wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
superobserver has quit [Quit: Leaving]
gielbier has quit [Ping timeout: 264 seconds]
bosma has quit [Ping timeout: 255 seconds]
gielbier has joined #bitcoin-wizards
priidu has quit [Ping timeout: 265 seconds]
goregrind has quit [Ping timeout: 276 seconds]
flower has quit [Quit: -]
p15x has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 248 seconds]
spinza has quit [Excess Flood]
goregrind has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
FranzKafka has joined #bitcoin-wizards
FranzKafka has quit [Changing host]
FranzKafka has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
FranzKafka has quit []
FranzKafka has joined #bitcoin-wizards
FranzKafka has quit [Max SendQ exceeded]
FranzKafka has joined #bitcoin-wizards
c0rw1n is now known as c0rw|zZz
Dr-G has quit [Disconnected by services]
Dr-G2 has joined #bitcoin-wizards
jae has joined #bitcoin-wizards
jae is now known as Guest65908
AaronvanW has quit [Ping timeout: 246 seconds]
jtimon has quit [Ping timeout: 246 seconds]
_whitelogger has quit [Ping timeout: 252 seconds]
_whitelogger has joined #bitcoin-wizards
<bramc> It's been quiet in this channel lately
<gmaxwell> bitcoin network blew up.
<bramc> I don't know if that's sarcasm
sparetire_ has joined #bitcoin-wizards
<gmaxwell> bramc: oh you're not aware, you'll love it.
<gmaxwell> bramc: 6 block invalid fork about 24 hours ago.
<CodeShark> fun times :)
<CodeShark> so is everything back to normal again?
<gmaxwell> bramc: turns out ~50% of the hashpower was willing to mine blocks without validating anything.
<CodeShark> and it will only continue to get worse as blocks get bigger
<gmaxwell> CodeShark: normalish, there are still some invalid blocks here and there, but so far no new long invalid forks.
<CodeShark> good
<bramc> Oh god. Did the fork eventually get invalidated?
<Luke-Jr> not sure there is anything to prevent long invalid forks though..
<Luke-Jr> bramc: it was always invalid, but it eventually got abandoned too yes
<bramc> I mean, orphaned? And what was invalid about it?
<gmaxwell> bramc: So BIP66 took effect, so all blocks were required to be version 3. Part of the <5% of the non-upgraded miners found a block, still tagged as v2, thus invalid. And then ~50% of the hashpower continued that invalid fork, because they weren't validating anything at all.
<Luke-Jr> at least F2Pool announced they will continue to skip validation though
<bramc> Are they validating with homegrown regexes or something?
<gmaxwell> bramc: yes, it was overtaken but it took a long time (over an hour?) and manual intervention by one of the parties that was extending the invalid fork. It could have been much larger but we caught it happening instantly.
<Luke-Jr> bramc: they're not validating at all
<CodeShark> I don't even think that, bramc
<CodeShark> perhaps just validating difficulty
<Luke-Jr> bramc: they're sitting there connected to other pools' stratum ports, and when they see a new prevblock header, they mine empty blocks on it
<gmaxwell> CodeShark: Petertodd said he didn't even think they were validating difficulty.
<Luke-Jr> CodeShark: probably not even that
<CodeShark> gmaxwell: seriously? then there might be something we can do ;)
<bramc> Luke-Jr, empty blocks, meaning they aren't accepting any transactions?
<gmaxwell> CodeShark: sure yes, but they'll start doing that.
<Luke-Jr> CodeShark: they're only doing this with other pools
<Luke-Jr> bramc: they won't, but the v2 miners will
<Luke-Jr> so something like 90% of blocks on the forked chain would have txns
<gmaxwell> Luke-Jr: would have no txns.
<bramc> What percent of miners had voted for bip66?
<gmaxwell> bramc: 95% over a 1001 block window.
<gmaxwell> (950 out of 1001 to be precise)
<Luke-Jr> gmaxwell: err, right
<bramc> I... I can't... I don't know what to say.
<gmaxwell> bramc: the non-verifying miners were supporting BIP66 as well, but not enforcing anything at all, including BIP66.
<CodeShark> so we have two serious related problems (at least): 1) the network is now tacitly trustful, 2) miners are liars when voting for rule chances
<CodeShark> *changes
<gmaxwell> bramc: I mean, this is a predicted outcome from higher system load. I'm surprised at how much of the hashrate was doing it, petertodd says he isn't however.
<bramc> gmaxwell, Define 'supporting' bip66? As in, not supporting bip66 non-compliant transactions? Because not accepting any transactions is a good way to do that.
<gmaxwell> bramc: they were signaling the version which is formally defined to do several things, including (once 950/1001 is met) you must reject blocks without the old version.
<bramc> CodeShark, A large miner should be able to lazily validate blocks and only have a short window where they're mining an untrusted block
<bramc> er, an invalid block I mean
<CodeShark> bramc: that requires actual engineering, as opposed to just hacking away at code
<gmaxwell> bramc: they previously did that, but they turned off that functionality when it caused them to fail to mine selfishly.
<bramc> gmaxwell, What do you mean fail to mine selfishly? They could leave on invalidating of bad blocks but still prefer their own if there was a tie
<CodeShark> oh right - wangchun said they had tried that but were mining atop blocks that were not theirs
<gmaxwell> bramc: F2pool reports they used to switch back to bitcoind; but what happened (last year?) was that ghash produced an orphan block, and they SPV-mined on top of it and produced a child, but were still tied with the main chain, then they switched to the template issued by bitcoind which was on the other fork that had rejected the ghash block; and then they managed to mine a block orphaning themsel
<gmaxwell> ves.
Guest65908 has quit [Remote host closed the connection]
<CodeShark> of course, that could be fixed as well
<gmaxwell> They opened a bug request to bitcoin core asking us to enable forcefully mining on an older chain if its your own, due to this. And I yelled at them for the SPV mining. (As an aside, the policy to selfishly mine on your own block even ifs later is really horiffic for convergence, consider if you have >50% hashpower then this policy means you'll automatically exclude everyone elses blocks.)
<bramc> Good lord, I just assumed that all mining pools were doing this basic shit right
<Luke-Jr> lol
<CodeShark> hah
<gmaxwell> (yelled at them for SPV mining, and then lit a fire under matt to produce the relay network client so they'd have little/no reason to do dumb crap like that)
<bramc> gmaxwell, What do you mean by spv mining? Was a major pool not running their own full node?
<gmaxwell> I has ASSUMED that after the relay network client they would have stopped that junk. :(
<gmaxwell> bramc: SPV mining is what we're calling this practice of getting a block header from some (random?) third party and mining on top of it without regard to its validity.
<Luke-Jr> it's really headers-mining, not SPV
<CodeShark> we're so screwed
<gmaxwell> well it could easily be made into actual SPV with more software engineering but no other cost.
<bramc> Isn't that sort of like the president deciding to press the big red button based on what the morning newspaper dropped off by the local delivery kid said?
