sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Guest71976 has quit [Ping timeout: 260 seconds]
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 255 seconds]
bildramer1 is now known as bildramer
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Guest71976 has joined #bitcoin-wizards
Guest71976 has quit [Client Quit]
bsm1175321 has joined #bitcoin-wizards
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Disconnected by services]
bildramer1 is now known as bildramer
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 248 seconds]
bildramer1 is now known as bildramer
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 248 seconds]
btcdrak has quit [Quit: Connection closed for inactivity]
ANTIPSYCHIATRY has joined #bitcoin-wizards
<ANTIPSYCHIATRY>
ATENTION . PSYCHIATRY IS A FRAUD !!!!!!!!!!!!!!!!!!!!!!!!! Dont forget!
bildramer has joined #bitcoin-wizards
bildramer1 has quit [Ping timeout: 265 seconds]
Ylbam has quit [Quit: Connection closed for inactivity]
Noldorin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
<ANTIPSYCHIATRY>
Psychiatry is a fraud!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<andytoshi>
note that while the sidechains whitepaper claims "1024 blocks becomes expected 10" (and by extension 420k blocks becomes 19), in my simulations, 420k blocks usually compresses to ~300 blocks (with huge variance)
<andytoshi>
i don't have a good idea of why this is the case, the compressed chain does have the expected log-sized "1, 200k, 300k, 350k, 375k, ..." shape
jannes has quit [Quit: Leaving]
<andytoshi>
but there are a lot of straggling non-skip blocks near the end
<andytoshi>
so i think there is something wrong with the expected-length argument in the sidechains paper (though it appears the asymptotics are correct)
<bsm117532>
The probability distribution therof is a Beta distribution.
rusty has quit [Ping timeout: 250 seconds]
<maaku>
andytoshi are you using an optimal path finding algorithm?
<maaku>
I would expect that the optimal paths do not take maximal jumps
echonaut1 has quit [Remote host closed the connection]
echonaut has joined #bitcoin-wizards
Giszmo has quit [Ping timeout: 265 seconds]
chjj has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
Newyorkadam has joined #bitcoin-wizards
Sleepnbum has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 260 seconds]
cdecker has joined #bitcoin-wizards
<andytoshi>
maaku: ah, i am not
<andytoshi>
for mimblewimble i think i can't because i need a consensus-defined skiplist where old links don't change based on new blocks .. but i think even in my earlier 2waypeg sims i was using pretty dumb pathfinding schemes
cdecker has quit [Ping timeout: 240 seconds]
cdecker has joined #bitcoin-wizards
<maaku>
optimal solutions involve dynamic programming, which is not crazy complex, but not something I'd want in consensus code either
<maaku>
but there might be an incremental algorithm which is better than a greedy path to genesis
<maaku>
in fact I thought that's what you were going to do?
<andytoshi>
maybe. i'm not convinced because i don't want the validity of old blocks (i.e. what backlinks must exist) to be changeable by new blocks
<maaku>
if you have a current best path, and you find a new block and use that to only skip back to blocks on the current best path, that's NOT the same as a greedy algorithm
<andytoshi>
oh! you're right
Guyver2 has joined #bitcoin-wizards
<andytoshi>
so i have simulation code that does this, it is giving me the high-variance-but-usually-around-300 results
<andytoshi>
interestingly this is the same as what a remember getting from a greedy algo..
<bsm117532>
That's awesome. Now we just need to sign our commits using keys exposed on the blockchain.
<bsm117532>
I really want a git integration that signs with secp256k1 keys...
<maaku>
bsm117532: have you looked at monotone?
<bsm117532>
The RCS software?
<petertodd>
bsm117532: so long as by "exposed" you don't mean your secret keys :P
<bsm117532>
A developer can indicate a key he's going to use to sign a commit by indicating a spent txid.
