wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
<jgarzik>
kanzure, at which link are you collecting all the ideas? (sorry for the FAQ)
smk has quit [Quit: Page closed]
<jgarzik>
kanzure, and, <plug>, did you see https://github.com/jgarzik/auctionpunk :) Bitcoin-specific auction, where only one bid is valid, bidders must provably commit funds to an auction, and more.
<jgarzik>
*only one-of-N bids is valid, from the blockchain perspective
<kanzure>
jgarzik: there's no particular link yet for the information, but i could be guilted into making some
<jgarzik>
kanzure, another idea developed in IRC a bit is a "IM chain" -- freeze funds using CLTV, to obtain N bytes worth of posting rights to a chain that operates with a 14-day moving window (meaning all data after 14 days is pruned network-wide)
<jgarzik>
a better-bitmessage
<jgarzik>
kanzure, amiller and I also sketched a design for a DHT which required funds in order to store resources
<jgarzik>
kanzure, I did a bit of code writing for "data coin", a chain focused on data storage
ThomasV has quit [Ping timeout: 246 seconds]
<jgarzik>
kanzure, http://impulse.is/impulse.pdf describes an interesting idea -- have a wallet with N open payment channels; the process of sending funds involves treating "payment channels as UTXO" -- to spend you must gather one or more open payment channels, sufficient to cover the value being spent. This results in added traffic on the blockchain, but instant secure payments.
<jgarzik>
All the best material though is found trolling through ancient bitcointalk.org threads, and looking at old posts of key authors like Tier Nolan
priidu has quit [Ping timeout: 256 seconds]
<kanzure>
jgarzik: i have read all bitcointalk.org threads from the technical discussion forum as of yesterday
<kanzure>
and condensed it down to about ~400 tagged concepts
<kanzure>
i am curious if your data coin was the same thing as the dht pay-for-storage amiller concept?
<jgarzik>
kanzure, no, datacoin was a chain
<jgarzik>
kanzure, the DHT thing was separate
<jgarzik>
kanzure, it followed on an IRC theme of designed bitcoin-bound side chains (unrelated to Blockstream Side Chains(tm))
alexwaters has joined #bitcoin-wizards
<jgarzik>
*designing
<kanzure>
i found when reading the forums that there have been many "side-chains" and we collectively don't know how to name different ideas
<jgarzik>
I'm using "side chains", little "s" little "c"
<kanzure>
perhaps gmaxwell should just assign numbers to ideas :-)
<jgarzik>
as inclusive of merged-mined chains, Side Chains(tm), any chain with bitcoin-anchored tokens and/or security
<jgarzik>
e.g. some chains might use bitcoin's token value as security, some might use the timestamping directly as security
<kanzure>
that last one had a proposal for a new opcode OP_SIDECHAINVERIFY or something
<jgarzik>
that's a reasonable term too
Newyorkadam has joined #bitcoin-wizards
<kanzure>
(update: impulse stuff was thoroughly documented in my system about 8 months ago)
<jgarzik>
kanzure, more for the idea pile: "active addresses" - on-chain entities a la Ethereum that can hold balances, and execute scripts when new funds come in
nwilcox has quit [Ping timeout: 264 seconds]
kinoshitajona has quit [Ping timeout: 256 seconds]
kinoshitajona has joined #bitcoin-wizards
sundance has quit [Ping timeout: 256 seconds]
sundance has joined #bitcoin-wizards
<kanzure>
jgarzik: what about "crazy things i should expect to find hidden in logs if i am looking closely enough, that might be undocumented elsewhere"?
<jgarzik>
kanzure, and then there's the decentralized market stack: DC currency + DC market + DC identity & reputation & attestation/auditing/qualificaiton
<jgarzik>
A lot of ideas with bitcoin at their core
ThomasV has joined #bitcoin-wizards
GGuyZ has quit [Client Quit]
Ylbam has quit [Quit: Connection closed for inactivity]
alexwaters has quit [Quit: Leaving.]
Oizopower has quit [Quit: Connection closed for inactivity]
<jgarzik>
kanzure, I view collecting all these ideas as one of the biggest contributions somebody could make to the ecosystem
<jgarzik>
kanzure, there is a wealth of material just lying around, waiting to be picked up
<jgarzik>
there is also duplication, and people claiming 2015-era inventions that were first described independently by someone else in 2010 or 2011
<kanzure>
yes i am also hoping to fix the "irc trap" where ideas go to die
<kanzure>
there are strange gaps on the mailing list and forum; like nothing about OP_MOXIE, a lack of announcements about libsnark; far less content on treechains than i anticipated..
rusty has joined #bitcoin-wizards
<kanzure>
the forum suffered (or continues to suffer) from an extreme focus on bootstrapping costs of downloading all the data. pruning is nice but there's a transactions/sec mining bottleneck...
<jgarzik>
tree chains are mainly a rhetorical device petertodd employs when he doesn't like a random idea ;p
<jgarzik>
kanzure, to be expected - that was a big sore point in the initial experience of early users
<jgarzik>
kanzure, you want the first impression to not-suck
<jgarzik>
kanzure, nobody was projecting into the future
<jgarzik>
(That's not a criticism, just an observation; there is great value in not roadmapping far ahead)
<kanzure>
well i mean that, yes it's an awful problem to have, but i bet a bunch of brainpower was wasted on that rather than other scalability issues :-)
<kanzure>
re: not roadmapping, that's also true
user7779078 has quit [Remote host closed the connection]
user7779078 has joined #bitcoin-wizards
<jgarzik>
heh, google finds a grand total of three hits for OP_MOXIE
<kanzure>
they are probably all me screaming about it once i heard it
<kanzure>
actually you were the one that wrote the OP_MOXIE message in that log >:(
<kanzure>
hah
kmels has quit [Ping timeout: 252 seconds]
<kanzure>
"... each extension block could be implemented in moxiebox script. The definition of an extension block would be the sha256 hash of the bytecode that represents the compiled version of its validation, then you could have quite good assurance in a sidechain-like way. [...] you could introduce a new extension block and all you need is the interpreter of the moxiebox bytestring and the longest chain rules and then you could move coins ...