<gmaxwell> CodeShark: hah. I'm not that alarmed.
<gmaxwell> CodeShark: after all a couple days ago you were saying that SPV is broken.
<CodeShark> I haven't changed my mind on that ;)
<gmaxwell> CodeShark: the only major effect (say if almost all hashpower was doing this) is that SPV would be completely insecure.
<midnightmagic> it also means that bitcoin hashrate isn't effectively what its current hashrate is.
<gmaxwell> (well actually I guess it only takes a majority of hashpower doing this to make SPV completely insecure, technically)
<gmaxwell> midnightmagic: it wasn't the moment merged mining was invented in any case. :)
<bramc> Reducing the block time is sounding like a really, really bad idea.
<gmaxwell> bramc: well duh.
<Luke-Jr> was anyone taking that seriously? <.<
<gmaxwell> Luke-Jr: people on reddit.
<CodeShark> reducing block time, increasing block size, and eliminating latency-producing checks
<bramc> Luke-Jr, For altcoins they are
<CodeShark> sounds like a great formula for success :)
<midnightmagic> gmaxwell: huh?
<bramc> Ethereum's is, what, 20 seconds?
<Luke-Jr> bramc: altcoins don't count, they don't know what they're doing regardless :p
<CodeShark> 10 seconds, I think - but they use a GHOST variant
<CodeShark> GHOST at least alleviates much of the stale block crap
dEBRUYNE_ has joined #bitcoin-wizards
<gmaxwell> CodeShark: the ghost, as presented in the first paper at least, stuff creates other severe issues (e.g. creating enormous selfish miner advantages)... also ways that small hashrate miners can perpetuate large hashrate splits.
<gmaxwell> CodeShark: it also trades off goodput for latency in a given amount of available bandwidth.
<bramc> In lighter news, my talk at bitcoin-dev went fairly well. One of the spacecoin guys was there. He explained that they have ugly proofs of work because the much simpler ones have some (highly nontrivial) time/space tradeoffs
<CodeShark> yeah, I'm sure there are a number of errors in the original paper - but I think the scheme could be made workable
<midnightmagic> oh, backwards the other way. :-P
<CodeShark> or not errors, but oversights
<bramc> So I really, really need to read through that paper.
<gmaxwell> CodeShark: at least that general approach can improve the collapse rate; but it's not clear how much it matters.
<bramc> Given the utter impossibility of getting transactions to clear in under a minute, it all seems like a fool's errand.
<gmaxwell> yes, the diameter of the earth is an issue; obviously we need to move to mars.
<gmaxwell> faster transactions!
<bramc> gmaxwell, Mars is ridiculous. Putting all the continents back into Gondwonaland would be completely sufficient.
belcher has quit [Quit: Leaving]
<CodeShark> you mean pangaea
<bramc> Hmm, you're right, Pangea
<gmaxwell> bramc: additional LOL is that the reddit big-blocks-now cabal is calling this evidence that there is no need for a block size limit: https://www.reddit.com/r/Bitcoin/comments/3c579i/yesterdays_fork_suggests_we_dont_need_a_blocksize/ (one might wonder why when I previously pointed out that miners would do this sort of thing in response to bigger blocks they argued that miners would not; rather t
<gmaxwell> han arguing that it would somehow be a blocksize control ...)
<bramc> gmaxwell, Yeah, umm, the evidence that miners are willing to just not mine transactions to increase their returns is kind of strong, given that they're already doing it.
<gmaxwell> bramc: the not mining transactions is incidental; they could go ahead and also mine transactions without verifying; it would just take a lot more software development.
<CodeShark> we need to either force all endusers to verify...or force all miners to verify...or both
<CodeShark> :)
<bramc> Right, the risk of rejecting a valid block is greater than the risk of accepting an invalid one, so miners will probably respond to huge blocks by turning off validation
<bramc> So then even the large miners won't be running full nodes. Full nodes will be run by...?
<gmaxwell> CodeShark: petertodd has been advocating the first on and off to varrious degress for a long time. But its ugly, I mean, really, even though SPV is weak it ought to be fine for vending machines! :)
<gmaxwell> bramc: right, thats a problem there.. if full nodes involve costs that miners-- who have huge incomes depending on the network-- don't like.
<gmaxwell> bramc: ohhh! also you'll like this.
<bramc> As a long term strategy having wallets validated is a perfectly reasonable idea. It'll take a while though.
<gmaxwell> bramc: almost all the block explorers displayed the invalid fork.
<bramc> gmaxwell, Eugh
<gmaxwell> Unfortunately I was too busy dealing with it to go around and measure services, but I'd expect a significant fraction of businesses were on the invalid fork.
<midnightmagic> bramc: full nodes will be run by "people who will have full control of the network"
<amiller> this story is really interesting, i wonder if there would have been any easier way to check whether a service or a miner is doing correct validation
Tebbo` has quit [Ping timeout: 246 seconds]
<gmaxwell> amiller: well we could have discovered they were wrong faster if someone had been polling their public pool templates.
<gmaxwell> We were able to detect in realtime that they were on the wrong chain that way.
<gmaxwell> But it only would have reduced the response time by a few minutes in this cas.e
<bramc> gmaxwell, Also useful for telling if they're being smart about trying to de-orphan themselves in the event of a tie
<amiller> someone had to make an expensive error no matter what to even get that sample i think.... it's not like anyone would want to emit an invalid block every month so we can measure all the block templates
<gmaxwell> amiller: half jokingly before-- in the context of talking about a world where most nodes were dependant on fraud proofs, the concern was raised that the fraud proof code would never run so it would naturally bitrot. I suggested that blocks be required to commit to two candidate blocks, one of which was required to be invalid.. so fraudproofs would always be required to kill the wrong block.
<bramc> amiller, That's true in the current environment. If the bulk of mining power is running off of spv someone could do some fucked up shit though.
Tebbo has joined #bitcoin-wizards
<amiller> bramc, yeah im just wondering about how this could be monitored earlier
<amiller> im really surprised blockchain.info showed the wrong chain
<bramc> amiller, Mostly by checking what mining pools are mining
<gmaxwell> at FC15 Aviv Zohar corrected someone (one of his students?) on the point that non-verifying miners amplify attacks; apparently it had been a discussion in their group before; he'll be amused to hear about this.
<midnightmagic> so in other words, someone querying these services and verifying tip with what their own full-validating node says, and reporting differences, ideally with some knowledge of work-valid forks/extinct branches/orphans, and signed with a key so the information can be snapshotted by someone else and the snapshots verified.
<bramc> Yeah what is blockchain.info running? I'd hope that they of all people would be running bitcoind
<gmaxwell> amiller: I would have bet $1000 that they'd be wrong. Interesting expectation gap.
