sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Newyorkadam has joined #bitcoin-wizards
ruby32 has joined #bitcoin-wizards
IRCFrEAK has joined #bitcoin-wizards
IRCFrEAK has left #bitcoin-wizards [#bitcoin-wizards]
aburan_ has quit [Quit: Ex-Chat]
aburan_ has joined #bitcoin-wizards
fibonacci_ has quit [Quit: Connection closed for inactivity]
Piper-Off is now known as Monthrect
bekti has joined #bitcoin-wizards
bekti has left #bitcoin-wizards [#bitcoin-wizards]
Starduster has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
MaxSan1 has joined #bitcoin-wizards
MaxSan has quit [Ping timeout: 240 seconds]
chjj has quit [Quit: WeeChat 1.7]
BashCo_ has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 240 seconds]
maaku has quit [Remote host closed the connection]
aburan_ has quit [Quit: Ex-Chat]
dodomojo has joined #bitcoin-wizards
<uiuc-slack> <amiller> Hi all, http://arxiv.org/abs/1702.05812 here's a new paper on a way of reducing the worst-case delay in Lightning
<uiuc-slack> <amiller> (xpost from lightning-dev but now the paper is up)
jtimon has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 240 seconds]
jtimon has joined #bitcoin-wizards
MaxSan1 has quit [Ping timeout: 260 seconds]
MaxSan has joined #bitcoin-wizards
wasi has quit [Remote host closed the connection]
wasi has joined #bitcoin-wizards
Ylbam has quit [Quit: Connection closed for inactivity]
jtimon has quit [Remote host closed the connection]
Newyorkadam has joined #bitcoin-wizards
dodomojo has quit [Remote host closed the connection]
NewLiberty_ has quit [Ping timeout: 240 seconds]
roidster has quit [Quit: ChatZilla 0.9.92 [SeaMonkey 2.39/20151103191810]]
dodomojo has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
rusty2 has quit [Quit: Leaving.]
rusty2 has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
btiefert has joined #bitcoin-wizards
dodomojo has quit [Remote host closed the connection]
NewLiberty has quit [Ping timeout: 260 seconds]
dodomojo has joined #bitcoin-wizards
dodomojo has quit [Remote host closed the connection]
nickler has quit [Ping timeout: 240 seconds]
nickler has joined #bitcoin-wizards
btiefert has quit [Quit: btiefert]
Newyorkadam_ has joined #bitcoin-wizards
Newyorkadam has quit [Ping timeout: 255 seconds]
Newyorkadam_ is now known as Newyorkadam
pro has quit [Quit: Leaving]
EvilHero_ has joined #bitcoin-wizards
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
commanderdata has joined #bitcoin-wizards
[7] has quit [Ping timeout: 240 seconds]
TheSeven has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
Guyver2 has left #bitcoin-wizards [#bitcoin-wizards]
Newyorkadam has quit [Quit: Newyorkadam]
Newyorkadam has joined #bitcoin-wizards
lclc has joined #bitcoin-wizards
MaxSan has quit [Ping timeout: 268 seconds]
rusty2 has quit [Ping timeout: 240 seconds]
Aranjedeath has quit [Quit: Three sheets to the wind]
ruby32 has quit [Remote host closed the connection]
ruby32 has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
Ylbam has joined #bitcoin-wizards
BashCo_ has quit [Remote host closed the connection]
BashCo has joined #bitcoin-wizards
aalex has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 255 seconds]
aalex has quit [Ping timeout: 255 seconds]
harrymm has quit [Ping timeout: 240 seconds]
BashCo has joined #bitcoin-wizards
harrymm has joined #bitcoin-wizards
MaxSan has joined #bitcoin-wizards
paveljanik has quit [Quit: Leaving]
harrymm has quit [Ping timeout: 255 seconds]
moli_ has quit [Ping timeout: 240 seconds]
moli_ has joined #bitcoin-wizards
aalex has joined #bitcoin-wizards
harrymm has joined #bitcoin-wizards
harrymm has quit [Ping timeout: 240 seconds]
MaxSan has quit [Ping timeout: 240 seconds]
harrymm has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