<kanzure>
... between them via the Core or directly."
<kanzure>
jgarzik: thank you for the dump
<gmaxwell>
Thats really a concept that I'd proposed in #bitcoin-dev a while back (even before we knew about moxie-- I found moxie while looking for preexisting sutable VMs with compiler support).
<jgarzik>
kanzure, I expect to be paid back with a voluminous link that can be shared publicly :)
<gmaxwell>
Adam runs, I think, a little too far with the idea (basically ignoring the resource requirements issues that arise), but its interesting.
mjerr has quit [Ping timeout: 264 seconds]
<jgarzik>
I'd need to think about it. The farthest I've gone is OP_MOXIE, and adding the interpreter to Bitcoin Core
<jgarzik>
and adding a cost model for that
<ryan-c>
jgarzik: that auction thing looks cool, do you have a writeup of the design?
<jgarzik>
ryan-c, alas no
mjerr has joined #bitcoin-wizards
<jgarzik>
ryan-c, if you want to do a write up, I'll give you a sketch & answer questions ;p
* jgarzik
found moxie via gmaxwell
<jgarzik>
my initial thought was NACL (i.e. OP_X86)
<ryan-c>
jgarzik: I'm wondering if it's feasible to combine with a mostly-noninteractive atomic trading thing I half-built for namecoin.
<jgarzik>
ryan-c, the auction still needs a server (or quorum of agents) to collect bids and perform a few management tasks; it reduces some risks on both the auctioneer and auction bidder sides, but not completely.
<jgarzik>
long term goal is rapid allocation, execution, and de-allocation of whole markets.
<jgarzik>
auctions, trade order matching and other tasks grouped within a decentralized administrative domain
<jgarzik>
kanzure, (ideas pile) One of my thoughts is that scaling bitcoin will indeed involve side chains. chains will fork off the main chain, and merge/settle back into the main chain. lightning does this, yes, but it can be done more simply and effectively with a side chain.
<jgarzik>
similar to git fork and git merge
<jgarzik>
a cluster of users will achieve short term consensus to fork a chain
<jgarzik>
(semantic note: "fork" here is _not_ a hard fork or soft fork; it refers to a departure from the main chain)
<jgarzik>
later, when that decentralized cluster (a decentralized market?) de-allocates, settlement (merge) with main chain occurs.
<jgarzik>
One hyper scaling future fills the main chain with nothing but side chain activity
<kanzure>
jgarzik: yesterday in here i outlined a plan for using lightning network and bip70-style wallet-to-wallet online negotiation for finding cross-chain lightning hubs that will settle to where your merchant prefers to receive utxos. thoughts?
<kanzure>
and then chain preference is probably caused by various fee pressures etc.
<kanzure>
but not sure if cross-chain lightning hubs can work with same trustlessness properties
<jgarzik>
kanzure, In general I'm a fan of lightning
<jgarzik>
kanzure, Trying to reason out whether or not it is simpler for a future end user [wallet] to simply use "the local San Francisco side chain for low value payments" versus a lot of lightning network routing
alexwaters has quit [Read error: Connection reset by peer]
<jgarzik>
there is routing in either case
<rusty>
kanzure: oh, I missed that. Atomic-swap-to-X seems like something we'll want to ddo.
alexwaters has joined #bitcoin-wizards
<kanzure>
as long as it's the same bitcoin currency underneath i'm not sure anyone really cares, as long as the chain is not experiencing lots of reorgs
<jgarzik>
moving from main chain to bitcoin-linked side chain, for a wallet, is conceptually a simple "refill my payment account" action
<jgarzik>
kanzure, sorry, I should have been clear - Side Chain with 2way peg, in last few statements
<GreenIsMyPepper>
kanzure: yes i think it can work, the nice thing is you don't need to trust the source chain if you're the recipient
<jgarzik>
Side Chain not side chain :)
<kanzure>
hubs sitting on two chains would be interesting if they can keep their guarantees... it means insta chain hopping and scale on the main chain doesn't matter as long as you're okay with settling for utxos on other chains.
<GreenIsMyPepper>
nor do you need to trust the consensus schemes of the destination if you're the source
<jgarzik>
kanzure, agreed
<kanzure>
were there any particular scale problems with things like treechains or "merge mine a billion different sidechains"?
<kanzure>
er, 2-way-peg sidechains
<GreenIsMyPepper>
it's probably going to be one of the primary uses in the future for computation on different chains/sub-chains IMO and is one of the intended applications, didn't really discuss it much since it's a bit unusual today...
<jgarzik>
tree chains are over hyped and under studied ;p
<kanzure>
well it's just a merge mining circus; so at minimum the merge mining scaling limit question is still in play
<jgarzik>
merge mining a bunch of chains implies collecting all that stuff, and paying miners for each. doable but adds a brand new layer of complexity, economics and attacks.
Burrito has quit [Quit: Leaving]
<jgarzik>
i.e. miners wind up joining a network that helps them decide which chains to merge mine at which moments.
<kanzure>
oh each miner must merge mine all of them?