<amiller> so if someone makes another invalid block, we'll get to see which services (like blockchain.info) have turned on full-validation rather than spv validation since then
<bramc> amiller, It will probably keep happening intermittently for a while, there were 5% who didn't sign on
<gmaxwell> amiller: when the network forked, I didn't have a pre 0.10 node handy, but I loaded bc.i to get data. (if you look in the bitcoin-dev log you can see me checking that _someone_ was using something other than bc.i as the prototypical crud accepting node)
<midnightmagic> b.i may be using an older bitcoind with custom patches, and is just too lazy to update because of how extensive the work was and how much churn there is in bitcoin-core
<bramc> Even at 1% legacy that's still one per day
<gmaxwell> amiller: see also this expirence: http://people.xiph.org/~greg/21mbtc.png
<CodeShark> I believe bc.i originally started by hacking an SQL backend into bitcoind
<gmaxwell> it's important to not single out bc.i, many other things were wrong too.
<CodeShark> merges to the bc.i codebase are probably far from trivial now
<midnightmagic> considering how much wallet money is stored in bc.i, I see no problem with singling them out. other services may have gotten it wrong, but it is *more important* that bc.i get it *right*
* bramc longs to be having a conversation about the proofs of work in the spacecoin paper
<CodeShark> more the reason the consensus code needs to be isolated :)
<CodeShark> but that's a fairly recent development - I doubt bc.i is up to date on that
<mr_burdell> as a block explorer, I think it makes sense for bc.i to display all blocks, including invalid ones (although they should be able to mark them as invalid immediately)
<bramc> It's so much more fun imagining the glorious future than worrying about fending off the demons of stupidity in the here and now
<mr_burdell> the whole idea of a block explorer should be to show as much info as possible
<CodeShark> the future will also have demons of stupidity - but at least we don't have to deal with them yet :p
<gmaxwell> mr_burdell: 'mark as invalid' is not good, because they'll be mishandled by the 99% of users who don't understand or expect invalidity; putting them in a seperate list of invalid blocks would be fine.
bosma has joined #bitcoin-wizards
<gmaxwell> mr_burdell: of course it wasn't just the explorer doing this, it was the wallets and apis too.
<jcorgan> also, block explorers, like everyone else, only have a local view of the network
<jcorgan> they may not see all transactions nor blocks
<mr_burdell> i had set up a bunch of nodes with different versions earlier this week to detect an event like this, but I accidentally used 0.9.5 as my earliest version, so my alarms didn't go off
<gmaxwell> I used to run every major prior release, but the disk space usage got to me, alas.
<gmaxwell> so I only run last release and master now.
<midnightmagic> jcorgan: again, except bc.i which has sensors mass-connecting to the world, so they *should see* more than nearly everyone else.
<gmaxwell> midnightmagic: they also have crazy spam filtering that often makes them see less.
<midnightmagic> that i didn't know.
<mr_burdell> they purge their mempool too so their users that send tx without fees don't get their funds stuck
<mr_burdell> it used to be after 4 days, but I think they do it faster now
TheSeven has quit [Ping timeout: 256 seconds]
www has joined #bitcoin-wizards
TheSeven has joined #bitcoin-wizards
dEBRUYNE_ has quit [Ping timeout: 255 seconds]
jae has joined #bitcoin-wizards
chmod755 has joined #bitcoin-wizards
jae is now known as Guest88497
fanquake has joined #bitcoin-wizards
justanotheruser has quit [Ping timeout: 246 seconds]
www has quit [Ping timeout: 252 seconds]
justanotheruser has joined #bitcoin-wizards
<Luke-Jr> gmaxwell: disk space .. so when can I sparse-pad the block files for btrfs dedupe? :P
<Luke-Jr> (yes, it turns out it does need that)
Guest88497 has quit [Remote host closed the connection]
roconnor has quit [Quit: Konversation terminated!]
jae has joined #bitcoin-wizards
jae is now known as Guest44439
flower has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 255 seconds]
Guest44439 has quit [Remote host closed the connection]
andy-logbot has quit [Ping timeout: 252 seconds]
Xh1pher has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 265 seconds]
davi has joined #bitcoin-wizards
arubi_ has quit [Quit: Leaving]
zooko has joined #bitcoin-wizards
justanotheruser has quit [Remote host closed the connection]
justanotheruser has joined #bitcoin-wizards
zooko has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
erasmospunk has joined #bitcoin-wizards
erasmosp_ has joined #bitcoin-wizards
_whitelogger has quit [Ping timeout: 252 seconds]
_whitelogger has joined #bitcoin-wizards
nullbyte has quit [Ping timeout: 244 seconds]
nullbyte has joined #bitcoin-wizards
bramc has quit [Quit: This computer has gone to sleep]
arubi_ has joined #bitcoin-wizards
davi has quit [Ping timeout: 256 seconds]
davi has joined #bitcoin-wizards
nullbyte has quit [Read error: Connection reset by peer]
CodeShark_ has joined #bitcoin-wizards
nullbyte has joined #bitcoin-wizards
justanotheruser has quit [Ping timeout: 252 seconds]
justanotheruser has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
p15x has quit [Ping timeout: 265 seconds]
Mably has quit [Ping timeout: 264 seconds]
erasmosp_ has quit [Remote host closed the connection]
sy5error has quit [Remote host closed the connection]
davi has quit [Ping timeout: 246 seconds]
justanotheruser has quit [Ping timeout: 246 seconds]
Quanttek has joined #bitcoin-wizards
davi has joined #bitcoin-wizards
justanotheruser has joined #bitcoin-wizards
drwin has joined #bitcoin-wizards
DougieBot5000 has quit [Quit: Leaving]
Mably has joined #bitcoin-wizards
davi has quit [Ping timeout: 246 seconds]
justanotheruser has quit [Remote host closed the connection]
justanotheruser has joined #bitcoin-wizards
arubi_ has quit [Quit: Leaving]
davi has joined #bitcoin-wizards
justanotheruser has quit [Ping timeout: 264 seconds]
bosma is now known as superkai64
superkai64 is now known as bosma
wallet42 has quit [Quit: Leaving.]
davi has quit [Ping timeout: 246 seconds]
p15x_ has quit [Max SendQ exceeded]
p15x has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 252 seconds]
justanotheruser has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 246 seconds]
FranzKafka has quit []
FranzKafka has joined #bitcoin-wizards
davi has joined #bitcoin-wizards
FranzKafka has quit [Max SendQ exceeded]
FranzKafka has joined #bitcoin-wizards
bedeho2 is now known as bedeho
<CodeShark_> So is the revocation mechanism you're referring to something else, gmaxwell?
<gmaxwell> no thats it, it wasn't clear to me that you were aware of it.. the point being you can do lots of transfers and revocations without any transactions.
<gmaxwell> just one transaction to open at the beginning and one close the channel at the end.
<gmaxwell> (well or two to close on a timeout close.)
