sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
eragmus1 has joined #bitcoin-wizards
tachys has quit [Ping timeout: 256 seconds]
eragmus has quit [Ping timeout: 255 seconds]
pozitron has quit [Ping timeout: 255 seconds]
mkarrer_ has quit [Remote host closed the connection]
tulip has joined #bitcoin-wizards
<tulip>
bramc: the bitnodes site isn't something you should be relying on as it doesn't state its data collection shortcomings. it finds sockets it can handshake with which is trivially warped without running anything that slightly resembles a Bitcoin Node. it also counts IPv6 and IPv4 as distinct nodes where there's a good chance that every one of them are dual stack.
MrHodl has joined #bitcoin-wizards
cheetah2 has quit [Remote host closed the connection]
<bramc>
tulip, Got any better source of data on full nodes? I'm not 'relying' on that data, except to the extent that the entire bitcoin ecosystem is relying on there being full nodes.
<tulip>
calling nodes with listening sockets "full nodes" isn't really fair either. "full node" just means fully validating it has nothing to do with the public P2P network.
<sipa>
it also fails to take into account that nodes may not be economically relevant
<sipa>
someone can run 100 full nodes on AWS and not use them for anything
<sipa>
which means those nodes don't exert any power on incentivizing miners to validate the rules
eragmus has joined #bitcoin-wizards
<tulip>
bramc: on some shallow level the only full node that matters is your own.
<jcorgan>
also the obvious point that it is "reachable" nodes; this doesn't count full nodes behind NAT nor Tor
<sipa>
tulip: and only if you don't run one yourself, it matters how many indepedant (and hopefully mutually distrusting) parties besides you use one (note: use, not run)
eragmus1 has quit [Ping timeout: 260 seconds]
<bramc>
tulip, For SPV clients a healthy ecosystem matters a lot
<tulip>
bramc: SPV is orthogonal to the P2P network. Electrum for example doesn't touch it at all.
<tulip>
BIP37 bloom filtering SPV does use the P2P network which was almost certainly a mistake.
<sipa>
bramc: there are 2 things full nodes provide: 1) direct services to the network (like relay transactions and blocks) 2) the ability for the owner to get a guaranteed-correct view of transactions on the network so he can base his economic activity on it (which is what indirectly keeps miners from producing invalid blocks)
<bramc>
bloom filtering spv does indeed seem to be a bad idea. It should be PIR or nothing at all, not half-assed bullshit.
shesek has quit [Ping timeout: 260 seconds]
<bramc>
sipa, The danger is that the big miners will start going direct to each other and just ignore everybody else completely
cheetah2 has joined #bitcoin-wizards
<tulip>
miners can produce whatever they want, that's meaningless if nobody accepts the blocks.
<tulip>
if services were being silly and using SPV validation that would be a serious problem though.
sneak has quit [Ping timeout: 250 seconds]
sneak has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
cheetah2 has quit [Ping timeout: 276 seconds]
eragmus1 has joined #bitcoin-wizards
eragmus has quit [Ping timeout: 265 seconds]
<bramc>
About weak blocks: There seems to be two ways to think about transactions, either they dribble in slowly, the 'current world', or there's always several blocks's worth of transactions already sitting around, 'bram world'
shesek has joined #bitcoin-wizards
<bramc>
These are very, very different scenario's. In current world gmaxwell's plan of having each weak block reference an earlier weak block with a list of new transactions to add makes perfect sense. You add them as they come, and get all of them (well, one weak block behind, but despite the added latency you do get all of them)
<adlai>
tulip: miners shouldn't produce whatever they want, it'it'd be unfortunate if only they and exchanges cared about their own blocks, and suddenly all the bitcoin users were left waiting for godot^H^H^Heligius to producea block once a month, until we had a reaudjustment
<bramc>
In bram world this approach works but it looks fairly goofy. The very first weak block will fill the entire available space, and later ones will have nothing to add
* adlai
files this under "how bitcoin fails"
<bramc>
adlai, All manner of failure modes show up once mining rewards get low enough
* adlai
files this under "how bitcoin fails"
<sipa>
let's switch to freicoin
* adlai
files this under "how IRC clients fail"
<bramc>
We're trying to head them off at the pass by making latency not such a huge issue, but that doesn't stop all potential failures
<adlai>
let's shill fungibility incentivization because that solves a problem that bitcoin sucks at, as opposud to network effects
<bramc>
Anyhow, back on the actual reducing of latency: To make behavior not insane in bram world, you want to solve two problems (1) the first weak block doesn't contain anything (especially bad when transaction fees are all you have), and (2) there's no way for new transactions to squeeze their way in mid-block
<bramc>
Both of these have reasonably straightforward solutions: For (1) you make it so that each weak block contains two weak pointers, one being new transactions to include in this block, and the other being a whole new block's worth of transactions to start the next block off with if this one is successful
<bramc>
That one is a little goofy in current world, because it does literally nothing for the time being. Maybe it's better to wait on proposing it seriously.
