sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Luke-Jr has quit [Excess Flood]
Luke-Jr has joined #bitcoin-wizards
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
archobserver has quit [Remote host closed the connection]
pozitron has joined #bitcoin-wizards
CubicEarth has quit [Ping timeout: 256 seconds]
pozitrono has quit [Ping timeout: 260 seconds]
dEBRUYNE_ has joined #bitcoin-wizards
ebfull has quit [Remote host closed the connection]
dEBRUYNE has quit [Ping timeout: 265 seconds]
ebfull has joined #bitcoin-wizards
dEBRUYNE_ has quit [Client Quit]
Dizzle_ has quit [Remote host closed the connection]
Dizzle has joined #bitcoin-wizards
mrkent has joined #bitcoin-wizards
eragmus has joined #bitcoin-wizards
eragmus has quit [Client Quit]
mrkent_ has quit [Ping timeout: 255 seconds]
memymo has joined #bitcoin-wizards
rhadamanthus has quit [Quit: rhadamanthus]
Dizzle has quit [Remote host closed the connection]
mrkent_ has joined #bitcoin-wizards
mrkent has quit [Ping timeout: 256 seconds]
matsjj_ has quit [Remote host closed the connection]
licnep has joined #bitcoin-wizards
desantis has joined #bitcoin-wizards
desantis has quit [Client Quit]
koshii has quit [Ping timeout: 240 seconds]
desantis has joined #bitcoin-wizards
koshii has joined #bitcoin-wizards
DougieBot5000 has joined #bitcoin-wizards
ooj__ has joined #bitcoin-wizards
ooj__ has quit [Client Quit]
archobserver has joined #bitcoin-wizards
desantis has quit [Quit: desantis]
atgreen_ has joined #bitcoin-wizards
brg444 has quit [Ping timeout: 252 seconds]
dasource has quit [Quit: Connection closed for inactivity]
King_Rex has quit [Remote host closed the connection]
King_Rex has joined #bitcoin-wizards
King_Rex has quit [Remote host closed the connection]
droark has quit [Quit: Later.]
mrkent has joined #bitcoin-wizards
mhanne has joined #bitcoin-wizards
mrkent_ has quit [Ping timeout: 265 seconds]
btcdrak has quit [Quit: Connection closed for inactivity]
adam3us has quit [Quit: Leaving.]
bramc has joined #bitcoin-wizards
tachys has quit [Remote host closed the connection]
bendavenport has quit [Quit: bendavenport]
foolio has quit [Ping timeout: 240 seconds]
foolio has joined #bitcoin-wizards
Quent has quit [Ping timeout: 256 seconds]
foolio has quit [Ping timeout: 265 seconds]
droark has joined #bitcoin-wizards
mrkent_ has joined #bitcoin-wizards
mrkent has quit [Ping timeout: 260 seconds]
digitalmagus has quit [Ping timeout: 246 seconds]
foolio has joined #bitcoin-wizards
digitalmagus has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
foolio has quit [Ping timeout: 260 seconds]
Emcy has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
Emcy_ has quit [Ping timeout: 260 seconds]
Ylbam has quit [Quit: Connection closed for inactivity]
tromp_ has quit [Ping timeout: 272 seconds]
tachys has joined #bitcoin-wizards
tachys has quit [Ping timeout: 265 seconds]
rusty has joined #bitcoin-wizards
chmod755 has joined #bitcoin-wizards
p15 has joined #bitcoin-wizards
JackH has quit [Ping timeout: 260 seconds]
desantis has joined #bitcoin-wizards
desantis has quit [Client Quit]
rgrant has joined #bitcoin-wizards
<rgrant>
kanzure: (and others) have you heard of any proposals based on constant orphan risk?
CubicEarth has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
<kanzure>
rgrant: no way to enforce that due to bandwidth asymmetries
<kanzure>
unmeasurable bandwidth asymmetries, too. and no global synchronous clock.
<kanzure>
well, i mean, no timely global synchronous clock.
