wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
freewil has joined #bitcoin-wizards
hashtag has joined #bitcoin-wizards
user7779078 has joined #bitcoin-wizards
FranzKafka has joined #bitcoin-wizards
FranzKafka has quit [Max SendQ exceeded]
moa has joined #bitcoin-wizards
FranzKafka has joined #bitcoin-wizards
freewil has quit [Quit: Leaving.]
Luke-Jr has joined #bitcoin-wizards
Firescar96 has joined #bitcoin-wizards
bblue has quit [Ping timeout: 244 seconds]
jwilkins has quit [Ping timeout: 265 seconds]
freewil has joined #bitcoin-wizards
sausage_factory has quit [Ping timeout: 265 seconds]
c0rw1n is now known as c0rw|zZz
alewis_btc has joined #bitcoin-wizards
bramc has quit [Quit: This computer has gone to sleep]
jwilkins has joined #bitcoin-wizards
bendavenport has quit [Quit: bendavenport]
RH311ish has quit [Read error: Connection reset by peer]
RH311ish has joined #bitcoin-wizards
MoonTan has joined #bitcoin-wizards
MoonTan has left #bitcoin-wizards [#bitcoin-wizards]
belcher has quit [Quit: Leaving]
freewil has quit [Quit: Leaving.]
Dr-G has quit [Disconnected by services]
Dr-G2 has joined #bitcoin-wizards
jgarzik has joined #bitcoin-wizards
jgarzik has joined #bitcoin-wizards
jgarzik has quit [Client Quit]
bblue has joined #bitcoin-wizards
__FranzKafka__ has joined #bitcoin-wizards
__FranzKafka__ has quit [Max SendQ exceeded]
__FranzKafka__ has joined #bitcoin-wizards
FranzKafka has quit [Ping timeout: 256 seconds]
__FranzKafka__ has quit [Max SendQ exceeded]
Firescar96 has quit [Remote host closed the connection]
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
alewis_btc_ has joined #bitcoin-wizards
erasmospunk has quit [Remote host closed the connection]
alewis_btc has quit [Quit: Page closed]
alewis_btc_ has quit [Remote host closed the connection]
alewis_btc has joined #bitcoin-wizards
roconnor has joined #bitcoin-wizards
Emcy_ has quit [Read error: Connection reset by peer]
zooko has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
zooko has quit [Read error: Connection reset by peer]
Emcy has joined #bitcoin-wizards
Emcy has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
Tebbo has quit [Ping timeout: 255 seconds]
zooko has joined #bitcoin-wizards
jae_ has quit [Remote host closed the connection]
kerneloops has quit [Quit: I rage quit!]
freewil has joined #bitcoin-wizards
kerneloops has joined #bitcoin-wizards
rht__ has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
jwilkins has quit [Ping timeout: 246 seconds]
tromp has quit [Remote host closed the connection]
freewil has quit [Ping timeout: 265 seconds]
kerneloops has quit [Quit: I rage quit!]
kerneloops has joined #bitcoin-wizards
copumpkin has joined #bitcoin-wizards
roconnor has quit [Ping timeout: 264 seconds]
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 250 seconds]
TheSeven has quit [Ping timeout: 246 seconds]
TheSeven has joined #bitcoin-wizards
bendavenport has joined #bitcoin-wizards
c0rw|zZz_ has joined #bitcoin-wizards
c0rw|zZz has quit [Ping timeout: 250 seconds]
alewis_btc has quit [Quit: alewis_btc]
bramc has joined #bitcoin-wizards
bosma is now known as hodI
FranzKafka has joined #bitcoin-wizards
bblue has quit [Ping timeout: 256 seconds]
user7779078 has quit []
justanotheruser has quit [Ping timeout: 264 seconds]
bendavenport has quit [Quit: bendavenport]
PRab_ has quit [Read error: Connection reset by peer]
justanotheruser has joined #bitcoin-wizards
<bramc>
I've made some progress on understanding the intuitions behind the PoS paper
<bramc>
PoS has a bit of collision with proof of space and proof of steak. Maybe we should call it PSPACE to be less confusing
<kanzure>
stake
<kanzure>
as for anti-ambiguity measures, i'm all for that
frankenmint has quit [Remote host closed the connection]
<bramc>
It's steak I tell you, that's why they're called CoW systems
<kanzure>
"oh that's the docker thing"
freewil has joined #bitcoin-wizards
roconnor has joined #bitcoin-wizards
<bramc>
Anyway, an important element of the whole thing is that the amount of calculation necessary to generate the precommitment for the whole proof of space is somewhat larger than the amount of space being proven, because a significant amount of it isn't kept around
<bramc>
The general framework is that the challenge and the root are hashed together to show which ancestors have to be revealed
PRab has joined #bitcoin-wizards
<bramc>
And the overall construction is set up so that you can store an appropriate subset of ancestors so that you always have what you need
<bramc>
(I guess 'almost always' would be sufficient, that may enable some improvements)
<bramc>
But maybe as part of the proof process you need to read more things than are part of the proof proper
freewil has quit [Quit: Leaving.]