<jgarzik>
usefully, 2way pegged chains can at least provide a clear compensation route
<jgarzik>
kanzure, well who decides what goes into the individual miner's merkle root? (rhetorical q)
<kanzure>
also, i would be okay with federated sidechains for some of those usecases- depending on whether i'm a member of that federated consensus signature or not, heh. but if a hub is on that chain sure i'd be okay with receiving outputs there.
<jgarzik>
The end user Holy Grail is instant, secure payments. Lightning or Impulse seems closest to providing that.
<jgarzik>
Side Chains(tm) seem slightly better for scalability than Lightning.
<kanzure>
well there's still various scaling issues with just lots of payment channels. but cross-chain hubs seems to solve that, to me.. depending on which chains you're okay with..
chmod755 has quit [Quit: Ex-Chat]
<jgarzik>
Impulse is quite gratuitous with its protocol, possibly generating many payment channel transactions for a single payment
<jgarzik>
(since it operates in the "lots of open payment channels" model)
<gmaxwell>
jgarzik: The "Side Chains(tm)" thing is affiliating you with disreputable sock accounts on reddit, perhaps you'd prefer to not send that signal. I'd really like to see an elevated level of professionalism for you. There is, obviously, no trademark there; and actual sidechains systems we've done have their own names, e.g. Elements alpha.
<kanzure>
one other issue i have been pondering about here is that if you have a federated consensus based on a handful of supernodes for a sidechain, and you have a strong fraud proof system in place, what exactly do the non-supernode users do when they notice that fraud has been committed? they don't have a supernode for themselves! so... i think the answer is going to be something like "have graceful consensus degradation" but i have no idea ...
<kanzure>
... what that looks like....
<kanzure>
jgarzik: btw there is also amiko pay which has been doing some payment channel hub stuff
<jgarzik>
gmaxwell, it's my method of disambiguating between 2way pegged Side Chains (capitalized) and a larger set of "side chains", which refers to any sub-chain tied to the bitcoin main chain security somehow
<jgarzik>
gmaxwell, I think it's a positive term :)
frankenmint has quit [Remote host closed the connection]
<gmaxwell>
OK
<kanzure>
yeah there's lots of ambiguous "side-chain" "sidechain" "sub-chain" proposals from bitcointalk; it's crazy out there in the chain zoo....
frankenmint has joined #bitcoin-wizards
<CodeShark>
I'm not entirely sure that people are applying the sidechain concept in the way it was originally intended at all :p
Dr-G2 has joined #bitcoin-wizards
Dr-G has quit [Disconnected by services]
<CodeShark>
doesn't seem like sidechains are a scalability solution at all, really - more like a way to create a new ledger and protocol without having to create a new currency
<kanzure>
"other side" can have arbitrary implementation- how does that not solve scalability?
<gmaxwell>
As far as scalablity goes, dunno depends on what you mean by "sidechains" If you're talking about global broadcast blockchain consensus, the result has the same scalablity contour as Bitcoin. It has quasi-quadratic scaling with usage. Vs micropayment channel networks which normally keep transaction data exclusively between participants instead of being globally broadcast is a real scalablity imp
<gmaxwell>
rovement over anything that must broadcast everything to all participants. When you get into sidechains that have different security models, then perhaps you can also drop the globalness and then there is a scaling benefit.
<jgarzik>
CodeShark: the original selling point of Side Chains with two-way pegging as I understood it was "Bitcoin Beta" - test new features before rolling them out on the main chain, with a real money test
<kanzure>
yes i often mean "arbitrarily different security models"
<gmaxwell>
kanzure: Well thats a little like saying bitcoin scalablity is solved because the scientific method is known to mankind. :)
<kanzure>
it is often not known to mankind :-(
<gmaxwell>
besides the point.
<gmaxwell>
And yea, sure to the extent that a 2wp sidechain lets some new snazzy stuff get easily deployed, then it can help provide scalablity improvements. But in that example it's just the pre-req the scaling improvement is something you added later.
<CodeShark>
my understanding is that sidechains are an experimentation mechanism that allows the creation of a new blockchain that can accept value from another existing blockchain without forking any ledgers
<kanzure>
users that want 1 trillion transactions/second might be willing to go with federated signing-pool consensus techniques
<kanzure>
seeing as how that's the only way we know how to do that
<jgarzik>
CodeShark: However based on my own reasoning and analysis, a two-way pegged side chain can certain perform useful transaction-aggregation functions if combined with some of the aforementioned decentralized market software
<kanzure>
CodeShark: the other side does not necessarily require a blockchain
<jgarzik>
In the Bitcoin Rules The World scenario you might even see main chain + side chain + lightning
Newyorkadam has quit [Quit: Newyorkadam]
<jgarzik>
all using bitcoin-the-token
<gmaxwell>
There is a really really mild example of this in elements alpha, say-- The seperated witness stuff means that you can create a new kind of intermediate security node that doesn't transfer historical signatures but checks everything else. Using only 1/3rd the bandwidth (or something like 1/10th the bandwidth in the case of elements alpha due to CT).
<kanzure>
for some reason i am substantially less worried about non-miner scalability; i think it's because fraud proofs can be constructed by things approximating spv clients in most circumstances?
<CodeShark>
right, you could aggregate stuff on a sidechain but it seems like it's better to aggregate stuff BEFORE committing globally
<jgarzik>
CodeShark: real time transactions happen in... real time. there might not be a 'before' :)
<gmaxwell>
kanzure: they can't efficienty be done in bitcoin today but we know it can be done; though it's moot if the software isn't written.
