sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
tripleslash has joined #bitcoin-wizards
Guest51007 has joined #bitcoin-wizards
<phantomcircuit>
<coinoperated> ... there are few if any reasons for full nodes to exist in a future highly-adopted Bitcoin ecosystem ...
<phantomcircuit>
that is absolutely and completely false
<phantomcircuit>
bitcoins security model relies strongly on the users of the system checking that miners have followed the rules of the system
<phantomcircuit>
that reliance is indeed so strong that you are only a user of the system if you are operating a full verifying node
<phantomcircuit>
the spv clients which exist today are absolutely insecure
wallet42 has quit [Quit: Leaving.]
gentoognuhurd is now known as justanotheruser
Guest51007 has quit [Ping timeout: 260 seconds]
<bramc>
phantomcircuit, They could be made a lot more secure with utxo commitments
belcher has quit [Ping timeout: 264 seconds]
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
<maaku>
what would be the justification for utxo commitments after backlinks are added, however?
amiller_ has joined #bitcoin-wizards
<bramc>
maaku, What do you mean by 'backlinks'?
<bramc>
utxo commitments can both demonstrate that a txo is current and that it isn't
AaronvanW has quit [Ping timeout: 250 seconds]
windsok has joined #bitcoin-wizards
Ylbam has quit [Quit: Connection closed for inactivity]
cheetah2 has joined #bitcoin-wizards
c0rw1n is now known as c0rw|zZz
cheetah2 has quit []
dEBRUYNE has quit [Ping timeout: 250 seconds]
Yoghur114_2 has quit [Remote host closed the connection]
Monthrect is now known as Piper-Off
wallet42 has joined #bitcoin-wizards
tripleslash has quit [Ping timeout: 245 seconds]
rusty has joined #bitcoin-wizards
joesmoe has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
Quanttek has quit [Ping timeout: 246 seconds]
amiller_ has quit [Ping timeout: 260 seconds]
Emcy has quit [Ping timeout: 255 seconds]
Burrito has quit [Ping timeout: 240 seconds]
nuke1989 has quit [Remote host closed the connection]
fkhan_ has quit [Ping timeout: 260 seconds]
JackH has quit [Ping timeout: 255 seconds]
fkhan_ has joined #bitcoin-wizards
<phantomcircuit>
maaku, utxo commitments are less reliant on fraud proofs than backrefs are
<phantomcircuit>
or maybe not actually
<phantomcircuit>
hmm
hashtag_ has quit [Ping timeout: 250 seconds]
laurentmt has joined #bitcoin-wizards
c-cex-yuriy has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
hashtag_ has joined #bitcoin-wizards
<coinoperated>
phantomcircuit: I would lump those reasons under altruism or ideology. Today, we can expect the small pool of mostly sophisticated users to be fully educated about the significance of having a fully validating node. Most people aren't going to understand this, and the Bitcoin of the future has to be compatible with "most people." Unless something changes wrt blockchain initial sync time (at very least, other UX
<coinoperated>
problems abound) there's no reason to expect a highly adopted Bitcoin to consist of mostly full nodes.
<phantomcircuit>
coinoperated, then bitcoin will fail and we can all go home
<coinoperated>
absent a large and widely disseminated education campaign to sell people on the abstract benefits of decentralization, people are just going to use the quickest, simplest onramp which right now is web wallets like the horrible BCI
<Eliel_>
coinoperated: well, you can of course, outsource the verification of transactions to someone else, but the fact still remains that running your own full node is the only way to be sure no-one is feeding you incorrect data about incoming transactions.
hashtag_ has quit [Ping timeout: 246 seconds]
<coinoperated>
Elie1_ not disagreeing at all, my own wallet is the stock Qt. But I also realize I am here partly for the front seat view to a revolution and will discount the suboptimal UX as part of the price of admission. But there is no doubt that part of the scalbility problem is finding wider and wider markets to scale into, and those markets won't come to Bitcoin, Bitcoin has to come to them.
hashtag_ has joined #bitcoin-wizards
<Eliel_>
coinoperated: many SPV wallets support a mode where they only connect to a certain defined bitcoind node. In the case that node is trustworthy, your SPV wallet will be as secure as a full node. I suspect reasonably many people might want to run a full node in an UTXO only mode for that purpose.
