wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
<gmaxwell>
hah. well actually I have a mouse problem too, but the DOS attack went away when I made my node unreachable via ipv4 again.
XXIII has joined #bitcoin-wizards
alewis_btc has joined #bitcoin-wizards
<moa>
would the library at the end of the universe, with all the books in it, have a book with all the books in the library listed in it and would that book have itself listed within it?
<bblue>
nsh: I talked with the Brainflayer guy (Ryan) at the last SF Bitcoin Drinkup. Basically he's just running a password brute-forcing tool on the blockchain by looking for matching addresses that have balances. Seems like a basic thing to do. The surprising bit is how many coins are exposed using his tool. People suck at passwords.
<nsh>
could make all this PHC nonsense redundant with a simple sidechains PoC that allows anyone to limit access attempts for any account on any site to any multiple of a 30s blocktime
dc17523be3 has quit [Ping timeout: 276 seconds]
<nsh>
or relatively not simple, but possible anyway
mm_1 has joined #bitcoin-wizards
nullbyte has quit [Ping timeout: 248 seconds]
belcher has quit [Quit: Leaving]
tlrobinson has quit [Quit: tlrobinson]
tromp has joined #bitcoin-wizards
FranzKafka has joined #bitcoin-wizards
chmod755 has quit [Quit: Ex-Chat]
rusty has joined #bitcoin-wizards
rusty has quit [Changing host]
rusty has joined #bitcoin-wizards
bblue has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<amiller>
nsh.... so... every time i want to use a password to log into a website, you're suggesting i should use my private key to sign a transaction and publish it to reserve a slot for my password hash request?
<amiller>
nsh that rather defeats the point of passwords, which is that people are too lazy to use private keys
erasmospunk has quit [Quit: ttm]
<gmaxwell>
A while back I came up with a scheme which allowed for censoring resistant information theoretically secure password hardening / rate-limiting against a federated 'clock'.
<nsh>
amiller, true
<nsh>
what was it, gmaxwell?
<nsh>
amiller, i meant rather that sites would gate access on the basis of hashes that can only be generated with some nonce that depends on a mine block of attempt requests
<nsh>
so users would still be able to employ passwords, but sites would check them against some window of block-salted hashes
Tebbo has joined #bitcoin-wizards
<nsh>
*mined
<gmaxwell>
nsh: M parties first do an interactive protocol to gain shares of a secret signing key for a N of M BLS signature. So then you have a pubkey P for the 'clock federation'.
* nsh
nods
Tebbo has quit [Read error: Connection reset by peer]
<gmaxwell>
nsh: a user wants to authenticate, he KDF's his password as usual, but then take it as a message to sign, and computes a random blinding factor. The result is a uniform value (no information leakage)
<gmaxwell>
He then sends this message to be signed to N of the M clocks, and pays them some fee, solves some captcha, or waits for their ratelimit (whatever the heck they're doing to limit their use) and they sing M, he reinterpolates their signatures to get the signature with P, then he unblinds it
<gmaxwell>
and now he has a determinstic signature of his KDFed secret. and then just uses that as his secret.
<nsh>
ah, neat
<gmaxwell>
if Bitcoin could verify BLS signatures you could even directly use transactions to pay the participants to sign.
* nsh
nods
<gmaxwell>
and they could have a timelocked bond to encourage them to not lose their keys.
<rusty>
gmaxwell: is there a wishlist somewhere for an OP_CHECKSIG2? Seems like lightning might need new sighash ops after all, might as well start thinking about it.
CodeShark_ has quit [Ping timeout: 246 seconds]
dc17523be3 has joined #bitcoin-wizards
DougieBot5000 has quit [Quit: Leaving]
<nsh>
dan boneh's paper on identity-based weil pairing is cited 6,117 times. it probably took a thousand years for euclid's elements to be cited that many times
cryptonaut420 has quit [Quit: Leaving]
alewis_btc has joined #bitcoin-wizards
<gmaxwell>
lol
<gmaxwell>
rusty: not collected nicely, people have been making an effort to not shortcut reasearch by running ahead with a premature proposal.
Tebbo has joined #bitcoin-wizards
<rusty>
gmaxwell: Hmm, well at some point it has to come to a boil, otherwise we just logjam forever.
<gmaxwell>
roasbeef: Hey, were is your fast multi-scalar multiply?
<moa>
could minrelaytxfee be a dynamic variable that follows minimum fee that is getting into blocks (or some lesser percentage thereof)?