<bramc>
For (2) you can make it so weak blocks can both add and remove transactions from previous weak blocks. This also is a little silly in the current world, because it will also literally do nothing. It will start doing something sooner than that other extension though.
Monthrect is now known as Piper-Off
* adlai
nods
Transisto2 has quit []
brg444 has quit [Ping timeout: 252 seconds]
<bramc>
Anyhow, those are both serious suggestions I'd like to throw on the pile.
<alpalp>
bramc: what is the point of a weak block if you can remove midstream?
<sipa>
midstream?
<bramc>
alpalp, Weak blocks are just a form of compression to help reduce latency
ghtdak has quit [Ping timeout: 265 seconds]
tachys has joined #bitcoin-wizards
ghtdak has joined #bitcoin-wizards
tachys has quit [Ping timeout: 265 seconds]
c0rw1n is now known as c0rw|zZz
eragmus1 has quit [Ping timeout: 240 seconds]
eragmus has joined #bitcoin-wizards
bitcoin-wizards3 has joined #bitcoin-wizards
Cobra_ has joined #bitcoin-wizards
<bitcoin-wizards3>
alpalp: have you seen the "Subchains" paper by Peter R? I don't know about his claim re 0-conf
<bitcoin-wizards3>
But he has lots of nice diagrams to help understand
Ylbam has quit [Quit: Connection closed for inactivity]
<bramc>
bitcoin-wizards3, Trying to add security to 0conf with weak blocks is mostly fallacious. They're an 'improvement' in the security of 0conf, but multiplying epsilon by something is still epsilon. What weak blocks *are* very useful for is removing the disincentive for including transactions in one's blocks. Peter R's thesis relies on that disincentive as an axiom. It happens to be wrong.
digitalmagus8 has joined #bitcoin-wizards
eragmus has quit [Read error: Connection reset by peer]
eragmus has joined #bitcoin-wizards
<bitcoin-wizards3>
He quantifies how subchains will reduce orphaning risk too, as well as divert fee revenue to hash power.
digitalmagus has quit [Ping timeout: 260 seconds]
<bitcoin-wizards3>
0-conf security would be cool but i'm still skeptical
* adlai
hands out /nick and /shill tags
<bramc>
The essential trick to weak blocks is that a 'successful' weak block can be relied on to have been propagated, so you can make your block say 'I include everything in that weak block over there' without incurring any latency hit above making a no-transaction block whatsoever
<bitcoin-wizards3>
agreed
<bramc>
That property of them is clearly extremely useful. Everything else I find dubious.
dEBRUYNE__ has quit [Ping timeout: 276 seconds]
eragmus has quit [Quit: Leaving.]
<phantomcircuit>
bitcoin-wizards3, once again he has produced lovely pictures to explain something and completely and totally missed that it doesn't do what he thinks
<alpalp>
but those pictures sure are pretty.
<phantomcircuit>
bitcoin-wizards3, the funny thing is that there are actually proposals which enable instant transactions
<phantomcircuit>
the two of two scheme greenaddress.it uses which already exists is you trusting them not to help someone double spend
<phantomcircuit>
the scheme bidirectional payment channels (such as lightning would use) enable instant transactions through game theory
<bitcoin-wizards3>
yeah agreed
<adlai>
honest question here, and i hope it counts as signal: how do you react when somebody says something obviously revealing of simply not understanding any of the issues behind Bitcoin-with-a-capital-B (specifically, "i wanna run XT because i hate small blocks and lightning network")
<phantomcircuit>
i've not heard any other proposal which even sounded plausible
<adlai>
better rephrased, how do you respond that's not just dumping on them a pile of links
<phantomcircuit>
adlai, "ok but call it xtcoin"
<adlai>
that's too low SNR :)
<adlai>
especially since most redditors have developed a very good "altcoin filter"
<adlai>
(but not good enough)
<alpalp>
adlai: I think you have to figure out what their understanding is - so if it's someone with honest intent, asking questions gets a lot further. Find commonality, then go from there.
