #bitcoin-wizards
orperelman has quit [Ping timeout: 245 seconds]
<Taek>
gmaxwell: I'm not sure where I got the idea, but I had been under the impression that sidechains were set up as a migration tool
<Taek>
you would make sidechains, and then if people liked them they would move their coins over and just use that chain instead of the original chain
<Taek>
I'm not the only one who had/has that idea
<sipa>
Taek: the idea of sidechains grew indeed from the question of a safe upgrade mechanism
<sipa>
and they can be used for that
<gmaxwell>
Taek: Thats a possible mode, one we mention in the whitepaper; and it was the original motivation for adam proposing the one-way peg.
MrTratta has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
Mably has quit [Ping timeout: 246 seconds]
tromp has joined #bitcoin-wizards
<Taek>
[23:25:44] <sipa> our purpose with sidechains is unlocking experimentation with new technology
<Taek>
these statements had confused me
<Taek>
[23:25:52] <sipa> it's not a substitute for a stable main chain
tromp has quit [Ping timeout: 272 seconds]
erasmospunk has joined #bitcoin-wizards
p15 has quit [Max SendQ exceeded]
prodatalab has joined #bitcoin-wizards
p15 has joined #bitcoin-wizards
c0rw1n is now known as c0rw|afk
AaronvanW has quit [Ping timeout: 246 seconds]
Quanttek has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
hashtagg_ has quit [Ping timeout: 244 seconds]
MrTratta has quit [Remote host closed the connection]
tromp has quit [Ping timeout: 258 seconds]
zooko has joined #bitcoin-wizards
moa has quit [Quit: Leaving.]
damethos has joined #bitcoin-wizards
eudoxia has joined #bitcoin-wizards
robogoat has quit [Ping timeout: 264 seconds]
tromp has joined #bitcoin-wizards
ThomasV has quit [Quit: Quitte]
<waxwing>
so in Confidential, it looks to me from a read through, that people will probably still want/need coinjoin like approaches to anonymise the transaction graph, right?
<waxwing>
or is there some plan to implement ring sigs in a side chain for actual txs?
Jouke has quit [Ping timeout: 276 seconds]
<waxwing>
one could see a lot of scenarios where just blinding the amounts might not be good enough
p15 has quit [Max SendQ exceeded]
MrTratta has joined #bitcoin-wizards
p15 has joined #bitcoin-wizards
<andytoshi>
waxwing: coinjoin becomes much more powerful; yeah, there is still a motivation for it to avoid people determining the shape of the transaction graph
<andytoshi>
as for ringsigs, they break pruning and would require a lot of design work .. i'd like to see them but i don't think there are concrete plans for them (tho if we found some asymptotically more efficient ringsig scheme maybe we'd change our minds)
<waxwing>
break pruning, yes. it would be interesting to hear what some big institutions' reactions are to "we can provide confidentiality of amounts, but the utxos are still traceable". what i always find difficult is that coinjoin is already there, so it's a bit weird trying to figure out what you're actually trying to do there.
<gmaxwell>
waxwing: coinjoin is quite weak in practice and annoying to use (so it isn't used more universally) due to the amount non-privacy.
<waxwing>
i see; so you envision that this is the main confidentiality feature (amounts) and coinjoin is just kind of there if anyone is motivated to do it.
<gmaxwell>
Also, realize that we have a very weird way of looking at this in bitcoin: Transaction graph privacy is metadata privacy; indeed metadata privacy is important, but its fundimentally harder than content privacy (often impossible to be completely metadata private), and often less valuable than content privacy.
<gmaxwell>
I think both would be used, it's specifically design to work with coinjoin (and the rpc interfaces in elements should be all setup for someone to build a coinjoiner on top)
<gmaxwell>
but at the same time, I do think that value privacy is more important generally.
<waxwing>
btw thanks for the write up. my brain nearly melted but i think i finally understood how you prove the commitment to zero :)
<gmaxwell>
! HURRAY!
<gribble>
Error: "HURRAY!" is not a valid command.