jannes has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
MaxSan has joined #bitcoin-wizards
aalex has quit [Ping timeout: 240 seconds]
rusty2 has quit [Ping timeout: 240 seconds]
_mn3monic has quit [Ping timeout: 240 seconds]
MoALTz has joined #bitcoin-wizards
lclc_ has joined #bitcoin-wizards
lclc has quit [Ping timeout: 255 seconds]
lclc_ has quit [Ping timeout: 260 seconds]
chjj has quit [Ping timeout: 260 seconds]
MaxSan has quit [Ping timeout: 240 seconds]
sn0wmonster has quit [Max SendQ exceeded]
sn0wmonster has joined #bitcoin-wizards
lclc has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
sdfgsdfg has joined #bitcoin-wizards
sn0wmonster has quit [Ping timeout: 240 seconds]
paveljanik has quit [Read error: Connection reset by peer]
paveljanik has joined #bitcoin-wizards
paveljanik has quit [Client Quit]
EvilHero_ has quit [Remote host closed the connection]
EvilHero_ has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
ithicad has quit [Read error: Connection reset by peer]
Giszmo has joined #bitcoin-wizards
ruby32 has quit [Remote host closed the connection]
ruby32 has joined #bitcoin-wizards
ruby32 has quit [Remote host closed the connection]
sdfgsdfg has quit [Ping timeout: 240 seconds]
ruby32 has joined #bitcoin-wizards
Yogh has quit [Quit: ZNC 1.6.3 - http://znc.in]
ruby32 has quit [Remote host closed the connection]
ruby32 has joined #bitcoin-wizards
Sosumi has joined #bitcoin-wizards
ruby32 has quit [Remote host closed the connection]
ruby32 has joined #bitcoin-wizards
pro has joined #bitcoin-wizards
sn0wmonster has joined #bitcoin-wizards
_mn3monic has joined #bitcoin-wizards
<andytoshi> tromp_: assuming equal difficulty, to dominate N-1 blocks (plus your own) requires hitting a target 1/Nth the size of the single-block target
ryanofsky has quit [Remote host closed the connection]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
Yogh has joined #bitcoin-wizards
<tromp_> hi andytoshi
<tromp_> that assumes a different notion of dominating than what i understood
<tromp_> where the previous N-1 blocks did work exactly matching the target
Yogh has quit [Quit: ZNC 1.6.3 - http://znc.in]
<tromp_> where the previous N-1 blocks did work exactly matching the target
<tromp_> the total target work proven by only following direct
<tromp_> predecessor links
<tromp_> i see now. that phrase says you ignore how much the predecessors improved on the target
Newyorkadam has joined #bitcoin-wizards
<tromp_> sorry for paste error
Newyorkadam has quit [Client Quit]
ryanofsky has joined #bitcoin-wizards
<tromp_> note that this skipping is different from the one in your paper with "effective difficulty"
ryanofsky has quit [Quit: ZNC 1.6.4 - http://znc.in]
ryanofsky has joined #bitcoin-wizards
Yogh has joined #bitcoin-wizards
aalex has joined #bitcoin-wizards
lclc has quit [Ping timeout: 268 seconds]
Kexkey has joined #bitcoin-wizards
moli_ has quit [Ping timeout: 260 seconds]
nu11p7r has joined #bitcoin-wizards
moli_ has joined #bitcoin-wizards
aalex has quit [Quit: Connection reset by beer]
Davasny has joined #bitcoin-wizards
Davasny is now known as Guest73126
Guest73126 is now known as Dav2
Kexkey has quit [Ping timeout: 260 seconds]
bsm1175321 has quit [Ping timeout: 260 seconds]
bsm1175321 has joined #bitcoin-wizards
btiefert has quit [Quit: btiefert]
CrazyLoaf has quit [Quit: Connection closed for inactivity]
mol has joined #bitcoin-wizards
moli_ has quit [Ping timeout: 260 seconds]
mol has quit [Remote host closed the connection]
Dav2 is now known as Davasny
mol has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
abpa has joined #bitcoin-wizards
instagibbs has quit [Ping timeout: 240 seconds]
instagibbs has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
arowser has quit [Quit: No Ping reply in 180 seconds.]