<kanzure>
(i suppose you could also argue that a flooding network has no incentive to actually transfer fraud proofs, because the cost of ruckus is possibly greater than the temporary loss due to whatever inflation was evidenced...... ouch)
<CodeShark>
jgarzik: point is the contract negotiation and aggregation can take place outside a flood network
<gmaxwell>
Case in point, bitcoinj checks basically nothing it could check, even without any more data transfered; I haven't checked for a month, but electrum's chain selection was wrong and would take a chain with more blocks even with less work, etc. The pratical concern of people will just not implement security is a major one, especially when its security against fringe risks and it's 70% of the low le
<gmaxwell>
vel software complexity.
<kanzure>
well that just sounds like an argument for handwaving reference implementations into existence... :-)
<jgarzik>
yeah software sucks
<gmaxwell>
and them people go reimplement for varrious reasons (some good some bad)
<gmaxwell>
Thats why e.g. there was time spent thinking about awful contrivances like requring every block to commit to a bad block too. Though I think there is an architecture that makes implementing fraud proofs correctly easier and more likely.
<kanzure>
are we missing basic toy fraud proof example implementations?
<gmaxwell>
E.g. basically set up things so that all data is fraud proofs, and a normal block is really just a compressed on the wire representation of the fraud proofs for every update it would make to the system state. (Is that concrete enough for you?)
<kanzure>
i did not see one in my recent forum review..
<CodeShark>
yes, if anyone can provide examples that would be very useful - I'm compiling this info into a talk
<kanzure>
same, 'cept i am doing review of all scaling proposals ever mentioned. (my eyes aren't bleeding yet which is pretty interesting to me...)
<gmaxwell>
e.g. you can instead look at a block as a bag of utxo updates and the associated data to show the update was permitted. And you can write code that busts apart a block into a bunch of freestanding updates+proofs, or compresses a collection of proofs into a block (ditching all the redundant information).
<kanzure>
but what to do when your supernode is committing fraud?
<jgarzik>
Tragically the stupid social media hubbub prevents Blockstream from agreeing with my obviously correct <g> opinion that Side Chains(tm) are a scalability solution (because then sock puppets dive in with conspiracies about block size)
<kanzure>
yes there have been some good explanations of how to do authenticated data structures + fraud proofs for each update type.
<CodeShark>
gmaxwell: if you have any materials on this topic I can use it would be tremendously appreciated
<gmaxwell>
jgarzik: hah, hey, I was saying they weren't before the noise! :) But I agree that if I did agree I sure as hell couldn't say it now without more (electronic at least) rocks through my window.
<gmaxwell>
jgarzik: probably a definitional issue.
<kanzure>
re: fraud proof toy example, if nobody in this community has one then we should pester amiller maybe to pick a good paper to work from
<gmaxwell>
kanzure: no. not beyond my bitcoin wiki page. Though I mentioned here a completely general approach.
<gmaxwell>
which uh I'd have to find.
<kanzure>
yeah i am having trouble organizing a strategy for reading all -dev and -wizards logs... it's much much more data at way higher density.
<kanzure>
i mean i can read all of it, it will just take me much longer
King_Rex has quit [Remote host closed the connection]
kmels has joined #bitcoin-wizards
<gmaxwell>
jgarzik: by defintions I mean, I don't consider something that (1) gets you a small constant scale to be a scalablity solution, (2) is just a way to deploy some other actual scalablity solution, or (3) only gets you scale if you also take a major security tradeoff. Things that do 1/2/3 can all be super useful-- and are all things I know how to do with 2WP concepts, but I wouldn't call them scalab
<kanzure>
which was an enumeration of all required fraud proofs
<aj>
gmaxwell: re: clients not checking fringe cases for potential fraud; wouldn't that be something you could do on the testnet, ie have constant streams of full blocks, reorgs, double spends, longer-but-weaker chains, etc?
<kanzure>
aj: clients are not required to be on testnet
<aj>
kanzure: client software, i mean. "check your program doesn't break on testnet before releasing it"
<kanzure>
testing? hahaha
GGuyZ has joined #bitcoin-wizards
<kanzure>
oh you mean "regtest local testing framework that throws your client lots of weird data, and then plz integrate this api for the tests to check your wallet's status to see if it handled everything correctly". well that's doable i guess if someone bothered to make such a sandbox environment.
<gmaxwell>
aj: yes. though there have been bitcoin reimplementations used in criticial applications handling huge amounts of other people's funds, which instantly fell over on testnet...
<gmaxwell>
So it's clearly not sufficient.
<gmaxwell>
It's been basically impossible to get most bitcoin using businesses to setup test copies of their stack against testnet.
<aj>
gmaxwell: well if you're only handling /other/ people's funds, security's not a problem :)
<aj>
gmaxwell: wow, that's pretty terrible
<jgarzik>
gmaxwell, yeah sad - I've been pushing on "run a testnet version of your website" for years
<CodeShark>
could we use a formal proof management system?
<jgarzik>
though cynically I'm also waiting for the first botnet C&C to be found running through testnet
<kanzure>
amiller: if someone was going to write a toy demo for fraud proofs, which research paper should they shamelessly copy from?
<gmaxwell>
There are some actually good arguments against it, e.g. it's usually not ideal but okay if you have a service that responds to a big reorg by shutting down and waiting for human intervention. But if you do that on testnet you might get a bunch of time wasted on it.
<kanzure>
testnet might be unnecessary if you have a sufficiently wide coverage of events to plug into your regtest system (but you'll be sourcing edgecases from testnet anyway.... so...)
<gmaxwell>
not the best of arguments, since you're going to screw up the manual intervention if it's not 99% automated and it's not something you do.