<coinoperated>
bsm1175321: < We could mine tx's instead. This would move mining to the edges of the network, but everyone would have to buy ASIC's to participate> Is this where the 21 gadget is going (after a few refinement iterations)?
TheSeven has quit [Ping timeout: 260 seconds]
TheSeven has joined #bitcoin-wizards
CoolerMaster has joined #bitcoin-wizards
rusty has quit [Ping timeout: 240 seconds]
<phantomcircuit>
Eliel_, unfortunately none of those things have authenticated connections
<Eliel_>
phantomcircuit: ah, yes, that's a problem...
<Eliel_>
... is someone working on adding an authenticated protocol for that sort of connections?
hashtag_ has quit [Ping timeout: 256 seconds]
Guest25458 has joined #bitcoin-wizards
<phantomcircuit>
Eliel_, not that im aware of
<AdrianG>
coinoperated: 21co is supposedly trying to get ppl to convert wall socket electricity to coins, instead of putting up with KYC/AML/DHS/DVD/CD/PHD/MTV
<AdrianG>
i guess an easier way to buy coins to spend.
<Eliel_>
would probably be enough to have the full node sign transactions and/or blocks with a specific key and share those signatures when the other party requests them. Then you could just input the public key of the full node to your wallet in addition to the IP address.
<phantomcircuit>
Eliel_, just the headers is enough
<phantomcircuit>
actually just the last header is enough
<Eliel_>
phantomcircuit: you mean block header.
<phantomcircuit>
yes
<phantomcircuit>
if you have a signature on a header from a trusted full node you have the same security as the full node
<phantomcircuit>
well sort of
<Eliel_>
unconfirmed transactions could benefit from signatures too.
<phantomcircuit>
you're not guaranteed to have all of the utxo entires that you can spend
<phantomcircuit>
Eliel_, not necessary
<phantomcircuit>
they're unconfirmed remember? zero security
dEBRUYNE has joined #bitcoin-wizards
hashtag_ has joined #bitcoin-wizards
<Eliel_>
phantomcircuit: it's an improvement over what the SPV node can do itself.
<Eliel_>
as far as I'm aware, you could currently send an SPV node a complete garbage transaction that spends imaginary outputs and it would have no way to tell.
<Eliel_>
with signatures, you could at least tell that the transaction has a chance to be mined.
<phantomcircuit>
Eliel_, "meh"
dEBRUYNE has quit [Ping timeout: 276 seconds]
<Eliel_>
also, if the signatures included timestamps, it might provide nice instrumentation for analyzing propagation behauviour.
<Eliel_>
it wouldn't be much use from a security point of view, but it'd help the SPV wallet keep it's transaction list clean. If something is double spent, that it can detect and remove from it's list but for pure garbage it doesn't have a good way to clean, other than waiting for X number of blocks for timeout removal.
<Eliel_>
helps prevent some confused user attacks
<phantomcircuit>
Eliel_, eh just connecting to the one bitcoind would be enough for that
<phantomcircuit>
no need to sign them
<Eliel_>
well, I suppose if it's an encrypted connection, just signing the blocks is enough
go1111111 has quit [Ping timeout: 246 seconds]
<Eliel_>
but encrypted connection is not needed if it's all signed.
Guest25458 has quit [Ping timeout: 276 seconds]
Guest56234 has joined #bitcoin-wizards
GGuyZ_ has joined #bitcoin-wizards
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ_ is now known as GGuyZ
ThomasV has joined #bitcoin-wizards
go1111111 has joined #bitcoin-wizards
oneeman has quit [Quit: Leaving]
Guest56234 has quit [Ping timeout: 255 seconds]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Cory has quit [Ping timeout: 245 seconds]
Cory has joined #bitcoin-wizards
<bramc>
Again, my question is, what are backrefs? And my point is, that if you have utxo commitments then an spv server can actually prove to an spv client that a particular utxo is or is not included.