<CodeShark_> Right...the part that's still a little annoying is the need to watch the blockchain and act within a particular timeframe or lose your money
AaronvanW has joined #bitcoin-wizards
<CodeShark_> that's probably the single greatest complication
<CodeShark_> if we could find a way around this it would make the idea potentially much more viable
<CodeShark_> I was pondering hypothetical schemes where it would be the noncooperating party responsible for this rather than the cooperative party
<CodeShark_> But you ultimately run into the retroactive invalidation issue...
jtimon has joined #bitcoin-wizards
<CodeShark_> so poon-dryja "solve" this...but only at the cost of forcing the cooperative party to actively fight this
chmod755 has quit [Quit: Ex-Chat]
davi has quit [Ping timeout: 246 seconds]
<nsh> i think there's a kind of conservation at play. you can't gain efficiency and maintain trustworthiness without requiring attention/vigilance
<CodeShark_> Yes, that might in fact be the case
<nsh> it reduces ultimately to ordering relations, and if you want to have a stake in the correctness of ordering, then you have to be willing to act within the granularity of network time
<nsh> which is blocktime
davi has joined #bitcoin-wizards
<CodeShark_> I guess the next best thing is delegating this task to others (potentially for a fee)
<nsh> offering that option while maintaining the flexibility for people to invest their own resources rather than delegate trust is optimal afaic
<nsh> but there is clearly some... ideological divergence of position in this respect
orperelman has joined #bitcoin-wizards
<CodeShark_> the purist trustless perspective would insist that everyone be forever vigilant. But in the real world people delegate this stuff all the time - it's why we have lawyers and representatives in government, etc...
<nsh> right
<nsh> the issue isn't that we must avoid trust. the issue is that trust concretes and that authority tends towards corruption
<nsh> so allowing for the bypassing of actors that have successfully carved themselves an indelible niches that allows for rent-seeking behaviour [and worse] is nice
<nsh> it incentivizes new actors coming in and finding nominally-less-parasitical ways to interpose for the convenience of the hoi-polloi
<nsh> *niche
<CodeShark_> right - so having the option to represent yourself without bureaucracy and corrupt institutions is great. But in practical terms not everyone will necessarily be capable of doing it themselves
<nsh> but it's nice to allow for competition in the space of intermediaries
<CodeShark_> Right, absolutely
<nsh> which regular capitalism does better in principle than practice
<nsh> because of the accretion effect of power
<nsh> and the general brokenness of political systems
<nsh> but that's another matter :)
<nsh> how compact are proofs-of-space?
<nsh> (cc amiller)
<CodeShark_> It inevitably becomes political when we're talking either about rule changes or about dispute resolution where either the rules are unclear or we don't have all the facts.
<nsh> spacecoin doesn't give a proof-size that i can see
SDCDev has quit [Read error: Connection reset by peer]
<nsh> CodeShark_, you can't squeeze the politics out, but you can approach it in a way that minimizes the worse parts of the miasma that tends to accompany politics :)
SDCDev has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 265 seconds]
erasmospunk has joined #bitcoin-wizards
<CodeShark_> It might still be possible to refocus the vigilance. for instance if it were possible to have expiration with a sufficiently high level of granularity, rather than having to watch the blockchain and react, you'd instead only need to watch the counterparty
erasmosp_ has joined #bitcoin-wizards
<CodeShark_> or at least you could reduce the number of outputs you're looking for
* nsh nods
wallet42 has joined #bitcoin-wizards
dEBRUYNE_ has joined #bitcoin-wizards
erasmospunk has quit [Ping timeout: 244 seconds]
<nsh> tromp_ / amiller / andytoshi / gmaxwell: is there a good high-level overview of proof-of-space algorithms and their security basis? friend is investigating namecoiny applications involving additional commitments to space-hard work in identifier claiming/updating txes
davi has quit [Ping timeout: 246 seconds]
spinza has quit [Ping timeout: 244 seconds]
p15x has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
nullbyte has quit [Ping timeout: 255 seconds]
nullbyte has joined #bitcoin-wizards
nullbyte has quit [Ping timeout: 256 seconds]
merlincorey has quit [Ping timeout: 246 seconds]
nullbyte has joined #bitcoin-wizards
jae has joined #bitcoin-wizards
jae is now known as Guest11434
orperelman has quit [Ping timeout: 244 seconds]
p15x has quit [Ping timeout: 264 seconds]
merlincorey has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
merlincorey has quit [Read error: No route to host]
paveljanik has joined #bitcoin-wizards
Quanttek has quit [Ping timeout: 252 seconds]
shesek has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 264 seconds]
nullbyte has quit [Ping timeout: 256 seconds]
nullbyte has joined #bitcoin-wizards
akrmn has quit [Ping timeout: 276 seconds]
theymos has quit [Ping timeout: 264 seconds]
theymos has joined #bitcoin-wizards
CodeShark_ has quit [Remote host closed the connection]
akrmn has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
Guest11434 has quit [Remote host closed the connection]
bedeho has quit [Quit: Nettalk6 - www.ntalk.de]
www has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 250 seconds]
ThomasV has joined #bitcoin-wizards
shesek has quit [Ping timeout: 264 seconds]
shesek has joined #bitcoin-wizards
erasmospunk has joined #bitcoin-wizards
erasmosp_ has quit [Ping timeout: 252 seconds]
erasmospunk has quit [Read error: Connection reset by peer]
erasmospunk has joined #bitcoin-wizards
erasmospunk has quit [Remote host closed the connection]
asciilifeform has left #bitcoin-wizards ["Leaving"]
bramc has joined #bitcoin-wizards
www1 has joined #bitcoin-wizards
www has quit [Ping timeout: 252 seconds]
davi has joined #bitcoin-wizards
mjerr has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
orperelman has joined #bitcoin-wizards
c0rw|zZz is now known as c0rw1n
p15x_ has quit [Ping timeout: 264 seconds]
davi has quit [Remote host closed the connection]
c-cex-yuriy has joined #bitcoin-wizards
merlincorey has joined #bitcoin-wizards
CodeShark_ has joined #bitcoin-wizards
<iddo> nsh: there's academic paper but it's unpublished yet, also proof-of-space cryptocurrency has costless simulation problem
<nsh> is this related to the cycle detection issue?
<nsh> i think some of the newer proposals are based on better assumptions. tromp_'s cuckoo cycles should not be trivially simulatable, nor reductions to pebbling
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 264 seconds]
Starduster has quit [Ping timeout: 256 seconds]
<iddo> nsh: are you talking about PoW that needs both intensive computations and large memory, or proof-of-space that rewards large storage space without need for CPU ?
<iddo> i think that you meant the first, there's no costless simulation problem there
<nsh> well, spacecoin is an example of the latter, and i can't see how you'd simulate it with lower cost than the storage required to do so honestly, except in exponential running time
<nsh> exponential running time is not low cost :)
tucenaber has quit [Ping timeout: 256 seconds]
<iddo> there's subtle argument that you can outcompete the honest chain if you start at genesis for example, if it's proof-of-space without checkpointing / timestamping to disallow old reorgs
<iddo> hmm i'm not up-to-date, i see that one academic team published spacecoin https://eprint.iacr.org/2015/528
<iddo> i actually talked with one of the authors last year, the basic construction wasn't so good then (similar problems to ppc/nxt)
* nsh nods
<amiller> iddo, what problems?