<fluffypony>
lol gribble
<waxwing>
grumpy gribble
<fluffypony>
¡ olé !
<gmaxwell>
waxwing: I'm overjoyed to hear that; the range proof is a slick trick that I feel like everyone whos into the technical stuff can understand if they care to...
damethos has quit [Quit: Bye]
<waxwing>
yes, i guess it's the privacy vs anonymity thing again. wrt my "big institutions" question, it's the former they want, not the latter. metadata is not a bad analogy (at least, once you actually have the amount privacy).
<MrTratta>
I don't remember who but someone suggested some ncurses based console app that was great to monitor bitcoind, does anyone remember the name? I couldn't find it on github
GGuyZ has quit [Remote host closed the connection]
<zooko>
gmaxwell: way to go on releasing Elements!!
GGuyZ has joined #bitcoin-wizards
<gmaxwell>
zooko: thanks!
<gmaxwell>
zooko: seen the confidential transaction technical primer I wrote? (it needs a more proper writeup like we did on the new ringsignature, but ... soooo many things to do so little time.)
<zooko>
I haven't read it yet.
<MrTratta>
gmaxwell, thanks
nubbins` has joined #bitcoin-wizards
b_lumenkraft has joined #bitcoin-wizards
mjerr has quit [Ping timeout: 255 seconds]
<waxwing>
huh, already a quote from the Blythe Masters company in a WSJ article: "DAH Chief Technology Officer Shaul Kfir said it could be a “very powerful way to protect investors from having to disclose sensitive business information, even while providing complete transparency to regulators.”
<waxwing>
that's kind of in line with what we said.
<Taek>
It would be useful in employment scenarios too.
zooko has quit [Ping timeout: 250 seconds]
damethos has joined #bitcoin-wizards
orperelman has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
mkarrer has quit [Remote host closed the connection]
<StephenM347>
gmaxwell: I'm reading over your confidential transactions proposal, nice! In it you have `H = to_point(SHA256(ENCODE(G)))`, which could be interpreted incorrectly (as I did at first) as `SHA256(ENCODE(G))*G`, instead of taking SHA256(ENCODE(G)) as the x coordinate of a new pub key
gill3s has quit [Client Quit]
nemild has joined #bitcoin-wizards
nessence has quit [Remote host closed the connection]
dc17523be3 has quit [Ping timeout: 265 seconds]
<sipa>
StephenM347: would H = RecoverPoint(x = SHA256(Encode(G)), y = even) be less confusing?
<gmaxwell>
StephenM347: damn, you know I was trying there to avoid precisely that misunderstanding.
<gmaxwell>
I think in some earler draft I'd tried H.x = SHA256(ENCODE(G)) and that was confusing in some other way. :) I'll try to fix.
<StephenM347>
sipa: less confusing, but maybe not clear as it could be. RecoverPoint isn't terminology that I'm well versed with anyway.
<gmaxwell>
StephenM347: point for your understanding that you reconized that SHA256(ENCODE(G))*G would be fatally busted.
<StephenM347>
gmaxwell: Haha, thanks. I read it and was like, that can't be what he means. Specifying the x in that type of a syntax makes more sense
<sipa>
H is defined as the curve point with X coordinate equal to SHA256(G) and corresponding Y coordinate to be on the curve. The important part is that it is exceedingly unlikely that anyone knows the value h such that H = h*G.
<kanzure>
win 12
<kanzure>
ehrjoiqjeq
nessence has joined #bitcoin-wizards
<gmaxwell>
yea, thats why that misunderstanding is so unfortunate: it's like the one and only way you cannot produce H, almost any other procedure is okay, just not that one! :)
nessence has quit [Remote host closed the connection]
nessence has joined #bitcoin-wizards
<stonecoldpat>
for elements did you guys change the alpha consensus library? (libalphaconsensus) my build keeps failing on it with architecture x86_64, i thought it was me, but i just compiled bitcoin core usign the same ./configure with no problems
<stonecoldpat>
with "symbols not found ofr architecture x86_64", the most frustrating error code in the world :(
<sipa>
did you try a make clean, or a git clean -dfx (warning: wipes all non-committed files) ?