<petertodd>
bsm117532: IIRC GnuPG is added secp256k1 support, so that'll likely be possible
<petertodd>
bsm117532: well, so what exactly are you trying to prove there?
<sipa>
petertodd: woah!
<bsm117532>
I'm saying that bitcoin can prove the integrity of bitcoin core by having developers sign code (in addition to your timestamps) -- and those keys should be on the blockchain instead of some flawed CA or web of trust.
<sipa>
you're confusing things
<petertodd>
sipa: note that there's actually *two* ways of signing git commits in OTS - the thing I posted above re-hashes entire trees, which allows you to extract a timestamp for a single file without (hopefully!) revealing anything about other files in the repo, or the directory structure
<petertodd>
bsm117532: yeah, just putting keys on a blockchain doesn't by itself prove much
<sipa>
bsm117532: the blockchain here is a transport mechanism, a simple (and highly inefficient) replacement for http
<sipa>
bsm117532: the keys are at the level of a web of trust
<petertodd>
sipa: I build the rehashing support because I wanted to be able to apply it to my personal git repos for mail, company records, etc.
<bsm117532>
I know that's how it works now.
Newyorkadam has joined #bitcoin-wizards
<bsm117532>
petertodd: One can indicate a txid, and arrange to maintain control of the first output of subsequent transactions, even in the face of key loss events.
<kanzure>
what? so you lose one key but not the other?
<kanzure>
"what is trust root"
<bsm117532>
The trust root is Bitcoin itself and it's PoW.
<petertodd>
bsm117532: rather than talking about txids - an implementation detail - you should talk about what kinds of proofs you think the system is giving you
<petertodd>
e.g. does your scheme need a timestamp proof? an anti-replay mechanism? a proof-of-publication?
<bsm117532>
petertodd: The system gives me proofs that I haven't chosen to revoke my (code signing) key in the last ~10 minutes.
cdecker has joined #bitcoin-wizards
<petertodd>
bsm117532: that's a design goal, not an explicit statement about what exact type of proofs will do that :)
<bsm117532>
petertodd: The blocks are the proofs. I don't see what you're getting at...
<petertodd>
bsm117532: a block is a block - what *type* of proof is it exactly?
<petertodd>
bsm117532: what, specifically, is this preventing from happening?
<sipa>
bsm117532: i generally dislike hacking bitcoin keys into reusable identities
<bsm117532>
It's preventing compromised keys from signing code via stealing root CA keys, or brute forcing collisions in a web of trust.
<bsm117532>
sipa: Why? Because bitcoin was supposed to be more fungible than it actually is?
<sipa>
bsm117532: because it's a problem that needs fixing outside of bitcoin
<sipa>
and it creates incentives to break fungibility for solving a problem that it wasn't intended to solve
<bsm117532>
sipa: fungibility is already irretrievably broken, regardless of intention. :-(
<sipa>
i disagree. it's not a boolea
<sipa>
it took years, but wallets these days are actually no longer continuously reusing keys
JHistone has joined #bitcoin-wizards
<bsm117532>
I have a hard time seeing how bitcoin could evolve to true fungibility. I think Zcash/Mimblewimble/BLS stuff will come along, with true fungibility.
<sipa>
if bitcoin's fungibility is irretrievably broken, then you should convince everyone here to abandon it
<bsm117532>
Or repurpose it ;-)
<bsm117532>
But if you have ideas to recover fungibility, I'd love to hear...
<sipa>
again, it's not a boolean
<sipa>
so if you phrase it as "improve" rather than "recover", i'm willing to discuss that
<bsm117532>
Sure
<bsm117532>
Could bitcoin evolve to block-level signature aggregation? I have a hard time seeing that.
vega4 has quit [Read error: Connection reset by peer]
<sipa>
i believe that's totally viable
<sipa>
i have more difficulty how it could adopt CT or MW
<kanzure>
that's one of the advantages of segwit upgrades
<sipa>
*seeing
<sipa>
but signature aggregation, sure
<bsm117532>
EErrr what I really mean there is block-level coinjoin, as seems to be possible with MW
<sipa>
OWAS does that
<sipa>
and i believe OWAS is softforkable, but it may be nontrivial
<kanzure>
i think signature aggregation can be done with restricting behavior on anyonecanspends
<kanzure>
(through a soft-fork, i mean...)