<bramc>
Assuming an extension to spv to include those proofs of course.
GGuyZ has quit [Quit: GGuyZ]
el33th4x0r has joined #bitcoin-wizards
<el33th4x0r>
are there any segwit experts online for a quick question?
<el33th4x0r>
sipa?
<jl2012>
el33th4x0r just ask. People will answer if they know
<el33th4x0r>
ok, i looked through the two early BIPs and the draft of the third, and I'm confused by the great variety of claims made around segwit.
<el33th4x0r>
the BIPs outline a conservative approach that rearranges block contents, but the segregated witness is nevertheless an integral part of a block.
<el33th4x0r>
the operational description says that the peers fetch the block in whole, with the witness.
<el33th4x0r>
Greg has been very careful, in describing segwit benefits, that segwit improves malleability, allows discarding old witnesses, etc etc. but he does NOT say that it improves block transmission speeds.
<el33th4x0r>
yet a lot of people online believe that segwit is a technique to "effectively increase block size"
<jl2012>
what's you question?
<el33th4x0r>
so the question is, what does that claim really mean?
<jl2012>
which claim?
ThomasV has quit [Ping timeout: 240 seconds]
<jl2012>
I'm co-author of the BIP
<smooth>
el33th4x0r: it effectively increases the hard cap, but does nothing to influence the factors that motivate the cap
<el33th4x0r>
how does segwit effectively increase block size?
<el33th4x0r>
does block size refer to (the number of bytes to be transmitted from one peer to another during block propagation)
<jl2012>
if effectively increases the hard cap ---> yes
<el33th4x0r>
how does it do that?
<smooth>
el33th4x0r> how does segwit effectively increase block size? <= because the transcations over which the blocks size is calculated will be smaller
<smooth>
(by the existing code)
<el33th4x0r>
ah, i get it -- it's one of the benefits of the soft fork trick
<jl2012>
it does NOT improve block transmission speed: yes, if you are talking about full nodes to full nodes
<el33th4x0r>
jl2012, smooth: thanks, that was very helpful.
<jl2012>
welcomed
<jl2012>
but it does improve tx transmission from full to SPV nodes
Alopex has quit [Remote host closed the connection]
sparetire_ has quit [Quit: sparetire_]
Alopex has joined #bitcoin-wizards
Guest55894 has quit [Ping timeout: 255 seconds]
arubi has quit [Ping timeout: 264 seconds]
moa has quit [Ping timeout: 250 seconds]
<jl2012>
my SW testnet node based on 0.12 keeps saying socket recv error Connection reset by peer (104) , what does it mean?
moa has joined #bitcoin-wizards
CoolerMaster has left #bitcoin-wizards [#bitcoin-wizards]
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
jcorgan has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
moa has quit [Quit: Leaving.]
amiller has joined #bitcoin-wizards
amiller is now known as Guest28941
hashtag_ has quit [Read error: Connection reset by peer]
supasonic has quit [Ping timeout: 240 seconds]
bildramer has quit [Ping timeout: 255 seconds]
Guyver2 has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
Transisto2 has quit [Ping timeout: 245 seconds]
bramc has quit [Quit: This computer has gone to sleep]
alpalp has quit [Ping timeout: 264 seconds]
Guest28941 has quit [Ping timeout: 264 seconds]
Guest67149 has joined #bitcoin-wizards
Guest67149 has quit [Ping timeout: 260 seconds]
Guyver2 has quit [Quit: :)]
ThomasV has quit [Ping timeout: 240 seconds]
tulip has joined #bitcoin-wizards
<tulip>
jl2012: I've noticed a lot more connection churning recently, but I assumed it was my poor connection rather than anything had changed in 0.12.