<bramc>
There are potential problems with seek times. I'll need to work through everything with an eye towards figuring out if the whole thing winds up being disk bandwidth limited on the generation side, that could ruin everything
NewLiberty has joined #bitcoin-wizards
<bramc>
Hopefully the proof sizes aren't (log(n))^2, that would kind of suck
p15x has joined #bitcoin-wizards
freewil has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
kerneloops has quit [Ping timeout: 248 seconds]
p15x_ has quit [Ping timeout: 244 seconds]
<CodeShark>
PoSp vs PoSt? ;)
<CodeShark>
PSPACE is a complexity class
frankenmint has joined #bitcoin-wizards
tromp has quit [Ping timeout: 265 seconds]
bblue has joined #bitcoin-wizards
<bramc>
CodeShark Yes I was making an attempt at this thing called 'humor' which people keep telling me about
<CodeShark>
what's that?
<CodeShark>
is humor similar to PSPACE?
<CodeShark>
PoHAHAHA
<CodeShark>
let's just call it George
ThomasV has joined #bitcoin-wizards
zooko has quit [Ping timeout: 256 seconds]
alewis_btc has joined #bitcoin-wizards
mjerr has joined #bitcoin-wizards
freewil has quit [Quit: Leaving.]
alewis_btc has quit [Read error: Connection reset by peer]
alewis_btc_ has joined #bitcoin-wizards
hodI is now known as bosma
<CodeShark>
does George require the storage be local to be efficient? if not wouldn't that imply it's bandwidth-limited?
<CodeShark>
or if so, rather
Cory has quit [Ping timeout: 264 seconds]
Cory has joined #bitcoin-wizards
copumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
alewis_btc_ has quit [Quit: alewis_btc_]
priidu has joined #bitcoin-wizards
copumpkin has joined #bitcoin-wizards
bblue has quit [Ping timeout: 250 seconds]
arubi_ has quit [Quit: Leaving]
copumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
jae has joined #bitcoin-wizards
jae is now known as Guest57355
ThomasV has quit [Ping timeout: 252 seconds]
Mably has joined #bitcoin-wizards
alewis_btc has joined #bitcoin-wizards
Guest57355 has quit [Ping timeout: 248 seconds]
bblue has joined #bitcoin-wizards
www has joined #bitcoin-wizards
priidu is now known as Priidu
Priidu is now known as priidu
p15x has quit [Ping timeout: 265 seconds]
bendavenport has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 248 seconds]
go1111111 has joined #bitcoin-wizards
tromp has quit [Ping timeout: 244 seconds]
p15x has joined #bitcoin-wizards
priidu has quit [Ping timeout: 256 seconds]
bblue has quit [Ping timeout: 265 seconds]
ThomasV has joined #bitcoin-wizards
ThomasV has quit [Changing host]
ThomasV has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
drwin has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
c0rw|zZz_ has quit [Ping timeout: 264 seconds]
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 248 seconds]
p15x has joined #bitcoin-wizards
CoinMuncher has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 248 seconds]
www has quit [Ping timeout: 265 seconds]
Mably has quit [Ping timeout: 240 seconds]
tromp has joined #bitcoin-wizards
Dr-G2 has quit [Read error: Connection reset by peer]
tromp has quit [Ping timeout: 264 seconds]
Dr-G has joined #bitcoin-wizards
bosma has quit [Read error: Connection reset by peer]
bosma has joined #bitcoin-wizards
fkhan has quit [Ping timeout: 255 seconds]
FranzKafka has quit []
dc17523be3 has quit [Ping timeout: 265 seconds]
samson_ has quit [Ping timeout: 256 seconds]
orperelman has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
bramc has quit [Quit: This computer has gone to sleep]
dc17523be3 has joined #bitcoin-wizards
fkhan has joined #bitcoin-wizards
bendavenport has quit [Quit: bendavenport]
rustyn has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 246 seconds]
rht__ has quit [Quit: Connection closed for inactivity]
rubensayshi has joined #bitcoin-wizards
JackH has joined #bitcoin-wizards
FranzKafka has joined #bitcoin-wizards
akrmn has quit [Ping timeout: 264 seconds]
akrmn has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
samson_ has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 256 seconds]
dc17523be3 has joined #bitcoin-wizards
erasmospunk has joined #bitcoin-wizards
erasmosp_ has joined #bitcoin-wizards
erasmospunk has quit [Ping timeout: 255 seconds]
dEBRUYNE has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 244 seconds]
roconnor has quit [Ping timeout: 256 seconds]
tromp has joined #bitcoin-wizards
CoinMuncher has quit [Remote host closed the connection]
fanquake has joined #bitcoin-wizards
tromp has quit [Ping timeout: 276 seconds]
bblue has joined #bitcoin-wizards
erasmospunk has joined #bitcoin-wizards
erasmosp_ has quit [Ping timeout: 240 seconds]
bblue has quit [Ping timeout: 240 seconds]
orperelman has quit [Ping timeout: 240 seconds]
CoinMuncher has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
www has joined #bitcoin-wizards
DougieBot5000 has quit [Quit: Leaving]
p15x_ has quit [Ping timeout: 248 seconds]
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 240 seconds]
orperelman has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 276 seconds]
justanotheruser has quit [Read error: Connection reset by peer]
drwin has quit [Read error: No route to host]
sparetire_ has quit [Quit: sparetire_]
drwin has joined #bitcoin-wizards
justanotheruser has joined #bitcoin-wizards
p15x has quit [Ping timeout: 265 seconds]
p15x has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 246 seconds]
c0rw|zZz has joined #bitcoin-wizards
paveljanik has quit [Quit: Leaving]
AaronvanW has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 256 seconds]
p15x has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 256 seconds]
alewis_btc has quit [Quit: alewis_btc]
alewis_btc has joined #bitcoin-wizards
narwh4l has quit [Quit: leaving]
narwh4l has joined #bitcoin-wizards
p15x has quit [Ping timeout: 256 seconds]
p15x has joined #bitcoin-wizards
tlrobinson has joined #bitcoin-wizards
p15x has quit [Ping timeout: 246 seconds]
polyclef has joined #bitcoin-wizards
c0rw|zZz is now known as c0rw1n
p15x has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 252 seconds]
tlrobinson has quit [Quit: tlrobinson]
erasmosp_ has joined #bitcoin-wizards
erasmospunk has quit [Ping timeout: 264 seconds]
Tiraspol has quit [Ping timeout: 252 seconds]
Tiraspol has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
hearn has joined #bitcoin-wizards
alewis_btc has quit [Quit: alewis_btc]
jgarzik has joined #bitcoin-wizards
moa has quit [Quit: Leaving.]