<gmaxwell>
rusty: sure; but "rusty is interested in this" is not really a great decision critreia for that.
<bramc>
Is the main stumbling block for op_checksig2 how expressive the language for specifying what the other signatures have to sign should be?
<gmaxwell>
:)
<moa>
why should nodes be forwarding TX that probably wont make it into blocks?
bendavenport has quit [Quit: bendavenport]
<moa>
in the mempool lifetime
rusty has quit [Ping timeout: 250 seconds]
<gmaxwell>
rusty: research in this area has so far yielded a ~2x verification speedup (the batching support for the schnorr signatures in elements), and accountable multisig which is potentially a zillion fold more efficient. The remaining known-ununkown is the right level of sighash flag generality.
<nsh>
moa, how many blocks do you average over?
<moa>
mempool lifetime
<moa>
say 95% probability it wont make it into a block ... or pick a high percentage like that
<bramc>
What is 'accountable multisig'?
<nsh>
that's a much more complex calculation than the global hashpower, which is the only thing miners are entrusted to estimate for the entire network
<nsh>
i think there are many more ways it could go wrong than the advantages could justify
<moa>
core already does it already for fee calc
<nsh>
it doesn't invalidate inputs. having a dynamic relay bar would
Zooko-phone has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
justanotheruser has quit [Ping timeout: 276 seconds]
<rusty>
gmaxwell: Lightning wants to create a TX B 2of2 input which spends the single output of an inputs-as-yet-unsigned TX A. Simply creating a CHECKSIG2 which has a sighash flag which omits the input txid would be the minimal solution AFAICT.
<rusty>
Or, complete elimination of malleability (including signature malleability) would allow a slightly-less efficient scheme to work.
<rusty>
gmaxwell: IIUC elements alpha uses a deterministic signature scheme; would this be a softfork for bitcoin? Would it fix sig malleability, such that with BIP62 all known malleability would be eliminated?
<gmaxwell>
rusty: No, no signature scheme for plain discrete-log crypto can be determinstic against the signer.
<gmaxwell>
the signautre scheme in elements alpha is derandomized, same as ecdsa in libsecp256k1 is derandomized, but the signer can still make multiple signatures of the same data that differ.
<rusty>
gmaxwell: right. So any scheme where you want to get a presigned dependent tx on something not already deep in blockchain is going to require a new sighash style of some description.
justanotheruser has joined #bitcoin-wizards
flower has quit [Max SendQ exceeded]
<gmaxwell>
rusty: the multilevel dependancy avoidance cannot be done with just sighash styles except by excluding the input txid entirely, which would work for that, but it opens up replay attacks and other nastyness... so it's not a generalized solution (though it may well be fine for lightning)
* gmaxwell
goes to dinner
flower has joined #bitcoin-wizards
Burrito has quit [Ping timeout: 276 seconds]
<rusty>
gmaxwell: not quite... it could include an alternate (normalized/minimized) input txid instead. I think...
Guest84676 has quit [Remote host closed the connection]
Dr-G has quit [Disconnected by services]
Dr-G2 has joined #bitcoin-wizards
hashtag has quit [Ping timeout: 244 seconds]
flower has quit [Max SendQ exceeded]
flower has joined #bitcoin-wizards
c0rw1n is now known as c0rw|zZz
CodeShark_ has joined #bitcoin-wizards
flower has quit [Max SendQ exceeded]
flower has joined #bitcoin-wizards
shaul has joined #bitcoin-wizards
hashtag has joined #bitcoin-wizards
hashtag has quit [Ping timeout: 246 seconds]
shaul has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
NewLiberty has quit [Ping timeout: 264 seconds]
shen_noe has quit [Ping timeout: 255 seconds]
tromp has quit [Remote host closed the connection]
warptangent has quit [Ping timeout: 252 seconds]
bblue has joined #bitcoin-wizards
afk11 has quit [Ping timeout: 250 seconds]
tromp has joined #bitcoin-wizards
shen_noe has joined #bitcoin-wizards
afk11 has joined #bitcoin-wizards
warptangent has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 248 seconds]
Zooko-phone has quit [Ping timeout: 248 seconds]
bblue has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
ss_bgs has joined #bitcoin-wizards
DougieBot5000 has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
bblue has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
p15x has quit [Ping timeout: 248 seconds]
zooko has joined #bitcoin-wizards
ss_bgs has quit []
p15x has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 246 seconds]
TheSeven has joined #bitcoin-wizards
<roasbeef>
gmaxwell: Heya, I went back and re-visited it yesterday (hadn't since I turned it in for the class project) by writing some additional tests and discovered a bug :/
<roasbeef>
gmaxwell: an error is being introduced somewhere in the heap iterations, so it's not 100% there yet, gonna require some additional head-banging
<zooko>
BTW, if anybody read that fast-verification-for-proof-of-work stuff I posted into this channel earlier, it was probably all garbage and you should forget about it. :-(
tromp has quit [Remote host closed the connection]
bendavenport has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
<zooko>
Howdy bendavenport!