Guest45580 has joined #bitcoin-wizards
Guest45580 has left #bitcoin-wizards [#bitcoin-wizards]
<maaku>
phantomcircuit: as far as I can tell any kind of txout commitments gain easier SPV wallet sync, but it's not obvious to me that is worth the cost
<maaku>
what would be worth the cost, and was the prime justification I saw, was fraud proofs. but backrefs get you that
pozitrono has joined #bitcoin-wizards
tulip has quit []
ThomasV has joined #bitcoin-wizards
dave4925 has quit [Remote host closed the connection]
adam3us has quit [Read error: Connection reset by peer]
adam3us has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
tulip has joined #bitcoin-wizards
dave4925 has joined #bitcoin-wizards
tulip has quit [Client Quit]
amiller_ has joined #bitcoin-wizards
amiller_ has quit [Ping timeout: 276 seconds]
<jl2012>
tulip: thanks but that's not related. I'm in the SW-testnet
nuke1989 has joined #bitcoin-wizards
c-cex-yuriy has joined #bitcoin-wizards
Guest63813 has joined #bitcoin-wizards
yosso has joined #bitcoin-wizards
<yosso>
Must a lighning node be a full bitcoinnode?
<yosso>
bitcoin node
ThomasV has quit [Ping timeout: 260 seconds]
<stonecoldpat>
yosso: to the best of my just after holidays knowledge, not necessarily. Assuming you can trust the deposit transaction is in the blockchain (which spv allows you), then all you need to record are transactions inside your channel. Although you do need to maintain good network activity to listen for earlier invalidated transactions being broadcasted (i think their called breach transactions?)
pozitrono has quit [Ping timeout: 240 seconds]
Darknes is now known as penjenayah
<aj>
yosso: i think all the initial implementations will assume you're also running a full bitcoin node though
dave4925 has quit [Remote host closed the connection]
<stonecoldpat>
what i mean by maintaining good network connections - every time you do a payment in the channel, both parties create a new pair of "Revocable Commitment Transactions" and invalidate the previous pair. To invalidate the previous pair, you send the counter party a "Breach Remedy Transaction". So as a participant, you need to listen to the network to ensure a previously revoked transaction has not been broadcast to the netw
<aj>
stonecoldpat: not quite -- if someone *publishes* one of the outdated commitment transactions, the other person publishes a "breach remedy transaction" to the blockchain to claim all the funds
<aj>
stonecoldpat: ie, you don't send it to your counterparty, you send it to the blockchain
<stonecoldpat>
aj: sorry thats what i ment, (to set up the breanch remedy transaction requires you to sign it and send to counter party) and then yeah you broadcast it to the network
Guest63813 has quit [Ping timeout: 240 seconds]
Emcy has joined #bitcoin-wizards
Emcy has quit [Changing host]
Emcy has joined #bitcoin-wizards
amiller_ has joined #bitcoin-wizards
amiller_ has quit [Ping timeout: 265 seconds]
<yosso>
I see. Is it realistic then to assume mobile ligthning nodes?