priidu has quit [Ping timeout: 265 seconds]
orperelman has quit [Ping timeout: 264 seconds]
fanquake1 has joined #bitcoin-wizards
fanquake has quit [Ping timeout: 250 seconds]
fanquake1 has quit [Quit: Leaving.]
priidu has joined #bitcoin-wizards
flower has quit [Max SendQ exceeded]
flower has joined #bitcoin-wizards
flower has quit [Max SendQ exceeded]
flower has joined #bitcoin-wizards
orperelman has joined #bitcoin-wizards
Quanttek has joined #bitcoin-wizards
bi_fa_fu has joined #bitcoin-wizards
hashtag has quit [Ping timeout: 244 seconds]
jtimon has quit [Ping timeout: 276 seconds]
tromp has joined #bitcoin-wizards
priidu has quit [Ping timeout: 256 seconds]
eudoxia has joined #bitcoin-wizards
erasmospunk has joined #bitcoin-wizards
erasmosp_ has quit [Ping timeout: 246 seconds]
hashtag has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
bosma_ has joined #bitcoin-wizards
StephenM347 has joined #bitcoin-wizards
c0rw1n has quit []
c0rw1n has joined #bitcoin-wizards
jrayhawk has quit [Ping timeout: 252 seconds]
priidu has joined #bitcoin-wizards
theymos has quit [Ping timeout: 276 seconds]
iddo has quit [Ping timeout: 244 seconds]
theymos has joined #bitcoin-wizards
gnusha has quit [Ping timeout: 246 seconds]
jrayhawk has joined #bitcoin-wizards
bosma has quit [Ping timeout: 248 seconds]
iddo has joined #bitcoin-wizards
iddo has quit [Changing host]
iddo has joined #bitcoin-wizards
gnusha has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
wallet42 has joined #bitcoin-wizards
orperelman has quit [Ping timeout: 246 seconds]
wallet42 has quit [Quit: Leaving.]
www has quit [Ping timeout: 256 seconds]
waxwing has quit [Remote host closed the connection]
orperelman has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 246 seconds]
FranzKafka has quit []
Dizzle has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
<bramc>
CodeShark The local storage only requires a few lookups to use, it's *generating* the local storage I'm worried about.
waxwing has joined #bitcoin-wizards
kerneloops has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 276 seconds]
Dizzle has quit [Remote host closed the connection]
yobtc has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 246 seconds]
ruby32 has joined #bitcoin-wizards
yobtc has left #bitcoin-wizards ["Quit"]
Giszmo has joined #bitcoin-wizards
arubi_ has joined #bitcoin-wizards
eudoxia has quit [Quit: Leaving]
eudoxia has joined #bitcoin-wizards
alewis_btc has joined #bitcoin-wizards
DougieBot5000 has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 256 seconds]
TheSeven has joined #bitcoin-wizards
<null_radix>
ethere
<null_radix>
opps
orperelman has quit [Ping timeout: 244 seconds]
alewis_btc has quit [Quit: alewis_btc]
orperelman has joined #bitcoin-wizards
JackH has quit [Ping timeout: 240 seconds]
wallet42 has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
wallet42 has quit [Client Quit]
ThomasV has joined #bitcoin-wizards
tromp has quit [Ping timeout: 250 seconds]
kerneloops has quit [Quit: I rage quit!]