<kanzure>
(because it's not just blockchain content that matters, but also network status and network behavior that you need to test with, which testnet does not provide synced to your internal testing schedules)
<gmaxwell>
Testnet though has other business benefits. There have been services that I'd be much more likely to try if I could try them out with play money.
sparetire_ has quit [Quit: sparetire_]
<kanzure>
sure, yes.
<CodeShark>
testnets are useful if you manufacture edge cases
<kanzure>
"has testnet" is one of the contractual requirements that i always demand, so.. yeah.
<kanzure>
CodeShark: no we mean testnet itself; regtest is the manufactured one.
<gmaxwell>
CodeShark: yes, the public testnet is full of constructed edge cases... and anyone can add to it.
<gmaxwell>
it's like a collaborative regtest. :)
<CodeShark>
right
<gmaxwell>
also for those who prefer to report issues by setting your stuff on fire, testnet provides a safer way to do it than actually setting your production stuff on fire.
<jgarzik>
heh
<kanzure>
fraud proofs are not enough to convince me that supernode fraud can be tolerated, especially when there's only one supernode on the whole network. it's similar to a mining cartel problem.
<CodeShark>
that's where incentives come in
<CodeShark>
if you could buy fraud proofs we might be onto something
NewLiberty has joined #bitcoin-wizards
ThomasV_ has joined #bitcoin-wizards
<gmaxwell>
yea, it's ... uh. a tool. Not a silver bullet.
<kanzure>
oh right, the mining cartel thing had an attack that andytoshi identified about a single miner not colluding gaining disproportionate advantage... actually that was a private conversation between him and vitalik that he was summarizing.
ThomasV has quit [Ping timeout: 268 seconds]
ThomasV_ has quit [Ping timeout: 264 seconds]
nwilcox has joined #bitcoin-wizards
alexwaters has quit [Read error: Connection reset by peer]
alexwaters has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
<amiller>
kanzure, which fraud proof
<amiller>
that enumeration of kinds from tiernolan seems pretty good
drwin has quit [Read error: Connection reset by peer]
drwin has joined #bitcoin-wizards
nwilcox has quit [Ping timeout: 272 seconds]
<kanzure>
amiller: basically any of those i guess.
<kanzure>
amiller: i don't know, chef's pick?
<kanzure>
it is sort of embarassing that we do not have a toy demo for fraud proofs at all
<amiller>
petertodd has a library for this sort of thing but i think it's unwieldy, i don't have anything better though
<kanzure>
merbinnertree?
jgarzik has quit [Quit: Leaving]
<amiller>
i think i could hack my ocaml hack into doing thing right thing but i'd need to add custom serialization
<amiller>
and hash
<amiller>
to be compatible with existing bitcoin data structures
<CodeShark>
I reimplemented peter todd's MMR trees in C++
<CodeShark>
but I'm not sure what else Peter Todd was doing
<amiller>
CodeShark, i'd be curious to see what that C++ looks like
<amiller>
especially if it uses any kind of generic thing where you have to write the 'traversal' only once
<amiller>
and the prover / verifier are just different 'modes' using the same code
<amiller>
in ocaml i do that by having two compilers, in petertodd's he does it with a pruning flag, in my python-merkle toy it had some kind of mixin class thing
<kanzure>
so i wonder how many out of that enumeration that proofchains can cover
<kanzure>
"It would be necessary to go through the entire set of consensus rules and create a fraud proof for every check that is performed. It is also necessary to create a check of anything that is used for checking. If UTXO commitments are added, then fraud proofs are needed for the UTXO set commitment tree. Ideally, there would be a guarantee that the maximum size of a fraud proof has a finite limit. Some of the elements of the fraud proof ...
<kanzure>
... scale with O(log(N)) so it can't be guaranteed entirely, but it should be possible to guarantee in practice. Fraud proof don't protect against miners withholding some info. You can't prove a block is invalid if you only have 99% of the transactions in the block."
<kanzure>
"You need to break down blocks into small pieces that can be verified individually. I think 1MB is a reasonable chunk of data. A block would consist of sub-blocks. Each sub-block would have the UTXO commitments and any additional information required for proving. This UTXO commitment would include the hash of the scriptPubKey and the value. This keeps everything self-contained."
<Luke-Jr>
kanzure: hey, might as well be explicit about it? :P
TheSeven has joined #bitcoin-wizards
<CodeShark>
rather than using red-black trees isn't it better to use radix trees if you want quasi-self balancing?
<CodeShark>
since the keys are essentially uniformly distributed
GGuyZ has quit [Quit: GGuyZ]
GGuyZ has joined #bitcoin-wizards
snthsnth has quit [Ping timeout: 272 seconds]
rusty has joined #bitcoin-wizards
<Taek>
CodeShark: you'd want to be careful about radix trees because they aren't guaranteed to balance (iirc). Attackers could potentially be abusive.
<CodeShark>
I suppose attackers could "mine" specific prefixes
<CodeShark>
but it's costly to do it too many levels deep
<phantomcircuit>
Taek, it's easy to add a tweak value
<phantomcircuit>
ie
<phantomcircuit>
k,v -> H(k|t), v
jgarzik has joined #bitcoin-wizards
<Taek>
where 't' is determined by the block id? That would probably be sufficient.
<phantomcircuit>
Taek, t can just be a random value that's published alongside the radix tree hash
<phantomcircuit>
it increases (doubles?) the size of the commitment, but trivially prevents that issue
<CodeShark>
who selects the t?