<sipa>
i mean... everything is softforkable in the sense of "we define an extra part of block size (like segwit), and you can move coins there with a special anyonecanspend, and then move them back... but in that new region totally different consensus rules apply"
<bsm117532>
But as long as soft fork is the name of the game, the original, less-fungible txns will be present, and can be used to indicate keys that sign code.
<sipa>
you can softfork out the original tx type at some point :)
<kanzure>
bsm117532: over a very long timeframe i would expect to see various transaction types to become unsupported over time, as long as alternatives are supported
<bsm117532>
Bitcoin, seen as a keyserver is far superior to a CA or web of trust. Maybe there should be a different blockchain for it...
<sipa>
bsm117532: i completely disagree with that
<sipa>
you'd lose the economic incentive to secure the chain without transactions that support the exchange rate of the security-providing subsidy value
* bsm117532
looks at the number of P2SH addresses...as evidence that old features will likely never be able to be soft-forked out...
<bsm117532>
sipa: I agree completely with your last statement. But that brings us back to doing it on top of bitcoin itself...
<sipa>
yes, i don't think there is another choice
<sipa>
so if you really believe that the fungibility issue is irrepairably broken, we should abandon bitcoin, and build something better
<sipa>
but i don't think that is the case
<bsm117532>
sipa: Well imagine huge coinjoins existing alongside old few in/out P2PKH txns. I think we can have it both ways.
<sipa>
and we need a lot more time to research better technology, experiment with it, and then investigate whether it could be brough to bitcoin in some form, rather than needing to start over
<sipa>
not giving up prematurely
<sipa>
so if you'd like to see bitcoin as just a keyserver or an anchor, i think you're missing the point that its security depends on it being usable as a transactable currency
<bsm117532>
Not "just" a keyserver, but "also": since it contains an internal keyserver, essentially, why not use it to sign itself and ensure its own code integrity?
<sipa>
i disagree that it contains a keyserver
<petertodd>
sipa: +1
<bsm117532>
every spent txid reveals pubkeys. That's the sense that it's a keyserver.
<sipa>
it can't provide that function without reducing fungibility, making its security story even harder to argue for
<petertodd>
bsm117532: by that argument, testnet is a publishing platform for 80's musicians...
<bsm117532>
It can provide that functionality now, and until its fungibility is upgraded to make it impossible.
<sipa>
bsm117532: those txids are not associated with an identity
Newyorkadam has quit [Quit: Newyorkadam]
<bsm117532>
All I have to do is indicate which txid...
aalex has quit [Ping timeout: 276 seconds]
<bsm117532>
and it becomes associated
<sipa>
no, it does not prove your identityu
cdecker has quit [Ping timeout: 265 seconds]
<petertodd>
sipa: and even if it did, you don't need a blockchain for that
<sipa>
petertodd: +1
<sipa>
you can just reveal the key through whatever channel you'd use to reveal the txid
<petertodd>
bsm117532: I put a lot of thought a few months ago into how to use this tech for identity, and what I actually came up with out of that was it's remarkable how narrow the use-cases are for Bitcoin - timestamping is one of the few examples where Bitcoin clearly helps
<petertodd>
(hence why I (re)wrote opentimestamps!)
<katu>
re: fungibility, miners can incentivize it. by demanding much higher fees for inputs with reused address.
aalex has joined #bitcoin-wizards
<bsm117532>
sipa: sure you can just reveal keys...but if I reveal a txid, I also have a built-in revocation and replacement mechanism that is protected by PoW.