kerneloops has joined #bitcoin-wizards
Mably has quit [Quit: Page closed]
bi_fa_fu has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
bi_fa_fu has joined #bitcoin-wizards
alewis_btc has joined #bitcoin-wizards
eudoxia has quit [Ping timeout: 256 seconds]
ThomasV has quit [Ping timeout: 248 seconds]
shesek has joined #bitcoin-wizards
alewis_btc has quit [Quit: alewis_btc]
shen_noe has joined #bitcoin-wizards
bi_fa_fu has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
frankenmint has joined #bitcoin-wizards
bi_fa_fu has joined #bitcoin-wizards
shen_noe has quit [Client Quit]
<fluffypony>
null_radix: it's ethere-ummm, not ethere-opps
jae has joined #bitcoin-wizards
jae is now known as Guest94500
kerneloops has quit [Ping timeout: 248 seconds]
ThomasV has joined #bitcoin-wizards
JackH has joined #bitcoin-wizards
eudoxia has joined #bitcoin-wizards
_biO_ has joined #bitcoin-wizards
_biO_ has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
tromp has quit [Ping timeout: 248 seconds]
erasmosp_ has joined #bitcoin-wizards
Xh1pher has joined #bitcoin-wizards
erasmospunk has quit [Ping timeout: 256 seconds]
Guest94500 has quit [Remote host closed the connection]
eudoxia has quit [Quit: Leaving]
arubi_ has quit [Quit: Leaving]
eudoxia has joined #bitcoin-wizards
cryptonaut420 has joined #bitcoin-wizards
<cryptonaut420>
hey, is anyone having issues with their bitcoind nodes right now? specifically when creating and broadcasting raw transactions? seems to be taking a REALLY long time (but also restarting bitcoind appears to help somewhat)
<gmaxwell>
cryptonaut420: set -minrelaytxfee=0.0001 and that will avoid the issue.
<Apocalyptic>
gmaxwell, is there a way to set minrelaytxfee at runtime without restarting the node ?
<gmaxwell>
Very likely at least (I can't be sure without a reproduction).
<gmaxwell>
Apocalyptic: no, but why would you mind restaring it?
<Apocalyptic>
I don't mind, was just wondering
<cryptonaut420>
ok thanks, seen that advice somewhere else but havnt tried it yet. So others are experiencing the same thing? I ask because I am also running the addrindex patch, so wondering if it has something to do with the patch or if its a general issue
<gmaxwell>
cryptonaut420: oh well addrindex is likely much much more expensive, as IIRC it does search the mempool too.
<gmaxwell>
also the spam attack is constantly reusing addresses, which I think has much worse performance for addrindex
dc17523be3 has quit [Read error: Connection reset by peer]
<gmaxwell>
cryptonaut420: and no, I can't reproduce your behavior, so maybe it's specific to that; though my advice still holds.
<cryptonaut420>
yeah, il try it out and see if it makes a difference
c0rw1n_ has joined #bitcoin-wizards
bendavenport has joined #bitcoin-wizards
<morcos>
gmaxwell: restarting a node is not good for fee estimation. it probably doesn't hurt the existing estimation code TOO much, but the obvious next improvment is to see how far back in the current priority queue you are for a given fee, which is information you'd lose if you clear out your mempool
orperelman has quit [Ping timeout: 264 seconds]
dc17523be3 has joined #bitcoin-wizards
bblue has joined #bitcoin-wizards
c0rw1n has quit [Ping timeout: 240 seconds]
CoinMuncher has quit [Quit: Leaving.]
bliljerk101 has joined #bitcoin-wizards
_biO_ has joined #bitcoin-wizards
<cryptonaut420>
nooby question: if I set mintxrelayfee higher than normal, will my node still broadcast transactions that come from itself even if they use below standard fees?
Dizzle has quit [Quit: Leaving...]
<morcos>
crytonaut420: no you wont' even be able to create those transactions unless they have high enough priority, in which case you can create and relay them (but this is probably for #bitcoin)
<cryptonaut420>
even using createrawtransaction?
<morcos>
on #bitcoin
bi_fa_fu has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
hashtag has quit [Ping timeout: 244 seconds]
hashtag has joined #bitcoin-wizards
SubCreative has quit [Remote host closed the connection]
Mably has joined #bitcoin-wizards
tlrobinson has joined #bitcoin-wizards
c0rw1n_ is now known as c0rw1n
c0rw1n_ has joined #bitcoin-wizards
c0rw1n has quit [Ping timeout: 250 seconds]
priidu has quit [Ping timeout: 252 seconds]
tlrobinson has quit [Quit: tlrobinson]
shaul has joined #bitcoin-wizards
davi has joined #bitcoin-wizards
zooko` has joined #bitcoin-wizards
Xh1pher has quit [Read error: Connection reset by peer]
<zooko>
Unfortunately, the Merkle-Tree+Fiat-Shamir-NIZK proposed by the Argon2 authors gives, as Bill Cox has also pointed out, a substantial advantage to an ASIC implementation.
erasmospunk has joined #bitcoin-wizards
erasmosp_ has quit [Ping timeout: 252 seconds]
shesek has quit [Ping timeout: 256 seconds]
<nsh>
with just seven more hyphens we'll ensure commodity home hardware supremacy!
sparetire_ has joined #bitcoin-wizards
<zooko>
☺
tromp has quit [Ping timeout: 256 seconds]
bi_fa_fu has joined #bitcoin-wizards
ThomasV has quit [Quit: Quitte]
Guest48370 has quit [Remote host closed the connection]
p15x has quit [Read error: Connection reset by peer]
rubensayshi has quit [Ping timeout: 265 seconds]
p15x has joined #bitcoin-wizards
zooko has quit [Remote host closed the connection]
zooko has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
<amiller>
zooko, "substantial advantage"?