arowser has joined #bitcoin-wizards
Giszmo has quit [Ping timeout: 268 seconds]
EvilHero_ has quit [Remote host closed the connection]
EvilHero_ has joined #bitcoin-wizards
btiefert has quit [Quit: btiefert]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
Giszmo has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
Giszmo has quit [Ping timeout: 260 seconds]
btiefert has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
Giszmo has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
Giszmo1 has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
Giszmo has quit [Ping timeout: 240 seconds]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
Giszmo1 has quit [Ping timeout: 260 seconds]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
paveljanik has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
BashCo has quit [Remote host closed the connection]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
Giszmo has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
EvilHero_ has quit [Ping timeout: 260 seconds]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
hashtag_ has joined #bitcoin-wizards
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
hashtag has quit [Ping timeout: 240 seconds]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
btiefert has quit [Client Quit]
btiefert has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
btiefert has quit [Client Quit]
molz_ has joined #bitcoin-wizards
mol has quit [Ping timeout: 255 seconds]
Giszmo has quit [Ping timeout: 240 seconds]
Guyver2 has joined #bitcoin-wizards
Guyver2_ has joined #bitcoin-wizards
Guyver2 has quit [Disconnected by services]
Guyver2_ is now known as Guyver2
<andytoshi> tromp_: yeah, i understand now
<andytoshi> the skipping is definitely different but i had thought the same proof would hold
rusty2 has joined #bitcoin-wizards
<tromp_> your paper also glosses over the possibility of infinite effective difficulty for hash==0 :(
<andytoshi> yes, it does, somebody gets a hash very close to zero it's a safe assumption the random oracle model has broken down for this hash anyway
rusty2 has quit [Ping timeout: 260 seconds]
CrazyLoaf has joined #bitcoin-wizards
<tromp_> i still like the idea of committing to a compact chain, althought its uses are not quite clear to me, beyond informing the user like "branch ... claimed cumulative difficulty ... verified effective difficulty ... giving correlation ... "
davec has quit [Ping timeout: 260 seconds]
davec has joined #bitcoin-wizards
<tromp_> perhaps correlation is the wrong notion. one could compute the odds that the given the verified eff. diff. what are the oods of having at least the claimed cumulative difficulty
rusty2 has joined #bitcoin-wizards
execute has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
<andytoshi> tromp_: the use is that you don't have consensus failures in the case that people drop blocks
q4 has joined #bitcoin-wizards
Giszmo has quit [Client Quit]
Giszmo has joined #bitcoin-wizards
Giszmo1 has joined #bitcoin-wizards
Giszmo has quit [Ping timeout: 260 seconds]
Giszmo has joined #bitcoin-wizards
mol has joined #bitcoin-wizards
Giszmo1 has quit [Ping timeout: 260 seconds]
mol has quit [Remote host closed the connection]
mol has joined #bitcoin-wizards
molz_ has quit [Ping timeout: 240 seconds]
JHistone has joined #bitcoin-wizards
EvilHero_ has joined #bitcoin-wizards
<tromp_> i don't know what you mean by dropping blocks
<andytoshi> tromp_: i mean in mimblewimble my design had been that blocks outside of the compact chain would be deleted by full nodes
<andytoshi> so if there wasn't a canonical chain, somebody could show up with blocks referencing old blocks that no longer existed, and this would cause trouble
<tromp_> i dont see full nodes making use of compact chains
<andytoshi> in the mimblewimble paper this was the design
<andytoshi> because they had no need for any additional data
rusty2 has quit [Ping timeout: 240 seconds]
<tromp_> full nodes need to be sure of highest work branch by checking all blocks pow
<andytoshi> if my lemma had been correct the compact chain would have been sufficient. as it is, i still think a factor of 2 somewhere in there will fix it
<andytoshi> they don't need to be sure of the highest work branch, they only need the statistical properties of the highest-work compact chain to be such that rewriting is as hard as writing
<andytoshi> same as a full blockchain
<tromp_> i don't hink that's fixable
<andytoshi> why doesn't defining a 1/2 into to the definition of effective difficulty fix it?