AaronvanW has quit [Read error: Connection reset by peer]
<adlai>
so, i guess the first question is just, "why"?
<phantomcircuit>
adlai, well yes xt is literally an altcoin
Quanttek has quit [Ping timeout: 246 seconds]
<adlai>
it doesn't help to say that when you're trying to find common language.those terms has been defined, for better or worse
<Cobra_>
someone should make a video about the risks of XT
<TD-Linux>
adlai, I recommend not responding to trolls on reddit
bitcoin-wizards3 has quit [Quit: Page closed]
pozitron has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
<jcorgan>
agree; responding to them with your limited time and energy only lends them credence and lowers your own
<adlai>
it's not on reddit, although my first response (of "you appear to have been spending too much time on reddit") was not met with disagreement
<adlai>
(OP is a very well-known redditor)
Yoghur114_2 has quit [K-Lined]
cheetah2 has joined #bitcoin-wizards
Cobra_ has quit [Quit: Page closed]
smk has joined #bitcoin-wizards
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
<TD-Linux>
adlai, I think sending links is fine, and in fact many people much prefer a link rather than an unsourced argument.
wallet42 has quit [Quit: Leaving.]
cheetah2 has quit [Remote host closed the connection]
kristofferR has joined #bitcoin-wizards
cheetah2 has joined #bitcoin-wizards
eragmus has joined #bitcoin-wizards
cheetah2 has quit [Remote host closed the connection]
SgtStroopwafel has quit [Read error: Connection reset by peer]
SgtStroopwafel has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
eragmus has quit [Quit: Leaving.]
zookolap` has quit [Quit: ERC Version 5.3 (IRC client for Emacs)]
zookolaptop has quit [Remote host closed the connection]
Jeremy_Rand_2 has quit [Remote host closed the connection]
GGuyZ has quit [Quit: GGuyZ]
wallet421 has joined #bitcoin-wizards
wallet421 has joined #bitcoin-wizards
wallet42 is now known as Guest4362
Guest4362 has quit [Killed (sinisalo.freenode.net (Nickname regained by services))]
<adlai>
well mark me down as amused if the "hearn-gavin scamcoin" doesn't at least give the peanut gallery a run for its money
<adlai>
if there ever was an idea worth shorting... this is it. but i'd sell tickets if i could
cheetah2 has quit [Remote host closed the connection]
CubicEarth has joined #bitcoin-wizards
Guest90279 is now known as amiller
amiller is now known as Guest1038
smk has quit [Ping timeout: 252 seconds]
tripleslash_w is now known as [\\\]
CubicEarth has quit [Remote host closed the connection]
wallet421 has joined #bitcoin-wizards
wallet421 has joined #bitcoin-wizards
wallet42 has quit [Killed (holmes.freenode.net (Nickname regained by services))]
wallet421 has joined #bitcoin-wizards
wallet42 has quit [Killed (adams.freenode.net (Nickname regained by services))]
wallet42 has joined #bitcoin-wizards
wallet421 is now known as wallet42
wallet42 has quit [Changing host]
Dizzle has joined #bitcoin-wizards
<bramc>
Hearn seems to have dumped XT entirely, or at least is spending no time on it. Gavin it's less clear.
monkey has joined #bitcoin-wizards
<monkey>
So which altcoin is is more ridiculous: XT of Bitcoin Unlimited?
<TD-Linux>
that's more #bitcoin material
<jcorgan>
yes, please, let's keep wizards on topic
frankenmint has quit [Remote host closed the connection]
p15 has joined #bitcoin-wizards
cheetah2 has joined #bitcoin-wizards
tachys has joined #bitcoin-wizards
tachys has quit [Ping timeout: 260 seconds]
<jl2012>
alpalp: you are wrong (for block frequency). Assuming constant hashrate, the distribution of number of blocks in 12am-1am, and in 1am-2am are independent. However, the distribution of number of blocks in in 12am-1am and in 12:30am-1:30am are not independent.