<sipa>
it's forked off 0.10.2 with a few commits from 0.11, but nothing build system related
<stonecoldpat>
yeah, tried both (and upgraded brew, re-installed boost etc, upgraded to yosemite too)
<StephenM347>
gmaxwell: it would also be good to check that there is an associated y coordinate for the x coordinate SHA256(ENCODE(G)) (there may be no point with such an x coordinate)
<sipa>
StephenM347: if there wasn't, he would have chosen something else than SHA256(G) :)
<gmaxwell>
StephenM347: turns out that there is, so long as ENCODE is uncompressed DER. :)
<sipa>
gmaxwell: not DER
<gmaxwell>
sipa: someday I'll remember the correct name of that encoding.
<gmaxwell>
StephenM347: actually the first two things I tried were not on the curve.
<StephenM347>
gmaxwell: interesting, sha256d and hash160?
<gmaxwell>
(SHA256(G.x) and SHA256(compressed-seralized-G))
<sipa>
gmaxwell: i wonder if it has a name besides "The encoding specified by SEC1v2 in section 2.3.3"
<gmaxwell>
no-- wouldn't hae used hash160, too small, would make a non-uniformly distributed X would would perhaps be harmless but seem weird.
nubbins` has quit [Quit: Quit]
<StephenM347>
yeah, bad choice with hash160
<StephenM347>
bad guess, I mean
<StephenM347>
gmaxwell: How can we be sure that `(In1 + In2 + In3 + plaintext_input_amount*H...) - (Out1 + Out2 + Out3 + ... fees*H) == 0.`, won't it just be some multiple of G?
<andytoshi>
StephenM347: that first H should be a G right?
<andytoshi>
StephenM347: it'll be a multiple of G, specifically 0*G ;)
<StephenM347>
andytoshi: I don't think so, copied from source
<sipa>
the formula is correct
<sipa>
StephenM347: the creator of the transaction must guarantee that all blinding values cancel (i.e., all blinding factors summed in the outputs must equal the sum of blinding factors used in the inputs)
<andytoshi>
oh, right, i always get the blinding factor and actual inputs crossed
<andytoshi>
i feel like our design is backward with respect to my intuition..
<StephenM347>
sipa: oh, that makes sense, so all but one of the blinding factors are chosen randomly
<andytoshi>
StephenM347: correct
<sipa>
StephenM347: bingo
nubbins` has joined #bitcoin-wizards
<sipa>
StephenM347: which is why you can't have a transaction with blinded inputs but without blinded outputs
dc17523be3 has joined #bitcoin-wizards
mkarrer has joined #bitcoin-wizards
gmaxwell has quit [Ping timeout: 256 seconds]
Populus has joined #bitcoin-wizards
heath has quit [Ping timeout: 265 seconds]
gmaxwell has joined #bitcoin-wizards
gmaxwell is now known as Guest94462
heath has joined #bitcoin-wizards
Guest94462 has quit [Changing host]
Guest94462 has joined #bitcoin-wizards
Guest94462 is now known as gmaxwell
<gmaxwell>
StephenM347: "If the author of a transaction takes care in picking their blinding
<gmaxwell>
factors so that they add up correctly,"
<gmaxwell>
andytoshi: I also wanted to use "G" for the value, but you see it's the value that gets handled in unusual ways.. where as the blinding factor is just treated like a secret key.
damethos has quit [Quit: Bye]
<gmaxwell>
andytoshi: so for example my H constant time table is setup to only work for 64 bit values and such.
ThomasV_ has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 256 seconds]
dabos has quit [Ping timeout: 265 seconds]
wallet42 has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
tucenaber_ has quit [Ping timeout: 256 seconds]
<StephenM347>
gmaxwell: I'm really intrigued by the whole homomorphic commitments process. Do you hope/expect that this will be a feature of a side chain that eventually becomes the predominant chain?