<kanzure>
my reason is wrong but the sentiment is correct
CubicEarth has quit [Remote host closed the connection]
tromp_ has quit [Remote host closed the connection]
<rgrant>
kanzure: since orphans are not cheap, they should make a good metric, and the question is whether they're meaningful. if miners a few hops away are penalized by larger blocks, then they should be able to prove their discontent by registering orphans somewhere. if the block dynamics are adjusted every two weeks, then cose timing shouldn't matter.
<rgrant>
*cose -> close (or accurate)
<rgrant>
miners may decide to join a larger pool rather than bother registering orphans somewhere, in which case the orphan rate may go down, but that is also the case where the miners have decided for themselves to centralize. this is the idea's flaw: it doesn't incentivize miners not to centralize; it only helps those who don't centralize.
CubicEarth has joined #bitcoin-wizards
mrkent_ has quit []
CubicEarth has quit [Remote host closed the connection]
mountaingoat has joined #bitcoin-wizards
CubicEarth has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 240 seconds]
TheSeven has joined #bitcoin-wizards
tachys has joined #bitcoin-wizards
tachys has quit [Read error: Connection reset by peer]
tachys_ has joined #bitcoin-wizards
tachys_ has quit [Read error: Connection reset by peer]
zookolaptop has quit [Ping timeout: 260 seconds]
tromp_ has quit [Remote host closed the connection]
go1111111 has joined #bitcoin-wizards
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<Taek>
adlai: that's excellent, thanks
Giszmo has quit [Quit: Leaving.]
Emcy has quit [Ping timeout: 255 seconds]
memymo has joined #bitcoin-wizards
el33th4x0r has joined #bitcoin-wizards
CubicEarth has quit [Remote host closed the connection]
memymo has quit [Client Quit]
memymo has joined #bitcoin-wizards
rusty has quit [Ping timeout: 240 seconds]
<kanzure>
"register their orphans some where"- what? or, what place would that be? and what meaning would it have
btcdrak has joined #bitcoin-wizards
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<aj>
kanzure: it would be at the orphanage, obvs!
memymo has joined #bitcoin-wizards
<el33th4x0r>
you know, those blocks are technically not orphans. they have parents.
<Luke-Jr>
I think he meant stale blocks
<el33th4x0r>
that's a much better term!
andytoshi has quit [Ping timeout: 256 seconds]
tromp_ has joined #bitcoin-wizards
<sipa>
aj: gah, you too... i specifically addresses the problem jtoomim brought up in my mail, under section 2... it seems nobody reads further than section 1 to which it does not apply
tromp_ has quit [Ping timeout: 246 seconds]
<aj>
sipa: i think it's already solved without needing to mark "incoming transactions as "uncertain history"", since the incoming transactions will be invalid under the new rules and non-standard under the old rules?
<aj>
sipa: ie, i think i'm making a stronger claim of soft-fork safety than you did?
<bramc>
Is there a term in Japan for an old person who has no children or relatives to take care of them?
<sipa>
aj: fair enough... it's not a very useful argument in the first place; it's discussing why a discouraged and ckearly unsafe practice is not made less secure by softforks :)
<aj>
sipa: "clearly unsafe practice" -- accepting unconfirmed mempool transactions? yeah... but people seem to care about it anyway
gocrazy has quit [Ping timeout: 256 seconds]
<aj>
sipa: i really don't get how people think hard forking is any better. "with a hard fork, everyone just upgrades" "but if everyone just upgrades, a soft fork is fine too" >_<
<aj>
el33th4x0r: ouch
ThomasV has quit [Ping timeout: 240 seconds]
andytoshi has joined #bitcoin-wizards
tachys has joined #bitcoin-wizards
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
tachys has quit [Ping timeout: 265 seconds]
melvster1 has joined #bitcoin-wizards
digitalmagus has quit [Ping timeout: 240 seconds]
digitalmagus has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
memymo has joined #bitcoin-wizards
<rgrant>
was using this definition: https://blockchain.info/orphaned-blocks Valid blocks which are no longer part of the longest chain are also commonly called stale blocks.
tripleslash_y has joined #bitcoin-wizards
tripleslash has quit [Ping timeout: 265 seconds]
<bramc>
I think 'abandoned block' is the most accurate description. Not very poetic though.