<jl2012>
in a given 4-hour interval, the probability to have at least 48 blocks is 0.0000104284
<jl2012>
No matter it happens in this 4-hour interval, the probability is the same in the next 4-hour
<jl2012>
However, if you allow the 2 intervals to overlap, the probability of the later interval will be dependent on the observation of the earlier interval
nuke1989 has quit [Remote host closed the connection]
<jl2012>
Since the probability is 0.0000104284 for a given 4-hour interval, we expect to see such event once in 4/0.0000104284 hours = 43.8 years
b_lumenkraft has joined #bitcoin-wizards
Emcy_ has joined #bitcoin-wizards
Emcy_ has quit [Changing host]
Emcy_ has joined #bitcoin-wizards
cheetah2_ has joined #bitcoin-wizards
Emcy has quit [Ping timeout: 240 seconds]
cheetah2 has quit [Ping timeout: 256 seconds]
frankenmint has joined #bitcoin-wizards
cheetah2_ has quit [Client Quit]
cheetah2 has joined #bitcoin-wizards
cheetah2 has quit [Read error: Connection reset by peer]
cheetah2 has joined #bitcoin-wizards
<Taek>
I thought of a scheme that allows node operators (but not miners!) to accept blocks at a size limit of their choosing without damaging security
<Taek>
but it does damage (pretty severely) fungibility
<adlai>
how?
<Taek>
The idea is that you keep the utxo set for all transactions that appear in the first X bytes of a block, where X is the custom limit you've set
<Taek>
then, when accepting transactions, you only consider the transactions that come from the utxo set you recognize as valid
ryan-c has quit [Ping timeout: 240 seconds]
<Taek>
miners will not include transactions that are double spends, or if they do you don't care because you don't recognize the tx as valid (it's below the byte limit you've set for yourself)
<Taek>
the damage to fungibility is that once an output has been spent below a certain byte value, the coins spawned from that output will no longer be accepted by the nodes that don't read blocks that large
<adlai>
sounds like a great way to force people to defungiblize in order to not lose a fork-bet... or just pretend the whole thing doesn't exist
<Taek>
When spending, you need to make sure that your transactions appear in a part of the block that you recognize
<Taek>
so you'd need an OP_KBLIMIT or something, to make sure that your transaction is invalid unless it appears in the top half of the block
<adlai>
bitcoin_toinfinityandbeyond
<Taek>
yeah well the loss of fungibility is not an insignificant tradeoff. Also, it doesn't help miners, who still need a way to know if they are mining a double spend
<Taek>
it works for full nodes because they don't have to look at a bunch of new transactions and figure out which ones will be acceptable to miners with deeper blocks
<Taek>
so, as far as I've figured out, miners would still need to validate the whole chain, which means the miner centralization problem is just as significant
<adlai>
it works for miners too, they just continue SPV...
* adlai
still maintains that it's downright naive to believe miners do anything but, until they are incentivized to (anonymously!) create short-lived reorgs
<adlai>
but at least i wouldn't sign any alerts over it. i think irc panic is less correlated with market idiocy than DANGER WILL ROBINSON
ryan-c has joined #bitcoin-wizards
tachys has joined #bitcoin-wizards
tachys has quit [Ping timeout: 240 seconds]
b_lumenkraft has quit [Read error: Connection reset by peer]
cheetah2 has quit [Read error: Connection reset by peer]
cheetah2 has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
ThomasV has joined #bitcoin-wizards
monkey has quit [Ping timeout: 252 seconds]
bramc has quit [Quit: This computer has gone to sleep]
c-cex-finch has joined #bitcoin-wizards
b_lumenkraft has joined #bitcoin-wizards
b_lumenkraft has quit [Client Quit]
Emcy has joined #bitcoin-wizards
Emcy has quit [Changing host]
Emcy has joined #bitcoin-wizards
Emcy_ has quit [Ping timeout: 240 seconds]
ThomasV has quit [Ping timeout: 246 seconds]
wallet42 has quit [Quit: Leaving.]
<bsm1175321>
bramc: Do you have an algorithm to compactly prove that an item is NOT a member of a (Merkle) set? The best I can come up with is O(N) in the size of the set.
<adlai>
when the AI asleeps, funemployed drunkards must drive the bot slaves... yw
<bsm1175321>
hahaaaaa
LeMiner has joined #bitcoin-wizards
keus has quit [Ping timeout: 245 seconds]
Myagui has quit [Remote host closed the connection]
rusty2 has quit [Ping timeout: 240 seconds]
Ylbam has joined #bitcoin-wizards
Myagui-afk has joined #bitcoin-wizards
Myagui-afk is now known as Myagui
cheetah2 has quit []
JackH has joined #bitcoin-wizards
tachys has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
tachys has quit [Ping timeout: 260 seconds]
jannes has joined #bitcoin-wizards
seg has quit [Quit: kuwabara kuwabara]
seg has joined #bitcoin-wizards
tulip has joined #bitcoin-wizards
<tulip>
adlai: nobody signed any alerts recently. the message people saw about block frequency in their Bitcoin Core nodes was locally and independently triggered. the node will set local panic messages on all sorts of weird conditions it doesn't think are safe to be operating in.