<gmaxwell>
or another scheme (e.g. more efficent; perhaps unconditionally sound; I'm confident there is room for improvement)
p15x has quit [Ping timeout: 264 seconds]
ThomasV_ has quit [Ping timeout: 244 seconds]
p15x has joined #bitcoin-wizards
<StephenM347>
gmaxwell: If there are many chains, and a merchant wants to receive coins from a customer who uses a different chain, won't it take a long time to transfer the coins back to the main chain and then onto the merchant's preferred chain?
<sipa>
StephenM347: atomic swaps
<sipa>
they're much faster than the sidechain transfer mechanism
<StephenM347>
sipa: hmm, I need to read more on side chains. How much faster?
<sipa>
one transaction on each side
<sipa>
or 2, i misremember
<StephenM347>
Is it possible to do it across a hub and spoke micropayment channel?
<StephenM347>
i.e. if I'm a hub that can send and receive on both chains
<StephenM347>
could be instant
NewLiberty has quit [Ping timeout: 246 seconds]
bsm1175321 has quit [Ping timeout: 246 seconds]
antanst has left #bitcoin-wizards [#bitcoin-wizards]
temujin has joined #bitcoin-wizards
dabos has joined #bitcoin-wizards
SDCDev has quit [Ping timeout: 256 seconds]
bsm1175321 has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
tucenaber has joined #bitcoin-wizards
tucenaber has joined #bitcoin-wizards
dabos has quit [Ping timeout: 255 seconds]
shen_noe has joined #bitcoin-wizards
damethos has quit [Remote host closed the connection]
damethos has joined #bitcoin-wizards
erasmospunk has quit [Remote host closed the connection]
maraoz has joined #bitcoin-wizards
erasmospunk has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
nemild has quit [Quit: nemild]
nemild has joined #bitcoin-wizards
zwick has quit [Quit: WeeChat 1.2]
zwick has joined #bitcoin-wizards
zwick has quit [Changing host]
zwick has joined #bitcoin-wizards
nessence has quit [Remote host closed the connection]
Dizzle has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
wallet42 has joined #bitcoin-wizards
erasmosp_ has joined #bitcoin-wizards
gielbier has quit [Read error: Connection reset by peer]
erasmospunk has quit [Ping timeout: 255 seconds]
nubbins` has quit [Quit: Quit]
erasmospunk has joined #bitcoin-wizards
erasmosp_ has quit [Ping timeout: 264 seconds]
frankenmint has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
gielbier has joined #bitcoin-wizards
lnsybrd has joined #bitcoin-wizards
hayek has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
nessence has joined #bitcoin-wizards
Mably has quit [Ping timeout: 246 seconds]
frankenmint has quit [Remote host closed the connection]
frankenmint has joined #bitcoin-wizards
erasmospunk has quit [Quit: ttm]
erasmospunk has joined #bitcoin-wizards
lnsybrd has quit [Ping timeout: 252 seconds]
erasmospunk has quit [Client Quit]
<andytoshi>
gmaxwell: oh, that's a good reason
Mably has joined #bitcoin-wizards
<andytoshi>
i was worried that there was an algebraic reason, which i don't see (and am pretty convinced there is not), that'd make me worried about my understanding of the system :)
<gmaxwell>
andytoshi: no, it's just boring engineering reasons.
kmels has joined #bitcoin-wizards
kmels has quit [Max SendQ exceeded]
kmels has joined #bitcoin-wizards
Mably has quit [Quit: Page closed]
Crowley2k has joined #bitcoin-wizards
Emcy has quit [Read error: Connection reset by peer]
akstunt600 has quit [Ping timeout: 245 seconds]
CoinMuncher has quit [Quit: Leaving.]