<bramc>
With the recent quick acceptances of soft forks, I would hope that opt-in replace by few can get accepted quickly as well. But opt-in rbf isn't even a soft fork. It's... a convention?
<sipa>
yes
<sipa>
better: a convention that doesn't impact you if you don't opt into it...
<rgrant>
to register an orphaned/stale/abandoned block, create an OP_RETURN with its hash, as soon as possible. Maybe keep the whole block, if necessary for additional verification. When computing the next difficulty, also compute whether the blocksize is creating a disadvantage for miners without the best connectivity, by adding up the orphaned/stale/abandoned blocks and normalizing for the observed hash
<rgrant>
rate. If there are too many orphans, reduce the blocksize. That's the idea.
p15 has quit [Ping timeout: 265 seconds]
<el33th4x0r>
keeping track of all orphans would be great for detecting selfish mining (SM), by the way. at the moment, they are pruned inside the network, so it's hard to build a reliable SM detector.
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
tromp_ has joined #bitcoin-wizards
licnep has quit [Quit: Connection closed for inactivity]
tromp_ has quit [Ping timeout: 256 seconds]
sparetire_ has quit [Quit: sparetire_]
adam3us has joined #bitcoin-wizards
p15 has joined #bitcoin-wizards
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
<bramc>
sipa, So should miners vote on opt-in rbf or... should people just start doing it?
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<midnightmagic>
people should just start doing it. the miners can then just step directly into a network which already supports it, and when they mine the replaced tx, there's the support for it.
DougieBot5000 has quit [Quit: Leaving]
ThomasV has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
GAit has joined #bitcoin-wizards
<bramc>
Maybe what's needed is for the reference code be set to switch on opt-in rbf at a specific block height
GAit has quit [Quit: Leaving.]
GAit has joined #bitcoin-wizards
Transisto2 has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
CubicEarth has quit [Remote host closed the connection]
JackH has joined #bitcoin-wizards
Transisto2 has quit []
Transisto2 has joined #bitcoin-wizards
GAit has quit [Quit: Leaving.]
Transisto2 has quit [Client Quit]
go1111111 has quit [Ping timeout: 240 seconds]
andytoshi has quit [Ping timeout: 265 seconds]
rusty has joined #bitcoin-wizards
Transisto2 has joined #bitcoin-wizards
rusty has quit [Ping timeout: 240 seconds]
pozitron has quit [Ping timeout: 256 seconds]
nuke1989 has quit [Remote host closed the connection]
GAit has joined #bitcoin-wizards
GAit has quit [Client Quit]
go1111111 has joined #bitcoin-wizards
Transisto2 has quit []
Transisto2 has joined #bitcoin-wizards
Transisto2 has quit []
andytoshi has joined #bitcoin-wizards
Transisto2 has joined #bitcoin-wizards
bramc has quit [Quit: This computer has gone to sleep]
matsjj_ has joined #bitcoin-wizards
Transisto2 has quit [Client Quit]
matsjj_ has quit [Remote host closed the connection]
rustyn has joined #bitcoin-wizards
Transisto2 has joined #bitcoin-wizards
go1111111 has quit []
matsjj_ has joined #bitcoin-wizards
Tiraspol has quit [Remote host closed the connection]
matsjj_ has quit [Remote host closed the connection]
ArthurNumbanumba has joined #bitcoin-wizards
matsjj has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
matsjj has quit [Remote host closed the connection]
matsjj has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
matsjj_ has joined #bitcoin-wizards
matsjj has quit [Ping timeout: 246 seconds]
Guyver2 has quit [Read error: Connection reset by peer]
andytoshi has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
jannes has joined #bitcoin-wizards
andytoshi has quit [Ping timeout: 246 seconds]
moa has quit [Quit: Leaving.]