<amiller> iddo, also is the newest one subject to whatever you have in mind or not?
<iddo> problems where it's rational to work on forks that get created concurrently
<iddo> seems like this paper tries to deal with it by using bonds
<nsh> gmax has a name for that problem, but it evades me temporarily
<iddo> i.e., some scheme with deposits that incentive to work on one of the forks, not sure yet about it
<iddo> amiller: the other paper that i had in mind relies on having honest core of miners who are aware of the current time, security breaks if this honest core doesn't exist
<iddo> nsh: nothing-at-stake ? actually it's amiller's name i think
<nsh> ah yes
<nsh> and apologies for misattribution
<nsh> so yeah, some kind of fidelity is the usual go-to to prevent hedging across forks
<nsh> but it seems to be difficult in practice
<nsh> i might be possible to use the block-randomness to instantiate problems across the large file in such a way that it has to be completely rewritten to work on a different fork
<nsh> that way you have to linear cost in storage to each fork you want to prove stake across
<nsh> s/have to/have/
<iddo> well there are relevant questions here, if there's fork because two miners created a competing next block, the lucky miner who can create the following block can do it on both forks or only on one?
* nsh nods
<nsh> some amount of reorg has to be assumed, so you can't be too punitive about it
<iddo> in ppc it's in both, this variant is better for what it's worth, because it makes it less rational to work on forks due to the risk of divergence into many forks
<nsh> and that may adversely affect consensus convergence
<nsh> in ways that are difficult to anticipate theoretically :/
<iddo> (by "both" i meant you can create the following block on both forks)
<iddo> nsh: i agree that the ideas of deposits where you may lose you bond are problematic, in fact if you try to look at it formally by considering the state of the system at genesis, it isn't clear how to initialize this process
<nsh> hmm
<nsh> how do you mean, sorry?
<iddo> the ethereum guys are trying to do this too, but not proof-of-space
<iddo> nsh: well, you need to post your bond, and this bond needs to be part of the ledger history so that it will be recognized... and then you're allowed to create a block... so it's cyclic reasoning, you need to have the next block and to create the next block ?
c0rw1n is now known as c0rw|away
Quanttek has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 250 seconds]
tucenaber has joined #bitcoin-wizards
Starduster has joined #bitcoin-wizards
spinza has quit [Excess Flood]
spinza has joined #bitcoin-wizards
SubCreative has joined #bitcoin-wizards
fanquake has quit [Quit: Leaving.]
erasmospunk has joined #bitcoin-wizards
orperelman has quit [Ping timeout: 246 seconds]
erasmospunk has quit [Remote host closed the connection]
erasmospunk has joined #bitcoin-wizards
www1 has quit [Ping timeout: 250 seconds]
sparetire_ has joined #bitcoin-wizards
www has joined #bitcoin-wizards
[d__d] has quit [Remote host closed the connection]
[d__d] has joined #bitcoin-wizards
dEBRUYNE_ is now known as dEBRUYNE
nullbyte has quit [Read error: Connection reset by peer]
nullbyte has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 252 seconds]
nullbyte has quit [Ping timeout: 264 seconds]
nullbyte has joined #bitcoin-wizards
nullbyte has quit [Ping timeout: 252 seconds]
p15x has joined #bitcoin-wizards
p15x has quit [Read error: Connection reset by peer]
nullbyte has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 255 seconds]
p15x has joined #bitcoin-wizards
jae_ has joined #bitcoin-wizards
jae_ has quit [Remote host closed the connection]
roconnor has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
<nsh> iddo, thanks (sorry was afk)
<nsh> i'm not sure that's necessarily pathological. you can have garden-of-eden configurations in a stable decentralized system
<nsh> e.g. a game of life instance which has a terminating timeline in the backwards direction
<iddo> unique initial config? i don't really see the relevance of this analogy
<iddo> basically you need to post bond at earlier block, it gets confirmed, and then you become eligible to be a miner, but this "earlier" block condition means you need to describe how to initialize this process
btcdrak has quit [Quit: Connection closed for inactivity]
<iddo> for example you can have protocol where first blocks after genesis are done with PoW only, that's one way to initialize i guess
mjerr has quit [Ping timeout: 248 seconds]
<nsh> right
DougieBot5000 has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 265 seconds]
<iddo> again looking briefly at spacecoin, they seem to avoid rational forks by using much earlier block to control who can mine the current block, which introduces risk of collusion for double-spending attacks
<iddo> it actually becomes less clear why proof-of-space is needed at all, given the bonds/challenges aspects of this
ThomasV has quit [Quit: Quitte]
hearn has joined #bitcoin-wizards
ryanxcharles has quit [Ping timeout: 248 seconds]
priidu has quit [Ping timeout: 276 seconds]
jgarzik has quit [Quit: zoom zoom zoom]
wallet42 has joined #bitcoin-wizards
chmod755 has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
vaalbara has joined #bitcoin-wizards
p15x has quit [Ping timeout: 248 seconds]
akrmn has quit [Quit: Leaving.]
akrmn has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
akrmn has quit [Ping timeout: 246 seconds]
vaalbara has quit [Quit: Leaving]
<bramc> iddo, I have an idea for how to fix the re-mining from genesis block problem. It requires a little bit of bending the rules and a lot of careful engineering and some breaking open of the proof of space though, so I need to read though the construction in the spacecoin paper
<bramc> Unfortunately the 'obvious' constructions have CPU/space tradeoffs
orperelman has joined #bitcoin-wizards
vaalbara has joined #bitcoin-wizards
andytoshi has quit [Ping timeout: 256 seconds]
scoria has quit [Ping timeout: 244 seconds]
jae_ has joined #bitcoin-wizards
Xh1pher has quit [Read error: Connection reset by peer]
akrmn has joined #bitcoin-wizards
vaalbara has quit [Quit: Leaving]
kmels has joined #bitcoin-wizards
vaalbara has joined #bitcoin-wizards
<CodeShark_> bramc: hopefully something other than checkpoints :p
<bramc> CodeShark_ Not checkpoints! Well no more than regular Bitcoin has 'checkpoints' anyway.
<iddo> bramc: costless simulation is an inherent problem... you can see for example section 3 of my paper http://arxiv.org/abs/1406.5694
prodatalab has quit [Remote host closed the connection]
arubi_ has joined #bitcoin-wizards
<CodeShark_> nice work, iddo :)
<iddo> thanks, but it keeps getting rejected by clueless academic people :)
<bramc> iddo, The trick is to throw in proofs of time
<bramc> aka proofs of sequential work
<iddo> sequential work? that doesn't sound costless...