AaronvanW has quit [Ping timeout: 246 seconds]
nessence has quit [Remote host closed the connection]
frankenmint has quit [Remote host closed the connection]
shesek has quit [Ping timeout: 250 seconds]
shen_noe2 has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
shen_noe has quit [Ping timeout: 255 seconds]
priidu has quit [Ping timeout: 255 seconds]
bsm1175321 has quit [Ping timeout: 246 seconds]
jtimon has joined #bitcoin-wizards
shen_noe2 has quit [Quit: quitquitquit]
Burrito has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
Dizzle has quit [Remote host closed the connection]
NewLiberty has quit [Ping timeout: 245 seconds]
antanst has joined #bitcoin-wizards
nemild has quit [Quit: nemild]
nemild has joined #bitcoin-wizards
PaulCapestany has quit [Quit: .]
nemild has quit [Client Quit]
PaulCapestany has joined #bitcoin-wizards
nemild has joined #bitcoin-wizards
dansmith_btc has joined #bitcoin-wizards
c-cex-yuriy has joined #bitcoin-wizards
Emcy has joined #bitcoin-wizards
<temujin>
gmaxwell: awesome video on side chain elements, do you guys have a blockstream IRC channel?
<gmaxwell>
we have a sidechains irc channel, #sidechains-dev though no public blockstream IRC channel right now.
<temujin>
perfect thank you
nemild has quit [Quit: nemild]
nemild has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 252 seconds]
nemild has quit [Client Quit]
nemild has joined #bitcoin-wizards
<kanzure>
"There was this wonderful technology invented a few years ago to deal with spam. It's called Hashcash. All these hacky heuristics like block size are just dancing around the problem, and the natural solution is already present in bitcoin: smaller blocks, (down to the point of individual transactions) each mined. Don't relay things that haven't been mined. As spam or transaction levels go up, mining targets for submission go up too. Of ...
<kanzure>
... course this is a pretty serious redesign of bitcoin, and I'm not offering a concrete proposal at this time (but have one in the works, and I'd like to see others). I call the parameters of these hacky heuristics "Consensus Threatening Quantities" (CTQs) because changing them induces a hard fork. Bitcoin is full of them (block time, block size, target difficulty, retarget time, etc) and bitcoin would do well to face difficult ...
<kanzure>
... redesign questions head on, and remove them entirely. (Proposal to appear...)"
<sipa>
I wish him godspeed.
<maaku>
there is #blockstream. but for sidechains related stuff please use #sidechains-dev
<kanzure>
hmm for some reason i thought the quote was saying something else
nessence has joined #bitcoin-wizards
<kanzure>
i could have sworn i saw a proposal like "all of these quantities should be balanced against proof-of-work difficulty and perhaps also transaction fees"
damethos has quit [Ping timeout: 272 seconds]
<fluffypony>
just wait for his proposal to include an elastic block time
Jouke has joined #bitcoin-wizards
Jouke has quit [Client Quit]
joecool has joined #bitcoin-wizards
shen_noe has joined #bitcoin-wizards
shen_noe has left #bitcoin-wizards [#bitcoin-wizards]
rubensayshi has quit [Ping timeout: 256 seconds]
Jouke has joined #bitcoin-wizards
nemild has quit [Quit: nemild]
nemild has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
antanst1 has joined #bitcoin-wizards
maraoz has quit [Ping timeout: 265 seconds]
antanst has quit [Ping timeout: 256 seconds]
nemild has quit [Quit: nemild]
antanst has joined #bitcoin-wizards
antanst1 has quit [Read error: Connection reset by peer]
antanst has quit [Client Quit]
nemild has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
zooko has quit [Quit: #p]
priidu has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
antanst has joined #bitcoin-wizards
akrmn has quit [Ping timeout: 250 seconds]
trstovall has joined #bitcoin-wizards
nemild has quit [Quit: nemild]
adam3us has joined #bitcoin-wizards
Zooko-phone has joined #bitcoin-wizards
orperelman has quit [Read error: No route to host]
orperelman has joined #bitcoin-wizards
akrmn has joined #bitcoin-wizards
p15_ has joined #bitcoin-wizards
zwick has quit [Quit: WeeChat 1.2]