<adlai>
do you really want to troll me back on this one? bitcoin.org's shadow-cabal TLS server signed the code.
<adlai>
maybe alerts should be randomly endisableable as well?
<adlai>
so people actually configure their own software, god forbit read it.
<fluffypony>
I'm confused
<tulip>
you made a comment which made believe you thought the "too many blocks" message came from the Satoshi centralised alert system, perhaps I misunderstood you.
<fluffypony>
the Gitian-signed binaries aren't signed by bitcoin.org ?
* adlai
misunderstood the alert.
<adlai>
and the mysterious workings of machines signing code for other machines to run
<fluffypony>
Gitian is an entirely human-driven system
<adlai>
but hey, satoshi didn't solve key management...
<fluffypony>
a bunch of people build the binaries independently using a system that fixes differences that could occur between builds (eg. file timestamps)
<adlai>
but anyway, sorry for all the drunken noise lately. the one amazing thing about bitcoin is that it stirs up an awful lot of emotion for a bunch of bits.
<tulip>
you're talking about Gitian there, which is unrelated to any alert systems. Gitian allows people to reproduce builds of software down to the byte and confirm that they were created using a set piece of source code. Gitian signatures are people asserting that their real world identify saw this piece of software made in that way.
<fluffypony>
and then they compare the hash of the resulting binary, and if they all agree on it then they sign off on that hash
adlai has left #bitcoin-wizards ["WeeChat 1.3"]
<fluffypony>
sigh.
<tulip>
never mind.
<tulip>
I've seen lots of misunderstanding with the centralised alert system and what it can do and thought I could correct it a little. it can't, for example, shut down nodes. that was a wxBitcoin thing which lasted only a major version or two.
<fluffypony>
tulip: have you seen how Darkcoin / Dash cannibalised it?
<tulip>
for "checkpointing" blocks?
<fluffypony>
no even worse
wangchun has quit [Quit: leaving]
<fluffypony>
they've made it so that the alert system can be used to turn bits of code on and off as a way of reversing a fork caused by bad code
<fluffypony>
they call it "sporks"
wangchun has joined #bitcoin-wizards
JackH has quit [Ping timeout: 276 seconds]
pozitron has quit [Ping timeout: 260 seconds]
<tulip>
fluffypony: that's unfortunate.
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
JackH has joined #bitcoin-wizards
<fluffypony>
quite
dEBRUYNE__ has joined #bitcoin-wizards
JackH has quit [Ping timeout: 245 seconds]
dEBRUYNE__ has quit [Quit: Leaving]
nabu has joined #bitcoin-wizards
seg has quit [Quit: kuwabara kuwabara]
melvster has quit [Ping timeout: 246 seconds]
seg has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
phy1729 has quit [Ping timeout: 260 seconds]
melvster has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
JackH has joined #bitcoin-wizards
Quanttek has joined #bitcoin-wizards
tachys has joined #bitcoin-wizards
phy1729 has joined #bitcoin-wizards
tachys has quit [Ping timeout: 276 seconds]
seg has quit [Quit: kuwabara kuwabara]
seg has joined #bitcoin-wizards
ThomasV has quit [Quit: Quitte]
wallet421 has joined #bitcoin-wizards
wallet421 has quit [Changing host]
wallet421 has joined #bitcoin-wizards
wallet42 has quit [Killed (weber.freenode.net (Nickname regained by services))]
<nsh>
what is the actual provenance of the hash-tube paper?
tripleslash_t has joined #bitcoin-wizards
[\\\] has quit [Ping timeout: 264 seconds]
supasonic has joined #bitcoin-wizards
melvster1 has joined #bitcoin-wizards
<phantomcircuit>
nsh, im just waiting for the altcoin that wrote it to be released claiming to be "from satoshi"
* nsh
nods
<nsh>
it is worthwhile considering PQ hash-based signature constructions for cryptocurrencies, but i'm pretty convinced falsely attributing your ideas to satoshi is not indicative of a great attitude or agenda
<kanzure>
provenance is probably not important in this case; i could strip the name from the paper if that would make nsh feel better about how terrible the world is
<Taek>
It's a cool construction at least, but it still results in 8kib signatures, which is not an improvement over the lamport signature
<nsh>
you'd have to elide the memory or recall faculty in my brain too :)
<kanzure>
well that's trivial
* kanzure
readies the kinetic memory disruptor
<nsh>
sure, i accept whisky, rum, most dissociatives, &c.
