sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
lvns has joined #bitcoin-wizards
lvns has quit [Ping timeout: 240 seconds]
grubles has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
tom3 has quit [Ping timeout: 265 seconds]
tom3 has joined #bitcoin-wizards
grubles has quit [Quit: Leaving]
dgenr8 has quit [Read error: Connection reset by peer]
dgenr8 has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
grubles has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
riclas has quit [Ping timeout: 244 seconds]
tom3 has quit [Ping timeout: 244 seconds]
tom3 has joined #bitcoin-wizards
mdavid613 has quit [Quit: Leaving.]
mdavid613 has joined #bitcoin-wizards
mdavid613 has quit [Client Quit]
tom3 has quit [Ping timeout: 255 seconds]
Giszmo has quit [Quit: Leaving.]
grubles has quit [Ping timeout: 250 seconds]
grubles has joined #bitcoin-wizards
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
Ylbam has quit [Quit: Connection closed for inactivity]
Noldorin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
murch1 has joined #bitcoin-wizards
murch has quit [Ping timeout: 260 seconds]
Emcy has joined #bitcoin-wizards
Emcy_ has quit [Ping timeout: 260 seconds]
Alopex has quit [Remote host closed the connection]
<gmaxwell>
FNinTak: the communications complexity of this stuff, even assuming you believe the security claims, doesn't look attractive compared to secc.
<FNinTak>
gmaxwell: referencing the end of Section 3 (bottom of page 5)? or assignment of subgroups? or elsewhere
shesek has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
FNinTak has quit [Quit: Leaving]
c0rw1n has quit [Read error: Connection reset by peer]
c0rw1n has joined #bitcoin-wizards
tom3 has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 260 seconds]
NewLiberty has quit [Ping timeout: 255 seconds]
humd1ng3r has quit [Ping timeout: 260 seconds]
humd1ng3r has joined #bitcoin-wizards
tripleslash has quit [Ping timeout: 250 seconds]
licnep has joined #bitcoin-wizards
tripleslash has joined #bitcoin-wizards
tripleslash has quit [Read error: Connection reset by peer]
tripleslash has joined #bitcoin-wizards
Joseph__ has joined #bitcoin-wizards
BashCo has quit [Remote host closed the connection]
NewLiberty_ has quit [Ping timeout: 260 seconds]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
Joseph__ has quit [Ping timeout: 255 seconds]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
rusty2 has quit [Ping timeout: 244 seconds]
GAit1 has joined #bitcoin-wizards
GAit has quit [Read error: Connection reset by peer]
laurentmt has joined #bitcoin-wizards
obs has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
kyletorpey has quit [Quit: Leaving.]
dnaleor has joined #bitcoin-wizards
riclas has joined #bitcoin-wizards
murch1 is now known as murch
juscamarena has quit [Ping timeout: 244 seconds]
Joseph__ has joined #bitcoin-wizards
Joseph__ has quit [Ping timeout: 255 seconds]
e4xit_ has joined #bitcoin-wizards
e4xit has quit [Ping timeout: 255 seconds]
e4xit_ is now known as e4xit
tom3 has quit [Ping timeout: 276 seconds]
rusty2 has joined #bitcoin-wizards
dnaleor_ has joined #bitcoin-wizards
dnaleor has quit [Ping timeout: 276 seconds]
pro has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 244 seconds]
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined #bitcoin-wizards
pro has quit [Ping timeout: 244 seconds]
ThomasV has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 255 seconds]
cyphase has joined #bitcoin-wizards
grubles has quit [Quit: Leaving]
grubles has joined #bitcoin-wizards
ThomasV has quit [Quit: Quitte]
pro has joined #bitcoin-wizards
GAit1 has quit [Quit: Leaving.]
Noldorin has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
Joseph__ has joined #bitcoin-wizards
obs has quit [Quit: obs]
rusty2 has quit [Ping timeout: 244 seconds]
copumpkin has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
dnaleor_ is now known as dnaleor
Burrito has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
riclas has quit [Ping timeout: 255 seconds]
<ryan-c>
Is there a function is libsecp256k1 to double a key?