Emcy has joined #bitcoin-wizards
Emcy has quit [Changing host]
Emcy has joined #bitcoin-wizards
andytoshi has joined #bitcoin-wizards
melvster1 has quit [Ping timeout: 240 seconds]
ThomasV has quit [Ping timeout: 240 seconds]
andytoshi has quit [Ping timeout: 256 seconds]
melvster1 has joined #bitcoin-wizards
pozitrono has joined #bitcoin-wizards
zmachine has quit [Ping timeout: 256 seconds]
zmachine has joined #bitcoin-wizards
calibre720 has joined #bitcoin-wizards
pozitrono has quit [Ping timeout: 240 seconds]
andytoshi has joined #bitcoin-wizards
andytoshi has quit [Ping timeout: 255 seconds]
melvster1 has quit [Ping timeout: 240 seconds]
ThomasV has joined #bitcoin-wizards
davec has quit [Ping timeout: 240 seconds]
melvster1 has joined #bitcoin-wizards
<wumpus>
it is a local policy decision that every node and miner can make for themselves by running software that supports it. there's no need to 'vote' on it
<wumpus>
well, in a way you vote by supporting it and vote against it by refusing to use RBF logic in your mempool, that's the most basic kind of vote, ideas propagate by being applied
matsjj has quit [Read error: Connection reset by peer]
matsjj has joined #bitcoin-wizards
matsjj_ has joined #bitcoin-wizards
matsjj has quit [Ping timeout: 246 seconds]
tripleslash_y has quit [Ping timeout: 265 seconds]
King_Rex has quit [Remote host closed the connection]
King_Rex has joined #bitcoin-wizards
matsjj has joined #bitcoin-wizards
matsjj_ has quit [Ping timeout: 265 seconds]
Giszmo has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
Erik_dc has joined #bitcoin-wizards
melvster1 has quit [Ping timeout: 265 seconds]
Iriez has quit [Ping timeout: 244 seconds]
c-cex-yuriy has joined #bitcoin-wizards
melvster1 has joined #bitcoin-wizards
lmatteis has quit [Ping timeout: 240 seconds]
jl2012 has quit [Ping timeout: 255 seconds]
lmatteis has joined #bitcoin-wizards
jl2012 has joined #bitcoin-wizards
digitalmagus has quit [Ping timeout: 272 seconds]
digitalmagus has joined #bitcoin-wizards
el33th4x0r has joined #bitcoin-wizards
* Taek
wonders if someone should write a blocksize.pdf
<adam3us>
maybe an FAQ
alexkuck_ has quit [Ping timeout: 240 seconds]
alexkuck_ has joined #bitcoin-wizards
<kanzure>
Taek: well there's definitely a ton of source material available.....
justice_ has joined #bitcoin-wizards
DougieBot5000 has joined #bitcoin-wizards
andytoshi has quit [Ping timeout: 255 seconds]
<harding>
I wrote a FAQ aimed at users (not wizardly thinking), but it took a lot of time and nobody read it, so I never bothered keeping it updated. https://en.bitcoin.it/wiki/Scalability_FAQ
<kanzure>
ah perhaps i'll start linking to some of those answers
<kanzure>
instead of typing new answers
sparetire_ has joined #bitcoin-wizards
<el33th4x0r>
harding: very nice sumary. would love to see Bitcoin-NG added to that discussion.
<el33th4x0r>
harding: would you incorporate text on Bitcoin-NG into the FAQ if we provided it to you?
zookolaptop has joined #bitcoin-wizards
<harding>
el33th4x0r: it's a wiki page, please feel free to edit it. If you can't do that, sure I'd be happy to add something about NG.
davec has joined #bitcoin-wizards
<el33th4x0r>
harding: can anyone edit? i thought access was restricted.
<sipa>
anyone can edit afaik
<el33th4x0r>
fantastic, thanks.
rustyn has quit [Read error: Connection reset by peer]
<alex_leishman>
Hey greg, sipa and anyone else who wants to chime in: I want to follow up with the conversation regarding implementing BLS aggregate signatures we had last week.
