sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
chjj has joined #bitcoin-wizards
JHistone has quit [Ping timeout: 256 seconds]
xissburg has quit [Quit: ZZZzzz…]
xissburg has joined #bitcoin-wizards
Fibonacci has joined #bitcoin-wizards
sipa_ is now known as sipa
sipa has quit [Changing host]
sipa has joined #bitcoin-wizards
<adiabat>
I use txindex on testnet a lot because... it's testnet
<adiabat>
e.g. where did this utxo come from? How come this gives me an error, it's the same as that tx before! ...etc
Guest76540 has quit [Ping timeout: 245 seconds]
moa has joined #bitcoin-wizards
moa has quit [Changing host]
moa has joined #bitcoin-wizards
CubicEarth has joined #bitcoin-wizards
Burrito has quit [Quit: Leaving]
CrazyLoaf has quit [Quit: Connection closed for inactivity]
kenshi84 has joined #bitcoin-wizards
CubicEarth has quit [Ping timeout: 252 seconds]
FibonacciCoin has quit [Ping timeout: 240 seconds]
<Eliel_>
I suspect most users (of those who need it at all) will be happy with 1-2 years worth of txindex.
<sipa>
for debugging purposes, i totally understand
<sipa>
but have yet to see an actual production use case for it
<sipa>
that can't be avoided with a perhaps slightly more complicated but more scalable solution
<gmaxwell>
sometimes the 'better way' has warts that rightfully scare people off; but unfortunately those don't get fixed if the people encountering them don't report them.
<gmaxwell>
For example, the manual pruning thing in 0.14 should have been a day one feature; but it was a long time until someone pointed out the problem. (that if you use pruning + some system that needs to suck in data before it gets pruned, that with node restarts the data can be pruned before your code has a chance to do its thing)
<gmaxwell>
similarly, until importmulti the api had no way to scan a small range of recent blocks.
<Eliel_>
yes, people don't tend to report problems that are easily worked around.
<sipa>
my view is that anything that relies on a full blockchain (or worse, an indexed one, or even worse, an address-indexed one) is just building infrastructure that only very temporarily is the simpler choice
<Eliel_>
I think more than 3 years of history in an address index won't benefit much of anyone, but 3 years of address index is a necessity for people doing bookkeeping.
<sipa>
for your own transactions, sure
<sipa>
wallets can take care of that perfectly fine
atgreen has joined #bitcoin-wizards
<sipa>
not every f*cking transaction in the world
kenshi84 has quit [Quit: Leaving...]
<gmaxwell>
only temporarily decenteralized at all-- e.g. if you need the whole blockchain and many indexes then eventually you'll be depending on some service as it will be the only really cost effective way to get that info.
<Eliel_>
sipa: only if you know in advance which wallets you need to track, unfortunately.
<gmaxwell>
Eliel_: three years of address history is a small constant factor of the whole size, under exponetial growth, and yet it can't let you discover all the relevant transactions for a wallet. lose/lose
<sipa>
Eliel_: you always do
<sipa>
Eliel_: a newly generated address by definition has no history
<mryandao>
a hash collision is a remote possibility
<sipa>
there are emergency recovery cases where you may want to import existing keys, but that's about the only case i can imagine
<adiabat>
I think the model of address-indexed and pruned could maybe make sense
<sipa>
adiabat: address-indexed utxo set... sure!
<gmaxwell>
mryandao: there is a 'chance' that all protons on the earth spontaniously decay turning all matter into an atomic bomb, vaporizing the solar system.
<adiabat>
sipa: in practice, most of the address-index applications really just want the utxo set without scanning
<sipa>
adiabat: sure, no problem with that
<gmaxwell>
well, I still feel pretty uncomfortable with the utxo indexing, as they're incompatible with TXO.
<Eliel_>
sipa: well, granted, long term that might actually be the case. Right now, though, you do need the damn address index to do bookkeeping.
<sipa>
Eliel_: i really don't understand why
<gmaxwell>
Eliel_: you absolutely shouldn't today, and if you do then there are correctable short comings that _need_ to get corrected.
kenshi84 has joined #bitcoin-wizards
Ylbam has quit [Quit: Connection closed for inactivity]
<gmaxwell>
The last the ones I know of in Bitcoin Core are already corrected for 0.14. There may be more, but if so I don't know about them.
<Eliel_>
gmaxwell: there most certainly are shortcomings, such as multitude of wallet software that somehow needs to be brought into one system so any kind of bookkeeping is possible.
<sipa>
?
<kanzure>
addresses are not accounts, use utxos and transactions instead
<Eliel_>
there's a whole zoo of wallets out there.
<sipa>
ok, why is that a problem?
<gmaxwell>
I can't figure out what you're saying there.
<Eliel_>
ok, try imagine doing bookkeeping for a company where for different parts of the team have each used a different wallet software.