<tromp_> i will ponder that separately, but i mean full node needs more than statistical assurance
<andytoshi> they already have only statistical assurance in bitcoin
<andytoshi> you can get lucky and mine a million blocks in a million hashes, in principle
<tromp_> yes, but that will be an actual valid chain
<tromp_> while a lucky compact chain need not be part of an actual valid chain
<andytoshi> that's fine
<andytoshi> we can define a compact chain to be just as valid as a full chain, then as long as there's no work advantage to "mining" a compact chain directly, it's fine
<tromp_> surely a compact chain can only be valid if part of a prev-block chain?!
<andytoshi> no
<andytoshi> this is the point of all the sinking signature stuff
<andytoshi> you only need the compact chain to validate the whole history
<tromp_> i must admit i've been skipping the sinking signatures as being a little beyond me for now
<andytoshi> no worries, the paper has a ton of technical stuff that isn't super necessary .. but what is necessary is to know that it allows compressing blocks together
<andytoshi> but after doing this, you need your commitments and proven work to still be sensible
<andytoshi> so i did this compact chain thing, and said that each block can skip a ton of other blocks (and commit to the compressed aggregate of all the skipped blocks)
<andytoshi> which winds up being like log(n_skipped_blocks)^2 in size or something
<tromp_> so you're actually changing the longest chain rule. from most cumul diff to most effective diff on compact chain
<andytoshi> yeah
<andytoshi> section 3.3.2 talks about the consequences of this
<tromp_> and not requiring prev block hashing to be witnessable
<andytoshi> yep
<andytoshi> it is definitely a formal weakening of the security model
<andytoshi> but i argue that it's just as good, for all intents and purposes, in that section
<tromp_> btw, is there any more recent version of that paper than last october or so?
<andytoshi> no, sorry
gHEr has joined #bitcoin-wizards
<andytoshi> i've moved away from the sinking signatures (and therefore compact chains) because they break my payment channel/scriptless script stuff
gigq has quit [Ping timeout: 256 seconds]
<tromp_> why do compact chains require different kind of signatures?
<andytoshi> because only sinking signatures can be aggregated across blocks the way that i needed
<tromp_> does the paper explain why that fails with the regular sigs?
gigq has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
JHistone has quit [Ping timeout: 240 seconds]
<andytoshi> not directly .. defn 4 says that a sinking sig is one that can be aggregated with sigs from previous blocks but not from future ones
<andytoshi> which is the reason
<andytoshi> basically aggregation usually gets you negation, which in mimblewimble is sufficient to reverse transactions (swap inputs and outputs and negate the kernel signature)
<andytoshi> ECDSA sigs can't be aggregated, schnorr sigs only get you a 50% space reduction, BLS sigs on same message can be aggregated in constant space but allow negation
cluelessperson has quit [Ping timeout: 240 seconds]
<andytoshi> so, you can get aggregation within a block by having BLS sigs that sign the current blockheight, this lets you compress every kernel into a single point and every sig into a single sig, which is cool
<andytoshi> sinking sigs are BLS sigs that separately sign the current blockheight and a bunch of previous blockheights
<andytoshi> so by dropping the higher blockheights you can "migrate" them to earlier blocks, where they can be aggregated, but not to later ones
<tromp_> is BLS the type based on pairings?
