sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
<andytoshi>
Taek42: you may also be interested in this
cyphase has quit [Ping timeout: 255 seconds]
<kanzure>
s/nov/sept
<andytoshi>
oh, lol, oops .. and the date on the paper itself is august
<andytoshi>
that's ok, anything i can do to discourage people taking the paper too seriously at this point is fine
<kanzure>
*shrug* it's right within a certain inaccuracy
<andytoshi>
:)
<kanzure>
does "probability of successfully rewriting the chain regardless of the length of the chain" mean "probability of successfully rewriting the [compact] chain regardless of the length of the chain" ?
cyphase has joined #bitcoin-wizards
<kanzure>
oh i guess the difference isn't so important here
<andytoshi>
kanzure: oh, yeah, the first chain is "compact", the second is "full" .. though it doesn't really matter in this sentence
<andytoshi>
yeah, the bolded text is "eh, we basically can't bound these probabilities away from 0 or 1"
priidu has joined #bitcoin-wizards
priidu has quit [Ping timeout: 255 seconds]
cyphase has quit [Ping timeout: 272 seconds]
cyphase has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 240 seconds]
cyphase has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
Burrito has joined #bitcoin-wizards
<waxwing>
andytoshi: what is "x" in definition 5? the message?
<waxwing>
oh i see, seems to be "h" as per previous. but what is e() used in the verif. check?
proslogion has joined #bitcoin-wizards
yoga14 has quit [Ping timeout: 260 seconds]
<proslogion>
i should maybe write some code to autofill a crypto paper with all the boilerplate jargons
Topogetcyrpto has joined #bitcoin-wizards
mol has joined #bitcoin-wizards
d9b4bef9 has quit [Ping timeout: 276 seconds]
d9b4bef9 has joined #bitcoin-wizards
<bsm117532>
andytoshi: How do these "skip blocks" commit to all the transactions? Are they merge-mined with standard blocks?
xissburg has quit [Ping timeout: 276 seconds]
koshii has quit [Ping timeout: 276 seconds]
molz has quit [Ping timeout: 276 seconds]
koshii has joined #bitcoin-wizards
maaku has joined #bitcoin-wizards
qpm has joined #bitcoin-wizards
BonyM has quit [Ping timeout: 250 seconds]
Mazz_ has quit [Remote host closed the connection]
mrkent has joined #bitcoin-wizards
anon616_ has quit [Remote host closed the connection]
anon616 has joined #bitcoin-wizards
Mazz_ has joined #bitcoin-wizards
BonyM has joined #bitcoin-wizards
chjj has quit [Ping timeout: 260 seconds]
LeMiner has quit [Ping timeout: 260 seconds]
LeMiner has joined #bitcoin-wizards
<andytoshi>
bsm117532: there is only one kind of block
<andytoshi>
the proof of theorem 7 will explain the commitment structure
<bsm117532>
So you combine a set of previous blocks based on the smallness of the produced hash?
<andytoshi>
i can't parse that
<bsm117532>
If I produce a PoW hash that is accidentally much smaller than the target, I can use it to produce a block that combines some others?
<andytoshi>
you can't ever "combine" blocks
<andytoshi>
given a blockchain (with a commitment structure i haven't yet described) there is a sub-blockchain that can be independently verified
<proslogion>
andytoshi: is the 'p' in (p,h) the nonce, or something else?
<andytoshi>
proslogion: no.
<bsm117532>
This blockchain is a set of log(N) blocks though. Do I have that right?
<proslogion>
okay, so p is the linear combination of p_i then
<andytoshi>
proslogion: i think p is the signature there
<proslogion>
thanks
<andytoshi>
`p` is a holdover from an earier revision when i was working with proofs instead of signatures
<andytoshi>
bsm117532: yes, expected set size is log(N) for a random blockchain of N blocks
<waxwing>
further to my previous Q, i can't make sense of the notation in defn 5; in particular the verify step. "computes P as the sum of all elements of p", is p actually the sig then, and P the sum of those sig elements? and as before, what is e()?
<proslogion>
is e() some bilinear group opeartion...
<andytoshi>
waxwing: do you mean the poelstra/kulkarni sig -after- definition 5?
<waxwing>
yes, you're right, not the same thing. yes i meant that.
<andytoshi>
waxwing: p in Verify is the s from Sign, x is the same in both
<andytoshi>
e is the pairing
<waxwing>
yes, thanks andytoshi proslogion, got it now.