<bendavenport>
hey zooko
p15x has quit [Ping timeout: 246 seconds]
copumpkin has joined #bitcoin-wizards
<zooko>
rusty: I'd like to understand what protocol features would support Lightning best.
<zooko>
I suppose the next step on that would be to *really* understand your blog series explaining Lightning...
<Luke-Jr>
bendavenport: welcome!
<bendavenport>
thanks Luke-Jr
<rusty>
zooko: so would I :) I tried to design a variant which didn't require this feature, and Joseph Poon blew a hole in it last night. Hopefully we can repair it with something else, but if not it's back to the requirements in the original paper...
shen_noe has quit [Quit: Leaving]
<zooko>
rusty: so the thing is, we're launching a new coin, and I'd like to know if there are things that are low engineering costs but help a lot with the next layer up.
<zooko>
Non-malleability seems like a big one, although I don't understand what the best implementation of non-malleability is...
<rusty>
zooko: well, Elements Alpha's segregated witness solves this. Not possible for bitcoin without a hardfork, but in your case you don't care.
<rusty>
zooko: the best way to figure out the exact difference between bitcoin and elements alpha is probably to look in the lightning code:
goregrind has quit [Read error: Connection reset by peer]
ThomasV has joined #bitcoin-wizards
akrmn has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
ThomasV has quit [Quit: Quitte]
goregrind has joined #bitcoin-wizards
hearn has joined #bitcoin-wizards
<CodeShark>
gmaxwell: if you're looking to optimize something with the transaction encoding, optimize verification complexity before optimizing space :)
<gmaxwell>
I pointed out in the message that its optimizing the wrong thing.
<CodeShark>
right
orperelman has quit [Ping timeout: 244 seconds]
<gmaxwell>
though with batch schnorr in elements, it's actualyl bandwidth limited on bitcoin transactions up through most consumer broadband speeds.
<CodeShark>
well, the ultimate goal would be to have something like SPV but that actually works :p
<gmaxwell>
and I think _generally_ its easier to scale your cpu power than bandwidth, as cpu power comes in pretty little boxes from newegg.
<gmaxwell>
CodeShark: well any of that would be generally applicable-ish.
wallet42 has joined #bitcoin-wizards
<CodeShark>
if we're going to allow all this cheating, can't we come up with a protocol that doesn't require downloading the entire transaction history from the beginning of time to validate the present? (besides the summary commitments of lightning and such)
<CodeShark>
can we do better than SNARKs?
<gmaxwell>
CodeShark: what I was describing didn't change the security model at all.
<CodeShark>
I
<gmaxwell>
or even require crypto younger than 15 years old or so.
<gmaxwell>
maybe 14 years old.
<CodeShark>
I'm well aware of that - I was trying to do a segue... :p
<gmaxwell>
CodeShark: well if you want a segue, go figure out a way to do that and suggest it. :)
orperelman has joined #bitcoin-wizards
<CodeShark>
I was thinking a nested consensus mechanism of some sort...so that lightning doesn't necessarily need to resort to the global consensus structure for dispute resolution
<CodeShark>
then perhaps we can cut down the number of global commitments even further
<CodeShark>
you continue to appeal if there's still a dispute
<CodeShark>
until you reach the global consensus structure
<CodeShark>
that would mean only the most contentious battles would tend to reach the global consensus level
<CodeShark>
each level up costs more, of course - since you're asking more people to contribute computational resources to decide your case
<CodeShark>
I mean, that's sort of how civil society works
<CodeShark>
civil society does not work by making sure everyone knows that I paid my gardner yesterday
<CodeShark>
unless I failed to pay the gardner or the gardner failed to provide services
alewis_btc has quit [Quit: alewis_btc]
<waxwing>
i've always assumed bitcoin would evolve like that
<gmaxwell>
CodeShark: great you've just described what lightning does; it only elevates most activity to the public network if there is a dispute.