ThomasV has quit [Ping timeout: 272 seconds]
nomailing1 has joined #bitcoin-wizards
<alex_leishman>
as context for anyone else, this was the idea that we could aggregate all signatures in a block into a single signature that could be validated by calculating the all <pk, m> pairings
<alex_leishman>
this would allow us to replace all signatures in a block with a single signature
nomailing has quit [Ping timeout: 246 seconds]
nomailing1 is now known as nomailing
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<alex_leishman>
the downside is that the pairing calculations are ~7 times slower than the current ECDSA verify we have
<alex_leishman>
What I wanted to propose is that any transaction seen by the network can have it's pairings pre-calculated before a block is found
<alex_leishman>
greg, i think you mentioned that this method couldn't apply here, but I'm not sure why
zookolap` is now known as zooko
<alex_leishman>
its*
<alex_leishman>
to validate a block, we calculate the pairing of the fixed point g, and the aggregate signature: <g, sig_agg>
<alex_leishman>
we then compare this with the product of all of the pairings <pk_i, H(m_i)>, where pk_i is the pubkey for the ith signature and m_i is the signed message/tx.
<justanotheruser>
[6~
<alex_leishman>
the single pairing with the fixed point, g, can be optimized to reduce the calculation time by an order of 2
memymo has joined #bitcoin-wizards
<alex_leishman>
the individual pairings <pk_i, H(m_i)> can be pre-calculated by any node that has seen the tx
<alex_leishman>
so unless a miner is propagating a block of previously unknown transactions, most pairings can have already been calculated
<alex_leishman>
in the best case scenario, block validation requires calculation of the single optimized pairing and the product n pre-calculated pairings, where n is the number of signatures contributing to the aggregate signature contained in the block
<alex_leishman>
in the average case, I would guess only a few additional pairings would need to be calculated. Do you have any idea on average how many txs are unseen by nodes in the network before being included in a block?
andytoshi has quit [Ping timeout: 256 seconds]
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
memymo has joined #bitcoin-wizards
memymo has quit [Client Quit]
memymo has joined #bitcoin-wizards
memymo has quit [Client Quit]
steven_ has quit [Ping timeout: 255 seconds]
tromp_ has joined #bitcoin-wizards
<Eliel>
alex_leishman: I don't think the average would mean much because it'd incentivize miners to make sure all included txs are seen by as much of the network as possible.
<sipa>
in a non-adverserial setting
<sipa>
in an adverserial setting, creating a slow-to-validate block is similar to a selfish mining attack
<sipa>
indeally, we want block validation time to be as non-gamable as possible
tromp_ has quit [Ping timeout: 256 seconds]
<kanzure>
does anyone know which email to bitcoin-dev recently pointed out soft-forks and ANYONECANPAY? search is not finding this for me....
<Eliel>
well, in either case, the average would be meaningless.
alex_leishman has quit [Ping timeout: 252 seconds]
<sipa>
perhaps i shouldn't have made it look like a sighash type
alex_leishman has joined #bitcoin-wizards
<kanzure>
oops. good catch.
_biO_ has joined #bitcoin-wizards
e0 has quit [Ping timeout: 240 seconds]
ThomasV has joined #bitcoin-wizards
andytoshi has joined #bitcoin-wizards
e0 has joined #bitcoin-wizards
<alex_leishman>
@sipa, I agree. Transmitting a block with a bunch of miner-generated transactions would increase block propagation time if we switched to BLS sigs. But would this be an acceptable tradeoff for the benefits it offers
CubicEarth has joined #bitcoin-wizards
<alex_leishman>
sipa: I plan on doing a more thorough engineering analysis of this
<alex_leishman>
I'd love any feedback you have one other parameters and scenarios to consider.
<alex_leishman>
on*
melvster1 has quit [Ping timeout: 240 seconds]
<sipa>
alex_leishman: what benefit is there?