<CodeShark>
if the t can be chosen by the committer arbitrarily it's still possible to brute-force prefixes
Emcy has quit [Ping timeout: 250 seconds]
<CodeShark>
and it would probably be better to use HMAC so that each new t requires a complete recalculation
<phantomcircuit>
CodeShark, the entity generating the radix tree hash ie the commitment can select a t value that makes the tree not balanced
c0rw1n is now known as c0rw|zZz
<phantomcircuit>
that's better than someone else being able to do it though
<CodeShark>
I kinda like the idea of using the block hash as the t
<phantomcircuit>
CodeShark, you'd have to use the previous block hash as t
<phantomcircuit>
and it's still vulnerable to grinding
<phantomcircuit>
but probably nobody cares enough to actually do it
<CodeShark>
yes, but at least there's a limited time window here
<CodeShark>
you can't just mine keys for months and then suddenly attack
GGuyZ has quit [Quit: GGuyZ]
<CodeShark>
in any case, it is possible to construct a scheme to generate a unique t value that cannot be predicted by anyone with very much anticipation, cannot be influenced much by anyone, and can be verified by anyone
<CodeShark>
the last "and" should be a "but"
user7779078 has quit [Remote host closed the connection]
user7779078 has joined #bitcoin-wizards
<CodeShark>
the supposed advantage of using peter todd's MMR idea was that more recent insertions usually have short branches
<CodeShark>
but I'm not entirely convinced of the benefits - you'd need a separate index to find paths to arbitrary nodes
<CodeShark>
and as you approach powers of 2 the tree approaches a perfectly balanced binary tree
Newyorkadam has joined #bitcoin-wizards
<CodeShark>
a problem with using the scriptPubKey as an index is that it requires an extra nonce to make it unique
<CodeShark>
also, the main idea here wasn't so much fraud proofs...but shifting the burden of validity proofs over to the sender
kmels has quit [Ping timeout: 250 seconds]
bildramer has quit [Ping timeout: 246 seconds]
p15 has quit [Ping timeout: 272 seconds]
bildramer has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
NewLiberty has quit [Ping timeout: 246 seconds]
zooko has quit [Ping timeout: 244 seconds]
bildramer has quit [Ping timeout: 255 seconds]
bildramer has joined #bitcoin-wizards
CodeShark has quit [Ping timeout: 250 seconds]
CodeShark has joined #bitcoin-wizards
user7779078 has quit [Remote host closed the connection]
snthsnth has joined #bitcoin-wizards
mengine has quit [Ping timeout: 250 seconds]
paveljanik has quit [Quit: Leaving]
mengine has joined #bitcoin-wizards
snthsnth has quit [Ping timeout: 265 seconds]
ThomasV has joined #bitcoin-wizards
DougieBot5000 has quit [Quit: Leaving]
priidu has joined #bitcoin-wizards
drwin has quit [Read error: No route to host]
drwin has joined #bitcoin-wizards
gielbier has quit [Read error: Connection reset by peer]
Ylbam has joined #bitcoin-wizards
Meeh has quit [Read error: Connection reset by peer]
Meeh has joined #bitcoin-wizards
drwin has quit [Read error: Connection reset by peer]
drwin has joined #bitcoin-wizards
veleiro has quit [Ping timeout: 264 seconds]
ThomasV has quit [Ping timeout: 268 seconds]
dEBRUYNE has joined #bitcoin-wizards
grandmaster has quit [Remote host closed the connection]
rusty has left #bitcoin-wizards [#bitcoin-wizards]
grandmaster has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 255 seconds]
ThomasV has quit [Ping timeout: 240 seconds]
go1111111 has quit [Quit: Leaving]
ThomasV has joined #bitcoin-wizards
go1111111 has joined #bitcoin-wizards
rubensayshi has joined #bitcoin-wizards
SDCDev has joined #bitcoin-wizards
go1111111 has quit [Ping timeout: 240 seconds]
go1111111 has joined #bitcoin-wizards
go1111111 has quit [Excess Flood]
go1111111 has joined #bitcoin-wizards
Madars has quit [Ping timeout: 244 seconds]
Madars has joined #bitcoin-wizards
eligigi27 has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
gill3s has quit [Changing host]
gill3s has joined #bitcoin-wizards
mengine has quit [Ping timeout: 244 seconds]
frankenmint has quit [Remote host closed the connection]
eligigi27 has quit [Remote host closed the connection]
eligigi27 has joined #bitcoin-wizards
eligigi27 has quit [Remote host closed the connection]
eligigi27 has joined #bitcoin-wizards
mengine has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
eligigi27 has quit [Remote host closed the connection]
eligigi27 has joined #bitcoin-wizards
bedeho has quit [Ping timeout: 252 seconds]
Guyver2 has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 260 seconds]
melvster has quit [Ping timeout: 240 seconds]
AlphaTech has quit [Ping timeout: 246 seconds]
Guyver2 has quit [Ping timeout: 264 seconds]
eligigi27 has quit [Remote host closed the connection]
eligigi27 has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
eligigi27 has quit [Remote host closed the connection]
eligigi27 has joined #bitcoin-wizards
melvster has joined #bitcoin-wizards
AlphaTech has joined #bitcoin-wizards
c-cex-yuriy has joined #bitcoin-wizards
SDCDev has quit [Read error: Connection reset by peer]
SDCDev has joined #bitcoin-wizards
SDCDev has joined #bitcoin-wizards
eligigi27 has quit [Remote host closed the connection]
eligigi27 has joined #bitcoin-wizards
sparetire_ has joined #bitcoin-wizards
jaekwon has joined #bitcoin-wizards
jaekwon has quit [Remote host closed the connection]
jaekwon has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
eligigi27 has quit [Remote host closed the connection]
eligigi27 has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
eligigi27 has quit [Client Quit]
ThomasV has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
go1111111 has quit [Ping timeout: 264 seconds]
go1111111 has joined #bitcoin-wizards
CodeShark has quit [Ping timeout: 260 seconds]
ThomasV has quit [Ping timeout: 246 seconds]
GGuyZ has quit [Quit: GGuyZ]
adam3us has quit [Quit: Leaving.]
c0rw|zZz has quit []
adam3us has joined #bitcoin-wizards
c0rw1n has joined #bitcoin-wizards
Quanttek has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
adam3us has joined #bitcoin-wizards
adam3us has quit [Client Quit]
xabbix has joined #bitcoin-wizards
jaekwon has quit [Remote host closed the connection]
moa has quit [Ping timeout: 246 seconds]
Guyver2 has quit [Read error: Connection reset by peer]
Guyver2_ has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
eudoxia has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
King_Rex has joined #bitcoin-wizards
King_Rex has quit [Read error: Connection reset by peer]
frankenmint has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
Newyorkadam has joined #bitcoin-wizards
Newyorkadam has quit [Client Quit]
ThomasV has joined #bitcoin-wizards
binaryFate has joined #bitcoin-wizards
kang_ has joined #bitcoin-wizards
ThomasV has quit [Quit: Quitte]
Giszmo has joined #bitcoin-wizards
Quanttek has quit [Remote host closed the connection]
fuc is now known as MrHodl
ASTP001 has joined #bitcoin-wizards
paleh0rse has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
yang has quit [Ping timeout: 244 seconds]
yang has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
DougieBot5000 has joined #bitcoin-wizards
King_Rex has joined #bitcoin-wizards
AlphaTech has quit [Changing host]
AlphaTech has joined #bitcoin-wizards
StephenM347 has joined #bitcoin-wizards
Quanttek has joined #bitcoin-wizards
Newyorkadam has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
gielbier has joined #bitcoin-wizards
c0rw1n is now known as c0rw|away
binaryFate has quit [Quit: Konversation terminated!]
Newyorkadam has quit [Quit: Newyorkadam]
zooko has joined #bitcoin-wizards
damethos has quit [Ping timeout: 264 seconds]
nwilcox has joined #bitcoin-wizards
Quanttek has quit [Read error: Connection reset by peer]
jaekwon has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 255 seconds]
zooko` has joined #bitcoin-wizards
zooko has quit [Ping timeout: 264 seconds]
melvster has quit [Ping timeout: 265 seconds]
bedeho has joined #bitcoin-wizards
melvster has joined #bitcoin-wizards
alexwaters has joined #bitcoin-wizards
Huxy has joined #bitcoin-wizards
prosody has quit [Quit: Updating details, brb]
prosody has joined #bitcoin-wizards
Huxy- has quit [Ping timeout: 255 seconds]
GGuyZ has joined #bitcoin-wizards
jaekwon has quit [Remote host closed the connection]
GGuyZ has quit [Client Quit]
frankenmint has quit [Remote host closed the connection]
NewLiberty has quit [Ping timeout: 260 seconds]
Guest82853 is now known as maaku
jaekwon has joined #bitcoin-wizards
jaekwon has quit [Remote host closed the connection]
Emcy has joined #bitcoin-wizards
zooko` has quit [Read error: Connection reset by peer]
GGuyZ has joined #bitcoin-wizards
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
ASTP001 has joined #bitcoin-wizards
binaryFate has joined #bitcoin-wizards
kmels has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
priidu has quit [Ping timeout: 246 seconds]
GGuyZ has quit [Quit: GGuyZ]
priidu has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
AlphaTech is now known as AlphaTest
AlphaTest is now known as AlphaTech
nwilcox has quit [Quit: leaving]
nullbyte has quit [Ping timeout: 244 seconds]
nullbyte has joined #bitcoin-wizards
zooko` has joined #bitcoin-wizards
King_Rex has quit [Remote host closed the connection]
zooko` is now known as zook
zook is now known as zooko`
zooko has quit [Disconnected by services]
zooko` is now known as zooko
GGuyZ has quit [Quit: GGuyZ]
xabbix has quit [Ping timeout: 240 seconds]
xabbix has joined #bitcoin-wizards
xabbix has joined #bitcoin-wizards
zooko has quit [Ping timeout: 250 seconds]
AaronvanW has quit [Ping timeout: 246 seconds]
Huxy- has joined #bitcoin-wizards
mkarrer_ has joined #bitcoin-wizards
mkarrer_ has quit [Remote host closed the connection]
mkarrer_ has joined #bitcoin-wizards
Huxy has quit [Ping timeout: 244 seconds]
mkarrer has quit [Ping timeout: 240 seconds]
Huxy- has quit [Ping timeout: 255 seconds]
Huxy has joined #bitcoin-wizards
dEBRUYNE_ has joined #bitcoin-wizards
mengine has quit [Ping timeout: 250 seconds]
dEBRUYNE has quit [Ping timeout: 265 seconds]
zooko has joined #bitcoin-wizards
CodeShark has joined #bitcoin-wizards
everyBlo_ has joined #bitcoin-wizards
priidu has quit [Ping timeout: 250 seconds]
everyBloc has quit [Ping timeout: 255 seconds]
mengine has joined #bitcoin-wizards
kyuupichan has quit [Ping timeout: 244 seconds]
CodeShark has quit [Ping timeout: 268 seconds]
zooko has quit [Remote host closed the connection]
King_Rex has joined #bitcoin-wizards
rubensayshi has quit [Ping timeout: 255 seconds]
frankenmint has joined #bitcoin-wizards
nwilcox has joined #bitcoin-wizards
alexwaters has quit [Quit: Leaving.]
dEBRUYNE_ has quit [Read error: Connection reset by peer]
dEBRUYNE_ has joined #bitcoin-wizards
alexwaters has joined #bitcoin-wizards
mengine has quit [Ping timeout: 272 seconds]
AaronvanW has joined #bitcoin-wizards
eudoxia has quit [Quit: Leaving]
jaekwon has joined #bitcoin-wizards
bedeho has quit [Ping timeout: 264 seconds]
eudoxia has joined #bitcoin-wizards
mengine has joined #bitcoin-wizards
jaekwon has quit [Remote host closed the connection]
jaekwon has joined #bitcoin-wizards
bedeho has joined #bitcoin-wizards
jaekwon has quit [Client Quit]
mengine has quit [Ping timeout: 252 seconds]
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
nullbyte has quit [Ping timeout: 255 seconds]
nullbyte has joined #bitcoin-wizards
King_Rex has quit [Remote host closed the connection]
zooko has joined #bitcoin-wizards
Quanttek has joined #bitcoin-wizards
jaekwon has joined #bitcoin-wizards
mengine has joined #bitcoin-wizards
ASTP001 has joined #bitcoin-wizards
bedeho has quit [Ping timeout: 255 seconds]
nullbyte has quit [Ping timeout: 265 seconds]
zooko has quit [Ping timeout: 240 seconds]
nullbyte has joined #bitcoin-wizards
AlphaTech is now known as AlphaTest
AlphaTest is now known as AlphaTech
dEBRUYNE_ is now known as dEBRUYNE
bedeho has joined #bitcoin-wizards
nullbyte has quit [Ping timeout: 260 seconds]
kang_ has quit [Ping timeout: 246 seconds]
nullbyte has joined #bitcoin-wizards
smk has joined #bitcoin-wizards
eudoxia has quit [Ping timeout: 240 seconds]
binaryFate has quit [Quit: Konversation terminated!]
Guyver2_ has left #bitcoin-wizards [#bitcoin-wizards]
NewLiberty has joined #bitcoin-wizards
everyBloc has joined #bitcoin-wizards
everyBlo_ has quit [Read error: Connection reset by peer]
everyBlo_ has joined #bitcoin-wizards
everyBloc has quit [Read error: No route to host]
Dizzle has joined #bitcoin-wizards
everyBlo_ has quit [Remote host closed the connection]
everyBloc has joined #bitcoin-wizards
nwilcox has quit [Quit: leaving]
sneak has quit [Ping timeout: 250 seconds]
everyBloc has quit [Remote host closed the connection]
sneak has joined #bitcoin-wizards
everyBloc has joined #bitcoin-wizards
everyBloc has quit [Remote host closed the connection]
everyBloc has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
spinza has quit [Ping timeout: 256 seconds]
King_Rex has joined #bitcoin-wizards
moa has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
GGuyZ has joined #bitcoin-wizards
bigreddmachine has joined #bitcoin-wizards
shen_noe has joined #bitcoin-wizards
<fkhan>
thanks guys i was looking for some info on fraud proofs the other week
nwilcox has joined #bitcoin-wizards
CodeShark has joined #bitcoin-wizards
<kanzure>
what did you find?
mjerr has quit [Ping timeout: 240 seconds]
spinza has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
<fkhan>
er, well i realized i was responding to the scrollback from yesterday, but the discussion and accompanying btt thread you posted were stimulating
mjerr has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
nwilcox has quit [Ping timeout: 260 seconds]
Quanttek has quit [Ping timeout: 252 seconds]
GGuyZ has joined #bitcoin-wizards
andytoshi has quit [Quit: WeeChat 1.1.1]
andytoshi has joined #bitcoin-wizards
andytoshi has quit [Changing host]
andytoshi has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
nwilcox has joined #bitcoin-wizards
b-itcoinssg has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
alexwaters has quit [Quit: Leaving.]
AaronvanW has quit [Ping timeout: 246 seconds]
GGuyZ has quit [Quit: GGuyZ]
GGuyZ has joined #bitcoin-wizards
StephenM347 has quit []
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
mjerr has quit [Ping timeout: 264 seconds]
GGuyZ has quit [Quit: GGuyZ]
veleiro has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 255 seconds]
bigreddmachine has quit []
ghtdak has joined #bitcoin-wizards
kyuupichan has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
rustyn has quit []
DougieBot5000 has quit [Quit: Leaving]
hazirafel has quit [Quit: Leaving]
jaekwon has quit [Ping timeout: 272 seconds]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Remote host closed the connection]
mkarrer has joined #bitcoin-wizards
Dizzle has quit [Quit: On later tonight or tomorrow.]
DougieBot5000 has joined #bitcoin-wizards
mkarrer_ has quit [Ping timeout: 264 seconds]
chabes has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 256 seconds]
GGuyZ has joined #bitcoin-wizards
digitalmagus8 has joined #bitcoin-wizards
digitalmagus has quit [Ping timeout: 240 seconds]
digitalmagus has joined #bitcoin-wizards
chris13243 has joined #bitcoin-wizards
digitalmagus8 has quit [Ping timeout: 244 seconds]
GGuyZ_ has joined #bitcoin-wizards
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ_ is now known as GGuyZ
bedeho has quit [Ping timeout: 250 seconds]
<kanzure>
16:33 < jrayhawk> did anyone in lightning land ever look at urbit
<gmaxwell>
someone asked me about urbit the other day and I said "is that the crazy thing with ships and destroyers?"
nwilcox has quit [Quit: leaving]
<jrayhawk>
Yes.
<jrayhawk>
Yarvin is fond of his flowery verbiage.
<jrayhawk>
But, regardless, there are piles of interesting ideas there about immutable deterministic distributed execution and verification.