<akrmn>
does anyone have a link to a proposal for miner decentralization that doesn't involve tree chain like structures?
<akrmn>
like something that has a good chance of scaling
wallet42 has quit [Quit: Leaving.]
<leakypat>
petertodd: do you have builds for the RBF client or am I to compile from github myself?
shen_noe has joined #bitcoin-wizards
jaekwon has quit [Remote host closed the connection]
kmels has quit [Ping timeout: 264 seconds]
<CodeShark>
akrmn: working on ideas - hopefully one of these days I can be more constructive on this front rather than mostly pointing out how what we have won't work :p
<akrmn>
CodeShark: My best idea is tree-structured subchains, but if someone has a better idea I would like to read it
<akrmn>
I guess we can just set a limit on the scalability and rely on contracts
<akrmn>
but doesn't seem elegant to me
<petertodd>
leakypat: no builds just yet; will soon
<petertodd>
leakypat: also working on a fix so full and fss RBF will be more compatibile, so you can use both at the same time
<CodeShark>
a few things: 1) it's not necessary for everyone to verify everyone else's stuff...what really matters is that validators don't collude to fool everyone else. 2) it's not necessary to check everything...it is enough that the rate of failure be sufficiently negligible and we can rely on nondeterminism. 3) It is better for those who need to construct proofs to have some stake in the result so that incentives are there to do
<CodeShark>
so. 4) Risk can be managed by adding collective fees of some sort...or encouraging insurance, market making, and other such people who are willing to assume risk
c0rw1n has quit [Read error: Connection reset by peer]
c0rw1n has joined #bitcoin-wizards
<CodeShark>
5) a nested structure is probably a good idea, with the stuff closer to the root representing more global consensus states
<akrmn>
You just need a way to keep deep forks minimal. That's what I'm trying to think about now.
airbreather has joined #bitcoin-wizards
<akrmn>
like if a deep child chain has a mistake, do all the other chains get affected?
<akrmn>
I think it should be acceptable to keep going even if there is a small mistake in a child chain transaction
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
<CodeShark>
regarding things like invalid blocks, we could just roll back the bad transactions and their dependencies and punish the miner rather than rolling back the entire block if a bad transaction is discovered
<CodeShark>
but the process of rolling back transaction dependencies is not that cheap
<CodeShark>
it gets more expensive with time...but at least it results in far less disruption to everyone else
<akrmn>
I think once a transaction goes from a child chain to a parent chain, the parent chain has to stick with it
<akrmn>
even if later a mistake is found in the child chain transaction
Aquentin has quit [Ping timeout: 244 seconds]
freewil has joined #bitcoin-wizards
<akrmn>
but good to know I'm not the only one thinking about these things. Sipa doesn't seem to like it. He seems to think that only omniscient nodes are useful for network security. But I think with this kind of rule that I just gave, it can limit the effect on the parent chains so maybe it is more acceptable.
<CodeShark>
I think sipa's main critique, if I remember seeing it right, was the cost of transfering between chains
triazo has quit [Ping timeout: 264 seconds]
<akrmn>
there's no delay if the parent gets to commit to the child.
zooko has quit [Remote host closed the connection]
<CodeShark>
so one way is fast, but what about going in the other direction?
<akrmn>
(I mean: If an output goes in a transaction in a child chain, and then later in a transaction in a parent chain, then even though the value in the child chain is later found out to be wrong, nodes should just keep going with the value in the parent chain)
<akrmn>
still need to clarify that
<akrmn>
the child chain trusts the parent chain so it's easy the other way also
<dgenr8>
CodeShark: setting aside radical redesigns of the blockchain, and ignoring privacy, a way to ask your remaining peers to prove a new tx invalid would seem very helpful
<CodeShark>
dgenr8: if we could somehow reward peers for doing so you may be onto something
<CodeShark>
then the main threat would be at the network level...where someone manages to block your connections to honest nodes
<CodeShark>
(ignoring privacy for a moment)
<dgenr8>
CodeShark: is that a big issue? they aren't rewarded for anything else...
<CodeShark>
dgenr8: how costly is it for the node to do this? we'd need a full txout index, no?