<Eliel_>
and you get tasked with making sense of the mess.
<sipa>
get them to use one wallet
<sipa>
why is that related to txindex?
<Eliel_>
I'd love to have a time machine to do it :)
<gmaxwell>
Eliel_: you can't do bookkeeping just from address data, because you won't have access to all the metadata and context in any case.
<gmaxwell>
This is why (forensic) accountants get paid the big bucks.
CrazyLoaf has joined #bitcoin-wizards
<Eliel_>
gmaxwell: correct, but the metadata somehow tends to be stored outside the wallet... it's just, you need to transactions to be able to make sense of it.
<Eliel_>
and it's much simpler to export the wallet into a centralized system than to try to work with whatever everyone was using.
<Eliel_>
and sync from the blockchain data.
<Eliel_>
but no-one is going to be doing this for anything over 3 years old.
<sipa>
why do you need a transaction index for that? if you're exporting things from existing wallets, they already have the transactions
CubicEarth has quit [Remote host closed the connection]
CubicEarth has joined #bitcoin-wizards
<Eliel_>
sipa: They might have the transactions, but tend to lack sensible ways to export them in formats that are useful.
hashtag has joined #bitcoin-wizards
<sipa>
if running a txindex was expensive, then i'm sure adding that feature to that software would be trivial
dnaleor has quit [Quit: Leaving]
<Eliel_>
sure, if you have someone who knows the code. That doesn't tend to be the case though.
* sipa
points to the topic of this channel
<sipa>
we're not talking about today here :)
<Eliel_>
but yeah, these issues are likely going to be fixed in the future.
<sipa>
sure, txindex is the easiest solution for some cases _today_
<sipa>
but the case you're talking about is not one i'm afraid of
<sipa>
people who demand txindex and addrindex features to _build a wallet_ because it seems easier, scares me a lot
AaronvanW has quit []
<Eliel_>
almost every wallet comes with standard ways to export private keys and addresses out of it. However, I don't think I've seen any that let you export the transactions in a standard format... Speaking of which, I haven't seen a spec for such a standard either.
pedrovian has quit [Quit: Leaving]
<sipa>
?
<sipa>
raw transactions?
pedrovian has joined #bitcoin-wizards
<Eliel_>
most wallets don't provide any way to export transactions except the UI views that's usually too simplified to be useful.
<Eliel_>
so, if you want to get the transaction data to another system, rebuilding the wallet from the full blockchain data is the only option
wasi has quit [Remote host closed the connection]
<sipa>
that implies the on-chain transaction data is enough
wasi has joined #bitcoin-wizards
<sipa>
but it loses time information, change outputs, destination names, ...
<Eliel_>
pretty much every wallet supports full private key export in some way, so you can tell change addresses apart from that.
<Eliel_>
and users rarely store metadata in the wallet software itself. It's usually written in some spreadsheet somewhere, if at all.
<Eliel_>
and if not... well, there's always the wallet UI. The worst case you get to type it out on the keyboard yourself.
<Eliel_>
but come to think of it, my need for address/transaction index would greatly diminish if wallet software ubiquitously supported exporting the transaction list in a standard format.
<Eliel_>
(a standard format that can actually be imported as well)
<Eliel_>
I'm not aware of a single wallet that actually supports importing transactions like that.
<sipa>
i'm not sure how that would work
<sipa>
as interpreting a transaction is wallet specific
silversoul has quit [Quit: -a- Connection Timed Out]
silversoul has joined #bitcoin-wizards
<adiabat>
figured at some point I might try to make it into a BIP once it's stable; seems to be working OK for my use case so far (the lightning node giving utxos to an underlying wallet)
silversoul has quit [Ping timeout: 245 seconds]
<sipa_>
bitcoin's rest interface has a binary format for utxos
<sipa_>
which is by no meand documented or standard
<adiabat>
right... for mine case I added a bit more
<adiabat>
in the case of lightning, the lightning node side gives a utxo to the base wallet, and also says "here's a bip44 path, but also when you get to the end of the path, here's a scalar to add"
<adiabat>
(modulo the curve N)
Dizzle__ has joined #bitcoin-wizards
Dizzle has quit [Ping timeout: 256 seconds]
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
pro has quit [Quit: Leaving]
[7] has quit [Ping timeout: 240 seconds]
TheSeven has joined #bitcoin-wizards
Dizzle__ has quit [Remote host closed the connection]
Aranjedeath has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
wump is now known as wumpus