<nsh>
more seriously, i'm not sure there is really much in the way of research findings for the second hash property (preimage resistances given 2/3 of the preimage)
<Taek>
yosso: can you convert that to something other than .pptx? I can't open it
<Taek>
pdf would be best
<yosso>
not out yet afaik
<yosso>
oh you mean the format
Luke-Jr has quit [Quit: Konversation terminated!]
Luke-Jr has joined #bitcoin-wizards
dEBRUYNE has quit [Quit: Leaving]
Piper-Off is now known as Monthrect
keus has joined #bitcoin-wizards
DougieBot5000 has quit [Ping timeout: 240 seconds]
chmod755 has quit [Quit: Ex-Chat]
jcorgan is now known as jcorgan|away
belcher has quit [Quit: Leaving]
eragmus has joined #bitcoin-wizards
yossso has quit [Read error: Connection reset by peer]
yosso has quit [Ping timeout: 276 seconds]
paci has quit [Ping timeout: 264 seconds]
paci has joined #bitcoin-wizards
justanotheruser has quit [Ping timeout: 264 seconds]
bramc has joined #bitcoin-wizards
<bramc>
bsm1175321, Yes I have very nice proof of non-inclusion proofs, that's been a big part of my iteration
<bramc>
bsm1175321, My format is that each level of the tree is a hash of something describing what's immediately below it, a metadata byte followed by one or two hashes, as applicable.
<bramc>
The possible values for metadata are passthrough 0, passthrough 1, terminate 0, terminate 1, terminate both, and both branches. passthrough means only one side has any values below it, the terminates indicate that one or both of the children immediately below are leaves. A leaf gets hashed one extra time at the beginning before being included in the descriptor of the immediate parent
JackH has quit [Ping timeout: 250 seconds]
hdbuck has joined #bitcoin-wizards
hdbuck has quit [Changing host]
hdbuck has joined #bitcoin-wizards
<bramc>
This way proofs of non-inclusion are very simple: You trace down to where the thing would be if it were in there, and hit a leaf of something different or a passthrough which goes only to the other side
<bramc>
This is the reason for having passthroughs, even though they seem unnecessary at first. Proofs of non-inclusion get a lot gnarlier without them.
eragmus1 has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
eragmus has quit [Ping timeout: 264 seconds]
frankenmint has joined #bitcoin-wizards
RedEmerald has quit [Ping timeout: 246 seconds]
<bramc>
There's also a special metadata value for when there's only a single thing in the entire tree, and a special root value EMPTY for when there's nothing in it and hence nothing to be hashed.
<bramc>
Good grief. Just my proof verification code is 250 lines. I'm hoping that's due to it being parsing code and the rest of this winds up being less voluminous.
JackH has joined #bitcoin-wizards
<JackH>
hi kanzure, did you manage to find more than 2 pages?
<bramc>
It obviously isn't by the original Satoshi. For starters, that paper isn't by a native english speaker.
eudoxia has quit [Quit: Leaving]
<JackH>
true, first weird sentence is: of a cryptographic payments
jcorgan|away is now known as jcorgan
<bramc>
Up to the end of the paper all it's talking about is a new secure hash based signature scheme. The hash tube idea is cute but doesn't have any obvious benefit over a regular lamport signature. It is extremely fragile though, in that if you use it more than once you'll almost certainly have made it possible for other people to sign arbitrary things later, which can be a useful property to have for some applications
<bramc>
I came up with a cruder trick to do the same thing. The two techniques can be combined effecively.
AaronvanW has quit [Ping timeout: 250 seconds]
<JackH>
the paper lacks the rest of the pages
<JackH>
to make its point
<JackH>
I get where its going, but....I dont get what its all good for
<bramc>
The abstract gives no hint whatsoever of how the new primitive is supposed to be useful
<bramc>
It isn't even clear in what way it's new. Practical secure hash based signatures have been around for a while. The new construction makes winternitz compression impossible.
pozitrono has joined #bitcoin-wizards
<JackH>
yeah this doesnt make sense, to what extend that it is useful
<JackH>
it is neat, but what is the point
pozitron has quit [Ping timeout: 245 seconds]
<bramc>
Well, I'll give it credit that it has a construction which tells me how to improve on something I spent time on before. Whether that trick is its point or a coincidental enabler is entirely unclear though.