<sipa>
we're already caching signatures right now, and don't redo thek when seen in a block
<Eliel>
wouldn't that mostly benefit long term storage?
RootboySlim has joined #bitcoin-wizards
<sipa>
i may be missing something, but it sounds like you are just increasing the (pre cache) validation time
<sipa>
is there any benefit on top of that?
RootboySlim is now known as Guest96808
Guest96808 has quit [Changing host]
Guest96808 has joined #bitcoin-wizards
Guest96808 has left #bitcoin-wizards [#bitcoin-wizards]
<dgenr8>
sipa: presently deployed wallets don't treat anyone-can-spend specially, so changing that would be a preliminary step. "Not even a mild security reduction" is a pretty high bar.
Burrito has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 256 seconds]
matsjj has joined #bitcoin-wizards
Tiraspol has quit [Ping timeout: 256 seconds]
Transisto2 has quit []
Tiraspol has joined #bitcoin-wizards
andytoshi has joined #bitcoin-wizards
<alex_leishman>
sipa: it increases pre-cache validation time, but it removes all signatures from a block. With BLS aggregate sigs only a single aggregate signature needs to be present in a block
<sipa>
alex_leishman: i don't understand
<sipa>
how can it not be present in a block
<sipa>
you need to be able to give the block to someone and they need to be able to verify it
<sipa>
and the time it takes to do that is what matters
<alex_leishman>
ok sorry. let me explain this more clearly. I wasn't very clear about how this works
copumpkin has joined #bitcoin-wizards
<alex_leishman>
suppose for a given block, we have transactions containing n > 0 signatures
Emcy has quit [Ping timeout: 240 seconds]
bramc has quit [Quit: This computer has gone to sleep]
<alex_leishman>
currently all of these signatures must be included in the block when a miner propagates it, as you are obviously aware
<sipa>
yes
<sipa>
or before
<sipa>
(iblt, weak blocks, ...)
<alex_leishman>
sure. but we don't have that requirement with BLS. i'll explain
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<alex_leishman>
if these n signatures were BLS signatures, the miner can create an aggregate signature, let's call this s'
Transisto2 has joined #bitcoin-wizards
Emcy has joined #bitcoin-wizards
Emcy has quit [Changing host]
Emcy has joined #bitcoin-wizards
<alex_leishman>
s' is an aggregate of all of the n individual signatures, but it is no larger than an individual signature
<sipa>
but you can't validate that without doing pairing operations on the transactions?
Tiraspol has quit [Ping timeout: 255 seconds]
Tiraspol has joined #bitcoin-wizards
<alex_leishman>
to validate s' you need to know the pubkey and message. With segwit, the message will no longer include the signature, right? so the signatures do not need to be known by a validator.
<alex_leishman>
sorry. that was unclear
<sipa>
signatures need to be known to a validator
<alex_leishman>
to validate s' you need to know every pubkey and the message that was signed
nomailing has quit [Ping timeout: 240 seconds]
<alex_leishman>
why?
<sipa>
segwit just allows you to throw it away afterwards
<alex_leishman>
yes, with the current sig scheme
matsjj has quit [Remote host closed the connection]
memymo has joined #bitcoin-wizards
andytoshi has quit [Ping timeout: 265 seconds]
<alex_leishman>
signatures need to be known
<sipa>
ok
<alex_leishman>
but with a single aggregate signature, you don't need to know any of the individual sigs
<alex_leishman>
you only need to know the pubkeys and the message (m) signed
<sipa>
yes but how much work is it to validate that aggregate signature?
