sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
priidu has quit [Ping timeout: 260 seconds]
jtimon has quit [Ping timeout: 250 seconds]
_whitelogger has joined #bitcoin-wizards
Burrito has quit [Quit: Leaving]
igno_peverell_ has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
igno_peverell_ has quit [Ping timeout: 245 seconds]
alpalp has joined #bitcoin-wizards
alferz has joined #bitcoin-wizards
alpalp has quit [Read error: Connection reset by peer]
alpalp has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
igno_peverell_ has joined #bitcoin-wizards
alferz has quit [Ping timeout: 244 seconds]
abpa has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
dnaleor has quit [Quit: Leaving]
Ylbam has quit [Quit: Connection closed for inactivity]
Giszmo has joined #bitcoin-wizards
igno_peverell_ is now known as igno_peverell
pedrovian has quit [Read error: Connection reset by peer]
igno_peverell has quit [Ping timeout: 245 seconds]
igno_peverell has quit [Remote host closed the connection]
alpalp has quit [Ping timeout: 256 seconds]
spinza has quit [Ping timeout: 258 seconds]
afk11 has quit [Ping timeout: 268 seconds]
afk11 has joined #bitcoin-wizards
afk11 has joined #bitcoin-wizards
afk11 has quit [Changing host]
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
afk11 has quit [Ping timeout: 268 seconds]
xissburg_ is now known as xissburg
chjj has quit [Quit: WeeChat 1.6]
afk11 has joined #bitcoin-wizards
afk11 has joined #bitcoin-wizards
afk11 has quit [Changing host]
Alopex has quit [Remote host closed the connection]
CrazyLoaf has quit [Quit: Connection closed for inactivity]
pro has quit [Quit: Leaving]
Alopex has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 258 seconds]
[7] has quit [Disconnected by services]
TheSeven has joined #bitcoin-wizards
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
flower has quit [Ping timeout: 245 seconds]
maaku has quit [Ping timeout: 260 seconds]
maaku has joined #bitcoin-wizards
maaku has quit [Remote host closed the connection]
maaku has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
saintromuald has quit [Ping timeout: 256 seconds]
maaku has quit [Quit: No Ping reply in 180 seconds.]
maaku has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
maaku has quit [Ping timeout: 260 seconds]
maaku has joined #bitcoin-wizards
<petertodd>
waxwing: yeah, I didn't want to get into the complexity of pedersen commitments; I personally don't know off the top of my head exactly how they work
<petertodd>
waxwing: that post post's audience is meant to include people who barely understand crypto
flower has joined #bitcoin-wizards
BashCo has quit [Remote host closed the connection]
ThomasV has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 258 seconds]
flower has quit [Ping timeout: 250 seconds]
BashCo has joined #bitcoin-wizards
BashCo_ has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 256 seconds]
JackH has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
jannes has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
luke-jr has quit [Ping timeout: 260 seconds]
AaronvanW has quit [Read error: Connection reset by peer]
AaronvanW has joined #bitcoin-wizards
n8wachT has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 245 seconds]
LeMiner2 has joined #bitcoin-wizards
LeMiner has quit [Ping timeout: 260 seconds]
LeMiner2 is now known as LeMiner
edvorg has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
harrymm has quit [Remote host closed the connection]
harrymm has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
CrazyLoaf has joined #bitcoin-wizards
cyphase_eviltwin has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
rusty2 has quit [Ping timeout: 248 seconds]
alferz has joined #bitcoin-wizards
cyphase_eviltwin is now known as cyphase
flower has joined #bitcoin-wizards
alferz has quit [Ping timeout: 244 seconds]
alferz has joined #bitcoin-wizards
alferz has joined #bitcoin-wizards
alferz has quit [Changing host]
binaryFate has quit [Ping timeout: 256 seconds]
binaryFate has joined #bitcoin-wizards
flower has quit [Read error: Connection reset by peer]
flower has joined #bitcoin-wizards
flower has quit [Quit: -]
ThomasV has quit [Ping timeout: 256 seconds]
flower has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
LeMiner2 has joined #bitcoin-wizards
flower has quit [Quit: -]
LeMiner has quit [Ping timeout: 260 seconds]
LeMiner2 is now known as LeMiner
etcdctlftw has joined #bitcoin-wizards
edvorg has quit [Remote host closed the connection]
BashCo_ has quit [Remote host closed the connection]
BashCo has joined #bitcoin-wizards
aalex__ has quit [Quit: Connection reset by beer]
Samdney has quit [Quit: Verlassend]
BashCo has quit [Ping timeout: 268 seconds]
aalex_ has joined #bitcoin-wizards
aalex has quit [Ping timeout: 246 seconds]
BashCo has joined #bitcoin-wizards
CrazyLoaf has quit [Quit: Connection closed for inactivity]
CubicEarth has joined #bitcoin-wizards
CrazyLoaf has joined #bitcoin-wizards
abpa has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
Samdney has joined #bitcoin-wizards
Guyver2 has left #bitcoin-wizards ["Closing Window"]
binaryFate has quit [Quit: ZNC ftw]
binaryFate has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
<bsm117532>
I've been thinking of a possible BIP: "Commitment Requests".