<amiller>
i don't agree with that, i don't know concretely what the ratio of hashes to memory accesses are, but if all you need is to 'keep up' with the rate of memory accesses then that could be pretty cheap
jtimon has quit [Ping timeout: 264 seconds]
jtimon has joined #bitcoin-wizards
shesek has quit [Ping timeout: 252 seconds]
<zooko>
amiller: I think the Merkle Tree construction means a depth of maybe 64 or so hashes, fully piplined.
<zooko>
I assume.
<amiller>
i bet you dont even need to compute those until you've found a solution anyway
<amiller>
i dont think that will have any impact whatsoever on asic
NewLiberty_ has joined #bitcoin-wizards
davi has quit [Ping timeout: 246 seconds]
<zooko>
Hm.
<zooko>
Yeah, you don't need to compute those until you've found a solution. I think. Good point!
NewLiberty has quit [Ping timeout: 252 seconds]
NewLiberty_ is now known as NewLiberty
<zooko>
That's a relief.
<zooko>
Because I want to use Argon2d for the well-studied memory-hardness, but I also want cheap verification.
jae has joined #bitcoin-wizards
jae is now known as Guest93019
jtimon has quit [Quit: No Ping reply in 180 seconds.]
jtimon has joined #bitcoin-wizards
<amiller>
ok so i want to talk about cuckoo more though
shesek has joined #bitcoin-wizards
<zooko>
*nod*
<amiller>
this bill cox guy's posts irritate me because they're super hand wavy.. i think he's plainly wrong now about the asic advantage of argon2d
<zooko>
Hm.
<amiller>
and i'm uncertain about his cuckoo point
<zooko>
'twould be great if your objection were posted to a mailing list where he, Solar Designer, et al. would see it.
<amiller>
but i'm irrirtated that in his subseuqent post, he's like "IIRC, cuckoo is totally broken"... what does he mean 'recall correctly', he means according to his own post from a few days ago when he declared it was broken
<amiller>
anyway
<amiller>
(yes if i decide i don't feel like an asshole after spewing it out here, i may consolidate it and post to phc :)
<amiller>
so, those irritants aside, i don't understand the cuckoo objection yet
<amiller>
i don't understand this 'hypercube' model of memory
<zooko>
I didn't really think it through.
<zooko>
Because
<zooko>
I don't think cuckoo has been well-studied, and I think it is very different from other algorithms.
<zooko>
Argon2 is basically the same thing as all the other hash functions, scrypt, etc. etc., except newer and tuned/tweaked/etc. and well-studied.
<zooko>
So that's my main motivation.
<zooko>
(Sorry, tromp. I like you.)
<amiller>
right, so, i'm trying to change cuckoo's status from not-studied to studied
<zooko>
There's a cultural thing here that might partially explain the way your and my intuitions differ.
<zooko>
Between the "mathy" cryptographers and the "bit-blender" cryptographers.
<zooko>
The latter call themselves "symmetric" cryptographers, I guess.
<zooko>
I'm in the latter camp.
<amiller>
the structure vs structureless thing
<zooko>
A lot of people that I like and admire are in the mathy camp.
<zooko>
FWIW I definitely approve of cuckoo getting better-studied.
<gmaxwell>
amiller: yea, bill's handwaving wore me out a long time ago. In general PHC is really bad with the handwaving.
<zooko>
BTW I kind of regret including that crude joke in there. DISREGARD THAT PART.
<amiller>
gmaxwell, so, what is this hypercube kind of thing
<gmaxwell>
There are a few there that are pretty crisp, but the SNR ratio is not good.
* nsh
didn't follow the argument
<amiller>
my understanding of 'memory hard' is that it is supposed to require having a lot of memory, but it doesn't matter if its throughput is utilized
<amiller>
so the bill cox objection is that you can use a parallel algorithm
<zooko>
Well, unfortunately I'm running out of battery, and I need to go spend an hour or two with my dead-trees-and-bricks-and-mortar bank asking them to do the simplest fucking things, like "Don't *both* cancel my card for having been stolen *and* ask me to pay the fraudulent charges".
<zooko>
Dammit.
<gmaxwell>
amiller: what POW wants and what password hashing wants are not one and the same.
<gmaxwell>
E.g. a POW that takes a full second to verify would be a useless anti-ddos cookie, but a ducky kdf for disk encryption.
<amiller>
yes that doesn't seem relevant to this particular attack though
<gmaxwell>
no indeed, just an example though.
<amiller>
ok, i agree with that meta concern, it unfortunately seems to limit how much we can gain from interaction with PHC
<gmaxwell>
Yes, I agree that cuckoo is not well studied; but its actually targeting the right objective (well, assuming you agree that 'memory hard' is useful. :) )
<amiller>
ok so, what is the crux of this specific attack on cuckoo's memory hardness
<zooko>
gmaxwell: as far as I can tell Argon2 also meets my objectives.
<zooko>
gmaxwell: and also the authors of it explicitly attempt to address those objectives.
<amiller>
it is about an efficient parallel algorithms for finding the cycles
<gmaxwell>
zooko: argon2's authors are pretty good.