zookolaptop has joined #bitcoin-wizards
amiller has joined #bitcoin-wizards
amiller is now known as Guest55022
wallet42 has joined #bitcoin-wizards
wallet421 has joined #bitcoin-wizards
wallet421 has quit [Changing host]
wallet421 has joined #bitcoin-wizards
wallet421 is now known as wallet42
GGuyZ has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
Guest55022 has quit [Ping timeout: 256 seconds]
trippysalmon has joined #bitcoin-wizards
dcousens has joined #bitcoin-wizards
adlai1 has joined #bitcoin-wizards
bildramer has joined #bitcoin-wizards
adlai has quit [Ping timeout: 250 seconds]
waxwing has quit [Read error: Connection reset by peer]
waxwing has joined #bitcoin-wizards
pozitron has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 250 seconds]
AaronvanW has joined #bitcoin-wizards
wallet42 has quit [Ping timeout: 256 seconds]
wallet42 has joined #bitcoin-wizards
trippysalmon has quit [Ping timeout: 250 seconds]
Guest27073 has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 250 seconds]
ThomasV has joined #bitcoin-wizards
Ylbam has quit [Quit: Connection closed for inactivity]
MoALTz_ has joined #bitcoin-wizards
MoALTz has quit [Ping timeout: 240 seconds]
MoALTz_ is now known as MoALTz
Ylbam has joined #bitcoin-wizards
dave4925 has joined #bitcoin-wizards
dcousens has quit [Quit: Lost terminal]
dcousens has joined #bitcoin-wizards
adlai1 is now known as adlai
wallet42 has quit [Ping timeout: 260 seconds]
wallet42 has joined #bitcoin-wizards
Piper-Off is now known as Monthrect
supasonic has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
MoALTz_ has joined #bitcoin-wizards
MoALTz has quit [Ping timeout: 256 seconds]
MoALTz_ is now known as MoALTz
<kanzure>
"There is an “N depth” idea in BU, where nodes switch from regarding one chain as valid to another chain, if the chain with larger blocks has a lead of N blocks."
<kanzure>
this seems to be impossible when the block sizes are beyond bandwidth limits
Quanttek has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
<kanzure>
"people seem to assume that miners would all the sudden just make bigger blocks simply because they can - as if they never could"
<kanzure>
this is false. people suggest that an adversary will be capable of making bigger blocks, not that non-adversarial miners wouldn't. also, certain adversaries only attack when opportunity arises, such as big blocks, or other vulnerabilities.
<kanzure>
"and, of course, as we all know, they ought to find it more profitable to not do such attack. etc. Basically, these attacks have nothing to do with BU because BU sets a limit just as hard as core's current 1mb,"
<kanzure>
this reasoning also doesn't make sense- if it has something to do with bitcoin, then it's not going to have nothing to do with BU :-)
<kanzure>
"we can assume that 51% of them will be honest (if we don't make such assumption then bitcoin does not work)."
<kanzure>
that's really only true for spv mode
<kanzure>
"The miners therefore will set the limit ... hence BU provides a defence to the criticisms made against automatic algorithmic change."
<alpalp>
kanzure: why spend so much time analyzing what is essentially flat earthers?
<instagibbs>
alpalp, +1 . I'd rather debate PoS :P
<kanzure>
criticism of bip100 was often something like "we already know that miners can agree on big block increases, that's not useful for bitcoin"
<kanzure>
so... it is not a defense.
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ has joined #bitcoin-wizards
<alpalp>
defense from what? A reddit army who wants a charismatic leader to help them lose tens of dollars?
<kanzure>
alpalp: not helpful, even if you're correct that they are sockpuppets.
<alpalp>
kanzure: even if not sockpuppets - is there any chance at all anyone with anything at stake will switch to a coin with no development team and hand waving? If so, maybe they deserve to lose their money.
<alpalp>
IMO the goal of the project is just meant to distract useful work
<alpalp>
I dont think a huge number of accounts are sockpuppets, just naive users with small stakes and lots of free time. Voting def seems like socks
JackH has joined #bitcoin-wizards
<maaku>
yosso: lightning edge nodes don't need to be online 24/7
<maaku>
and there are many use cases where delayed payments are ok, in which case they could still be routed through so long as the mobile device connects at least once a day or so
<maaku>
and with full lightning (CSV + segwit) you can outsource the blockchain watching to anybody else
<maaku>
so you don't have to be online to make sure your coins are safe, you just have to be online to be routed through
ThomasV has quit [Ping timeout: 245 seconds]
<yosso>
maaku: thanks, wasn´t the distinction between edge nodes and hubs replaced with direct pathes? Or am I confusing something?
