sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
e0 has quit [Ping timeout: 240 seconds]
adam3us has joined #bitcoin-wizards
<dgenr8>
gavinandresen: why does nobody talk about that paper? Valfells pointed out that at some point miner profit soon grows slower than cost, because each hashing percentage point costs more than the last
<dgenr8>
gavinandresen: why is that not DE-centralization pressure?
eamonnw has joined #bitcoin-wizards
AlienTrooper has joined #bitcoin-wizards
zookolaptop has quit [Ping timeout: 255 seconds]
arowser has quit [Quit: No Ping reply in 180 seconds.]
<jcorgan|away>
Threshold-optimal DSA/ECDSA signatures and
<jcorgan|away>
an application to Bitcoin wallet security
jcorgan|away is now known as jcorgan
Burrito has quit [Quit: Leaving]
smk has joined #bitcoin-wizards
MoALTz has quit [Ping timeout: 250 seconds]
MoALTz_ has joined #bitcoin-wizards
brg444 has quit [Quit: Page closed]
<bramc>
jcorgan, How practical are those?
<adam3us>
that's kind of heavy it involves damgard-jurik extended version of paillier just to have a group big enough not to wrap under the steps of dsa
zookolaptop has joined #bitcoin-wizards
MoALTz_ has quit [Ping timeout: 256 seconds]
<jcorgan>
i'm not knowledgable enough to really pick it apart but i do know enough to trust adam3us or gmaxwell's assessment :-)
<jcorgan>
hmm, not sure how that happened
<adam3us>
so paillier is a RSA related public key encryption algoritm that is additively homomorphic
<adam3us>
it works in field N^2 instead of field N=p*q with RSA.
<adam3us>
then damgard-jurik allows N^k where k>=2 and so even bigger values to be encoded without wrapping
<adam3us>
so if you make it big enough you can compute some of the dsa stuff without it wrapping while still blinded
<amiller>
how big are they proposing here?
c-cex-yuriy has joined #bitcoin-wizards
<amiller>
N > q^8 where q is the modulus of the underlying dsa
<bramc>
The basic measures of complexity are: round trips, bandwidth needed, CPU needed
<amiller>
so i'm guessing without much thought that their crypto elements are all around 2048-bits, that seems pretty reasonable
<amiller>
bramc, constant number of rounds (4, i think), and their 2-party signing example (Table 2) says 13 seconds (with the computation on a phone taking most of the time)
<bramc>
4 rounds of 2048 bits is nothing. Sounds like the big bottleneck is CPU, and even that is mostly under control
<bramc>
Of course it needs to be vetted
<bramc>
From a security standpoint
<adam3us>
amiller i think yes but 2048^k bignums which are larger still
<amiller>
yeah... i'd like to see an explicit breakdown of the transcript size for each round
<amiller>
and i have no idea what k is
Ylbam has quit [Quit: Connection closed for inactivity]
brg444 has joined #bitcoin-wizards
<adam3us>
i'd have to re-read the paper it's been a while. i think it's just you know 256^m < 2048^k
<adam3us>
where m arises from how many multiplicative ops there are at the threshold DSA level
<bramc>
amiller, I sent a follow-up mail explaining the motivations for proof of time a bit better. My construction does all of those by what feels like a bunch of funny coincidences.
<amiller>
i don't know where you're getting the damgard jurik thing, afaict they're using exactly paillier
<amiller>
maybe this has changed since their earlier unpublished zero-conf drafts
<adam3us>
oh maybe it's a new but related paper.
<adam3us>
damgard-jurik is done using N^k k>=2 rather than N^2 so it gives bigger numbers
<amiller>
it's okay to change all the content of a paper until it's accepted in a conference
<amiller>
as long as the results get better and all the prior authors are still there (new ones may be added too)
<amiller>
i call this convention "replace by cite"
<adam3us>
maybe you could do that just by using bigger N and then just use paillier i think that'd work
zookolap` has joined #bitcoin-wizards
zookolaptop has quit [Ping timeout: 260 seconds]
hashtag has joined #bitcoin-wizards
Giszmo has quit [Ping timeout: 264 seconds]
Giszmo has joined #bitcoin-wizards
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ has joined #bitcoin-wizards
zookolap` is now known as zooko
StephenM347 has quit [Remote host closed the connection]
smk has quit [Ping timeout: 252 seconds]
bendavenport has quit [Quit: bendavenport]
smk has joined #bitcoin-wizards
adam3us has quit [Ping timeout: 246 seconds]
GGuyZ has quit [Quit: GGuyZ]
tjader has quit [Ping timeout: 246 seconds]
AaronvanW has quit [Ping timeout: 260 seconds]
tjader has joined #bitcoin-wizards
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
<bramc>
amiller, Sent a response to you which includes a better construction which probably should be published as a 'real' paper.
neha has joined #bitcoin-wizards
luny has quit [Ping timeout: 246 seconds]
GGuyZ has joined #bitcoin-wizards
roconnor has joined #bitcoin-wizards
GGuyZ_ has joined #bitcoin-wizards
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ_ is now known as GGuyZ
dEBRUYNE has quit [Quit: Leaving]
luny has joined #bitcoin-wizards
raedah has quit [Ping timeout: 260 seconds]
StephenM347 has joined #bitcoin-wizards
StephenM347 has quit [Remote host closed the connection]
go1111111 has quit [Ping timeout: 240 seconds]
Tiraspol has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
p15 has joined #bitcoin-wizards
go1111111 has joined #bitcoin-wizards
smk has quit [Ping timeout: 252 seconds]
voxelot has joined #bitcoin-wizards
bitcoin-wizards9 has joined #bitcoin-wizards
stevenroose has quit [Ping timeout: 255 seconds]
stevenroose|BNC is now known as stevenroose
bitcoin-wizards9 has quit [Client Quit]
p15 has quit [Ping timeout: 276 seconds]
dcousens has quit [Ping timeout: 272 seconds]
Dizzle has quit [Remote host closed the connection]
oneeman has quit [Quit: Leaving]
Dizzle has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 260 seconds]
GGuyZ has joined #bitcoin-wizards
brg444 has quit [Ping timeout: 252 seconds]
GGuyZ_ has joined #bitcoin-wizards
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ_ is now known as GGuyZ
TheSeven has quit [Ping timeout: 250 seconds]
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ_ has joined #bitcoin-wizards
TheSeven has joined #bitcoin-wizards
tjader has quit [Ping timeout: 245 seconds]
hashtag has quit [Ping timeout: 245 seconds]
tjader has joined #bitcoin-wizards
p15 has joined #bitcoin-wizards
da2ce7_mobile_ has quit [Ping timeout: 245 seconds]
Yoghur114 has quit [Read error: Connection reset by peer]
Yoghur114 has joined #bitcoin-wizards
GGuyZ_ has quit [Read error: Connection reset by peer]
GGuyZ has joined #bitcoin-wizards
da2ce7_mobile has joined #bitcoin-wizards
GGuyZ_ has joined #bitcoin-wizards
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ_ is now known as GGuyZ
punindented has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
zooko has quit [Quit: ERC Version 5.3 (IRC client for Emacs)]
zookolaptop has joined #bitcoin-wizards
copumpkin has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
roidster has joined #bitcoin-wizards
dcousens has joined #bitcoin-wizards
bit2017 has quit [Ping timeout: 272 seconds]
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ has joined #bitcoin-wizards
raedah has joined #bitcoin-wizards
GGuyZ has quit [Client Quit]
<dcousens>
what is the state of opinion/review around the conf. transactions integration with segwit?
<dcousens>
Was it possible or?
wallet42 has joined #bitcoin-wizards
<bramc>
dcousens, I don't believe there's any movement to putting confidential transactions on bitcoin proper, they're just on side chains.
<jcorgan>
well, someone proposed it on -dev mailing list
<jcorgan>
as part of bitcoin proper, but i don't know if there is any actual coding or interest in implementation
<dcousens>
jcorgan: that is what I was referring to
wallet42 has quit [Quit: Leaving.]
<jcorgan>
oh, maybe i misread then
<dcousens>
as usual, there is probably more discussion about it on reddit than has actually occurred
ThomasV has joined #bitcoin-wizards
ThomasV has quit [Changing host]
ThomasV has joined #bitcoin-wizards
<jcorgan>
if it's on reddit its probably some evil plot by bitcoin elitists to censor people's transactions or some such
raedah has quit [Quit: Leaving]
hashtag_ has joined #bitcoin-wizards
<maaku>
dcousens: CT is not going to be part of the segwit deployment if that is the question
hashtagg has quit [Ping timeout: 255 seconds]
<maaku>
for one thing, CT takes 32x as much CPU resources to validate
<dcousens>
maaku: that was my impression, I suppose someone should tell these poor folks on reddit
<maaku>
dcousens: maybe if you don't mind having 62kB blocks ;)
<dcousens>
maaku: heh, sounds appealing
<AdrianG>
maaku: can CT validation be done in batches to speed up?
wallet42 has joined #bitcoin-wizards
<bramc>
I believe segwit contains hooks which would make adding confidential transactions straightforward, but as everybody's saying the size requirements are gnarly. Given the current discussion around blocksize it seems like a non-starter.
wallet42 has left #bitcoin-wizards [#bitcoin-wizards]
raedah has joined #bitcoin-wizards
hashtag_ has quit [Ping timeout: 255 seconds]
<maaku>
there is potential for doing a segwit-like CT softfork that discounts the CT range proofs significantly
<maaku>
but right now thta's a pretty far out goal with a good deal of work to be done both in designing what that would look like and getting scalability improved enough to make such costs absorbable
p15_ has joined #bitcoin-wizards
copumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
p15 has quit [Ping timeout: 264 seconds]
bit2017 has joined #bitcoin-wizards
<adam3us>
someone proposed a soft-fork of CT on the dev-list
raedah has quit [Ping timeout: 276 seconds]
<Dizzle>
CT?
jcorgan is now known as jcorgan|away
luigi1111w has quit [Remote host closed the connection]
moli has quit [Ping timeout: 276 seconds]
Guest43031 has joined #bitcoin-wizards
<maaku>
confidential transactions
<Dizzle>
ty
nivah has joined #bitcoin-wizards
sparetire_ has joined #bitcoin-wizards
nivah has quit [Read error: Connection reset by peer]
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
bit2017 has quit [Ping timeout: 255 seconds]
Ylbam has joined #bitcoin-wizards
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
adam3us has joined #bitcoin-wizards
nuke1989 has joined #bitcoin-wizards
rusty has quit [Ping timeout: 260 seconds]
voxelot has quit [Ping timeout: 260 seconds]
roidster has quit [Quit: ChatZilla 0.9.92 [SeaMonkey 2.39/20151103191810]]
tjader has quit [Ping timeout: 245 seconds]
tjader has joined #bitcoin-wizards
pozitrono has joined #bitcoin-wizards
p15 has joined #bitcoin-wizards
MoALTz has joined #bitcoin-wizards
p15_ has quit [Ping timeout: 250 seconds]
jtimon has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
blkdb has joined #bitcoin-wizards
JackH has joined #bitcoin-wizards
DougieBot5000 has quit [Quit: Leaving]
ThomasV has quit [Ping timeout: 260 seconds]
blkdb has quit [Remote host closed the connection]
blkdb has joined #bitcoin-wizards
melvster has quit [Ping timeout: 250 seconds]
arowser has quit [Quit: No Ping reply in 180 seconds.]
arowser has joined #bitcoin-wizards
blkdb has quit [Quit: Ctrl-C at console.]
Dizzle has quit [Remote host closed the connection]
melvster has joined #bitcoin-wizards
blkdb has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
adlai1 is now known as adlai
paveljanik has quit [Quit: Leaving]
paci has quit [Remote host closed the connection]
ThomasV has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
bramc has quit [Quit: This computer has gone to sleep]
tjader has quit [Ping timeout: 260 seconds]
As has joined #bitcoin-wizards
tjader has joined #bitcoin-wizards
blkdb has quit [Remote host closed the connection]
blkdb has joined #bitcoin-wizards
_rht has joined #bitcoin-wizards
bliljerk_ has joined #bitcoin-wizards
bliljerk101 has quit [Ping timeout: 250 seconds]
murch has joined #bitcoin-wizards
blkdb has quit [Remote host closed the connection]
blkdb has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
jcluck has joined #bitcoin-wizards
cluckj has quit [Ping timeout: 265 seconds]
Burrito has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
ThomasV has quit [Ping timeout: 240 seconds]
supasonic has quit [Ping timeout: 245 seconds]
roconnor has quit [Ping timeout: 240 seconds]
As has quit [Quit: As]
melvster has quit [Ping timeout: 265 seconds]
ThomasV has joined #bitcoin-wizards
tjader has quit [Ping timeout: 246 seconds]
tjader has joined #bitcoin-wizards
melvster has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
laurentmt has joined #bitcoin-wizards
atgreen has quit [Ping timeout: 264 seconds]
laurentmt has quit [Client Quit]
atgreen has joined #bitcoin-wizards
cluckj has joined #bitcoin-wizards
jcorgan|away is now known as jcorgan
STRML has quit [Ping timeout: 250 seconds]
davec has quit [Ping timeout: 250 seconds]
davec has joined #bitcoin-wizards
jcluck has quit [Ping timeout: 256 seconds]
dcousens has quit [Ping timeout: 265 seconds]
STRML has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
seg has quit [Ping timeout: 240 seconds]
bsm117532 has quit [Ping timeout: 250 seconds]
bsm117532 has joined #bitcoin-wizards
frankenmint has quit [Ping timeout: 250 seconds]
seg has joined #bitcoin-wizards
jcorgan is now known as jcorgan|away
tjader has quit [Ping timeout: 260 seconds]
tjader has joined #bitcoin-wizards
atgreen has quit [Ping timeout: 276 seconds]
laurentmt has joined #bitcoin-wizards
c-cex-yuriy has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
dcousens has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
eudoxia has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 240 seconds]
jcluck has joined #bitcoin-wizards
cluckj has quit [Ping timeout: 276 seconds]
cluckj has joined #bitcoin-wizards
eudoxia has quit [Quit: Leaving]
jcluck has quit [Ping timeout: 256 seconds]
dcousens has quit [Remote host closed the connection]
atgreen has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
paveljanik has quit [Changing host]
paveljanik has joined #bitcoin-wizards
atgreen has quit [Ping timeout: 240 seconds]
frankenmint has quit [Remote host closed the connection]
<bsm117532>
Going to relay a private question here because I think the answer may be of interest to others:
<bsm117532>
"am I right in understanding that your braid idea is implementable as a sufficiently elaborate softfork?"
<bsm117532>
It can't be done as a soft fork. It can be added as a soft fork (and I'm thinking about making an alternative to p2pool that uses braids, and would be a p2p mining pool). But at some point we would have to dump the old, huge bitcoin blocks in favor of beads, and change how coinbases are calculated. At this point it's a hard fork.
<bsm117532>
So there are three phases: (1) Bitcoin as it is now, (2) bitcoin + merge-mined braid, (3) braid only. 1->2 is a soft fork, 2->3 is a hard fork.
<bsm117532>
But once phase 2 is in progress, we can wait until very near 100% of nodes have upgraded.
frankenmint has quit [Ping timeout: 256 seconds]
<Taek>
as long as there is still work being done, you could definitely do it as a soft-fork
<bsm117532>
This 3-phase description is true for basically any "smaller-faster underlayer" that improves Bitcoin's scalability.
<Taek>
but it would be elaborate
<bsm117532>
Taek: the big hard-fork change is the requirement that blocks can't allocate their own coinbases, they have to be allocated 100 blocks later, when the existence of siblings/orphans can be known by everyone.
AaronvanW has quit [Remote host closed the connection]
<bsm117532>
Along with that comes a new incentive model that e.g. destroys selfish mining (because one can identify block withholding from the structure of the braid).
sparetire has joined #bitcoin-wizards
<Taek>
I'm pretty sure you can still softfork the coinbase change. Force miners to set their coinbase to anyone-can-spend, and then add the rules for who is allowed to spend it based on the structure of the braid
<Taek>
the anyone-can-spend will be blocked until time has passed
AaronvanW has joined #bitcoin-wizards
<bsm117532>
Taek: wouldn't that create forks from old clients who spend the anyone-can-spend in a different way than specified by the braid?
<bsm117532>
I believe soft forks can only rely on anyone-can-pay, not anyone-can-spend?
<Taek>
old nodes recognize the outputs as anyone-can-spend, and new nodes recognize that those outputs are illegal unless certain criteria are met. Old nodes are reduced to SPV security on the anyone-can-spend outputs because they can't recognize when one has been spent illegally. But new nodes will ignore blocks that spend them incorrectly, allowing new rules to be enforced on those outputs.
Dizzle has joined #bitcoin-wizards
<bsm117532>
But anyone can then create a fork by trying to spend the 25 BTC on an old node.
<bsm117532>
Of course as long as >50% of the hashing power is making braid-compatible blocks, the old node will abandon these as orphans.
<bsm117532>
Hmmm...
<bsm117532>
I'm gonna have a little dance party right here in my office if this can really be done as a soft fork. That would be amazing!
<Taek>
it works because >50% of the hashpower is enforcing the new rules
<Taek>
if you don't get that, you can't do a soft-fork
<bsm117532>
I see.
<bsm117532>
But to move beyond the block size constraint is still a hard fork. No?
<adlai>
bsm117532: of course blocks can allocate coinbases... cf p2pool
<bsm117532>
e.g. the braid contains 2MB of tx...checkpointing to a 1MB block won't work.
<bsm117532>
adlai: the difficulty is enforcing that that coinbase matches the braid, for nodes that don't see the braid. I think Taek has it right above and that part can be a soft fork.
<Taek>
it will work, but it will be lossy. As time continues, old nodes will have a less and less complete picture of what the network looks like, with most of the money being held in anyone-can-spend outputs that they don't understand
<Taek>
you can hide the entire history of an anyone-can-spend by just not putting the later txns into the 1mb block. But then to someone who doesn't have the full history, the motion of the anyone-can-spend outputs becomes increasingly incomprehensible
ThomasV has joined #bitcoin-wizards
<bsm117532>
Wait. Can't you do that with the block size too? Create one anyone-can-spend and one anyone-can-pay output that corresponds to the contents of an extension block.
<bsm117532>
(corresponds to the net)
dgenr8 has quit [Quit: Leaving]
<adlai>
bsm117532: miners "have" to validate soft-forks if a hashpower majority considers blocks that don't validate the soft-fork invalid
paci has joined #bitcoin-wizards
<adlai>
ie, a hashpower majority agrees to validate blocks with an additional rule that pays out coinbase reward to the recipients of orphaned blocks... eventually all miners have to validate this, because if they orphan a block without sharing the reward, the majority will share the reward in a block that orphans the non-sharer
<Taek>
bsm117532: yes, you can raise the blocksize by an arbitrary amount using a softfork. But in doing so you basically require all SPV wallets to reimplement their logic.
<bsm117532>
Yep I see. Soft fork relies on hashpower majority to enforce new rules.
<bsm117532>
Taek: can you elaborate on that point?
GAit has quit [Quit: Leaving.]
<bsm117532>
Braids have serious implications for SPV wallets that I haven't even begun to think about...
<bsm117532>
The hard/soft fork conversation is usually so violent and often nonsensical that I've largely avoided paying attention. :-/
dgenr8 has joined #bitcoin-wizards
tjader has quit [Ping timeout: 240 seconds]
<Taek>
forks are pretty awful in general. segwit is honestly pretty convoluted, the type of thing that would make a newbie in 5 years go 'seriously, WTF, who designed this?', which is the same reaction I had when learning about how bootloaders work for computers. And while I do think segwit is the best course of action, it would be really awesome to just start completely from scratch and design something that incorporated all of our new knowledge
<Taek>
and maybe in 5 years, when we've learned even more, it will make sense to actually do that. Maybe not
dEBRUYNE has joined #bitcoin-wizards
<bsm117532>
Taek: I totally agree. (Once wrote a bootloader myself...) That's why my perspective on braids is to figure out the "right" way to do it first, and then figure out how to shoe-horn it in second.
el33th4x0r has joined #bitcoin-wizards
<bsm117532>
There's always an upgrade path to a new coin by proof-of-burn.
<Taek>
or just a two-way-peg
<bsm117532>
Yeah.
<bsm117532>
Because these are fungible assets I'm less concerned about forking and more concerned about making a good design.
tjader has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 250 seconds]
Erik_dc has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
<el33th4x0r>
Just curious (and also testing my new irc client): Has any altcoin ever used proof of burn?
<bsm117532>
el33th4x0r: many.
<bsm117532>
CounterParty for one.
<Taek>
dogecoin and dogeparty was a very hyped 1-way-peg
<kanzure>
also depends on whether you consider "using existing bitcoin blockchain as starting point" as proof-of-burn (everyone burned simultaneously? dunno). i think tonal bitcoin qualifies for this?
pozitron has quit [Ping timeout: 276 seconds]
<Taek>
There's an entire psudeoscience in the altcoin world around the idea of 'fair coin distirbution'. Lots of stuff to read, though most of it is likely to be garbage
frankenmint has quit [Remote host closed the connection]
<zookolaptop>
Dear wizards: the Zcash (formerly Zerocash, formerly Zerocoin) project is close to releasing public alpha software. Contact me if you are interested or want to help!
GGuyZ has quit [Quit: GGuyZ]
GAit has quit [Quit: Leaving.]
<MRL-Relay>
[shen] zookolaptop - definitely looking forward to checking it out, been wondering how the setup phase works with mining
shaul has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
GGuyZ has joined #bitcoin-wizards
<zookolaptop>
Where is MRL-Relay relaying from?
<MRL-Relay>
[shen] I'm on the monero research labs irc server
<MRL-Relay>
[shen] fluffypony set it up, not quite sure how it works actually
<fluffypony>
zookolaptop: it's relaying from the MRL private IRC server
<fluffypony>
(Freenode is wonky with Tor of late)
<zookolaptop>
fluffypony: oh yeah.
<zookolaptop>
How can I communicate with you privately, shen? email me? zooko@z.cash
el33th4x0r has quit [Ping timeout: 240 seconds]
<MRL-Relay>
[shen] sure
GGuyZ has quit [Quit: GGuyZ]
GGuyZ has joined #bitcoin-wizards
shaul has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
el33th4x0r has joined #bitcoin-wizards
el33th4x0r has quit [Ping timeout: 260 seconds]
dEBRUYNE has quit [Read error: Connection reset by peer]
dEBRUYNE_ has joined #bitcoin-wizards
wangchun has quit [Quit: leaving]
shaul has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
wangchun has joined #bitcoin-wizards
<bsm117532>
Hahaa cool url zooko. z.cash.
shaul has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 260 seconds]
GGuyZ has quit [Quit: GGuyZ]
tjader has quit [Ping timeout: 260 seconds]
murch has quit [Remote host closed the connection]
tjader has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
brg444 has joined #bitcoin-wizards
priidu has quit [Ping timeout: 250 seconds]
licnep has joined #bitcoin-wizards
_rht has quit [K-Lined]
runeks has quit [K-Lined]
alexkuck_ has quit [K-Lined]
mikolalysenko has quit [K-Lined]
binns has quit [K-Lined]
lmatteis has quit [K-Lined]
Ylbam has quit [K-Lined]
CodeShark has quit [K-Lined]
kumavis has quit [K-Lined]
whiteunicorn has quit [K-Lined]
btcdrak has quit [K-Lined]
licnep has quit [K-Lined]
c-cex-yuriy has quit [K-Lined]
zmanian_ has quit [K-Lined]
PsychoticBoy has quit [K-Lined]
artifexd has quit [K-Lined]
wpalczynski has quit [K-Lined]
Xzibit17 has quit [K-Lined]
jl2012 has quit [K-Lined]
bitkarma has quit [K-Lined]
jlyndon has quit [K-Lined]
rasengan has quit [K-Lined]
prosody has quit [K-Lined]
mappum has quit [K-Lined]
catcow has quit [K-Lined]
bassguitarman has quit [K-Lined]
adams__ has quit [K-Lined]
SheffieldCrypto_ has quit [K-Lined]
ibrightly has quit [K-Lined]
robmyers has quit [K-Lined]
jbenet has quit [K-Lined]
mariorz has quit [K-Lined]
eudoxia has quit [Quit: Leaving]
mikolalysenko has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
robmyers has joined #bitcoin-wizards
licnep has joined #bitcoin-wizards
bendavenport has joined #bitcoin-wizards
Xzibit17 has joined #bitcoin-wizards
Guest31456 is now known as mr_burdell
mr_burdell has quit [Changing host]
mr_burdell has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
<kang_>
What do you call the 'blockchain(distributed ledger) + proof-of-work' protocol/algorithm? A better name than DMMS??
bassguitarman has joined #bitcoin-wizards
jl2012 has joined #bitcoin-wizards
prosody has joined #bitcoin-wizards
runeks has joined #bitcoin-wizards
lmatteis has joined #bitcoin-wizards
ibrightly has joined #bitcoin-wizards
mariorz has joined #bitcoin-wizards
kumavis has joined #bitcoin-wizards
<kang_>
Sorry if the question is too stupid, let me know, but when people say blockchains they mean distributed ledger excluding (more like not caring) proof-of-work
jbenet has joined #bitcoin-wizards
mappum has joined #bitcoin-wizards
<kanzure>
kang_: nakamoto consensus?
artifexd has joined #bitcoin-wizards
PsychoticBoy has joined #bitcoin-wizards
SheffieldCrypto_ has joined #bitcoin-wizards
zmanian_ has joined #bitcoin-wizards
binns has joined #bitcoin-wizards
binns is now known as Guest84113
jlyndon has joined #bitcoin-wizards
GGuyZ has quit [Ping timeout: 250 seconds]
dEBRUYNE_ has quit [Quit: Leaving]
alexkuck_ has joined #bitcoin-wizards
adams__ has joined #bitcoin-wizards
c-cex-yuriy has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
Erik_dc has quit [Read error: Connection reset by peer]
StephenM347 has joined #bitcoin-wizards
Erik_dc has joined #bitcoin-wizards
shaul has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
GGuyZ has joined #bitcoin-wizards
whiteunicorn has joined #bitcoin-wizards
bitkarma has joined #bitcoin-wizards
btcdrak has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
wpalczynski has joined #bitcoin-wizards
CodeShark has joined #bitcoin-wizards
sean__ has joined #bitcoin-wizards
sean__ has left #bitcoin-wizards [#bitcoin-wizards]
sean__ has joined #bitcoin-wizards
_rht has joined #bitcoin-wizards
catcow has joined #bitcoin-wizards
<sean__>
what can go wrong if transaction validity is sensitive to a reorg?
rasengan has joined #bitcoin-wizards
<sean__>
(a tx is valid, reorg occurs, tx is no longer valid)
<sean__>
i've heard this is bad but i'm curious about the details
<gwillen>
sean__: well, it means that someone could receive a transaction, see confirmations for it, treat it as valid, and then have it become invalid later, which wouldn't be great
<gwillen>
but I think that's not the whole answer, because in practice, transaction validity _can_ change in a reorg, e.g. because some other conflicting transaction gets confirmed insteda
<gwillen>
because big reorgs really aren't supposed to happen at all
<kang_>
kanzure: Calling it Nakamoto Consensus fixes it to have POW
GAit has quit [Read error: Connection reset by peer]
<kang_>
kanzure: calling it cryptocurrency, fixes the token to be a currency
GAit has joined #bitcoin-wizards
<kang_>
kanzure: Calling it blockchain, does not care about proo-of-work and origin of money in general
ThomasV has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
<kang_>
DMMS is the only thing that fits. But then is digital signature a protocol or an algorithm?
<nwilcox>
gwillen> sean__: well, it means that someone could receive a transaction, see confirmations for it, treat it as valid, and then have it become invalid later, which wouldn't be great
p15 has quit [Ping timeout: 260 seconds]
<nwilcox>
This is still the case even if transaction validity is not sensitive to reorgs.
<gwillen>
nwilcox: right, see my followup
<nwilcox>
I see.
e0 has joined #bitcoin-wizards
Tomiii has quit [Quit: Tomiii]
<nwilcox>
So is this a case of just reducing the probability of reorgs invalidating transactions, or does it also address a distinct problem?
roman__ has quit [Ping timeout: 276 seconds]
<bsm117532>
A big reorg would occur if there was a network partition that separated miners for a long period of time.
<nwilcox>
Oh... so one issue about a conflicting transaction invalidating another in a reorg is that the secret key holder must opt-in to that possibility.
<nwilcox>
So, as an example rule that introduces reorg sensitivity: this txn cannot be mined at height > H.
bramc has quit [Quit: This computer has gone to sleep]
<nwilcox>
That rule might be an attempt at txn expiry, but it also introduces reorg sensitivity.
<nwilcox>
A miner may maliciously attempt a reorg specifically to inalidate such a txn and ... Oh... In this specific case the secret key holder is still opting in by using the "height limit opcode" or whatever it is.
GGuyZ has quit [Quit: GGuyZ]
<nwilcox>
Ok, so if there's a new consensus rule that all txns *must* specify some height H at which they may not longer be mined so that it's no longer opt-in by the txn creator...
<adlai>
kang_: how else [than PoW] do you propose making signature membership dynamic? maybe the day PoS/etc become viable, Nakamoto Consensus will extend to include such Proofs of Expenditure
* adlai
is talking about proofs-of-storage, a la bramc
<tromp_>
could also be called PoC (proof of capacity) to avoid acronym conflict
<adlai>
proof of concept >_>
<tromp_>
or PoD (proof of diskspace)
<adlai>
how about we just stop treating recursive proofs (simulatable without external cost) as a Proof of Anything
<adlai>
although you could always make proof-of-stake-in-other-chain (for eg sidechains)
roman__ has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
<kang_>
adlai: Yes you are right. I am just talking nomenclature here, to avoid academic confusion. If other systems become viable & Nakamoto Consensus by definition would extend to include them, then we would need a new term for 'blockchain+pow'
<adlai>
the chain of [merkle] hashed blocks remains regardless of the PoE method
<adlai>
oh. ehh nakamoto-chain (hyphenated!)
<kang_>
Right. DMMS is what it should be called?
<adlai>
DMMS has less to do with the content being signed, nakamoto was rather specific about its purpose
<kang_>
Right. Since I want to include token for any purpose (not just currency) DMMS would be the right name
<adlai>
bitmessage with stacking PoW would be interesting... your reply's PoW contributes to that of its antecedent
<kang_>
adlai: Its like blockchain, with one transaction (the message) per block)
LeMiner2 has joined #bitcoin-wizards
<adlai>
if I make a 5-day-PoW reply to a 5-day-PoW message, the original {c,sh}ould live twice as long
LeMiner has quit [Ping timeout: 246 seconds]
LeMiner2 is now known as LeMiner
<adlai>
messages don't all have to be linear, at a certain point you want to "abandon thread" to avoid getting orphaned by diskspace conservatists
dEBRUYNE has joined #bitcoin-wizards
dEBRUYNE has quit [Client Quit]
<adlai>
bsm117532: re:blocksize, you can always soft-fork down the size of each block once scalability overflows to off-chain solutions. then stick <=N orphans inside your blocks, for an N-fold reduction (roughly speaking, ignoring constant overheads)
N0S4A2 has quit [Ping timeout: 255 seconds]
<bsm117532>
Do you mean increase?
tjader has quit [Ping timeout: 246 seconds]
<adlai>
nope. decrease the size of each individual node in the bead, and you can fit more nodes in each valid Bitcoin block
<adlai>
"1MB should be enough for everybody"
<adlai>
it's not like you need to support more than ~N orphans anyway (insufficient data for meaningful Nswer)
tjader has joined #bitcoin-wizards
roman__ has quit [Ping timeout: 240 seconds]
TheSeven has quit [Remote host closed the connection]
melvster1 has joined #bitcoin-wizards
<adlai>
hmm. but if you're not including orphaned beads,can you fill the space with additional txs? this may skew incentives, since it makes your block unusable as a bead
<adlai>
simplest to reduce for all of them; seems rational too, as it increases the likelihood your orphaned block becomes an included bead
GGuyZ has joined #bitcoin-wizards
shaul has joined #bitcoin-wizards
roman__ has joined #bitcoin-wizards
roman__ has quit [Client Quit]
roman__ has joined #bitcoin-wizards
melvster1 has quit [Remote host closed the connection]
sean__ has quit [Ping timeout: 272 seconds]
nuke1989 has quit [Remote host closed the connection]
GGuyZ_ has joined #bitcoin-wizards
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ_ is now known as GGuyZ
StephenM_ has joined #bitcoin-wizards
GGuyZ has quit [Read error: Connection reset by peer]
GGuyZ has joined #bitcoin-wizards
StephenM347 has quit [Ping timeout: 256 seconds]
N0S4A2 has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
raedah has joined #bitcoin-wizards
melvster has quit [Ping timeout: 260 seconds]
ThomasV has quit [Ping timeout: 245 seconds]
shaul has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
rusty has joined #bitcoin-wizards
melvster has joined #bitcoin-wizards
shaul has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
zwick has joined #bitcoin-wizards
roidster has quit [Ping timeout: 276 seconds]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
<bsm117532>
adlai: Yes the idea is to have *much* smaller beads than blocks, and much faster too. You want the bead rate to be less than the transit time across the network, because the existence of siblings/orphans is what gives you a measure of who is following incentives correctly and who may be withholding blocks.
<bsm117532>
Since the size of the network is ~1s and 1MB/600 = 1.6kb we're getting down to one-transaction per bead.
<bsm117532>
I like the mine-every-transaction model from a mining decentralization perspective.
shaul has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
StephenM_ has quit []
dEBRUYNE has joined #bitcoin-wizards
<tromp_>
I like it from a "let's use a more CPU friendly PoW" perspective:)
tjader has quit [Ping timeout: 246 seconds]
<bsm117532>
tromp_: I'd say let submitters CPU mine their own transaction -- it's not worth anything in BTC but it becomes relay DDoS protection at that point, or a way to pay your own fees.
jps has joined #bitcoin-wizards
<tromp_>
indeed, PoW's original motivation was in spam/flood control
<r0ach>
when users mine their own transactions, the central point of failure is what percent the algo is sped up by specialized hardware and if over a certain percent, then it becomes centralized by Amazon warehouses processing transactions and you're back to square one?
<tromp_>
no, amazon warehouses won't be used if not profitable
GGuyZ has quit [Quit: GGuyZ]
supasonic has quit [Ping timeout: 265 seconds]
tjader has joined #bitcoin-wizards
supasonic has joined #bitcoin-wizards
<r0ach>
I meant amazon warehouses as in size of scale, while using specialized hardware, not actual commodity cpus
paveljanik has quit [Quit: Leaving]
<bsm117532>
One would end up with tiers of miners. I don't want to accept your crappily-mined transaction, so someone else would end up mining it further for you, maybe a service provider...
<bsm117532>
Which gets me on to a topic that keeps popping up -- how to combine multiple PoW's in a compact way?
<tromp_>
if you have k independent PoW proofs, then you expect one of them to beat a k times tighter difficulty threshold
<tromp_>
so that one can be taken to represent the work of the whole group
e0 has quit [Ping timeout: 276 seconds]
<bsm117532>
tromp_ that's the algorithm I keep falling down to. It has the nice property that it follows Poisson statistics too. I keep having this inkling that there's something wrong and there's another way to do it though...
jps has quit [Quit: jps]
<bsm117532>
The problem is to not only find the best PoW for a subset, but also pay all the other miners...
<bsm117532>
If you only take the best one, then the guy with the best hash could in principle steal transactions from the more weakly mined beads...
bramc has joined #bitcoin-wizards
<tromp_>
you can choose to reward weak blocks. instead of reward R for difficulty D, have R/3 for D, R/30 for D/10, and R/300 for D/100 for instance. same total reward
<bsm117532>
Why doesn't the stronger miner just take all the tx's out of the weak block and call them his own?
<tromp_>
i was assuming block rewards and negligable tx fees
<bsm117532>
tromp_ that's easy, I'm concerned about tx fees.
<r0ach>
People can't improve on Bitcoin because it's probabalistic with low fault tolerance and high fault recovery while people want to design and evaluate security in a binary manner.
<r0ach>
who wants to ship something out of the door that they know is going to fail
_rht has quit [Quit: Connection closed for inactivity]
dEBRUYNE has quit [Ping timeout: 265 seconds]
wqeq has joined #bitcoin-wizards
<wqeq>
BITCOIN CASINO FOR SALE Some of the features are: Bitcoin Faucet Game analytics Jackpot Events Bot players Realtime messaging Ads Support MORE INFO AT http://bitcoinplay.xyz There is also a DEMO site UP, so feel free and test it out.
GGuyZ has joined #bitcoin-wizards
rusty has quit [Ping timeout: 256 seconds]
wqeq was banned on #bitcoin-wizards by gwillen [*!*@gateway/web/freenode/ip.87.181.188.36]
wqeq was kicked from #bitcoin-wizards by gwillen [wqeq]
dEBRUYNE has joined #bitcoin-wizards
moa has joined #bitcoin-wizards
zookolaptop has quit [Remote host closed the connection]
frankenmint has quit [Remote host closed the connection]
rishobot has quit [Remote host closed the connection]
polyclef has quit [Ping timeout: 265 seconds]
risho_ has joined #bitcoin-wizards
polyclef has joined #bitcoin-wizards
risho_ has quit [Remote host closed the connection]
risho_ has joined #bitcoin-wizards
zookolaptop has joined #bitcoin-wizards
polyclef_ has joined #bitcoin-wizards
polyclef has quit [Read error: Connection reset by peer]
<bsm117532>
I find that my use of "orphan" disagrees with the bitcoin.org glossary. What I've been calling an orphan is defined as a stale block by them. No one has complained about my use of the word though. Would people prefer to call valid, non-main-chain blocks "orphans" or "stale blocks"?
<bsm117532>
Maybe "eunuch" would be better, since they have parents but can't have children! ;-)
<kanzure>
yes, people have complained about stale/orphan conflation in here
<kanzure>
an some of us (including myself) have continued to ignore this problem because $reasons
<kanzure>
*and some of us
<bsm117532>
bitcoin wiki also defines "extinct blocks"...
<bsm117532>
I really like the utility of the family analogy when talking about braids, so I think I'm going to stick with "orphan" unless someone screams loudly...
<Taek>
bsm117532: the stale/orphan debate went the way of the 'I'm literally dying of excitement' debate. For a while people tried to get others to use the words as defined, but ultimately the collquial definition prevailed. 'Orphan' is now synonymous with 'Stale', and if you specifically mean orphan by the old definition, you'll need to find some other way to express yourself
tjader has quit [Ping timeout: 260 seconds]
<bsm117532>
Ok, a footnote will take care of this. thanks guys.
<bsm117532>
Orphan as originally defined must be a very rare occurrence indeed.
risho_ is now known as rishobot
<kanzure>
maybe "reorg causalty"
tjader has joined #bitcoin-wizards
<bsm117532>
Hey I've already got incest in my paper, let's not add dead children!
arowser has quit [Quit: No Ping reply in 180 seconds.]
arowser has joined #bitcoin-wizards
bramc has quit [Quit: This computer has gone to sleep]
murch has joined #bitcoin-wizards
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
joesmoe has quit [Quit: One of these days I'm going to find this *PEER* guy and reset *HIS* connection.]
joesmoe has joined #bitcoin-wizards
Erik_dc has quit [Remote host closed the connection]