<alex_leishman>
s' is validated by computing n+1 pairings
<alex_leishman>
one pairing
<sipa>
that's an order of magnitude worse than what we have now
<alex_leishman>
is compared to the product of n pairing
<alex_leishman>
only if the pairings are not pre-computed
<sipa>
yes, but signature checks are now also only done when they're not already preconputed
<sipa>
the question is how expensive checks are if they are not preconputed
memymo has quit [Client Quit]
<alex_leishman>
it looks like about ~7x but i'm doing more research into that
<alex_leishman>
but if they are precomputed, then the propagation times increase due to the data savings
<sipa>
so does IBLT
AaronvanW has quit [Ping timeout: 250 seconds]
Erik_dc has quit [Remote host closed the connection]
<sipa>
BLS sounds awesome for various reasons, but unless you can do aggregation to actually reduce the actual uncached validation time, it is not a cpu improvement
<alex_leishman>
how much blocksize reduction do we get with IBLT?
<sipa>
nearly all of it
<sipa>
just send the difference
<sipa>
there are simpler relay schemes that already go a long way
<sipa>
like the one used by BlueMatt's relay protocol
<alex_leishman>
simpler than IBLT you mean?
<sipa>
way simpler
<sipa>
it just replaces transactiins with a backreference
<alex_leishman>
ah ok interesting.
<sipa>
with Schnorr you can do actual aggregation as long as it's about signing the same message
<alex_leishman>
interesting. with BLS you can sign different messages and still do aggregation
matsjj has joined #bitcoin-wizards
<sipa>
but not both different messages and different public keys
<sipa>
?
<alex_leishman>
both
<sipa>
i do mean something else with aggregation i guess
<sipa>
i mean something that is invisible to the verifier
PaulCapestany has quit [Quit: .]
<alex_leishman>
not sure what you're referring to?
<alex_leishman>
let's say pairing speed was comparable to ecdsa verify. Then would you say the BLS scheme is superior?
<sipa>
with schnorr, i can take multiple pubkey/signature pairs for a given message and turn it into a single pubkey/message
<sipa>
yes, it would be
<alex_leishman>
ah ok yeah
<alex_leishman>
yes i think so too
<alex_leishman>
it's very simple
<sipa>
but not due to cpu savings; just space savings and the fact that it's a unique signature
<alex_leishman>
yeah. it would save a lot of space. no signatures ever need to be transmitted other than the aggregate sig
<alex_leishman>
by the miner
<alex_leishman>
i'm going to dig into current pairing implementations
PaulCapestany has joined #bitcoin-wizards
<alex_leishman>
really the only downside of the BLS scheme is the selfish mining adversarial scenario
<alex_leishman>
because outside of that, all pairings can be precalculated and validation speed would be comparable to current speeds
memymo has joined #bitcoin-wizards
<alex_leishman>
another potential downside is compatibility with SPV wallets. but i haven't put much thought into that yet
<sipa>
alex_leishman: now you're just saying that signature validation speed does not matter at all because it can be cached in non-adverserial situations
<sipa>
alex_leishman: the reason we want to have it fast is so that adverserial situations don't have much benefit in the first place!
<alex_leishman>
you're right. that's probably not correct.
<alex_leishman>
but how fast is fast enough?
<sipa>
i'd argue that it's already too slow now, but it's not the bottleneck anymore
go1111111 has joined #bitcoin-wizards
<alex_leishman>
what is the bottleneck?
CubicEarth has quit [Remote host closed the connection]
memymo has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
erasmospunk has quit [Remote host closed the connection]
memymo has joined #bitcoin-wizards
memymo has quit [Client Quit]
andytoshi has joined #bitcoin-wizards
mrkent has joined #bitcoin-wizards
matsjj has quit [Ping timeout: 255 seconds]
erasmospunk has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
helo_ has joined #bitcoin-wizards
helo_ has quit [Client Quit]
memymo has joined #bitcoin-wizards
memymo has quit [Client Quit]
alex_leishman has quit [Ping timeout: 252 seconds]
NewLiberty has joined #bitcoin-wizards
memymo has joined #bitcoin-wizards
zooko has quit [Ping timeout: 260 seconds]
<Greyboy>
There has been a lot of recent speculation that Russia is going to use quantum computing to mine all the remaining BTC before difficulty can increase. Can anyone comment on why this won't be possible at some point in the future?
pozitron has joined #bitcoin-wizards
memymo has quit [Client Quit]
<instagibbs>
Greyboy, #bitcoin. It's been talked about a trillion times online. Google is your friend. :)
pozitron has quit [Killed (Sigyn (Spam is off topic on freenode.))]