<maaku>
yosso: i prefer not to call routable nodes hubs
<maaku>
it confuses things
<maaku>
otherwise can you rephrase? I'm not sure what you mean
smk has joined #bitcoin-wizards
<yosso>
assuming the network is better of if all nodes are routable as the funds in those channels will be avaiable, is it resonable to assume such nodes running on mobiles?
alpalp has quit [Read error: Connection reset by peer]
<instagibbs>
yosso, if you didn't know there is #lightning-dev
<yosso>
I didnt, thanks
alpalp has joined #bitcoin-wizards
oneeman has joined #bitcoin-wizards
<maaku>
yosso: sure, why not?
murch_ has joined #bitcoin-wizards
<maaku>
you can get push notification of a transaction in progress, and sign on the device
<maaku>
that said, it may be tricky and/or difficult to pull off, so it's more of a target to work towards
<yosso>
Wasn´t sure if SPV node could be a routable lighning node. Happy to hear it is. I think its important as avalable routs are important for reducing the amounts that must be ¨frozen¨ in channels.
murch_ is now known as murch
ThomasV has joined #bitcoin-wizards
<alpalp>
yosso: all thats needed is the ability to sign and get notifications for requests to sign, and to store enough info to submit recovery transactions after protocol violations.
GGuyZ has quit [Quit: GGuyZ]
<yosso>
alpalp: thanks, i get it now
gribble has quit [Remote host closed the connection]
gribble has joined #bitcoin-wizards
roman__ has joined #bitcoin-wizards
smk has quit [Ping timeout: 252 seconds]
Giszmo has joined #bitcoin-wizards
smk has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
licnep has quit [Quit: Connection closed for inactivity]
Burrito has joined #bitcoin-wizards
yosso has quit [Ping timeout: 265 seconds]
wangchun has quit [Quit: leaving]
wangchun has joined #bitcoin-wizards
kmels has joined #bitcoin-wizards
<Taek>
"we can assume that 51% of them will be honest (if we don't make such assumption then bitcoin does not work)." ===> This is a pretty common mistake. It's a very weak assumption. Much stronger to assume that 51%+ are rationally motivated, and then prove that whatever system is incentive-compatible. That's approx. what Bitcoin is, though lots of people would question whether Bitcoin was truly incentive-compatible
blackmarble has joined #bitcoin-wizards
<alpalp>
Taek: small nitpick, you can be rationally motivated but have incentives that make the cost of attacking worth it - example - taking out a large short position before attack. Though that likely falls under your definition of incentive-compatible
lmatteis has quit [Ping timeout: 255 seconds]
Ylbam has quit [Read error: Connection reset by peer]
<kanzure>
async secure multiparty computation http://eprint.iacr.org/2015/1238.pdf (i thought we had some models that required only 1 honest participate, not 2/3rds?)
<nsh>
there are models that work with honest majority, more constrained models that work with smaller honest cohorts. i don't think there exists a model of SMC that works with a single honest party
<nsh>
i would imagine that would make things very difficult indeed
<nsh>
In multi-party computation a set of $n$ players wants to compute a function $y=f$ on inputs $x_1, …, x_n$ where each input $x_i$ is private information to player $i$. Security in this setting means that each player essentially learns *Nothing* new other then the result $y$.
<nsh>
In the above definition the meaning of security holds if at least one player is still honest (or acting non-corrupt). In this presentation the notion and meaning of security is extended to include the setting where all parties are corrupted however leaving an auditable transcript of the computation allowing third-party observers to audit the computation afterwards. Naturally the transcript is public
<nsh>
information and the above security definition must still hold in the presents of a single honest party.
<kanzure>
.. but requires hardware token model, and claims that doing it without tamper-proof hardware tokens is impossible if BPP != NP
<kanzure>
"Motivated by the goal of removing trusted setup assumptions from cryptography, we introduce the notion of witness signatures. This primitive allows any party with a valid witness to an NP statement to sign a message on behalf of that statement. We also require these signatures to be unforgeable: that is, producing a signature on a new message (even given several message, signature pairs) should be as hard as computing a witness to the ...
<kanzure>
... NP statement itself. Witness signatures are closely related to previously well-studied notions such as non-malleable non-interactive zero knowledge arguments, and signatures of knowledge."