p15 has quit [Ping timeout: 272 seconds]
frankenmint has quit [Remote host closed the connection]
nemild has joined #bitcoin-wizards
maraoz has joined #bitcoin-wizards
priidu has quit [Ping timeout: 245 seconds]
Starduster has quit [Ping timeout: 258 seconds]
Zooko-phone has quit [Ping timeout: 244 seconds]
robogoat has joined #bitcoin-wizards
spinza has quit [Excess Flood]
jae_ has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
jae_ has quit [Remote host closed the connection]
mjerr has quit [Ping timeout: 256 seconds]
nemild has quit [Quit: nemild]
dabos has joined #bitcoin-wizards
frankenm_ has joined #bitcoin-wizards
Tebbo has joined #bitcoin-wizards
shen_noe has joined #bitcoin-wizards
mkarrer has quit [Remote host closed the connection]
mkarrer has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
kmels has quit [Ping timeout: 256 seconds]
Dizzle has quit [Remote host closed the connection]
damethos has quit [Quit: Bye]
jtimon has quit [Ping timeout: 265 seconds]
jtimon_ has joined #bitcoin-wizards
lnsybrd has joined #bitcoin-wizards
maraoz has quit [Ping timeout: 255 seconds]
damethos has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
nessence has quit [Read error: Connection reset by peer]
Starduster has joined #bitcoin-wizards
zooko has quit [Ping timeout: 276 seconds]
nessence has joined #bitcoin-wizards
HM has quit [Ping timeout: 245 seconds]
rusty has joined #bitcoin-wizards
nemild has joined #bitcoin-wizards
nemild has quit [Client Quit]
HM has joined #bitcoin-wizards
nemild has joined #bitcoin-wizards
jtimon_ has quit [Ping timeout: 255 seconds]
OneFixt has quit [Remote host closed the connection]
ThomasV has joined #bitcoin-wizards
ttttemp has quit [Remote host closed the connection]
ttttemp has joined #bitcoin-wizards
ttttemp has quit [Remote host closed the connection]
ttttemp has joined #bitcoin-wizards
ttttemp has quit [Remote host closed the connection]
mikolalysenko has quit [Ping timeout: 256 seconds]
ThomasV has quit [Ping timeout: 258 seconds]
ttttemp has joined #bitcoin-wizards
lnovy has quit [Remote host closed the connection]
lnovy has joined #bitcoin-wizards
mikolalysenko has joined #bitcoin-wizards
orperelman has quit [Ping timeout: 265 seconds]
sparetire_ has joined #bitcoin-wizards
ttttemp has quit [Remote host closed the connection]
dabos has quit [Ping timeout: 264 seconds]
ttttemp has joined #bitcoin-wizards
ttttemp has quit [Remote host closed the connection]
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
ttttemp has joined #bitcoin-wizards
nessence has quit [Read error: Connection reset by peer]
nessence has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
nessence_ has joined #bitcoin-wizards
nessence_ has quit [Client Quit]
paveljanik has quit [Quit: Leaving]
nessence has quit [Ping timeout: 265 seconds]
rht__ has quit [Quit: Connection closed for inactivity]
zooko has joined #bitcoin-wizards
trstovall has quit [Quit: Connection closed for inactivity]
hashtag has quit [Ping timeout: 244 seconds]
Crowley2k has quit [Ping timeout: 264 seconds]
b_lumenkraft has quit [Quit: b_lumenkraft]
eudoxia has quit [Quit: Leaving]
lnsybrd has quit [Quit: lnsybrd]
belcher has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
antanst has quit [Quit: Leaving.]
pollux-bts has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
Dizzle_ has joined #bitcoin-wizards
Dizzle_ has quit [Ping timeout: 265 seconds]
damethos has quit [Ping timeout: 255 seconds]
Guyver2 has quit [Remote host closed the connection]
punsieve has joined #bitcoin-wizards
PaulCapestany has quit [Quit: .]
PaulCapestany has joined #bitcoin-wizards
rusty has quit [Read error: Connection reset by peer]
rusty has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
<bramc>
Hey everybody
<tromp_>
hi Bram
justanotheruser has quit [Ping timeout: 265 seconds]
justanotheruser has joined #bitcoin-wizards
<sipa>
ohai
frankenm_ has left #bitcoin-wizards [#bitcoin-wizards]
<bramc>
(1) What is signature covers value? I'm a little perplexed as to what it means
<sipa>
that the amount being spent by a txin is part of the signature hash that is being signed
<bramc>
You mean, the size of an input?