<amiller>
a parallel algorithm that assumes all the data is in memory doesn't seem to inviolate memory-hardness
JackH has quit [Ping timeout: 246 seconds]
<amiller>
it just makes better use of perhaps the parallel memory throughput i guess
<gmaxwell>
zooko: but their cheap verification thing has not really been peer reviewed afaik.
<amiller>
but this 'hypercube' seems to be suggesting something other than a typical memory, where there are smaller memory cells and some kind of routing network between them
<tromp_>
my response to bill on phs list doesn't seem to be getting through
<gmaxwell>
(maybe you've reviewed it, I haven't-- it wasn't part of their original proposal and I didn't get as far as it in their new stuff)
<zooko>
gmaxwell: true.
<tromp_>
maybe awaiting moderation
ThomasV has joined #bitcoin-wizards
<amiller>
tromp_, give us a pastebin link for now?
<zooko>
tromp_: I haven't seen any response from you. I don't think that mailing list is moderated.
<tromp_>
let's see if it's in my gmail sent folder
<tromp_>
I *so* hate trying to cut from gmail messages; once it starts scrolling it immediately zooms way past what yo uwant
<nsh>
software is the price we pay for information
goregrind has quit [Read error: Connection reset by peer]
<tromp_>
Bill seems to think that outlining the parallel implementation of the basic algorithm already detailed in the Cuckoo whitepaper constitutes breaking it
Xh1pher has quit [Read error: Connection reset by peer]
orperelman has joined #bitcoin-wizards
goregrind has joined #bitcoin-wizards
<tromp_>
Bill responded to my message (which I also sent directly to him), so you might see his reply before my original
mjerr has quit [Ping timeout: 256 seconds]
<zooko>
I sometimes avoid Cc:'ing people directly, when replying to lists, in order to avoid that.
<tromp_>
i did that since i have no faith my message will ever make it on that list
<tromp_>
if i did, i would follow that convention:)
wumpus has quit [Ping timeout: 256 seconds]
<zooko>
:-)
wumpus has joined #bitcoin-wizards
sadoshi has quit [Remote host closed the connection]
<tromp_>
thx; i'll refrain from directly replying to bill in future...
<amiller>
ok bill cox's follow up messages have a lot more detail, it seems that a) he wants to obliterate Momentum first, which is like cuckoo with a degenerate setting... cuckoo paper already points out an attack on this degenerate setting, but bill cox says there is an even worse attack, and it would be good to undersatnd this first and then apply it to nondegenerate settings
<tromp_>
Every time I reply I get "Your message to cryptography awaits moderator approval"
<tromp_>
but Bill is attacking a memory-wasteful implementation of Momentum
<amiller>
b) the crux of the attack is about a different between 'sequential memory hard' which says you shouldn't be able to parallelize it, and
<tromp_>
the edge-trimming cuckoo implementation is the most memory efficient one
isis has quit [Ping timeout: 256 seconds]
flower has quit [Max SendQ exceeded]
<zooko>
tromp_: Perry Metzger and/or Tamzen Connoy manually moderate every post to that list.
flower has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
isis has joined #bitcoin-wizards
<amiller>
so unpacking the difference between memory*time (sequentialy memory hard) and memory*work (parallel memory hard)
<amiller>
i guess it's plausible that there are custom parallel memories with particular communication patterns that might outperform commodity dram
<tromp_>
no doubt, but at what cost?
<tromp_>
when you build your sorting hypercube, perhaps to reduce memory latencies for 100s of threads, i expect that will be lots more expensive than just buying a few more dram chips each accessed with a moderate #threads
wallet42 has joined #bitcoin-wizards
ruby32 has quit [Quit: ruby32]
ruby32 has joined #bitcoin-wizards
OneFixt has quit [Remote host closed the connection]
OneFixt has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
bi_fa_fu has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
p15x has quit [Ping timeout: 248 seconds]
drwin has joined #bitcoin-wizards
zooko has quit [Ping timeout: 276 seconds]
wallet42 has quit [Quit: Leaving.]
priidu has joined #bitcoin-wizards
<amiller>
im not clear yet one whether hypercube is something you can even build on an asic
<amiller>
or if it's inherently about this thru-silicon-via 3d stack stuff
<tromp_>
a 3D implementation will also need longer connections
orperelman has quit [Ping timeout: 256 seconds]
JackH has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
<gmaxwell>
zooko: obviously we need an anti-censorship mail extension where every message commits to the set of messages on the list you've already seen, so people won't accept your message unless they've seen the history too. :)
p15x has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 276 seconds]
crescendo has quit [Ping timeout: 248 seconds]
tromp has quit [Ping timeout: 265 seconds]
shen_noe has joined #bitcoin-wizards
crescendo has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
<zooko>
Darn. I just figured out that the memory access patterns in Argon2 are utterly predictable, so it is actually bandwidth-oriented instead of latency-oriented.
zooko` has joined #bitcoin-wizards
zooko has quit [Disconnected by services]
zooko` is now known as zooko
<bramc>
A parallel implementation of cuckoo which used the same amount of memory would be a good thing. It would have similar hardness but reduce latency.
<amiller>
zooko, uh, Argon2d is data dependent (unpredictable, good for cryptocurrency), Argon2i is data independent (good for phc so it doesn't leak data about the password)
<bramc>
Has my construction for making password hashing algorithms memory access unpredictable come up on phc?