<bramc>
A signature scheme. You can use hash tubes to make it so that if someone signs more than one thing with a signature it blows up in their face horribly.
eragmus1 has quit [Read error: Connection reset by peer]
eragmus has joined #bitcoin-wizards
<bramc>
Actually, this is probably what's meant by the comment about it providing defense against double-spends. Maybe I should post an explanation of this on reddit.
eragmus1 has joined #bitcoin-wizards
eragmus has quit [Ping timeout: 255 seconds]
eragmus1 has quit [Ping timeout: 250 seconds]
<JackH>
would like to know how you come to this understanding
Newyorkadam has joined #bitcoin-wizards
<bramc>
JackH, When people work on the same problems they tend to come up with the same solutions
<JackH>
sure
<JackH>
feel free to explain it then
<bramc>
I'm typing something on reddit right now.
CubicEarth has quit [Remote host closed the connection]
<bramc>
I keep getting pulled into these interesting theoretical discussions when I'm trying to do Real Work
<bramc>
Please tell me if I start sounding like Galois
Tomiii has joined #bitcoin-wizards
eragmus1 has joined #bitcoin-wizards
eragmus has quit [Ping timeout: 260 seconds]
eragmus1 has quit [Client Quit]
<bramc>
Feedback and upvotes welcome. That took a whole bunch of brain cycles I was planning on putting into real work.
coinoperated has joined #bitcoin-wizards
CubicEarth has joined #bitcoin-wizards
ayn1k has joined #bitcoin-wizards
gielbier has quit [Read error: Connection reset by peer]
gielbier has joined #bitcoin-wizards
<bramc>
It's getting both upvotes and downvotes now. Apparently my highly technical comments are horribly controversial.
<kanzure>
you shouldn't watch the karma counter, you'll rot your brain like that
<bramc>
Since I never post to reddit, it's new to me. It's fascinating that even this could produce downvotes. That seems to imply that there's a movement to downvote anything which isn't ranting drivel.
gielbier has quit [Read error: Connection reset by peer]
giel__ has joined #bitcoin-wizards
<kanzure>
there are also bots that randomly downvote anything, because bot farmers need to make the accounts look alive and healthy
<kanzure>
it's really completely meaningless
<jojva_>
if you hit refresh several times you can see your karma changing in a meaningless way. it's just bot battles.
CubicEarth has quit [Remote host closed the connection]
<ayn1k>
reddit voting should make use of pow
<kanzure>
no, pow does not decide factual correctness of statements, what
<ayn1k>
no, voting does that, and pow prevents a large chunk of spam votes
<jojva_>
for that you need a decentralized reputation system :)
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
zookolaptop has joined #bitcoin-wizards
<kanzure>
"spam votes" are doable with pow (e.g. see how trivial it is to make low-difficulty pow proofs)
<ayn1k>
pow proofs is redundant but anyway, who said low-difficulty
<ayn1k>
reddit as a centralized service can vary the hashing algorithm parameters quite fast and prevent optimizations
<coinoperated>
bramc a certain fixed component of u/dvote probability on reddit (in anything bitcoin related) is based on whether your post could be construed (if grossly inapplicably) as being on one side or the other of the block size issue. Just disregard.
<jojva_>
kanzure: that's beautifuk
<jojva_>
s/beautifuk/beautiful
<coinoperated>
If you like chocolate ice cream, don't say so unless you're sure someone from the "wrong" side of that debate doesn't also like it
rustyn has quit [Read error: Connection reset by peer]
<bramc>
There's this big point which people at the standards bodies seem to just plain not understand, which is that the current attacks on sha1 put it in danger of *collision* attacks, where the relevant attack for browsers is *reversal*
<bramc>
Those are from completely different galaxies in terms of difficulty. It saddens me that there's no discussion of sha3 though, apparently that standard has mostly failed?
<gwillen>
bramc: well, the usual cryptographic safety rule, in my understanding, is that once your primitive is a little bit compromised, you start moving off it, even if it's probably still fine, because cryptanalysis only moves one way
zookolaptop has quit [Ping timeout: 246 seconds]
<phantomcircuit>
bramc, uh collision is sufficient to cause big problems
<bramc>
gwillen, True, although in this case there's coherent practical reason for foot-dragging
<bramc>
phantomcircuit, What are the relevant collision-based attacks? I'm not asking this sarcastically.