<sipa>
there is secp256k1_ec_pubkey_tweak_mul
<sipa>
which you could pass the number 2
<sipa>
it will be several times slower than needed, though
Chris_Stewart_5 has quit [Ping timeout: 244 seconds]
paveljanik has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
paveljanik has quit [Changing host]
<andytoshi>
ryan-c: #secp256k1 pls
<ryan-c>
oh, is that a thing?
<andytoshi>
yep :)
jgarzik_ has joined #bitcoin-wizards
jgarzik has quit [Ping timeout: 244 seconds]
Giszmo has quit [Ping timeout: 260 seconds]
GAit has quit [Quit: Leaving.]
GAit has joined #bitcoin-wizards
GAit has quit [Client Quit]
Giszmo has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
mdavid613 has joined #bitcoin-wizards
MoALTz has joined #bitcoin-wizards
BashCo has quit [Remote host closed the connection]
zooko` has joined #bitcoin-wizards
zooko has quit [Ping timeout: 255 seconds]
zooko` has quit [Ping timeout: 250 seconds]
Ylbam has quit [Quit: Connection closed for inactivity]
katu_ is now known as katu
jgarzik_ is now known as jgarzik
jgarzik has quit [Changing host]
jgarzik has joined #bitcoin-wizards
c0rw1n_ has joined #bitcoin-wizards
c0rw1n has quit [Ping timeout: 252 seconds]
null_rad- has quit [Remote host closed the connection]
BigTrouble has quit [Remote host closed the connection]
zooko has joined #bitcoin-wizards
BigTrouble has joined #bitcoin-wizards
c0rw1n_ is now known as c0rw1n
Chris_Stewart_5 has joined #bitcoin-wizards
zooko has quit [Ping timeout: 264 seconds]
c0rw1n has quit [Ping timeout: 265 seconds]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
c0rw1n has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
grubles has quit [Ping timeout: 265 seconds]
null_radix has joined #bitcoin-wizards
c0rw1n has quit [Ping timeout: 260 seconds]
c0rw1n has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
c0rw1n_ has joined #bitcoin-wizards
riclas has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 258 seconds]
musalbas has quit [Ping timeout: 250 seconds]
c0rw1n has quit [Ping timeout: 264 seconds]
musalbas has joined #bitcoin-wizards
hashtag has quit [Ping timeout: 258 seconds]
priidu has joined #bitcoin-wizards
<andytoshi>
this https://eprint.iacr.org/2015/628.pdf was posted here as a candidate for post-quantum homomorphic commitments... this isn't homorphic in a general way because if you add too many commitments together the noise becomes overwhelming and then the commitment can't be opened anymore (my read of the paper is that it becomes unopenable -- it can't be openable to a value except the sum of committed
<andytoshi>
values no matter what you do)
<andytoshi>
i had thought this was a killer for CT because it depends on being able to add up transactions with (aside from non-crypto limits) arbitrary size.. and definitely a killer for MW which puts no limits on how many commitments a verifier might need to add together
<andytoshi>
but now i'm thinking it could potentially be ok (modulo the scheme being OK), because actually in CT only individual outputs are ever opened (sorta - the rangeproof is a zero-knowledge proof of opening i guess), not sums
<andytoshi>
all we care about sums is that they total to 0 -- not a commitment to zero, but the actual (value 0, blinding 0) infinity point
<andytoshi>
and this could be done by having the noise cancel out. the stats to show that this is hiding seem very involved, but i don't see a conceptual barrier
licnep has quit [Quit: Connection closed for inactivity]
giel__ has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
fractex has quit [Ping timeout: 264 seconds]
gielbier has quit [Ping timeout: 264 seconds]
comboy has quit [Ping timeout: 264 seconds]
nephyrin` has joined #bitcoin-wizards
qawap_ has joined #bitcoin-wizards
qawap_ has joined #bitcoin-wizards
qawap_ has quit [Changing host]
c0rw1n_ has quit [Ping timeout: 264 seconds]
PaulCapestany has quit [Ping timeout: 264 seconds]
Iriez has quit [Ping timeout: 264 seconds]
BonyM1 has quit [Ping timeout: 264 seconds]
qawap has quit [Ping timeout: 264 seconds]
nephyrin has quit [Ping timeout: 264 seconds]
bertani has quit [Ping timeout: 264 seconds]
comboy has joined #bitcoin-wizards
Iriez has joined #bitcoin-wizards
bertani has joined #bitcoin-wizards
meZee has quit [Ping timeout: 276 seconds]
amiller has quit [Ping timeout: 265 seconds]
fractex has joined #bitcoin-wizards
meZee has joined #bitcoin-wizards
<kanzure>
andytoshi's idea for "ask the receiver to sign a message with their key to show that they can actually use any coins that might be sent to them" should probaby be integrated into a test stage in future payment protocols
<kanzure>
also, regarding my vague mumblings about a p2p transaction scheme where you only send coins once you are sure your recipient is running bitcoin rules, i think andytoshi may have thought of a way to do that?