<andytoshi>
i need to go over all of this stuff again and unify notation and also change it all to use assymetric pairings
<proslogion>
so CDH in the calligraphic G is not our run of the mill CDH IIRC
<andytoshi>
proslogion: right, it's actually SXDH or something, i need to fix that too
<proslogion>
thanks
vega4 has quit [Ping timeout: 250 seconds]
xissburg has joined #bitcoin-wizards
NewLiberty_ is now known as NewLiberty
nooblord has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
<katu>
the gauntlet is still thrown, ram hard complex algorithmic problems is a beaten, unreliable horse, lets just move on.
gwillen is now known as gwillentest123
gwillentest123 is now known as gwillen
priidu has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
blackwraith has joined #bitcoin-wizards
priidu has quit [Ping timeout: 244 seconds]
blackwraith has quit [Read error: Connection reset by peer]
blackwraith has joined #bitcoin-wizards
aalex_ has quit [Ping timeout: 276 seconds]
aalex_ has joined #bitcoin-wizards
amiller_ has left #bitcoin-wizards ["Leaving"]
amiller_ has joined #bitcoin-wizards
snthsnth has joined #bitcoin-wizards
yoga14 has joined #bitcoin-wizards
MoALTz has quit [Quit: Leaving]
snthsnth has quit [Ping timeout: 244 seconds]
RedEmerald has quit [Ping timeout: 250 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
RedEmerald has joined #bitcoin-wizards
aalex_ has quit [Ping timeout: 240 seconds]
aalex_ has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 252 seconds]
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
cdecker has quit [Ping timeout: 252 seconds]
berndj has joined #bitcoin-wizards
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
kabo has joined #bitcoin-wizards
kabo has quit [Client Quit]
snthsnth has joined #bitcoin-wizards
<bsm117532>
andytoshi: This log(N) blockchain idea is a completely separate idea from Mimblewimble, no? Is there anything that inextricably links the two?
<andytoshi>
bsm117532: the sinking signatures interact very well with the log(N) blockchain idea
<andytoshi>
you can't do full validation of a compact chain any other way i've heard of (for any notion of "full validation")
<andytoshi>
but sure, this is basically the compact SPV scheme that appeared in appendix A of the sidechains whitepaper 2 years ago (and i think was floating around before)
<bsm117532>
I mean, one could build a log-tower of Bitcoin blocks in the same way, without signature aggregation.
instagibbs has joined #bitcoin-wizards
<andytoshi>
..sure, but it would be missing piles of transaction data and would not really be useful to a verifier..
<andytoshi>
in bitcoin you need every transaction to validate the chain
<bsm117532>
Yes, it would just be a different accounting mechanism for the transactions. It wouldn't have the property that you could discard old transactions, as you can if you can also aggregate signatures.
<andytoshi>
well if you can't discard transactions you can't discard blockheaders either, since those tie the transactions to the chain
<bsm117532>
You'd need some form of merge-mining, such that you're simultaneously merge mining for each of the log(N) target difficulties.
<andytoshi>
well fortunately every one of those requires you search exactly the same space of hashes in exactly the same way..
<bsm117532>
It would look like log(N) parallel blockchains. If you found a PoW target T, you could aggregate every level having a larger target.
<andytoshi>
like you are mining blocks that have the transactions of many previous blocks in them?
<bsm117532>
Yes.
<andytoshi>
sure, you can do that, and you'll save 80 bytes per meg
<bsm117532>
You have a blockchain at T, another at T/2 another at T/4. When you find a PoW that satisfies T/4 you're allowed to aggregate previous blocks at T and T/2. (for instance)
<andytoshi>
this is a really trivial form of aggregation though, you're just concatenating blocks and dropping headers, and the merkle proofs are the same order of size as the headers
<bsm117532>
Sure. It's only interesting because of the ability to present log(N) block headers to light clients. Signature aggregation obviously makes it much more power. But am I describing your idea essentially?
LePoisson has joined #bitcoin-wizards
<andytoshi>
i think so
<bsm117532>
Ok, thanks
vega4 has joined #bitcoin-wizards
<andytoshi>
but there's a weird consensus issue here where the "parallel" blocks might not have matching contents, i'd have to think that through, you don't want a situation where transactions are never safe
<andytoshi>
when your transactions are reduced to aggregable signatures you can have the block commitments be in a merkle sum tree structure
<andytoshi>
and mimblewimble naturally makes it impossible to remove transactions without screwing up this sum
<andytoshi>
oh, that's not true, you can remove complete transactions whose outputs have not been spent (if you know the transaction)
yoga14 has quit [Ping timeout: 244 seconds]
laurentmt has quit [Quit: laurentmt]
Noldorin has joined #bitcoin-wizards
DigiByteDev has joined #bitcoin-wizards
aalex_ has quit [Ping timeout: 260 seconds]
aalex_ has joined #bitcoin-wizards
aalex_ has quit [Max SendQ exceeded]
Guyver2 has quit [Quit: :)]
DigiByteDev has quit [Quit: DigiByteDev]
instagibbs has quit [Quit: ZNC 1.6.3+deb1 - http://znc.in]