<bsm117532>
vs. having your CRL endpoint DDoS'ed (or pgpkeys.mit.edu)
<bsm117532>
petertodd: timestamping, and key control. (BTW sorry for hijacking the conversation, your code is cool and I'll look at it in more detail!)
Tenhi_ has joined #bitcoin-wizards
<sipa>
bsm117532: you want revocability and protection on the link with identity
<sipa>
on the blockchain itself is only a key
<sipa>
it can be anyone's
Tenhi_ has quit [K-Lined]
rusty has quit [Ping timeout: 244 seconds]
PaulCapestany has quit [Ping timeout: 250 seconds]
_whitelogger has joined #bitcoin-wizards
gigq has joined #bitcoin-wizards
sipa has joined #bitcoin-wizards
helo has joined #bitcoin-wizards
mappum has joined #bitcoin-wizards
CryptoAi has joined #bitcoin-wizards
Lightsword has joined #bitcoin-wizards
TD-Linux has joined #bitcoin-wizards
rodarmor has joined #bitcoin-wizards
GreenIsMyPepper has joined #bitcoin-wizards
jonasschnelli has joined #bitcoin-wizards
cdecker has joined #bitcoin-wizards
aalex has quit [Quit: Connection reset by beer]
nicolagreco has joined #bitcoin-wizards
wpalczynski has joined #bitcoin-wizards
kumavis has joined #bitcoin-wizards
baffo32 has joined #bitcoin-wizards
cdecker has quit [Ping timeout: 260 seconds]
Newyorkadam has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 276 seconds]
jnewbery has joined #bitcoin-wizards
cdecker has joined #bitcoin-wizards
jnewbery has quit []
<bsm117532>
sipa: If I point you to a txid I control, it's not going to be "anyone's" -- It's going to be mine.
<bsm117532>
Bitcoin transactions can indicate revocation.
<bsm117532>
I'm going to control the first output, in a chain of transactions. By following successive spends in the chain, an observer to whom I've given the starting txid can track my revocations, as well as pick up a new key that I intend to use.
<bsm117532>
This is a "self-sovereign" identity. If you're familiar with uPort on Ethereum, essentially I've figured out how to do it in top of Bitcoin by maintaining control of the first output in a chain of txns.
<midnightmagic>
petertodd: to ensure directory information except maximum depth isn't leaked, could one consider the filepath or directory path itself merklized into a balanced tree. it could be selectively revealed then right?
<midnightmagic>
or maybe you could mask out selective or randomly-size portions of the paths and consider the filepath as a single string not split on component boundaries..
<midnightmagic>
hrm
Chris_Stewart_5 has quit [Ping timeout: 250 seconds]
JHistone has quit [Quit: Leaving]
<bsm117532>
petertodd: Very interesting (smart signatures). I've outlined how to deploy a self-sovereign identity on Bitcoin, but there one is revealing a script that evaluated to true to spend the txn, and repurposing that script for a different use. For simple scripts there's a logical extension (e.g. multi-sig).
<bsm117532>
You're saying one could deploy an entirely different "script" that lets an observer validate an off-chain interaction (e.g. code signing, or auth event).
Chris_Stewart_5 has joined #bitcoin-wizards
Guyver2 has quit [Read error: Connection reset by peer]
Sleepnbum has quit [Ping timeout: 244 seconds]
<bsm117532>
petertodd: Why do you say that use cases are "narrow"? Deploying your Dex scripts, and replacing them with new ones seems like a perfect use. Knowing that a Dex script is still valid comes down to knowing that a particular UTXO is unspent. (so, UTXO set commitments are immensely helpful)
copumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
<bsm117532>
Timestamps from the blockchain bound a region of time when a particular key was valid (or Dex script could have been used to sign code). So historical signatures can be verified.
Burrito has quit [Quit: Leaving]
Newyorkadam has quit [Quit: Newyorkadam]
adiabat has quit [Remote host closed the connection]