<sipa>
this means that a signing device does not need to know the full previous transaction whose output gets spent - if it receives incorrect information about the amounts, the transaction will just be invalid
<bramc>
Isn't that implicit in what is referred to?
<sipa>
it is implicitly referred to by the txin prevout hash
<sipa>
it's not a security argument
<bramc>
It seems like a waste of a few bytes
<sipa>
hashes are constant size
priidu has quit [Ping timeout: 272 seconds]
<sipa>
adding data to the hash input does not change anything :)
<sipa>
apart from a few microseconds in hashing
<bramc>
oh, hmm
Quanttek has quit [Ping timeout: 252 seconds]
<bramc>
I still don't understand the point, but fair enough, no harm no foul
<sipa>
ok
<sipa>
here is the use case
<sipa>
you have a hardware signing device
<bramc>
(2) what are mitmask sighash modes
<sipa>
you need to give that device some transaction to sign
<sipa>
you clearly don't trust the software creating that transaction, or you wouldn't need a hardware device
<bramc>
What's wrong with giving the device the whole previous transaction?
<sipa>
nothing
<sipa>
it may just be large
<sipa>
this makes it unnecessary
<bramc>
Oh okay, simple little optimization then
<sipa>
yup
<sipa>
as i said: not a security improvement
<sipa>
not sure what mitmask is
<bramc>
Bitmask Sighash Modes
nemild has quit [Quit: nemild]
<sipa>
those are not in elements
Mably has quit [Ping timeout: 272 seconds]
<bramc>
It's under 'proposed elements'
kmels has joined #bitcoin-wizards
<bramc>
(3) What is there to prevent a memory exhaustion attack using string concatenation?
<sipa>
there is no dup command
<sipa>
i think?
<sipa>
oh, there is
Populus has quit [Remote host closed the connection]
<bramc>
string concatenation is listed as one of the reintroduced commands
akstunt600 has joined #bitcoin-wizards
<bramc>
I can see why, it's specifically meant to enable the use of a merkle root of possible ways to unlock a utxo
<sipa>
there is a maximum size on the result of a cat
<sipa>
(it was a good question, i had to go check the code)
<bramc>
Is it a fixed max size?
<sipa>
yes
<bramc>
What is the max?
<sipa>
520 bytes
<bramc>
I think with one more simple opcode siacoin functionality could be added: BLOCKID, which takes the value of a specified height block and pulls it in (obviously this causes a timelock)
<sipa>
siacoin?
<bramc>
http://www.siacoin.com/ the basic idea is that I can pledge an amount of coins to be paid to you at some time in the future if you can prove that you still have a copy of a certain file at that time
eudoxia has joined #bitcoin-wizards
<bramc>
The pledge contains the merkle root of the file I want stored, and some future block id is used to specify which part of the file you have to cough up to retrieve the reward
hashtag has joined #bitcoin-wizards
Burrito has quit [Quit: Leaving]
temujin has quit [Quit: Page closed]
<bramc>
I think the new elements add enough that all that's left is the thing to pull in the block id
airbreather has joined #bitcoin-wizards
kmels has quit [Ping timeout: 256 seconds]
frankenmint has joined #bitcoin-wizards
kmels has joined #bitcoin-wizards
OneFixt has joined #bitcoin-wizards
StephenM347 has quit []
jae_ has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 264 seconds]
OneFixt has quit [Read error: Connection reset by peer]
eudoxia has quit [Quit: Leaving]
jae_ has quit [Remote host closed the connection]
mkarrer has quit []
joecool has quit [Ping timeout: 265 seconds]
jae_ has joined #bitcoin-wizards
jae_ has quit [Ping timeout: 258 seconds]
c0rw1n is now known as c0rw|zZz
airbreather has quit [Remote host closed the connection]