Guest55662 has joined #bitcoin-wizards
c0rw1n_ has joined #bitcoin-wizards
<kanzure>
well, more specifically, the problem i was trying to solve was "only send coins if you are reasonably sure that the recipient is running bitcoin software, or that they are outsourcing to a third-party that is running bitcoin software"
Chris_Stewart_5 has quit [Ping timeout: 250 seconds]
BonyM1 has joined #bitcoin-wizards
<kanzure>
11:56 <andytoshi> so then they could compute the root of the UTXOset, snark that in some way that also proves knowledge of their secret key (so it's not outsourceable) and there you go
<kanzure>
11:57 <andytoshi> ok, the utxoset at some well-buried blockheight i guess
pero has quit [Read error: Connection reset by peer]
pero has joined #bitcoin-wizards
pero has quit [Changing host]
pero has joined #bitcoin-wizards
<andytoshi>
you could probably do something cheaper than a snark, like signing a utxo then using the signature as a random seed to select more utxos to sign, and so on
<kanzure>
this proves possession of utxo set. i think you the sender needs to tell the recipient some salt to get evidence that some sort of computation is being done?
<kanzure>
s/possession of/access to/
c0rw1n_ is now known as c0rw1n
Chris_Stewart_5 has joined #bitcoin-wizards
<kanzure>
tying to the operation of VerifyScript somehow would be nice.
<kanzure>
you could have both parties join a regtest network and test each other with consensus validation scenarios for tiny chains. this would be in addition to various utxos + the recipient's signature.
<kanzure>
(er, *in addition to the nearly-random walk over the utxo set (the random seed idea above))
<kanzure>
the reasoning there is that if someone is running infrastructure that correctly handles regtest test scenarios, then perhaps they are also using the same/any/some rules for actual mainnet validation
Chris_Stewart_5 has quit [Ping timeout: 276 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
slackircbridge has quit [Remote host closed the connection]
slackircbridge has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
Oizopower has quit [Quit: Connection closed for inactivity]
dnaleor has quit [Ping timeout: 244 seconds]
dnaleor has joined #bitcoin-wizards
juscamarena has joined #bitcoin-wizards
MoALTz has quit [Quit: Leaving]
kaalia has joined #bitcoin-wizards
kaalia is now known as kaaliakahn
priidu has quit [Ping timeout: 276 seconds]
laurentmt has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
<kanzure>
"[.. using software to make unmodified USB devices into an RF transmitter.] Similar airgap-jumping attacks from the same team include AirHopper, which turns a computer's video card into an FM transmitter; BitWhisper, which relies on the exchange of heat-induced "thermal pings"; GSMem, which relies on cellular frequencies; and Fansmitter, which uses noise emitted by a computer fan to transmit data. [...] a technique that used inaudible ...
<kanzure>
... audio signals to covertly transmit keystrokes and other sensitive data from air-gapped machines." or the one about keystroke audio analysis.
FNinTak has joined #bitcoin-wizards
<FNinTak>
Seems like most of those could be addressed w/ Faraday-like case...which makes the Fansmitter method most interesting imho
<FNinTak>
Only solution I can think of is two-phase immersion cooling
<katu>
fansmitter baud rate is so low you it's almost on the level of PSU-smitter
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
<katu>
that is, induction meter on the outside of building, and burn/dont burn cpu cycles. 1bps if luck and ton of FEC.
<FNinTak>
Sounds preventable w/ false loads, similar to methods for constant-time crypto libraries
<FNinTak>
though i doubt that countermeasure would ever get implemented
<kanzure>
andytoshi: what was the problem with snarking the consensus rules, again?