<bsm117532>
The idea would be to create an optional, p2p layer set of messages for light clients to request certain kinds of commitments about the state of the blockchain.
<bsm117532>
Bitcoind nodes wishing to service light clients could calculate these commitments, once per block, rather than once per peer or once per SPV client.
<bsm117532>
Light clients could then request Merkle proofs relative to these commitments for the data they're interested in.
<bsm117532>
By making a set of optional p2p messages, we could play with different kinds of commitments, as a stepping stone to including some of them in the block itself.
<bsm117532>
As long as the commitments are not in the block, light clients can't know whether the full nodes servicing them have calculated the commitments correctly, but this can be somewhat mitigated by asking multiple nodes and providing public auditing of these commitments.
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
<bsm117532>
For instance, BIP37 style matching of all data elements could be done by creating a Merklix/MMR commitment to all data in each block.
<kanzure>
what about censorship of these proofs
<bsm117532>
Full nodes could then provide a proof of presence of proof of absence.
qpm has quit [Ping timeout: 260 seconds]
<bsm117532>
kanzure: Censorship resistance will have to come by making these commitments a consensus rule.
<kanzure>
(block-embedded stuff can get censord)
<kanzure>
ok.
<kanzure>
then why make them node-calculated instead of miner-calculated? how would you tell the difference anyway
<bsm117532>
But, as a stepping stone, I think p2p commitment requests would be a good way to explore the possibilities for improving light client security.
<bsm117532>
If they're in the block (header) they would be miner calculated.
<kanzure>
they can also be in the transaction list, though, even as a consensus rule
<bsm117532>
If they're not in the block, this is just a service some bitcoin nodes want to provide for light clients.
<bsm117532>
Yes. I don't really care how they're put into the block eventually, as long as light clients can easily access them.
qpm has joined #bitcoin-wizards
<kanzure>
even as a consensus rule, these are basically controlled by minrs
<kanzure>
.. miners.
<bsm117532>
Block headers are simpler, if a hard fork is on the table. But anywhere in the tx list works as well.
<kanzure>
you can trivially censor certain commitments, as a miner. and use other commitments instead.
<bsm117532>
If it's a consensus rule, and a miner calculates the commitments incorrectly, other miners will ignore his block...
<bsm117532>
If you calculate the Merkle root of the txns incorrectly...other miners will ignore the bad block (for instance)
<kanzure>
for censorship resistance, "it's included" is not enough.
<bsm117532>
You can't censor that.
<bsm117532>
The assumption is that light clients can get block headers and commitments. If you're going to fully censor light clients...there's nothing any protocol rule can do to prevent that...
<kanzure>
nah, i was citing the fraud proof problem in particular: you can get a commitment to a light client, but nobody is ever going to give you enough information to implicate themselves (missing information), and also, if you don't have tight rules around calculation of the commitments (which usulaly requires "all the data" anyway...). ....
<kanzure>
btw what is your "public auditing of commitments" scheme?
<bsm117532>
My "public auditing of commitments" scheme is that everyone will want one, and the best possible auditing is to put them directly in the block headers. Intermediate steps are...intermediate and flawed.
* bsm117532
goes back to read the merklix and mmr things...again...
<kanzure>
did you see my client-side validation braindump a few days ago?
<bsm117532>
No...
<kanzure>
i have a scheme where blocks are just a merkle root, list of pubkeys, a BLS multisig from the privkeys over the merkle root, a list of output hashes, and a BLS multisig of the privkeys over some output hashes
<bsm117532>
Link?
<kanzure>
and then transactions are superhuge merkle proofs and inclusion proofs
<kanzure>
such that, if you don't do a transaction during a block, you don't have to give a merkle proof for that block to a potential recipient (since your pubkey is not listed/didn't sign)
jtimon has quit [Remote host closed the connection]
<bsm117532>
I think we're saying something similar. I want clients to be able to mutate their proofs using block header data, rather than requesting new ones from a server for each block.
<kanzure>
my observation was that most "everything is a merkle root" schemes requires the transfer of either all transactions or some sort of merkle tree update data inside each block, which is unfortunately not very helpful to the challenges we're looking at--- so instead, why not offer a way that miners interactively give the inclusion proof to the spenders for that single block, and then have a def...
<bsm117532>
If we can pull that off, it would go a long way to improving privacy: light clients would only need to request a proof once.
<kanzure>
...ault way that non-participation in a block signals to potential recipients that inclusion proofs are not necessary for those intermediate blocks where no state updates occur [for those spenders].
<bsm117532>
kanzure: If you have any other refs to any "everything is a merkle root" schemes I'd be interested in reading them...
<bsm117532>
I'm just slow at wrapping my head around it.
<kanzure>
bsm117532: transactions become giant proofs that recipients send around. miners just publish an arbitrary merkle root. nobody can reconstruct it except the miner (or if everyone reveals their proofs i guess). each block can have whatever data in the merkle tree.
NewLiberty has quit [Ping timeout: 258 seconds]
<kanzure>
(also, miner fees work the same way)
maaku has quit [Quit: No Ping reply in 180 seconds.]