<CodeShark>
I mean, a full tx index
<CodeShark>
or hmm...I guess spent outputs don't really matter
<CodeShark>
except for reorgs
<CodeShark>
it would actually be possible to pay people for these proofs if only the bitcoin script could reference other parts of the blockchain :p
<dgenr8>
CodeShark: first task is to decide what the question would be, and what the answer would look like. then how to get there.
<dgenr8>
CodeShark: sorry i can't just point you at a commit ;)
<CodeShark>
heh
<CodeShark>
so the question is: does this transaction conflict with any other transaction you know of? and the answer is a proof that they spend a common input
<CodeShark>
they or one of their dependencies, that is
<CodeShark>
so in the general case it requires constructing two dependency chains - but it's easier to prove conflict than to prove that they connect to the blockchain
<CodeShark>
so we really have two questions here
<dgenr8>
you started out just concerned about double-spends
<CodeShark>
right - if you are only concerned about double-spends then just demonstrating a shared spent output is sufficient
<CodeShark>
and you'd probably want to be able to check the signatures along the way
<CodeShark>
but hmm
nessence has joined #bitcoin-wizards
<CodeShark>
even checking signatures, unless you check that they do connect to the main chain it's super simple to cheat
<CodeShark>
you could stick your own transactions in the middle and sign them...and they'll never confirm
jaekwon has quit [Remote host closed the connection]
<CodeShark>
so it doesn't really seem worth doing unless you can prove that they do connect
<dgenr8>
ofc
<CodeShark>
right, so I take that back :p
<CodeShark>
it is not sufficient to just show a shared spent output :)
<CodeShark>
I guess a more general question is: show me how this transaction connects to the block chain
<dgenr8>
an invalidation proof could consist of a single connected conflicting spend
<CodeShark>
right
zmanian has quit [Remote host closed the connection]
<dgenr8>
do you check whether other peers inv'ed a tx that pays you? that means they like it
<dgenr8>
oh you have a filter
<CodeShark>
yeah - lol
<dgenr8>
gtg ttyl
<CodeShark>
later, dgenr8 - thanks for the thoughts
<CodeShark>
akrmn: still looking over your proposal...
<phantomcircuit>
CodeShark, nobody has yet shown an efficient way do fraud proofs for aggregate limits short of zk-SNARKS
<phantomcircuit>
proposals to commit to the aggregate limit values in fixed locations are the closest but have significant issues
<CodeShark>
doesn't have to be zk, but yeah
<CodeShark>
the thing is that it is probably not necessary for everyone to check the fraud proofs
<CodeShark>
but I sense self-reference here :p
<CodeShark>
someone then needs to construct a fraud proof of the fraud proof :p
<phantomcircuit>
CodeShark, everybody needs to check the fraud proofs that they receive
<phantomcircuit>
the problem is that the fraud proof for aggregate limit violations is... the entire block
<phantomcircuit>
oops
<akrmn>
CodeShark: Thanks. I don't really have a high level of popularity in this community, so it is hard to get people to give serious feedback
<dgenr8>
CodeShark: XT nodes relay direct double-spends that match your filter. but not when they appear in a block, and not when the conflict is with an ancestor.
<dgenr8>
CodeShark: as the author of that patch i'm going to consider that ...
<akrmn>
also I have to rewrite some things more clearly
<CodeShark>
phantomcircuit: I was speaking regarding the ability to reward fraud proofs
<phantomcircuit>
CodeShark, uh
<CodeShark>
but yeah, let's not get into that problem yet
<phantomcircuit>
how do you reward the producer of a fraud proof?
<phantomcircuit>
im not sure that's possible
<CodeShark>
with a script that can reference the relevant parts of the state
<CodeShark>
signed by both
<phantomcircuit>
CodeShark, and you pass the fraud proof off to a node
<phantomcircuit>
who immediately removes your script and issues a new fraud proof with his
<CodeShark>
hence requiring both signatures
<phantomcircuit>
both?