<andytoshi> yep
moli_ has joined #bitcoin-wizards
mol has quit [Ping timeout: 240 seconds]
<tromp_> do schnorr signatures allow reversal of tx?
<andytoshi> no
<tromp_> is that equivalent to ECDLP?
<andytoshi> they also don't allow much aggregation (you can reduce a bunch of 64-byte sigs to a bunch of 32-byte ones plus one extra point)
<andytoshi> yes
mol has joined #bitcoin-wizards
<andytoshi> BLS sigs i believe reduce to CDH (or something analogous when the paired groups are different)
<tromp_> i'm suspicious of pairing crypto. even though i'm no cryptographer by any means:(
<andytoshi> if it helps, so is adam :)
<tromp_> just don't feel comfortable with something that is MUCH less stress tested than EC
<andytoshi> that is another motivation for me to explore other directions .. the pairing dependency is annoying
<tromp_> is it possible that ppl will find new ways to aggragate shnorr sigs, giving much more than 50% ?
Sosumi has quit [Quit: Bye]
moli_ has quit [Ping timeout: 240 seconds]
<andytoshi> pretty sure not (without interaction) because their security depends on a random hash messing up the linear algebra
gHEr has quit [Ping timeout: 240 seconds]
<tromp_> i mean, the ring sigs play some pretty neat trick with those hashes as well...
<andytoshi> very true
Giszmo has quit [Ping timeout: 255 seconds]
<tromp_> but i agree aggregation starts from seemingly completely independet things
<tromp_> that leave much less room for tricks
<andytoshi> yeah. and it's been a more popular area of study for the last 20 years than have ringsigs or rangeproofs
<tromp_> btw, aggregation across blocks may be more beneficial for dropping rangeproofs than for copmacting sigs
<andytoshi> well, the rangeproofs can already be dropped when they're redundant
<andytoshi> err, when they are attached to spent outputs
<tromp_> not for new clients though
<andytoshi> and cannot be when they are attached to unspent outputs, regardless of the rest of the chain
<andytoshi> yes they can
<tromp_> oh, new clients only verify utxo...
<andytoshi> yes, all the non-utxo stuff is verified by checking the kernel sigs (which are sinking sigs in the paper)
<tromp_> to verify a coimpact chain, dont you need all the dropped blocks to check that effectively difficulty is computed correctly?
rusty2 has quit [Ping timeout: 255 seconds]
<andytoshi> no, this is the point of the difficulty sumtree
<andytoshi> oh, you mean that the diffchanges are handled right?
<tromp_> i mean accumulation of dropped difficulties must be verified
<andytoshi> you don't need to know that past diffchanges were done correctly except for anti-DoS
<andytoshi> accumulation is handled by the sumtree
<tromp_> but your sumtree is only on compact blocks
Giszmo has joined #bitcoin-wizards
<andytoshi> yes, that's fine
<tromp_> whose leaves have effetive difficulty up to twice their actual difficulty
<andytoshi> because of your problem with my lemma?
<tromp_> just using your definition of effective difficulty
<andytoshi> then we weight effective difficulty by 1/2 vs actual difficulty
<andytoshi> i'm confused, what do you mean by "actual difficulty"
Guyver2_ has joined #bitcoin-wizards
<tromp_> let's assume constant target T
<tromp_> and consider luck levels log_2 (T/hash)
<tromp_> you would reduce a chain 0 0 0 0 0 0 0 3 to just 3
<tromp_> actually lets forget the log_2
<tromp_> and reduce 1 1 1 1 1 1 1 8 to just 8
<tromp_> sorry to just 15
<tromp_> because the 8 dominates the 7 1s
<andytoshi> yep
EvilHero_ has quit [Ping timeout: 240 seconds]
Guyver2 has quit [Ping timeout: 260 seconds]
Guyver2_ is now known as Guyver2
<tromp_> now the compact chain needs to distinguish between real chains 8 8 and 8 1 1 1 1 1 1 8
<tromp_> but both could claim to have compact chain 8 15
<tromp_> with the first unable to witness the dropping of 7
<tromp_> or maybe you no longer wish to distinguish these?