<bramc> iddo, You're in good company about having trouble getting published, most of the papers people in this channel find worth discussing have struggled to get publication
<bramc> sequential work isn't costless, but it need only be done by the one fastest person in the whole network
<iddo> do you need to re-adjust the difficulty of this work according to how fast the network is?
sy5error has joined #bitcoin-wizards
UllrSkis has quit [Ping timeout: 264 seconds]
<iddo> then, an attacker can start from genesis with low difficulty for this work
<CodeShark_> To be fair, bramc, lots of stuff being published in this space is less than superb...so you do have to know a thing or two about this stuff to recognize the gems
<iddo> and if you say that the chain with greater cumulative difficulty wins, then it's just PoW based, no?
<bramc> iddo, Yes the speed of proof of time has to be part of the work difficulty reset
<amiller> i spouted out in the SFdev talk that the cuckoo cycle paper went to Financial Crypto, but it was actually the Bitcoin Workshop (at financial crypto) so the level of review and recognition is much lower
<iddo> bramc: right, so if chain with greater difficulty wins, how is it different than ordinary PoW ?
<CodeShark_> sounds like at best a hybrid
<bramc> iddo, the difficulty of the proof of space and the proof of time have to be combined for the cumulative difficulty
<amiller> hybrids like that are complicated to think through :/
<bramc> It's different because everybody does their proof of space, then compares to see whose is best, then the proof of time is only done on the best one while everybody else chills out saving power.
<bramc> amiller, I didn't say it isn't complicated!
<amiller> hmm. the idea that you compare all the proofs-of-space to see who's best is exactly what's suggested in the spacecoin paper
<iddo> ok so you rely on PoW to make it non-costless, so maybe you lose nice properties of proof-of-space claims to have
<amiller> that seems weird to me too though, since how do you know you're comparing against the correct set
<iddo> one supposed nice property is that storage space is ASIC resistant, you cannot manufacture specialized hardware that outperform the common hardware for storage space ?
<bramc> iddo, I think you meant to say rely on proof of time to make it non-costless, and that is sort of true
<bramc> iddo, storage is completely and totally commodity, you can't make something which does it differently and better
<iddo> yeah, i'm still not exactly sure whats the distinction between proof of time and PoW
<bramc> Also there's a meaningful economic argument why storage is different: It's already sitting out there depreciating in mass quantities
p15x has joined #bitcoin-wizards
<bramc> A proof of time shows that a certain amount of time passed between thing A and thing B, it can be as simple as repeatedly hashing something with checkpoints along the way so it can be spot-checked
p15x_ has quit [Ping timeout: 246 seconds]
<phantomcircuit> bramc, the economics are clearly different, whether they provide similar security with less waste isn't clear to me
<phantomcircuit> clearly there's less waste in such a system
<phantomcircuit> but im not clear it provides the same economic incentives
<bramc> phantomcircuit, Technically it's leveraging pre-existing waste
<iddo> but you said that you require this proof to be more difficult if the network is faster
<bramc> Oh I didn't mean the latency on the network, I meant the speed of the fastest proof of time server
<phantomcircuit> (no capital investment, possibly means less incentive, but maybe sunk cost fallacy)
<iddo> bramc: so if the network has 1000000 miners instead of 100 miners, it isn't more difficult to produce this proof of time ?
nullbyte has quit [Ping timeout: 246 seconds]
<bramc> amiller, I'm not sure what your last question meant
<iddo> if that's the case, why wouldn't an attacker be able to do costless simulation attack from genesis?
<bramc> iddo, The number of miners doesn't matter for the work factor on the proofs of time, it's the amount of space devoted to the proofs of space
<bramc> iddo, The system alternates between proofs of space and proofs of time, in pairs. The work factor on a pair is the product of the two of them.
nullbyte has joined #bitcoin-wizards
<bramc> Per what iddo was saying, it isn't a costless system, it's just picked winners beforehand so everybody but the one big winner can bow out
<bramc> It winds up having stochastic block times like regular Bitcoin: The better the proof of space, the shorter the proof of time.
<iddo> still seems to me that an attacker can start from genesis and always pick himself, if he has fast way to create proof of time
<bramc> iddo, Nobody has a particularly faster proof of time than anybody else, and everybody who makes a faster proof of time can contribute to the proofs of time for the system as a whole to keep everybody else honest
<bramc> But yes in principle if you have, say, a tenth of the space but more than ten times as fast of a proof of time as anybody else then you can eventually catch up and overtake.
dgenr8 has quit [Ping timeout: 248 seconds]
dgenr8 has joined #bitcoin-wizards
andytoshi has joined #bitcoin-wizards
<iddo> bramc: the nice propery of proof of space that we seek to have is that if you prove that your space was dedicated for the mining process i.e. wasn't being used for anything else, then you are more likely to get higher reward... this property gives efficient energy consumption unlike PoW
kmels has quit [Ping timeout: 256 seconds]
<bramc> iddo, Yes that's why I'm talking about proof of time instead of proof of work (which boils down primarily to power and electricity)
<iddo> so if an attacker can start from genesis and claim that he dedicated plenty of storage space, he will presumably win
drwin has quit []
<bramc> iddo, right but the proofs of time slow you down, so you can always catch up, but by then everything else will have moved on
<iddo> (if he can claim that he dedicated the space for long time period and nobody can say that that's false)
scoria has joined #bitcoin-wizards
<iddo> bramc: so i don't really get what's this proof of time? how do you say that everyone can do it at same speed as anyone else?
<bramc> You have an ability to prove space/second, and that applies to your attempts to catch up from genesis
<iddo> how?
<bramc> A proof of time is something like: Start with the output of the last thing, encrypt it X times. That's the most trivial one. A big improvement is to include checkpoints along the way so checking it can be parallelized and spot checked
kmels has joined #bitcoin-wizards
<iddo> encrypt it X times? what does that prove?
<bramc> Let's say, for the sake of argument, that everybody's proof of times are done at the exact same rate
<bramc> It proves that an amount of time proportional to X was spent between the input and the output
<iddo> but you can encrypt faster with faster hardware?
<iddo> why encrypt instead of hash?
<bramc> Hashing is really what you're doing, I just said encrypt on the theory than AES is what's already accelerated everywhere
<bramc> Yes, you can go faster with faster hardware, but that will probably hit about the same limit for everybody
<iddo> sha256 is accelerated on Bitcoin ASIC
<bramc> And even if it doesn't the design of the network is made to screw everybody who's trying to get ahead that way
<bramc> AES is accelerated on Intel :-P
<bramc> The proofs of time are completely canonical, and there's no direct incentive to run one yourself. There's more than enough indirect incentive because of the advantage it gives you on your own proofs of space
<iddo> i fail to see the difference between proof of time and PoW
<bramc> So everybody takes the output of the last proof of time, runs their own proof of space on it, the best ones are published, and whoever's running a supercooled accelerated proof of time server does the proof of time on the best one
<bramc> That way only a handful of machines are burning power
<bramc> With PoW every machine is burning power the entire time
<iddo> what's the incentive to compute the proof of time ?