NewLiberty_ has quit [Ping timeout: 256 seconds]
davec has quit [Quit: leaving]
Ylbam has joined #bitcoin-wizards
xissburg has left #bitcoin-wizards ["leaving"]
zxzzt has quit [Ping timeout: 246 seconds]
zxzzt has joined #bitcoin-wizards
ryanofsky has quit [Ping timeout: 256 seconds]
ryanofsky has joined #bitcoin-wizards
c0rw1n has quit [Quit: Leaving]
c0rw1n has joined #bitcoin-wizards
aalex has joined #bitcoin-wizards
Fibonacci has quit [Quit: Connection closed for inactivity]
aalex has quit [Ping timeout: 240 seconds]
jeremyru1in is now known as jeremyrubin
chjj has quit [Ping timeout: 240 seconds]
uiuc-slack has quit [Read error: Connection reset by peer]
uiuc-slack3 has joined #bitcoin-wizards
uiuc-slack3 has quit [Remote host closed the connection]
uiuc-slack has joined #bitcoin-wizards
BashCo has quit [Remote host closed the connection]
Fibonaccicoin has quit [Ping timeout: 248 seconds]
chjj has joined #bitcoin-wizards
paveljanik has quit [Quit: Leaving]
dnaleor has joined #bitcoin-wizards
Fibonaccicoin has joined #bitcoin-wizards
Fibonaccicoin has quit [Ping timeout: 240 seconds]
BashCo has joined #bitcoin-wizards
echonaut has quit [Remote host closed the connection]
echonaut has joined #bitcoin-wizards
vidjogamer has quit [Remote host closed the connection]
AlineGomes has quit [Quit: Connection closed for inactivity]
jannes has joined #bitcoin-wizards
echonaut has quit [Remote host closed the connection]
echonaut has joined #bitcoin-wizards
kenshi84 has quit [Remote host closed the connection]
kenshi84 has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
kenshi84 has quit [Ping timeout: 276 seconds]
AaronvanW has joined #bitcoin-wizards
arubi has quit [*.net *.split]
arubi has joined #bitcoin-wizards
arubi has quit [Remote host closed the connection]
arubi has joined #bitcoin-wizards
<stevenroose>
what is the maximum size of a DER-encoded ECDSA signature over secp256k1?
<stevenroose>
I know it is supposed to be dependent on the curve order somehow
<stevenroose>
I guess you can just serialize a signature with S = R = n
<stevenroose>
which is 72 bytes
<nsh>
the signature is two 32 byte numbers
<nsh>
in DER you add 6/7 bytes
<stevenroose>
yeah I read that it can be up to 73
<nsh>
satoshi missed a few branches when he fell down the omniscience tree
<stevenroose>
No idea why it could be the extra one
<yoleaux>
Question on DER-encoding of signature pair (r, s)
<gmaxwell>
nsh: if the leading bit is set in the values the values must be zero padded.
<nsh>
right
<gmaxwell>
also what is said above is only true about the extra strict encoding required in bitcoin now.
<gmaxwell>
if by der you mean something openssl's parser could accept, I believe there is no limit on how large it could be beyond address space.
<gmaxwell>
as far as longer, bitcoin signatures have an extra flag seralized after the der encoded value.
<stevenroose>
oh yeah the sighashflag
<stevenroose>
but those are bitcoin-specific, so a general signature on secp256k1 can be forced to fit within 72 bytes, right? thanks
<nsh>
and to confound matters, r & s can be shorter sometimes than 32 bytes
<nsh>
'There are signatures in blockchain where the length of R or S is 29, 30, 31'
<gmaxwell>
nsh: there are ones much shorter than that.
<nsh>
heh
<nsh>
wouldn't that affect the security of the signature?
<nsh>
suppose not in general
<gmaxwell>
right, but sure some of the ways to get really short ones are stunts that don't have security.
* nsh
nods
<gmaxwell>
the simplest way to get a maximally short one is just set r=s=1 and then recover the pubkey that would result for a message of 1... then pay to that pubkey and then spend the pubkey with a sighash single bug spend.
<nsh>
ah
<gmaxwell>
I would be really surprised if there weren't one of these in mainnet.
Guyver2 has joined #bitcoin-wizards
arubi has quit [Remote host closed the connection]
arubi has joined #bitcoin-wizards
aalex has joined #bitcoin-wizards
wasi has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 256 seconds]
pro has joined #bitcoin-wizards
aalex has quit [Ping timeout: 258 seconds]
kenshi84 has joined #bitcoin-wizards
windsok has quit [Ping timeout: 276 seconds]
<sn0wmonster>
is it possible to use secp256k1 to encrypt a message in a small enough length to fit in the block as a OP_RETURN, like how EternalWall does it for normal messages?
<sn0wmonster>
eternitywall*
<sn0wmonster>
what's the absolute minimum length you can make a "bitcoin wallet" encrypted message?
<sn0wmonster>
when i use electrum ot try and sign/encrypt a message, it's just a few characters over the limit of what something like eternitywall allows
Davasny has joined #bitcoin-wizards
CheckDavid has joined #bitcoin-wizards
airbreather has quit [Read error: Connection reset by peer]