Guyver2_ has joined #bitcoin-wizards
<tromp_> i think they need to be distinguished or else a 7-deep reorg is too easy to pull off
<andytoshi> this is covered in section 3.3.2
Guyver2 has quit [Ping timeout: 260 seconds]
Guyver2_ is now known as Guyver2
<tromp_> ok, lemme study that
<andytoshi> it's not too bad, it just says yes, you can pull off that reorg with nontrivial probability but the expectation is the same, so if you have a tail of explicit blocks you can tamp down the probability to negligible
<andytoshi> or rather, require luck followed by a ton of work
<tromp_> i guess this is why in the popow paper they also use the latest k blocks in addition to the compact chain
<andytoshi> yeah, it's sorta inherent, there is some theorem amiller pointed me to that pretty-much implies this is necessary
<tromp_> i agree that for k beyond a few dozen, that gives you pretty close to the full security
<andytoshi> :)
pero has joined #bitcoin-wizards
pero has left #bitcoin-wizards [#bitcoin-wizards]
<tromp_> but i'm still not sure whether your notion of effective difficulty can be made verifiable
<andytoshi> right
<tromp_> the popow paper just chains blocks of same luck-level
<tromp_> which obviously avoids the complication of effective diff
<tromp_> what if we siimply require decreasing luck?
<tromp_> in the compact chain
<tromp_> i guess that will make it too long
<tromp_> perhaps each next block on compact chain has to be 1-eps less lucky
<andytoshi> yes, everything i tried along these lines made the "compact chain" only linear
<andytoshi> or failed to accomplish whatever security improvement i wanted
<tromp_> so if eps = 0.1 then if you find a block with hash T/a, you then replace all blocks on compact chain with hash <= T/(a*0.9)
<tromp_> hmm, that's not gonna work:(
<tromp_> the thing is, you want bigger gaps near start of compact chain, but smaller gaps near end
<tromp_> in order to keep the length healthy
<tromp_> we want to find some auto-sizing single-chain version of KLS16+ that remains verifiable
q4 has quit [Ping timeout: 240 seconds]
<andytoshi> yup
<andytoshi> as i recall from when i was thinking about this, the auto-sizing property really broke the "only one compact chain" property
<andytoshi> but i don't recall the details of why this would happen, basically the idea was that adding blocks could sometimes make blocks return
Giszmo has quit [Ping timeout: 260 seconds]
buckowski has quit [Quit: ereet]
Noldorin has quit [Ping timeout: 255 seconds]
buckowski has joined #bitcoin-wizards
<tromp_> if you require increasing hashes on the compact chain, and pick them greedily, then the compact chain starts with the lowest hash ever, followed by the lowest hash in the later blocks, etc., but it's possible that a non-greedily picked chain has higher cumulative difficulty
jannes has quit [Quit: Leaving]
Giszmo has joined #bitcoin-wizards
bsm117532 has quit [Remote host closed the connection]
bsm117532 has joined #bitcoin-wizards
Creeper is now known as slimeball
Davasny_ has joined #bitcoin-wizards
Davasny has quit [Ping timeout: 260 seconds]
Davasny_ has quit [Remote host closed the connection]
Bueno has joined #bitcoin-wizards
Bueno has quit [Client Quit]
jtimon has joined #bitcoin-wizards
sam__ has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
tromp has quit [Read error: Connection reset by peer]
tromp has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 240 seconds]
ruby32 has quit [Remote host closed the connection]
ruby32 has joined #bitcoin-wizards
belcher has quit [Ping timeout: 255 seconds]
JackH has quit [Remote host closed the connection]
jtimon has joined #bitcoin-wizards
ruby32 has quit []
Guyver2 has quit [Ping timeout: 260 seconds]
null_radix has quit [Excess Flood]
gielbier has quit [Ping timeout: 276 seconds]
null_radix has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards