sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Jeremy_Rand_2_ has quit [Ping timeout: 255 seconds]
bit2017 has joined #bitcoin-wizards
<gmaxwell>
aj: but I'm not an expert; It would be worth confirming, I've also not bothered checking if libsnark actually does the rerandomization.
bramc has joined #bitcoin-wizards
nivah has quit [Ping timeout: 240 seconds]
<bramc>
Hey everybody
<kanzure>
to make hard-forks even more painful and less frequent, would it be a good time to also have jtimon do various libconsensus-related alterations? i know the code movements are unrelated but if we're going to experience hard-fork pains then we might as well also throw that one into the pile, if it makes sense.
RoboTedd_ has quit [Remote host closed the connection]
AaronvanW has quit [Ping timeout: 276 seconds]
Jeremy_Rand_2 has quit [Read error: Connection reset by peer]
tromp_ has joined #bitcoin-wizards
Erik_dc has quit [Remote host closed the connection]
danielsocials has joined #bitcoin-wizards
Jeremy_Rand_2 has joined #bitcoin-wizards
RoboTeddy has joined #bitcoin-wizards
Jeremy_Rand_2_ has joined #bitcoin-wizards
Jeremy_Rand_2 has quit [Ping timeout: 244 seconds]
voxelot has quit [Ping timeout: 240 seconds]
tromp_ has quit [Remote host closed the connection]
<bsm117532>
bramc: Don't worry, that one is covered. Someone attached this weird "coin" idea to this perfect distributed keyserver I've been working on...
priidu has joined #bitcoin-wizards
zmachine has joined #bitcoin-wizards
danielsocials has quit [Ping timeout: 276 seconds]
Jeremy_Rand_2_ has quit [Ping timeout: 260 seconds]
bit2017 has quit [Ping timeout: 268 seconds]
comboy_ has quit [Quit: No Ping reply in 180 seconds.]
Jeremy_Rand_2_ has joined #bitcoin-wizards
comboy has joined #bitcoin-wizards
[_smitty] has quit [Quit: ChatZilla 0.9.92 [SeaMonkey 2.39/20151103191810]]
tromp_ has joined #bitcoin-wizards
chris_ has joined #bitcoin-wizards
chris_ is now known as glitch003
glitch003 has quit [Remote host closed the connection]
glitch003 has joined #bitcoin-wizards
CrazyTruthYakDDS has quit [Quit: Connection closed for inactivity]
wallet42 has quit [Quit: Leaving.]
glitch003 has quit [Ping timeout: 276 seconds]
<JackH>
so with gmaxwell's zk solution we can build this into wallets and allow people to purchase digital goods with perfect security of payment and delivery between two parties?
<bramc>
JackH: It only works for things where there's a completely self-contained proof that the good is valid
<midnightmagic>
not perfect security.
<bsm117532>
JackH: the hard part is building a ZKP verification system. So the problem domain is restricted to things which can be algorithmically verified (and don't cost an inordinate amount of CPU to verify). But, generally, yes.
<gmaxwell>
JackH: yes, but the protocol requires uh. Perhaps a good way to think of this is: The protocol requires that you have a "virtual agent" that can inspect the goods and decide that they're to your liking.
<bramc>
Like, a program which you can run and say 'yes this is the thing I want' or 'no it isn't'
<JackH>
so this requires modification on "both" ends? the payment receiving end and the payee
<JackH>
wallet end and payment processor
<gmaxwell>
what a sad little science fiction story that is, where someone uploads their mind, just so they can send it over the wire to inspect things for them then flash out of existance (so that it can't leak anything it learned.)
<JackH>
baby steps now ;)
<gmaxwell>
JackH: yes. It's a two party protocol. You prove to me you've got the goods I want, I verify and pay.
<bsm117532>
JackH: no this is not adaptable to general purchases. It's restricted to purchases which can be algorithmically verified.
<JackH>
alright, got it, so we have to prepare on our end for it too when we receive payments
<JackH>
can I automate it? so that I integrate Bitcoin as a payment method into a shop, and subsequently integrate it as ZK ready
<JackH>
(we are a BTC payment processor, hence the questions)
<bsm117532>
JackH: Only if you're selling digitally verifiable goods.
<bsm117532>
So I seriously doubt this applies to you.
<gmaxwell>
yea, it's fully automatic. in a day or two I'll probably put up a faucet running this for a little while, so you can sell me sudokos for bitcoin. :P
<bramc>
The neat thing about this protocol is that the amount of stuff which has to be put on the blockchain is minimal: All it requires is a transaction dependent on two hash preimages, and it might even be possible to optimize those out using schnorr signature sharing
<JackH>
I would like to end up fitting this as an API function to our PSP
<JackH>
so that merchants can opt-in for ZK
<JackH>
if they need it
<gmaxwell>
bramc: if you look at the original page on this, I point out that it can be turned into a 2of2 signature, ... and with schnorr that can be the same size as a regular 1 of 1.
<bramc>
gmaxwell: Cool, it's easier to explain with the two hash preimages though.
<JackH>
any plans to create libraries gmaxwell ?
<bramc>
JackH: The 'hard' part is figuring out 'useful' things to offer rewards for
<bsm117532>
JackH: what kind of goods do you sell?
<JackH>
casino's should be good for this
<gmaxwell>
JackH: not soon. The underlying tools are not mature enough yet. right now creating the verifier is a lot like designing an ASIC.
<bramc>
Gambling on the block chain can be done without any of the ZK magic
<gmaxwell>
because the compiler tools aren't there yet.
<midnightmagic>
:-( casinos would be horrible for this
<JackH>
We dont sell anything bsm117532, we just provide payment processing for merchants
<bramc>
The 'obvious' applications are fairly black hat, mostly involving paying people for private keys corresponding to important public keys
<bsm117532>
JackH: This is useless for physical goods. Digital goods maybe, but again the difficult part is identifying what you want to "prove" to verify that the good is valid.
<bramc>
Although most of those could be done with simpler techniques as well, particularly public keys of types which are used directly on the blockchain.
<JackH>
bsm117532, I know, but I am thinking more as a service rather than end product. I will leave that up to the merchants, and just provide an API
<JackH>
but gmaxwell has to make that library this weekend ;)
<gmaxwell>
bramc: part of the reasons the obvious applications bend in that direction is because for the more 'liccit' activityies plain escrow generally suffices.
<JackH>
would it make sense to use it as replacement for escrow?
<gmaxwell>
This is a replacement for escrow for the subset of cases where it can be used... where someone can write a program that acts as a virtual "agent" that decides if the information being sold is the information the buyer wants to buy.
<JackH>
hmm so, secret documents would be perfect just to take something from the top of my head
<gmaxwell>
Right. Someone could sell the decryption key to the wikileaks insurance archive, for example.
<JackH>
what else? something that more than secret agencies possibly?
<JackH>
something that everyday people need? (beside sudoku of course)
<bsm117532>
JackH: Can you convince your vendors or their customers to write computer programs that validate if a digital good is authentic?
<JackH>
actually wait, couldn this be key-pairs? people can prove they have their own part of a key string, but without exposing the key
<gmaxwell>
Sure, though thats what a digital signature does.
<JackH>
well, what digital good needs to be "authentic"?
<JackH>
hmm, true...
<bsm117532>
Yes, most definitely. See bramc's "illicit" comment above...
<JackH>
how about, this is my DNA, and here is the proof, but you cant see my DNA code itself
Ylbam has quit [Quit: Connection closed for inactivity]
<gmaxwell>
some of what you're strugling with is just the limitations of what smart contracts can do-- and this particular case covers only a subset (though a large one) of the total space for smart contracts.
p15x has joined #bitcoin-wizards
<JackH>
I will come up with something practical and cool. In any case, great work gmaxwell!
voxelot has joined #bitcoin-wizards
RoboTeddy has quit [Remote host closed the connection]
dnaleor has joined #bitcoin-wizards
bit2017 has joined #bitcoin-wizards
dEBRUYNE_ has quit [Quit: Leaving]
CrazyTruthYakDDS has joined #bitcoin-wizards
p15 has joined #bitcoin-wizards
mrkent has quit []
RoboTeddy has joined #bitcoin-wizards
RoboTeddy has quit [Ping timeout: 244 seconds]
TheSeven has quit [Ping timeout: 240 seconds]
TheSeven has joined #bitcoin-wizards
dnaleor has quit [Quit: Leaving]
ThomasV has joined #bitcoin-wizards
ThomasV has quit [Changing host]
ThomasV has joined #bitcoin-wizards
yang has quit [Ping timeout: 252 seconds]
yang has joined #bitcoin-wizards
nuke1989 has quit [Remote host closed the connection]
Tiraspol has quit [Ping timeout: 244 seconds]
Tiraspol has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
laurentmt has quit [Client Quit]
priidu has quit [Ping timeout: 240 seconds]
sparetire has quit [Quit: sparetire]
bramc has quit [Ping timeout: 252 seconds]
Tiraspol has quit [Ping timeout: 244 seconds]
jtimon has quit [Ping timeout: 240 seconds]
Tiraspol has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
ThomasV has quit [Ping timeout: 264 seconds]
Alopex has joined #bitcoin-wizards
RoboTeddy has joined #bitcoin-wizards
RoboTeddy has quit [Ping timeout: 255 seconds]
Tiraspol has quit [Remote host closed the connection]
Tiraspol has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
PaulCapestany has quit [Ping timeout: 276 seconds]
wallet42 has joined #bitcoin-wizards
RoboTeddy has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
Tiraspol has quit [Ping timeout: 240 seconds]
Tiraspol has joined #bitcoin-wizards
Tiraspol has quit [Ping timeout: 276 seconds]
Don_John has quit [Read error: Connection reset by peer]
RoboTeddy has quit [Remote host closed the connection]
RoboTeddy has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
p15 has quit [Ping timeout: 240 seconds]
p15x has quit [Ping timeout: 252 seconds]
Tiraspol has quit [Ping timeout: 260 seconds]
Tiraspol has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
Tiraspol has quit [Ping timeout: 260 seconds]
Tiraspol has joined #bitcoin-wizards
tromp__ has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 268 seconds]
smooth_ is now known as smooth
moa has quit [Quit: Leaving.]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
ThomasV has quit [Quit: Quitte]
dnaleor has joined #bitcoin-wizards
DougieBot5000 has joined #bitcoin-wizards
<jl2012>
gmaxwell, could we use ZKP to proof that a full node is affiliated with a real identity (e.g. a biometric passport), without disclosing the identity at all?
Ylbam has joined #bitcoin-wizards
RoboTeddy has quit [Remote host closed the connection]
<phantomcircuit>
jl2012, yes but no
<phantomcircuit>
jl2012, the underlying biometric passport has to itself be secure
RoboTeddy has joined #bitcoin-wizards
<phantomcircuit>
jl2012, and a break of the zkp would be a potentially very big deal
<jl2012>
a biometric passport is basically a personal identity digitally signed by a government agency, right?
<phantomcircuit>
jl2012, in theory yes
<jl2012>
so we assume no government agency would massively issue fake identity. If some do, we could blacklist those govs? (and their passport will not be accepted by other countries, anyway)
supasonic has quit [Ping timeout: 240 seconds]
<phantomcircuit>
jl2012, you're also assuming their scheme isn't broken in some way
<phantomcircuit>
i think the bigger issue is that a failure of the zkp could lead to disclosure of the underlying information
<phantomcircuit>
although i guess much more likely is that the scheme simply stops proving anything
p15x has quit [Ping timeout: 264 seconds]
<jl2012>
I'm just thinking this as a counter measure against sybil attack
<phantomcircuit>
jl2012, yes i figured :P
<phantomcircuit>
jl2012, it's an interesting idea, not practical today for sure because there's iirc only a single country that issues proper signing thingies