<Greyboy>
Google is so impersonal, though
<instagibbs>
But this is not "wizardly" because it has been beaten to death. #bitcoin is better for general chit chat
<Greyboy>
what kind of things do wizards discuss?
<NewLiberty>
bsm1175321: proof_of_location could be more valuable but needs some work for it to also serve as proof_of_alibi. Missing is identity, image data or something.
<instagibbs>
people read the logs, and will not want to read about the 1000th quantum speculation thread, in other words
<Greyboy>
Oh, I didn't know you catered your topics around who reads your logs, my bad.
<instagibbs>
no problem
memymo has joined #bitcoin-wizards
<Greyboy>
instagibbs, again my apologies, no disrespect meant. since im new here, can you tell me what is normally discussed?
<instagibbs>
Oh for that I read the scrollback :)
<arubi>
(and the topic)
memymo has quit [Client Quit]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
<instagibbs>
arubi, to be fair, quantum computers is theoretical... just beaten to death
<instagibbs>
are*
<arubi>
I was referring to the "This channel is logged." part :)
<Greyboy>
theoritically speaking, of course, what coins have difficulty that adjust after every block?
<arubi>
though yea, even then, if you're already using bitcoin correctly, you're perfectly fine (assuming a soft fork for QC resistant scripts is introduced)
<instagibbs>
lamport sigs
tromp_ has joined #bitcoin-wizards
<arubi>
yea, they're big but they're good in a post quantum world :) (and easy to code too!)
memymo has joined #bitcoin-wizards
<bsm1175321>
NewLiberty: alibi is an interesting use case. *what* you upload is up to you, whether a key or image of yourself. Proof of identity or proof of not-photoshopped are not cryptographically solvable, so out of scope.
<bsm1175321>
I'm surprised there wasn't more response to that, I thought it was a darn cool idea. ;-)
licnep has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 260 seconds]
bramc has joined #bitcoin-wizards
<arubi>
bsm117532, when I read it, I sort of immediately though it could be gamed so I was waiting for others' comments. Maybe I need to read it again, maybe it's not so gameable (unless trust is given to location services)
memymo has quit [Client Quit]
andytoshi has quit [Ping timeout: 256 seconds]
<arubi>
'location' means any or all of the set of possible inputs about a prover's location
<NewLiberty>
bsm1175321 The LEOs already do this with less reliable methods https://theintercept.com/surveillance-catalogue/ and increasingly so. The location services are a sort of oracle for them already, but it is used in investigations routinely. The data ends up in some court cases.
<bsm1175321>
Trust is isolated to calibrating satellite orbits AFAICT. In principle you can do it yourself, and in principle it can be extracted from intra-satellite ping times if your network is large enough, though I suspect error will accumulate over time.
<bsm1175321>
Really it's the same in bitcoin. If you want to use bitcoin as a timestamping server, someone somewhere still has to reference an atomic clock or UTC.
moa has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 240 seconds]
<bsm1175321>
One could collect lots of independent evaluations of the block time to mitigate that.
<arubi>
not really though, the rules are about a maximum time diff from each person's clock. if a large enough group sets their clock differently, they would just fork
TheSeven has joined #bitcoin-wizards
<bsm1175321>
arubi: I'm saying if you want sub-2h timing.
<arubi>
ah, okay
<bsm1175321>
And saying explicitly I'm not trusting the block time that the miner publishes.
<arubi>
sure, but you can certainly trust it's height, which is very much like timestamping
<arubi>
what happened before, then this block, then whatever happens after
<bsm1175321>
Yes. In my satellite network proposal, you have a DAG with space- and time-ordered links. This graph is the analog of "height" and is independent of any evaluation of time or location.
<arubi>
I do need to reread it then. care to share the link again bsm117532 ?