<andytoshi>
kanzure: (a) it's expensive, (b) it doesn't prove that anyone is actually using the bitcoin software for consensus, they can produce the snark then replay it into whatever they're client actually using
<kanzure>
what is bad about replay? it's a unique proof for each transaction, right?
<kanzure>
*during each transaction setup ritual
<andytoshi>
well what are you trying to accomplish?
<andytoshi>
you say "prove that somebody is running the bitcoin consensus rules" but all you're proving is that they are using something related to those rules in a payment ritual
<kanzure>
goal is to only send coins once you are reasonably sure that the recipient is capable of running validation rules (or, capable of contracting with a third-party to run those validation rules) in such a way that the results are unique to the particular interaction
<kanzure>
i think "it's not proof that they are running the same rules for mainnet validation" might be okay. the argument would be that the infrastructure is somewhat similar, so at least you know it's not impossible for them to arrange it ((i mean this says nothing about throughput or capacity...))
<kanzure>
and the previous construction, above, is proof that they have utxo data available somehow, which yes already seems to be an improvement over not doing anything at all
<katu>
FNinTak: no need for dummy loads, just need really clever UPS system which can act as a giant capacitor to smooth the spikes. turns out thats pretty difficult to do accurately though. anyhow, btcw offtopic.
<kanzure>
to ensure uniqueness of the interaction with the recipient, the sender has to provide some salt or input that somehow changes the output of the computations on the recipient's side.
<kanzure>
katu: sounds somewhat on-topic to me.
kyletorpey has joined #bitcoin-wizards
<katu>
can use induction meter to confirm/deny yep, that DC is full of mining equipment :)
Chris_Stewart_5 has joined #bitcoin-wizards
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Disconnected by services]
bildramer1 is now known as bildramer
<FNinTak>
Mildly related: Has there been any thought/work re: only storing the transaction graph as an SPV mode?
<FNinTak>
As in, the SPV client connects to many full nodes to sync only data re: addresses & txos; after sync that client will be aware of UTXO set + be able to do fast proofs of exclusion/etc.
<katu>
you dont want to store it, you just want to prove the utxo is real. utxo commitments.
<katu>
storing the graph amounts pretty much storing transaction history as such.
<FNinTak>
true, though sigs & scripts need not be stored here, which should save a significant amount of space
<FNinTak>
identifiers can also be compressed re: radix tree per block or something similar
<katu>
not really. if pushed, about by factor of 10
<FNinTak>
is there some reference reading on utxo commitments? my understanding is probably not up to spec
<katu>
thats too low, better than fixed compression ratio is currently sought
<katu>
FNinTak: yes, some schemes involve variations of merkle trees of commitments from which you just cherrypick what you want, thus keeping the bw requirements at bay. i think it was sipe or andytoshis?
<katu>
*sipa's
mkarrer has joined #bitcoin-wizards
Guyver2 has quit [Quit: :)]
GAit has joined #bitcoin-wizards
<FNinTak>
Thank you for links! Will be catching up, so far looks like similar work has been done
mkarrer has quit []
grubles has joined #bitcoin-wizards
<FNinTak>
sipa's ultrapune looks like the closest concept/implementation...
FNinTak has quit [Quit: Leaving]
<sipa>
ultraprune is just the name of the database/storage design in bitcoin core since 0.8
lvns has joined #bitcoin-wizards
<sipa>
it's not a commitment scheme
Guest55662 has quit [Ping timeout: 244 seconds]
Guest43826 has joined #bitcoin-wizards
shesek has quit [Ping timeout: 244 seconds]
slackircbridge has quit [Remote host closed the connection]
slackircbridge has joined #bitcoin-wizards
PRab has quit [Quit: ChatZilla 0.9.92 [Firefox 48.0.1/20160817112116]]
shesek has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 250 seconds]
arubi_ has joined #bitcoin-wizards
arubi has quit [Ping timeout: 244 seconds]
arubi has joined #bitcoin-wizards
arubi_ has quit [Ping timeout: 276 seconds]
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
nullfxn has joined #bitcoin-wizards
anon616 has left #bitcoin-wizards [#bitcoin-wizards]