<gwillen>
also phantomcircuit makes a good point, collision is enough to create fraudulent certificates
<gwillen>
all you have to do is generate two colliding certs, one valid, one invalid
<gwillen>
and then you have a signature good for the invalid one
MrHodl has joined #bitcoin-wizards
<bramc>
It boils down to whether the certificate is generated by the CA or whoever it's being given to. If CAs do the writing of certs, or at least put a bunch of random garbage at the front, then I think it's reversals which are relevant.
<phantomcircuit>
bramc, sure but they dont do that in practice
<gwillen>
the random garbage trick is not a general solution to collision attacks, it only works against a specific type, afaik
<gwillen>
although that may be the only type currently practical, I don't know
<phantomcircuit>
the ca extracts the public key from the crl and then produces an entirely predictable certificate from that
<phantomcircuit>
gwillen, it's usually a reasonable way to shift from preimage to second preimage which is much much harder
<bramc>
phantomcircuit, *sigh* I think that article I linked says things which amount to 'Microsoft said to put a few bytes of random garbage at the top but not all CAs are doing it'
<phantomcircuit>
bramc, iirc the md5 intermediate cert was generated using a preimage attack by messing with the subdomain the cert was for
<bramc>
If the certificate is entirely predictable then you can do a birthday attack on it. If it isn't then you're stuck with reversals.
brg444 has quit [Quit: Page closed]
bramc has quit [Quit: This computer has gone to sleep]
<zookolaptop>
I wish whoever wrote that had used proper citations.
<gwillen>
I feel like I should ignore this paper just to avoid encouraging people to publish further under that name :-P
<gwillen>
it's a bizzare sort of self-promotion
<zookolaptop>
Then it would be obvious to all readers that when they wrote "Weierstrass" they meant "Winternitz", for starters.
throughnothing has joined #bitcoin-wizards
<zookolaptop>
Now there will be a little mini-generation of people who've heard of Winternitz, but since they know it under the wrong name they won't be able to look it up in the literature...
<gwillen>
heh
Quanttek has joined #bitcoin-wizards
tulip has joined #bitcoin-wizards
<tulip>
"reddit as a centralized service can vary the hashing algorithm parameters quite fast and prevent optimizations"
<tulip>
ayn1k: just in general, proof of work is broken when used in isolation. no matter the configuration there's none which has a usable end experience for real users, and actually provide any resistance to a person with a botnet.
c-cex-finch has quit [Quit: Connection closed for inactivity]
<tulip>
you made your proof of work take 10 minutes to create a reddit post? well that's completely unacceptable for an end user, yet someone with a botnet can blast out tens of thousands of messages an hour. changing the system doesn't prevent that.
AaronvanW has quit [Ping timeout: 260 seconds]
Quanttek has quit [Ping timeout: 246 seconds]
psztorc has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
tripleslash_a has joined #bitcoin-wizards
tripleslash_t has quit [Ping timeout: 260 seconds]
coinoperated has quit [Ping timeout: 260 seconds]
frankenmint has quit [Remote host closed the connection]
bramc has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
<ayn1k>
tulip: it should be combined with interaction speed limits, per subreddit and user, for voting and posting
<tulip>
if you're using metrics like that the proof of work doesn't do anything but annoy your users.
brg444 has joined #bitcoin-wizards
<ayn1k>
if many posts are created per minute in the same subreddit then they start with a lower score, if a user receives many votes per minute then the amount of karma he receives/loses is of lower value
<tulip>
so anybody wanting to warp the score just does it slowly?
<ayn1k>
if you post slowly your posts start with a higher score
Newyorkadam has joined #bitcoin-wizards
<ayn1k>
pow sets a cost for sybil attacks while degradation on speed prevents brigading
smk has joined #bitcoin-wizards
CubicEar_ has joined #bitcoin-wizards
<bramc>
The applicable proof of 'work' to reddit is captchas
<kanzure>
captchas are trivially solved by machines and also by services like deathbycaptcha (captcha solving api that uses outsourcing)
<bramc>
I didn't say they're much better
<ayn1k>
also captchas can't be tuned for difficulty (or at least not very smooth)
Newyorkadam has quit [Quit: Newyorkadam]
smk has quit [Ping timeout: 252 seconds]
Newyorkadam has joined #bitcoin-wizards
CubicEar_ has quit [Remote host closed the connection]