<bramc> The incentives are (a) to get a leg up on everybody else by having a proof of time server, and (b) to screw over the other assholes who are trying to do (a)
<bramc> having a *faster* proof of time server I mean
<iddo> so if you can do proof of time faster than others, you get more rewards
<bramc> Right, but everybody else is likely trying to keep you from doing that
<bramc> It only really helps you when there's a near-tie and you can win
<iddo> i still fail to see the difference between this and PoW
<bramc> When you've clearly lost this round you run your own proof of time server on the best thing published to the network
<iddo> proof of time has to computed by someone, either you would want to get someone else to do it for you (and he would wish to be compensated for his effort), or you do it yourself... same as PoW, no?
<bramc> The difference is in the amount of power used. With proofs of time used properly only a handful of machines are running the proofs of time: The really fast, well optimized ones. All the other machines do their proofs of space and then sit around chilling
<bramc> The main cost of the proofs of time is getting your super fast machine set up. Their operating costs are very small compared to that
<amiller> bramc, is it the case that the proof-of-time has no impact on the choice of block or transactions in a block?
andytoshi has quit [Changing host]
andytoshi has joined #bitcoin-wizards
<amiller> like, the guy who can do the fastest proofs-of-time gets no influence?
<bramc> amiller, The proof of time is 100% canonical on the output of the proof of space
<iddo> ok but i claim that everybody will do proof of time themselves, or pay for someone else to do this part of the job for them... so it's just like PoW
<bramc> amiller, Yes that's a very important feature!
<bramc> iddo, Why would you do your own proof of time when your machine is slower?
NewLiberty has joined #bitcoin-wizards
<iddo> bramc: you buy faster machine so you can earn more rewards, or you pay someone who has faster machine than you
<amiller> bramc, is there some marginal cost point where i'd be better off paying for faster proof-of-time instead of more storage?
<bramc> iddo, It only matters for the very few who are the absolute fastest. There's this mutually assured destruction which happens between the handful of players who actually put in the money to make faster proofs of time servers
<iddo> as far as i can see, you just added PoW component, and try to claim that it won't lead less efficient enery usage, but i don't see why your claim is supposed to be true, it seems just like ordinary PoW
nullbyte has quit [Read error: Connection reset by peer]
<iddo> s/lead/lead to
<bramc> What winds up happening is that there's the fastest and second fastest proofs of time servers. The fastest one may be able to set up a racket where people can pay him to run their near-misses. The second fastest runs on the best thing they get because fuck that #1 guy
<amiller> iddo, you're really missing how the Po(sequential)W component isn't meant to be competitive
erasmospunk has quit [Remote host closed the connection]
<bramc> In practice the differences in speed between optimized PoT servers are likely to be extremely small
<iddo> amiller: if you has PoW function that it would the same amount of time for everyone to compute? sure if that function existed...
<amiller> iddo proofs of sequential work are well known
<amiller> iddo they'd be rejected as uninteresting if proposed as a bitcoin-replacement on their own, because they are not "progess free"
ThomasV has joined #bitcoin-wizards
<bramc> It turns out sequential hashing with checkpoints is the best approach to the PoT, because it's canonical and spot checkable
<iddo> ok you mean timelock puzzles that are difficulty to parallelize..
<amiller> yes
nullbyte has joined #bitcoin-wizards
<bramc> iddo, Calling them 'timelock puzzles' makes it sound like there's interesting match involved. In this case the math is quite trivial, because there's no public key component
<bramc> interesting math I mean
<iddo> but sequential isn't synonym to ASIC resistant ?
<bramc> Regular timelock puzzles need an encoder to be able to create them quickly, these have no such requirement
<bramc> Sequential does not mean ASIC resistant!
<bramc> It mean non-parallelizable
<amiller> bramc, by which you mean, ASICs might compute them much more cost/power efficiently, just not *faster*
<bramc> Although, umm, some people who don't know what they're talking about might claim that sequentiality helps with ASIC resistance, which is wrong
<iddo> also non progress-free is a problem here too? winstead of sending it to a server, you start working on it locally and you win
<bramc> amiller, ASICs might also compute them faster, it would be a completely different ASIC than one designed for efficiency
<bramc> amiller, You of course try to make it ASIC resistant (hence my comment about using AES because of the good Intel acceleration already) but the important feature is sequentiality
<bramc> iddo, working on it locally doesn't save you anything more than the time for it to propagate across the network
<iddo> yes so if you save propagation time then you win, everyting else being equal?
<iddo> anyway i still don't see the point, either you pay some server to do this PoW for you, or you do it yourself, in either case someone has revenues/expenditures for doing PoW, just like Bitcoin
<bramc> Propagation time is probably extremely small
<iddo> you can ask, why aren't there only say 10 Bitcoin CPU miners now, it will be more energy efficient than all these ASICS
<bramc> No with each block the best proofs of space are published and only the very best one is worked on. Everybody else doesn't waste their power
<iddo> my argument is that everybody will or will not waste their power just like in Bitcoin, i don't see the difference
<amiller> bramc, what happens if there is a #1 proof-of-space, and a #2 proof-of-space (the best two ones after all of them are compared), and only the proof-of-time for the #2 solution is published first
<bramc> In Bitcoin you don't know if a mining attempt will work in advance, hence lots of power spent on unsuccessful mining attempts
<bramc> amiller, Then the #1 is SOL
<iddo> if someone outcompetes you then he creates the next block? whats the difference?
<bramc> amiller, #1 should have published faster :-)
davi has joined #bitcoin-wizards
<amiller> bramc, that seems like a hazard
<bramc> amiller, It isn't any different from orphan blocks in regular Bitcoin
<amiller> well there aren't many people computing proofs-of-time in yoru scenario so it would be easier to bribe them
<amiller> and it *does* mean that they have significant influence after all
<bramc> amiller, Yes that is a bit of a hazard
<bramc> although they have to all cooperate to play those games, and there's no way for them to tell who's cheating if anybody is, and there's nothing stopping anybody else from jumping in
<iddo> you cannot just declare there aren't many people doing PoT because that's how you envision it.. i can say that i envision Bitcoin with 10 CPU miners but it doesn't make it so
erasmospunk has joined #bitcoin-wizards
<bramc> I don't understand what you aren't getting here
<bramc> After every round of PoS, everybody publishes theirs to the network, unless they've gotten a better one already. It rapidly becomes clear what the best PoS is
<bramc> Why would you run a PoT on a PoS which you know is going to finish late?
nullbyte has quit [Ping timeout: 265 seconds]
<iddo> you run PoT on the winning PoS, or let someone else do it for you, in both cases doing the PoT has a cost
<bramc> Even if everybody's PoT is the exact same speed, and it's run on the winner, that's still done exactly once
<bramc> Everybody else gets a heads up that their PoS is deficient and gives up early.
nullbyte has joined #bitcoin-wizards
<iddo> why wouldn't there be PoT race ?
hearn has quit [Ping timeout: 246 seconds]
<bramc> Because a PoS outputs a somewhat stochastic quality metric, and if that quality is half as good the PoT takes twice as long
<bramc> So except on the margin where there's a near tie you know who's going to win in advance
<bramc> (this is the part which I need to read through the spacecoin paper about. My simpler PoS technique has this property but it's busted)
<bramc> (my PoS technique is busted I mean, not the property)
<iddo> but it is required to produce the PoT on the highest quality PoS, so there will be a market for producing it, no?