<CodeShark>
gmaxwell: there could be a tiered structure - doesn't have to go straight to ground...you can have lightning bolts that just hit clouds with a slightly different voltage :)
<CodeShark>
waxwing: doesn't seem very many people have always assumed that :p
<CodeShark>
consider those who are trying to use the blockchain as a ledger for every single asset for every single individual in the world :p
<waxwing>
but, i'd say, there's a fairly big proportion of people who see bitcoin as more like SWIFT or somesuch ... well, i don't know, it still seems to be a controversial question
<gmaxwell>
People expect bitcoin to be both floor wax and dessert topping; and miss the fact that even if it can be all things to all people that might only be possible at the expense of being very poor at all of them.
<waxwing>
gmaxwell: yes, difficult to argue with that. but which is it? :)
<CodeShark>
reversibility and recourse for dispute resolution should be optional features in a payment system that could be waived
<gmaxwell>
Well the question I ask is what does (/can) Bitcoin do uniquely better in a fundimental way compared to alternatives.
<waxwing>
optional, agreed CodeShark
<waxwing>
gmaxwell: resist censorship
<gmaxwell>
I do not think bitcoin can out-swift swift.. if its better at being swift at all, in any way, it's only because swift is asleep at the switch.
<gmaxwell>
But right, someone once asked me if I thought Bitcoin was more for paying wikileaks or for replacing credit cards.
priidu has joined #bitcoin-wizards
<waxwing>
SWIFT I just use as a placeholder for : "serious" payments which may cross jurisdictional boundaries
<waxwing>
and it's in exactly that context that censorship resistance matters most
<gmaxwell>
And I poninted out that I have a 2% cashback credit card that it seems hard for bitcoin payments to compete with for plain retail payments; but that same creditcard cannot pay wikileaks-- mastercard shut that down, even without a government demand to do so.
<gmaxwell>
But its not just edgy uses, if you want to create a layer above to do interesting things; you need to be able to count on the contracts underlying it are absolte ... or every step requires complex risk analysis that computers cannot do. Thats something: be very predictable, that bitcoin can possibly do that traditional systems cannot, because meddling with them arbritarily is too easy.
* waxwing
nods
<waxwing>
that's kind of what i was trying to get at in that post, it should be obvious that the whole thing 'works' one way round (uncensorable at the bottom) and doesn't work the other.
<moa>
"If you try to mix in those higher layers to the underlying protocol, you destroy it.: waxwing here's the danger, cramming things in that are better kicked upstairs
<CodeShark>
even if the contracts at the edges of the network imply risk, the risk could be managed by a separate layer
<CodeShark>
i.e. insurance, market makers, etc...
<CodeShark>
and the ecosystem can involve humans that willingly take on the risk for potential profit
ThomasV has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
<CodeShark>
so I don't think that necessarily every step requires complex risk analysis
<CodeShark>
the risk can be isolated from the predictable layers
freewil has joined #bitcoin-wizards
freewil has left #bitcoin-wizards [#bitcoin-wizards]
AaronvanW has quit [Ping timeout: 246 seconds]
<leakypat>
SWIFT can route your payment through jurisdictions without your knowledge
<leakypat>
A lot of local banks around the world are corrupt / insolvent, so for international trade I think the censorship resistance property is valuable
<leakypat>
The letter of credit market for example
alewis_btc has quit [Quit: alewis_btc]
dc17523be3 has quit [Ping timeout: 250 seconds]
<leakypat>
How many use this system just because it's the way things are done and always have been
tromp has joined #bitcoin-wizards
<CodeShark>
there are very few cryptocurrency applications right now that really make much use of any features that go beyond just the traditional payment systems people are used to
<leakypat>
The current system introduced unnecessary risk into a lot of transactions just by virtue of the fact it is a closed system
wallet42 has quit [Quit: Leaving.]
<leakypat>
So I want to pay a supplier in Nigeria but I can't because my bank doesn't trust their bank
<CodeShark>
never send money to Nigeria for any reason :p
AaronvanW has joined #bitcoin-wizards
<leakypat>
Well, I have friends in Nigeria who I would totally trust to send money to.. Just not via the local banks
<CodeShark>
are they princes?