<amiller>
bramc, well it depends on whether it uses a commodity memory or a customized, in-silicon, hypercube laid-out memory
drwin has quit []
<zooko>
amiller: I think the memory access patterns are the same even in the data-dependent version, trhough.
davi has joined #bitcoin-wizards
<bramc>
I came up with it, then realized how profoundly different PoW and password hashing are, then stopped working on it more
drwin has joined #bitcoin-wizards
<bramc>
amiller, The question of whether cuckoo's memory can be beaten by asics is an interesting one, but not the same as whether it's busted in terms of being linear in memory
<amiller>
zooko, i don't understand, data dependent memory access == unpredictable memory access pattern or are there two differen things
<amiller>
bramc, the point is that the gold standard for "sequential memory hard" is memory*time, whereas the weaker 'parallel memory hard' is about memory*work, which might be beaten by asic
<bramc>
amiller, Fair enough, but as per usual it comes down to cost of the chips and energy efficiency of the work. Just because the ASIC has lower latency doesn't mean that it wins.
<zooko>
amiller: I'll get back to you after I read and think more.
<zooko>
amiller: for one thing, I think I've been reading the *Argon*, not *Argon2* spec this whole time. Whoops.
ThomasV has quit [Ping timeout: 264 seconds]
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 250 seconds]
blackwraith has joined #bitcoin-wizards
dansmith_ is now known as dansmith_btc
priidu has quit [Ping timeout: 252 seconds]
<bramc>
I'd classify cuckoo as mostly a bit-blending approach with a little bit of simple math thrown in
<zooko>
Hm.
<bramc>
Doing web searching it seems like my password hashing mode hasn't even been discussed on phc :-(
bi_fa_fu has joined #bitcoin-wizards
paveljanik has quit [Quit: Leaving]
davi has quit [Remote host closed the connection]
spinza has quit [Excess Flood]
spinza has joined #bitcoin-wizards
Guest93019 has quit [Remote host closed the connection]
airbreather_2 has joined #bitcoin-wizards
jae has joined #bitcoin-wizards
jae is now known as Guest75456
Guest75456 has quit [Remote host closed the connection]
<nsh>
extraneous word here maybe [thing?] "There’s a reversible operation based on the thing data being hashed which munges the internal state and the part of bulk memory referred to, resulting in the pointer referring to a new pseudorandomly selected block of memory."
<bramc>
What it does, in a nutshell, is take a hashing algorithm - it can be any hashing algorithm, like is used to make a feistel network, and makes a password hashing algorithm out of it which has unpredictable reads and writes and has the very nice mathematical property of being time reversible, which obliterates whole categories of potential attacks on the thing
<bramc>
nsh, oh yeah, copy editing problem
<nsh>
how does reversibility mitigate attacks?
p15x has joined #bitcoin-wizards
<nsh>
are you turning the whole sparse memory state into a pseudo-random permutation?
<zooko>
bramc: nice and simple. Too bad it wasn't a PHC candidate.
<bramc>
nsh, Roughly yes. The idea is to make it so that there aren't any weak passwords which lose info in weird ways
* nsh
nods
p15x_ has quit [Ping timeout: 276 seconds]
<bramc>
zooko, I don't have the requisite expertise to fully flesh it out into a whole thing. I was hoping somebody who did would use it as a basis for a fleshed out thing instead of the mashed-together bullshit they usually use
<bramc>
nsh, The general intuition is that most password hashing modes because they're mashing stuff together in a fairly incongruous way have to make steps paralellizable so they don't accidentally lose information. If everything is guaranteed to be reversible you can obliterate the parallelizability
<bramc>
It's sort of like feistel that way. You can worry about your core primitive having good diffusion and not having simple mathematical properties without having to worry in the slightest about whether it's a permutation
<bramc>
In that post I suggest using AES as the function for mashing it up, which I later realized is ridiculous: It's much more akin to a single round of AES
<bramc>
It should probably be called a 'mode', similar to sponge
belcher has joined #bitcoin-wizards
<zooko>
amiller: you don't mind if I attribute things to you, like "Andrew Miller pointed out to me that the mining algorithm could allow the winning ticket to be determined (by the miner) *before* computing the Merkle Tree, thus avoiding adding a significant performance advantage for ASIC miners by the addition of the Merkle Tree".
<zooko>
?
hashtagg_ has quit [Ping timeout: 255 seconds]
<zooko>
One risk of me attributing things to you is that I'll get them wrong and then everyone will think you're dumb.
<amiller>
i accept this risk
<amiller>
if any of those turn out to be bad ideas ill just use twitter to blame someone else
<zooko>
Ok.
RH311ish has quit [Read error: Connection reset by peer]
RH311ish has joined #bitcoin-wizards
arubi_ has joined #bitcoin-wizards
erasmosp_ has joined #bitcoin-wizards
nullbyte has joined #bitcoin-wizards
erasmospunk has quit [Ping timeout: 244 seconds]
<zooko>
Hm.
<zooko>
Actually this one might be one of those things where I'm about to make you sound dumb.
<zooko>
Because
<zooko>
how can a miner know that he's gotten a winning ticket -- which can be verified as a winning ticket by a verifier -- without first computing the Merkle Tree?