<CodeShark>
yes, it requires some blinding
<CodeShark>
might require some pk fancy crypto :p
<CodeShark>
but I think it's possible
<CodeShark>
err, zk fancy crypto
<phantomcircuit>
CodeShark, im thinking it's impossible
<phantomcircuit>
the other party has to be able to validate the fraud proof
<CodeShark>
three phases:
<phantomcircuit>
in which case they can generate their own
<CodeShark>
actually four rounds
<CodeShark>
1) party A requests proof from party B. 2) party B supplies zk proof, 3) party A signs, 4) party B reveals plaintext proof
<CodeShark>
the script is only satisfied if (4) happens, of course
moa has quit [Quit: Leaving.]
<CodeShark>
there might even be a way to condense it into only two rounds with some more clever tricks
Madars has quit [Remote host closed the connection]
Madars has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
Dr-G2 has quit [Ping timeout: 248 seconds]
d1ggy_ has quit [Read error: Connection reset by peer]
d1ggy_ has joined #bitcoin-wizards
belcher_ has quit [Quit: Leaving]
d1ggy_ has quit [Read error: Connection reset by peer]
d1ggy_ has joined #bitcoin-wizards
airbreather has quit [Read error: Connection reset by peer]
<amiller>
how "robust" is the assumption that people will treat something like money / like a commodity if it behaves one?
<amiller>
like, how crappy can a monetary policy where tons of people will use a cryptocurrency based on it, and the system would still work
<amiller>
its too bad that there aren't yet many "appcoins" that have been a demonstrable success, because it would be easier to look at the incentives in those systems.. they wouldn't even necessarily need to compete
<amiller>
namecoin as a whole should be 'earning income' from domain name registration fees... my understanding is that no one is using it though
<amiller>
but a cryptocurrency with some nice feature like that basically has an export economy of some kind, surely that can only help it
<phantomcircuit>
amiller, that nobody is using namecoin is itself a data point
<amiller>
yeah well i don't trust any strong inferences based on it :O
cosmo has joined #bitcoin-wizards
sy5error has quit [Ping timeout: 265 seconds]
freewil has quit [Read error: Connection reset by peer]
<zooko>
amiller: I don't think we can make any reliable predictions or generalizations about this.
<zooko>
But if you do make some, I want to know!
sy5error_ has joined #bitcoin-wizards
execut3 has joined #bitcoin-wizards
badmofo has joined #bitcoin-wizards
shesek has quit [Ping timeout: 265 seconds]
badmofo has quit [Ping timeout: 265 seconds]
mjerr has joined #bitcoin-wizards
* leakypat
compiles Bitcoin qt for the first time and reflects on what a huge responsibility running the release procedure an official version would be
<jgarzik>
phantomcircuit, amiller: it is false that no one is using namecoin
<jgarzik>
several identity projects are building on top of it
<phantomcircuit>
jgarzik, that's not a good idea
<phantomcircuit>
the codebase is almost entirely unmaintained
<CodeShark>
leakypat: welcome to the club :)
<jgarzik>
phantomcircuit, also untrue
<jgarzik>
but whatever. Spewing falsehoods we wish to be true on this channel is becoming the norm.
<phantomcircuit>
jgarzik, i'd bet you serious money i can cripple namecoin in a matter of a few days
<phantomcircuit>
but doing so is probably a felony
<amiller>
in this channel falsehoods must be spewed in pdf form
<jgarzik>
phantomcircuit, you also claim the ability to cripple bitcoin
damethos has joined #bitcoin-wizards
<CodeShark>
usage isn't really the point - the current design simply is not viable
<CodeShark>
at least not beyond an experimental research network
<CodeShark>
that's just hard math
<CodeShark>
it's not even controversial to anyone who bothers to make the calculations
<CodeShark>
but it's still a cool idea - I hope someone manages to find a way to make something like that viable
<CodeShark>
it's hardly ever the case with any technology that early prototypes are viable. this space is a little exceptional in seeming to expect that this doesn't apply here
<phantomcircuit>
jgarzik, k
<CodeShark>
add to that the fact that the design makes it so that all upgrades to the plane can only be done while in flight...and if you screw up you crash...and...voila!