<leakypat>
I'm sensing your reference point for Africa is scam nails and /or "coming to America"
<leakypat>
*mails
tromp has quit [Ping timeout: 244 seconds]
<CodeShark>
anyhow, your point is well taken - if we could choose how to route payments ourselves we could avoid this "my bank doesn't trust theirs" issue
<leakypat>
In any case, Nigeria can be any country
<CodeShark>
I know, I was just kidding
<leakypat>
Even Europe, transactions between Sweden and Germany
<leakypat>
Routed through the states
<leakypat>
Money frozen
<leakypat>
Why? Cuban cigars
* fluffypony
lives in Africa
www has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
<CodeShark>
would money being frozen also fit into the "censorship" category?
<leakypat>
For sure
<leakypat>
It's risk being introduced by the system
<leakypat>
That costs
<leakypat>
fluffypony: where abouts?
<fluffypony>
leakypat: South Africa
Emcy has quit [Read error: Connection reset by peer]
justanotheruser has quit [Read error: Connection reset by peer]
wallet42 has joined #bitcoin-wizards
koshii has quit [Ping timeout: 252 seconds]
justanotheruser has joined #bitcoin-wizards
koshii has joined #bitcoin-wizards
Tiraspol has quit [Ping timeout: 264 seconds]
Tiraspol has joined #bitcoin-wizards
Tiraspol has quit [Changing host]
Tiraspol has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
wallet42 has joined #bitcoin-wizards
shesek has quit [Ping timeout: 264 seconds]
XXIII has quit [Quit: Leaving]
shesek has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 250 seconds]
p15x has joined #bitcoin-wizards
www has quit [Ping timeout: 252 seconds]
p15x_ has quit [Ping timeout: 248 seconds]
shaul has joined #bitcoin-wizards
www has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 252 seconds]
dc17523be3 has joined #bitcoin-wizards
hashtag has joined #bitcoin-wizards
c0rw|zZz is now known as c0rw1n
hashtag has quit [Ping timeout: 246 seconds]
drwin has joined #bitcoin-wizards
priidu has quit [Ping timeout: 250 seconds]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 244 seconds]
priidu has joined #bitcoin-wizards
chmod755 has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 264 seconds]
ThomasV has quit [Ping timeout: 250 seconds]
Quanttek has joined #bitcoin-wizards
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
hearn has joined #bitcoin-wizards
hearn has quit [Client Quit]
orperelman has quit [Ping timeout: 252 seconds]
mjerr has quit [Ping timeout: 250 seconds]
tromp has joined #bitcoin-wizards
jgarzik has quit [Quit: This computer has gone to sleep]
SDCDev has quit [Ping timeout: 256 seconds]
afk11 has quit [Ping timeout: 276 seconds]
tromp has quit [Remote host closed the connection]
eudoxia has joined #bitcoin-wizards
alewis_btc has joined #bitcoin-wizards
nickler_ is now known as nickler
hearn has joined #bitcoin-wizards
shaul_ has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
shaul has quit [Ping timeout: 246 seconds]
shaul_ has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
p15x has joined #bitcoin-wizards
p15x_ has quit [Ping timeout: 264 seconds]
binaryatrocity has quit [Remote host closed the connection]
hashtag has joined #bitcoin-wizards
orperelman has joined #bitcoin-wizards
shesek has quit [Ping timeout: 276 seconds]
chmod755_ has joined #bitcoin-wizards
chmod755 has quit [Ping timeout: 240 seconds]
SDCDev has joined #bitcoin-wizards
cdecker has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 246 seconds]
moa has quit [Quit: Leaving.]
ThomasV has joined #bitcoin-wizards
fkhan has quit [Ping timeout: 248 seconds]
mats has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
stonecoldpat has quit [Quit: Leaving.]
hearn has quit [Ping timeout: 248 seconds]
hearn has joined #bitcoin-wizards
ruby32 has joined #bitcoin-wizards
fkhan has joined #bitcoin-wizards
orperelman has quit [Ping timeout: 246 seconds]
ruby32 has quit [Quit: Leaving]
ruby32 has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 246 seconds]
jgarzik has joined #bitcoin-wizards
jgarzik has quit [Client Quit]
Quanttek has quit [Ping timeout: 252 seconds]
DougieBot5000 has joined #bitcoin-wizards
SaltySalads has quit [Quit: Leaving]
alewis_btc has quit [Quit: alewis_btc]
tlrobinson has joined #bitcoin-wizards
orperelman has joined #bitcoin-wizards
b_lumenkraft has joined #bitcoin-wizards
dasource has quit [Quit: Connection closed for inactivity]