wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
CodeShark has joined #bitcoin-wizards
prom3th3us has quit [Quit: prom3th3us]
hdbuck has joined #bitcoin-wizards
hdbuck has joined #bitcoin-wizards
prom3th3us has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
notj has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
jgarzik has joined #bitcoin-wizards
melvster has quit [Ping timeout: 252 seconds]
prom3th3us has quit [Quit: prom3th3us]
GAit has quit [Quit: Leaving.]
kmels has quit [Ping timeout: 244 seconds]
melvster has joined #bitcoin-wizards
Quanttek has quit [Ping timeout: 264 seconds]
prom3th3us has joined #bitcoin-wizards
Newyorkadam has joined #bitcoin-wizards
Newyorkadam has quit [Ping timeout: 264 seconds]
Ylbam has quit [Quit: Connection closed for inactivity]
hdbuck has quit [Quit: hdbuck]
GAit has joined #bitcoin-wizards
dEBRUYNE__ has quit [Ping timeout: 265 seconds]
prom3th3us has quit [Quit: prom3th3us]
psztorc has joined #bitcoin-wizards
CodeShark_ has joined #bitcoin-wizards
publius1788 has quit [Ping timeout: 272 seconds]
publius1788 has joined #bitcoin-wizards
publius1788 has quit [Client Quit]
publius1788 has joined #bitcoin-wizards
hazirafel has quit [Ping timeout: 255 seconds]
<psztorc>
The NG presentation had fraud-proofs, they were called "Poison transactions"
<instagibbs>
psztorc: that's for double-spending but doesn't fix the out-of-band stuff.
<psztorc>
You're saying the attacker keeps the double spend secret?
<instagibbs>
Out of band isn't double-spend. Like gmaxwell said, you can do OP_TRUE or something to ensure miner gets 100% of funds, leaving none for following miner.
<instagibbs>
40/60 split can't be enforced, it appears
<instagibbs>
err 100% of "fees"
Newyorkadam has joined #bitcoin-wizards
<psztorc>
very interesting, thanks
<psztorc>
random note: when I explain Bitcoin to very smart people, a suspicious % of them seem to always think that mining elects the next block-maker (not that all are working on the next block at once)
<CodeShark_>
I've had to correct a few writers/journalists on this one
<CodeShark_>
One even was perceptive enough to suggest voting on a hard fork in principle is no diffrent than the way nodes usually vote on transactions
K1NGREX has quit [Remote host closed the connection]
sparetire_ has quit [Quit: sparetire_]
Burrito has quit [Ping timeout: 264 seconds]
belcher has quit [Quit: Leaving]
c0rw1n is now known as c0rw|zZz
publius1888 has joined #bitcoin-wizards
publius1788 has quit [Ping timeout: 246 seconds]
zmanian has quit [Quit: Connection closed for inactivity]
publius1888 has quit [Quit: leaving]
publius1788 has joined #bitcoin-wizards
publius1888 has joined #bitcoin-wizards
TheSeven has quit [Disconnected by services]
[7] has joined #bitcoin-wizards
Burrito has joined #bitcoin-wizards
bedeho has joined #bitcoin-wizards
pigeons has quit [Ping timeout: 246 seconds]
Giszmo has quit [Quit: Leaving.]
psztorc has quit [Ping timeout: 246 seconds]
pigeons has joined #bitcoin-wizards
pigeons is now known as Guest45463
orik has joined #bitcoin-wizards
notj has joined #bitcoin-wizards
nsh has quit [Excess Flood]
nsh has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
notj has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
paveljanik has quit [Quit: Leaving]
orik has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
Cory has quit [Ping timeout: 260 seconds]
Cory has joined #bitcoin-wizards
trippysalmon has joined #bitcoin-wizards
Dr-G has quit [Ping timeout: 250 seconds]
aj has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
ThomasV has quit [Quit: Quitte]
abdulrehmanbinal has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
abdulrehmanbinal has quit [Quit: Page closed]
trippysalmon has quit [Ping timeout: 250 seconds]
roxtrongo has quit [Remote host closed the connection]
<CodeShark_>
Hmmm...not happy about adding soft fork thresholds to chain params directly...but perhaps we can use an abstract base class for soft fork thresholds so anyone creating a new alt/sidechain or testnet can inherit from it
JayDugger has quit [Ping timeout: 252 seconds]
<CodeShark_>
or perhaps we can just instantiate a map at runtime
<CodeShark_>
oops, should do this in dev...
trippysalmon has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
gielbier has joined #bitcoin-wizards
gielbier has quit [Changing host]
gielbier has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
shesek has quit [Ping timeout: 265 seconds]
trippysalmon has quit [Ping timeout: 250 seconds]
gill3s has joined #bitcoin-wizards
trippysalmon has joined #bitcoin-wizards
bedeho has quit [Ping timeout: 268 seconds]
shesek has joined #bitcoin-wizards
dEBRUYNE__ has joined #bitcoin-wizards
trippysalmon has quit [Ping timeout: 250 seconds]
orik has joined #bitcoin-wizards
jl2012 has quit [Quit: Leaving]
CodeShark has quit [Ping timeout: 264 seconds]
ttttemp has quit [Remote host closed the connection]
ttttemp has joined #bitcoin-wizards
jcluck has quit [Ping timeout: 255 seconds]
Quanttek has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
orik has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
dEBRUYNE__ has quit [Ping timeout: 240 seconds]
Dr-G has quit [Read error: Connection reset by peer]
GAit has quit [Quit: Leaving.]
Dr-G has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
JackH has joined #bitcoin-wizards
sparetire_ has joined #bitcoin-wizards
Dr-G has quit [Read error: Connection reset by peer]
dEBRUYNE__ has joined #bitcoin-wizards
trippysalmon has joined #bitcoin-wizards
jcluck has joined #bitcoin-wizards
ratbanebo has joined #bitcoin-wizards
Oizopower has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
Dr-G has joined #bitcoin-wizards
ttttemp has quit [Remote host closed the connection]
psztorc has joined #bitcoin-wizards
Dr-G has quit [Ping timeout: 246 seconds]
JackH has quit [Ping timeout: 252 seconds]
ttttemp has joined #bitcoin-wizards
Quanttek has quit [Ping timeout: 250 seconds]
Dr-G has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
c0rw|zZz is now known as c0rw1n
belcher has joined #bitcoin-wizards
mjerr has joined #bitcoin-wizards
JackH has joined #bitcoin-wizards
davispuh has joined #bitcoin-wizards
bliljerk101 has joined #bitcoin-wizards
ratbaneb_ has joined #bitcoin-wizards
ratbanebo has quit [Ping timeout: 252 seconds]
ghtdak has quit [Quit: WeeChat 1.4-dev]
ghtdak has joined #bitcoin-wizards
King_Rex has joined #bitcoin-wizards
bedeho has joined #bitcoin-wizards
notj has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
notj has quit [Client Quit]
nubbins` has joined #bitcoin-wizards
notj has joined #bitcoin-wizards
agorecki has quit [Remote host closed the connection]
priidu has joined #bitcoin-wizards
Oizopower has quit [Quit: Connection closed for inactivity]
davispuh has quit [Read error: Connection reset by peer]
trippysalmon`aw has joined #bitcoin-wizards
trippysalmon has quit [Ping timeout: 250 seconds]
Giszmo has joined #bitcoin-wizards
King_Rex has quit [Remote host closed the connection]
gill3s has joined #bitcoin-wizards
bedeho has quit [Ping timeout: 240 seconds]
btcdrak has joined #bitcoin-wizards
dEBRUYNE__ is now known as dEBRUYNE
Quanttek has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
moa has joined #bitcoin-wizards
<mjerr>
anyone got further information about schnorr signatures vs ecdsa? I hear a lot about schnorr, but I'm not really able to figure out why it's so much better - any paper or similar would be great
<andytoshi>
mjerr: schnorr signatures are algebraically simpler and have a security proof; the naive way of computing them is much faster than the naive way of doing ECDSA
<mjerr>
any downsides of using them over ecdsa?
<andytoshi>
mjerr: their algebraic structure lets them be batch-validated, and can also be combined to do multisignatures without increasing their size
<andytoshi>
mjerr: lack of well-vetted implementations; until 2008 there were patents against them
<mjerr>
what does batch-validated mean in our context?
<andytoshi>
mjerr: it means you can take a whole much of ec-schnorr signatures and validate them all at once ... so like you can validate the whole block assuming all EC signatures pass, then do a batch validation on them to check that the block is actually good
<mjerr>
interesting :) do you have anything where I can read up some of the information?
<andytoshi>
mjerr: the equations for ECDSA are (r, s) where r is the x-coordinate of the point kG (k is a secret random nonce), and s = (H(message) + rx)/k
<andytoshi>
this weird use of the x-coordinate of kG, plus the fact that only the message goes into the hash function, make it impossible(?) to prove secure
<andytoshi>
the division by k means that these signatures can't be added, which prevents blinding and efficient multisig
<andytoshi>
the division by k also prevents batch-validation, which is basically adding several signatures with random weights then validating the sum
<mjerr>
what do you mean, it is impossible to prove secure?
<andytoshi>
mjerr: i mean nobody has ever done it, and if you try standard proof techniques you will find you are blocked by one of the things i mentioned
<andytoshi>
mjerr: "proving secure" is a bit of a controversial thing, it means to prove that anyone who can forge a signature can also solve $hard_problem
<andytoshi>
so if $hard_problem (say, solving a random discrete log) is actually hard, then the signatures are unforgeable, given the constraints on the attacker that the proof assumes
<mjerr>
ah so if I would have lots of messages from one party, signed with the same private keys, but received over a long period, I could save lots of space by just adding all signatures?
<maaku>
mjerr: some background -- many crypto systems do not have formal security proofs, or at least useful ones of the sort andytoshi is talking about
<andytoshi>
mjerr: yes ... although you would be unable to prove that any specific signature is actually in the sum
<mjerr>
they just try to make use of some difficult-to-calculate problem, right?
<andytoshi>
so it might not actually be useful to do this
<andytoshi>
mjerr: yeah, usually discrete-log (which i think has a good wikipedia page)