<CodeShark>
fun, no? :)
<amiller>
i wish we could learn more from altcoins
<amiller>
maybe there's something to glean from them
<amiller>
bitcoin is still 'small', and so all the altcoins are really small, it's hard to believe there's a lot of signal there as far as what to do and not to do
<amiller>
does a crash usually kill those or is it slow atrophy
wallet42 has joined #bitcoin-wizards
<amiller>
i think (not too sure) no one cares enough about them to have big hard-fork dilemmas
<phantomcircuit>
amiller, slow atrophy
<phantomcircuit>
amiller, the one thing that has been shown to be 100% true is that anything which is available on a liquid market has value regardless of actual utility
<phantomcircuit>
which is a neat observation
<amiller>
yeah
paveljanik has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
<zooko>
jgarzik: Do you see IRC privmsgs for me? Once upon a time freenode silently silenced my privmsgs to some folks, and I've never trusted it since.
<zooko>
jgarzik: from me, that is.
<jgarzik>
zooko, I just responded to your PM. Lots going on right now and I'm kinda burned out on FUD (not yours, others).
<zooko>
*nod*
Mably has joined #bitcoin-wizards
arubi_ has quit [Quit: Leaving]
jtimon has quit [Ping timeout: 255 seconds]
mjerr has quit [Ping timeout: 250 seconds]
d1ggy has joined #bitcoin-wizards
d1ggy_ has quit [Ping timeout: 246 seconds]
moa has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
sy5error_ has quit [Remote host closed the connection]
d1ggy has quit [Ping timeout: 246 seconds]
AaronvanW has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
droark has quit [Quit: ZZZzzz…]
damethos has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
AaronvanW has quit [Ping timeout: 246 seconds]
cosmo has quit [Quit: Leaving]
ThomasV has quit [Ping timeout: 264 seconds]
DougieBot5000 has quit [Quit: Leaving]
jmcn_ has quit [Ping timeout: 276 seconds]
NewLiberty has quit [Ping timeout: 276 seconds]
jmcn has joined #bitcoin-wizards
spinza has quit [Ping timeout: 246 seconds]
spinza has joined #bitcoin-wizards
orperelman has joined #bitcoin-wizards
jmcn has quit [Ping timeout: 276 seconds]
jmcn has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
www has joined #bitcoin-wizards
<www>
hi
<www>
can you encrypt/decrypt messages using Secp256k1 ?
<www>
i have heard conflicting statements - who knows for sure?
cdecker has quit [Ping timeout: 276 seconds]
Tiraspol has quit [Ping timeout: 272 seconds]
cdecker has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
<fluffypony>
www: secp256k1 is *just* an elliptic curve
<waxwing>
kanzure: i know that story quite intimately 'cos i was the one who alerted gmaxwell to it here on IRC :)
<waxwing>
i just have a feelign that it's been redone on electrum, but properly. i may be imagining that though
<waxwing>
as for subspace, they are using ECIES via pyelliptic
kristofferR has joined #bitcoin-wizards
jmcn has quit [Ping timeout: 276 seconds]
orperelman has quit [Ping timeout: 272 seconds]
orperelman has joined #bitcoin-wizards
jmcn has joined #bitcoin-wizards
instagibbs has joined #bitcoin-wizards
<instagibbs>
falsehoods must be spread in *latex* form *wags finger at jgarzik BIP100 pdf*
<instagibbs>
Checking namecoin github... namecoin hasn't had a merge in half a year AFAICT. Namecore(?) is much more active.
<instagibbs>
(not calling your bip falsehood, just goofing)
<zooko>
I've been chatting with Namecoin devs who told me that they were working on stuff.
DougieBot5000 has joined #bitcoin-wizards
<zooko>
But I didn't look at commit logs.
<instagibbs>
dunno, just reporting my 10 second google search :)
<instagibbs>
makes me an expert
<zooko>
:-)
<zooko>
More than me!
<zooko>
Or, we're different kinds of experts.
<zooko>
amiller: it seems to me that Namecoin has never (yet) offered the actual functionality that is its suppose added functionality on top of being a currency.
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<zooko>
Because, that functionality requires being accessible+integrated into the web browsers of hundreds of millions of normal users.
<zooko>
And Namecoin has never (yet) done that.
<midnightmagic>
namecoin is not where the current namecoin developers are doing their work and is essentially abandoned.
<instagibbs>
that was my only reasonable interpretation of zooko and my observations :)
gill3s has joined #bitcoin-wizards
<instagibbs>
midnightmagic: any details on where then? I'd like to follow the work