<bramc> Not sure what you mean. Any PoS needs a corresponding PoT for there to be a resulting block
nullbyte has quit [Ping timeout: 250 seconds]
nullbyte has joined #bitcoin-wizards
<iddo> if i have an ability to produce the PoT in half the time that you can, is it a valuable ability?
<bramc> That depends on whether there's a yet even faster PoT server just sitting out on the network working on whatever it's sent
<iddo> for the sake of example suppose it's only you and i
<bramc> Having the very fastest PoT server is potentially valuable because in case of near miss somebody can pay you to do their PoT
hearn has joined #bitcoin-wizards
<bramc> If there are only two miners, and one has a PoT twice as fast as the other, then that effectively doubles their space
<bramc> Or rather, has the equivalent effect of doubling their space
<iddo> suppose that only one very high quality PoS was created, is it valuable to do the PoT on it faster rather than slower?
<bramc> Over time a faster PoT will get factored into the work difficulty and not change the rate of mining rewards
<iddo> suppose you produced the high quality PoS, and there are 10 PoT servers competing to generate the PoT for you, then the fastest among those 10 will get paid by you? because if you wait for slower server then you take the risk that other PoS might suddenly outcompete you?
<bramc> The idea is that there are PoT servers on the network which operate on the best PoS they can find, specifically because they want to undermine anybody else trying to get ahead based on a faster PoT server.
<bramc> It's a little dicey paying for PoT services, because there's no way to verify that they did the work themselves
<iddo> why do PoT servers do work if they don't get paid ?
<bramc> Because it's of very little marginal cost to them, and it keeps other PoT servers honest
Quanttek has quit [Ping timeout: 264 seconds]
<iddo> you rely on altruistic PoT servers for this system?
<bramc> I thought about trying to create direct incentives for PoT servers, and everything was bad.
<bramc> There's some slight altruism from PoT servers
orperelman has quit [Ping timeout: 276 seconds]
<iddo> in what sense they aren't altruistic ?
<bramc> Well, they might not be altruistic in that they can be paid directly
<bramc> It only takes one 'jerk' with a fast one to make it hard for the others to get a jump though.
<iddo> mandatory altruism is hard to enforce :) market may develop for this service
<bramc> There will likely be some market for it. That's an interesting detail
<bramc> Thankfully it doesn't require all that widespread of altruism. It also helps that clock times are all about the same.
ryanxcharles has joined #bitcoin-wizards
<iddo> one extreme is just Bitcoin, many PoT servers competing for produce the proof and get paid for it
<iddo> you claim that this extreme wouldn't be the case
<iddo> would be nice to see analysis given the precise properties here and what'd be the likely outcome
nullbyte has quit [Ping timeout: 248 seconds]
ThomasV has quit [Ping timeout: 264 seconds]
nullbyte has joined #bitcoin-wizards
FranzKafka has quit [Max SendQ exceeded]
<bramc> If there are competing PoT servers then most of them will go out of business quickly due to being less fast
dgenr8 has quit [Read error: Connection reset by peer]
davi has quit [Ping timeout: 246 seconds]
dgenr8 has joined #bitcoin-wizards
<gmaxwell> bramc: bitcoin network split again if you didn't get enough fireworks on the 4th.
<iddo> yes, it isn't lottery as with random-looking hash
<gmaxwell> bramc: if you locad bc.i you'll see it listing height ast 363999 ... but thats a fork of invalid blocks starting with megabigpower.
<bramc> gmaxwell, This is me sitting in my cave
<bramc> Blowing up doesn't seem to have a negative effect on the price of bitcoin, I wonder if people even know
copumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
<iddo> so transaction malleability cannot happen anymore with standard transactions, now that BIP 66 is deployed? or can still happen but less likely?
<Luke-Jr> it can happen, and is not much less likely..
<Luke-Jr> BIP 66 doesn't really try to address malleability
<Luke-Jr> that was BIP 62, which needs a rewrite or something now
<iddo> oh :(
<iddo> what's the importance of BIP 66 then ?
<Luke-Jr> iddo: removing OpenSSL from the consensus-critical code (sortof)
<Luke-Jr> iddo: it should be a lot easier to prove libsecp256k1 is consensus-compatible now
<bramc> The price of bitcoin seems to be moving up based on stories claiming that greeks are using bitcoin
<gmaxwell> It does close down one avenue of malleability but thats a side effect.
<iddo> i see
nullbyte has quit [Ping timeout: 244 seconds]
<bramc> I think it's more about 'follow a real spec instead of being dependent on the quirks of one particular implementation'
ryanxcharles has quit [Ping timeout: 246 seconds]
nullbyte has joined #bitcoin-wizards
<amiller> here is our new preprint https://eprint.iacr.org/2015/675 Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts
<bramc> *sigh* all the cryptocurrency news sites are declaring that greece voting no is a great thing for bitcoin, proving how valuable it is, and predicting its value will go up as a result. That misperception is probably causing a short-term bump, assuming it isn't just noise
nullbyte has quit [Ping timeout: 246 seconds]
nullbyte has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
moa has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
<amiller> gmaxwell, from those links it seems like blockexplorer.com was actually OK?
chmod755 has quit [Quit: Ex-Chat]
<gmaxwell> amiller: hah, no. by okay means its actually stuck way back.
<amiller> oh. i see, it literally thinks we're still on 358999
<gmaxwell> it reports the tip as 35_8_999
<CodeShark_> Ironic that a rule change calling for stricter structure formatting revealed the fact that apparently nobody gives a shit about proper structure formatting :p
<jouke> :D
vaalbara has quit [Remote host closed the connection]
<amiller> we won't ever be able to click those links in the future and really figure out what's wrong
<amiller> so the context that's necessary is, at the current or just prior to this time, all of those blocks are reported by the respective services as 'on the main chain'
<amiller> it would be nice if the services, instead of just including blocks and whether or not they're currently "orphaned", also included whether they appeared to be invalid or valid
<CodeShark_> And perhaps some source code and a debug log :p
goregrind has joined #bitcoin-wizards
nullbyte has quit [Ping timeout: 248 seconds]
ThomasV has quit [Ping timeout: 256 seconds]
nullbyte has joined #bitcoin-wizards
shen_noe has quit [Quit: quitquitquit]
Dr-G2 has quit [Ping timeout: 248 seconds]
Dr-G has joined #bitcoin-wizards
Dr-G has quit [Changing host]
Dr-G has joined #bitcoin-wizards
SubCreative has joined #bitcoin-wizards
nephyrin` has quit [Quit: ... besides, it was hot]
nephyrin has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 255 seconds]
nullbyte has quit [Read error: Connection reset by peer]
nullbyte has joined #bitcoin-wizards