* zooko
thinks
<zooko>
One way would be if the criteria for winning was a property of all/most of the *leaves* of the Merkle Tree.
<zooko>
e.g., this wins if all of the leaves (that got picked by the Fiat-Shamir beacon) start with 50 zero bits.
<zooko>
Hm.
<zooko>
Again, to avoid giving an advantage to the miner who is much better at hashing, we should ideally also get our Fiat-Shamir beacon from stuff that the bad-at-hashing
akkked has quit [Read error: Connection reset by peer]
<zooko>
Yeah, so we can derive the Fiat-Shamir beacon from the leaves directly, or something that doesn't require computing the Merkle Tree.
<zooko>
The only remaining niggling bit is that a naive miner would just keep going until *all* the leaves had 50 zero-bits,
jae has joined #bitcoin-wizards
<zooko>
but a smarter miner checks the Fiat-Shamir beacon to see if it overlooks those of his leaves that don't have 50 zero-bits.
<zooko>
Seems ok.
jae is now known as Guest65466
<zooko>
I guess computing the Fiat-Shamir beacon is not a big computationally-intensive thing.
<zooko>
I suppose it is secure-hash-of-the-leaves.
<zooko>
Um.
afk11 has joined #bitcoin-wizards
<zooko>
Secure-hash-of-the-leaves is only 1/2 as intensive as Merkle-Tree-over-all-the-leaves.
* zooko
is uncertain about this part.
<zooko>
Oh, the ... the beacon can be a ...
* zooko
's brain is melting
<zooko>
Okay, I'll just say it.
<zooko>
The Fiat-Shamir-beacon can be a property local to each leaf, like "This leaf is in the required set if its hash is less than X".
<zooko>
The reason this melts my brain is because ... Because ...
<zooko>
Okay
<zooko>
So yeah, our variant of the Fiat-Shamir transform here is simply "at least 1/2 of your leaves have to start with at least 50 zero bits each".
<zooko>
YAy! Done.
<kanzure>
it seems that you do not use the "think of all possible worlds where you have solved the problem, then pick the optimal world and work backwards" method of thinking
tromp has joined #bitcoin-wizards
<zooko>
Okay now I've really got to go persuade my bank that it doesn't make sense to both cancel my card for fraud and also ask me to pay the fraudulent charge or do the work of disputing it.
<zooko>
And while they are at it, please be disrupted out of existence and go get new jobs.
<nsh>
there's probably a sequence of DTMF tones that cancels the bank instead
ruby32 has quit [Quit: ruby32]
ruby32 has joined #bitcoin-wizards
tromp has quit [Ping timeout: 255 seconds]
zooko has quit [Ping timeout: 276 seconds]
ThomasV has joined #bitcoin-wizards
nullbyte has quit [Ping timeout: 246 seconds]
Guest65466 has quit [Remote host closed the connection]
nullbyte has joined #bitcoin-wizards
airbreather_2 is now known as airbreather
ThomasV has quit [Ping timeout: 256 seconds]
StephenM347 has quit []
SaltySalads has joined #bitcoin-wizards
www has joined #bitcoin-wizards
jae has joined #bitcoin-wizards
jae is now known as Guest90600
_biO_ has quit [Remote host closed the connection]
wallet42 has joined #bitcoin-wizards
afk11 has quit [Ping timeout: 264 seconds]
ruby32 has left #bitcoin-wizards [#bitcoin-wizards]
DougieBot5000 has quit [Quit: Leaving]
wallet42 has quit [Read error: Connection reset by peer]
wallet421 has joined #bitcoin-wizards
wallet421 has joined #bitcoin-wizards
bblue has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
Mably has quit [Ping timeout: 256 seconds]
afk11 has joined #bitcoin-wizards
btcdrak has quit [Ping timeout: 248 seconds]
kumavis has quit [Ping timeout: 248 seconds]
huseby has quit [Ping timeout: 248 seconds]
Xzibit17_ has quit [Ping timeout: 248 seconds]
hashtag has joined #bitcoin-wizards
kumavis has joined #bitcoin-wizards
Quanttek has quit [Remote host closed the connection]
Xzibit17_ has joined #bitcoin-wizards
chmod755 has joined #bitcoin-wizards
btcdrak has joined #bitcoin-wizards
huseby has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 264 seconds]
shaul has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<CodeShark>
then the second time around you can use the image of your ex-wife taking off with your mindwallet
<moa>
starting to sound an inception sequel plot
nullbyte has quit [Ping timeout: 248 seconds]
nullbyte has joined #bitcoin-wizards
hashtag has joined #bitcoin-wizards
<bramc>
There was a book where a footnote said 'I am grateful to Mr. So-and-So for translating this book' followed by a footnote which said 'I am grateful to Mr. So-and-So for translating the preceding footnote'. And a third footnote saying 'I am grateful to Mr. So-and-So for translating the preceding footnote'. There was no fourth footnote, because the third one was copied from the second and didn't require an additional transl
<bramc>
ation.
tromp has quit [Remote host closed the connection]
<gmaxwell>
fixed point attribution
<CodeShark>
gmaxwell: did you fix your mouse?
Guest90600 has quit [Remote host closed the connection]