sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
danrobinson has quit [Ping timeout: 256 seconds]
jannes has quit [Quit: Leaving]
alpalp has quit [Ping timeout: 246 seconds]
rmwb has quit [Ping timeout: 264 seconds]
zooko has quit [Ping timeout: 240 seconds]
Firescar96 has quit [Ping timeout: 264 seconds]
Firescar96 has joined #bitcoin-wizards
PaulCapestany has quit [Quit: .]
atgreen has quit [Ping timeout: 256 seconds]
kankles has quit [Read error: Connection reset by peer]
Ylbam has quit [Quit: Connection closed for inactivity]
rmwb has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
alpalp has joined #bitcoin-wizards
Samdney has quit [Quit: Verlassend]
rgrant has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
isle2983 has quit [Ping timeout: 240 seconds]
rgrant has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
Firescar96 has quit [Ping timeout: 246 seconds]
echonaut2 has quit [Remote host closed the connection]
echonaut has joined #bitcoin-wizards
rgrant has left #bitcoin-wizards [#bitcoin-wizards]
oleganza has quit [Quit: oleganza]
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
kankles has joined #bitcoin-wizards
edvorg has joined #bitcoin-wizards
edvorg has quit [Ping timeout: 246 seconds]
edvorg has joined #bitcoin-wizards
King_Rex has quit [Remote host closed the connection]
dgenr8 has quit [Read error: Connection reset by peer]
dgenr8 has joined #bitcoin-wizards
juscamarena has quit [Remote host closed the connection]
smartcontracts1 has quit [Ping timeout: 240 seconds]
andrew4 has quit [Ping timeout: 240 seconds]
andrew4 has joined #bitcoin-wizards
smartcontracts1 has joined #bitcoin-wizards
juscamarena has joined #bitcoin-wizards
edvorg has quit [Remote host closed the connection]
MaxSan has joined #bitcoin-wizards
edvorg has joined #bitcoin-wizards
isle2983 has joined #bitcoin-wizards
skeuomorf has quit [Ping timeout: 260 seconds]
jtimon has quit [Ping timeout: 240 seconds]
alpalp has quit [Ping timeout: 246 seconds]
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
alpalp has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
RubenSomsen has joined #bitcoin-wizards
Guest10 has quit [Client Quit]
Guest10 has joined #bitcoin-wizards
alpalp has quit [Ping timeout: 246 seconds]
lmatteis has quit [Quit: Connection closed for inactivity]
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
RubenSomsen has quit [Ping timeout: 240 seconds]
veleiro has joined #bitcoin-wizards
pro has quit [Quit: Leaving]
rmwb has quit [Remote host closed the connection]
RubenSomsen has joined #bitcoin-wizards
thrmo has quit [Ping timeout: 240 seconds]
Belkaar has quit [Ping timeout: 240 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
CubicEarthh is now known as CubicEarth
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
veleiro has left #bitcoin-wizards [#bitcoin-wizards]
rmwb has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 260 seconds]
andrew4 has quit [Ping timeout: 256 seconds]
smartcontracts1 has quit [Ping timeout: 260 seconds]
smartcontracts1 has joined #bitcoin-wizards
andrew4 has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
fibonacci_ has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 260 seconds]
[7] has joined #bitcoin-wizards
harrymm has quit [Read error: Connection reset by peer]
harrymm has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
edvorg has quit [Remote host closed the connection]
RubenSomsen has quit [Read error: Connection reset by peer]
RubenSomsen has joined #bitcoin-wizards
rmwb has quit [Remote host closed the connection]
rmwb has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 260 seconds]
<da2ce7> "non-qc-pow is a subset of qc-proof-of-work when the bit-length is sufficiently large"
<da2ce7> I have been thinking about qc-resistant mining algo; in talking to andytoshi, he confirmed that any poisson process will lead to a 50% bit-length reduction on difficulty.
str4d has joined #bitcoin-wizards
<da2ce7> so therefore the only difficulty metric we have to play with is the bit-length.
<da2ce7> thus I propose we move to a mining algorithm that has a variable bit-length, where setting a higher difficulty will simply increase the bit-length of the crypto-hash as needed.
<da2ce7> this should have a smooth transition point between non-QC, composite-QC, and QC mining.
<da2ce7> unlike a fixed 256bit hash, that has a sudden and dramatic breakage as soon as QC computers of sufficiently large bit-length are available.
RubenSomsen has quit [Ping timeout: 268 seconds]
BashCo has quit [Remote host closed the connection]
CubicEarth has quit [Remote host closed the connection]
fibonacci_ has quit [Quit: Connection closed for inactivity]
CubicEarth has joined #bitcoin-wizards
MoALTz has joined #bitcoin-wizards
kexkey has quit [Ping timeout: 264 seconds]
rmwb has joined #bitcoin-wizards
<andytoshi> sorry, i dropped off, was distracted by the conference i'm speaking at .. can you explain what "therefore the only difficulty metric we have to play with is the bit-length" means? how does this affect any QC advantage in pow?
juscamarena_ has joined #bitcoin-wizards
juscamarena has quit [Ping timeout: 260 seconds]
CubicEarth has quit []
<da2ce7> if traditional pow difficulty value is: 80bit, then the qc-equiv is 40bit.So either you have to design non-qc asics that are fast at 90bit, or design qc asic's that are fast at 45bit.
<da2ce7> you increase the difficulty by increasing the bit-length of the hash. forcing both qc and non-qc to make bigger miners.
<da2ce7> I mean if the difficulty increases from 80bit to 90bit, either you need more non-qc miners, or you need to design new qc-miners that can manage larger qc states.
cyphase has quit [Ping timeout: 240 seconds]
BashCo has joined #bitcoin-wizards
cyphase has joined #bitcoin-wizards
rmwb has quit []
pedrovian_ has joined #bitcoin-wizards
pedrovian has quit [Ping timeout: 240 seconds]
lmatteis has joined #bitcoin-wizards
atgreen has joined #bitcoin-wizards
johntramp has joined #bitcoin-wizards
<andytoshi> what are you trying to accomplish?
brianhoffman has quit [Ping timeout: 246 seconds]
Firescar96 has joined #bitcoin-wizards
MaxSan has quit [Ping timeout: 240 seconds]
Firescar96 has quit [Ping timeout: 260 seconds]
juscamarena_ is now known as juscamarena
kenshi84 has quit [Ping timeout: 240 seconds]
kenshi84 has joined #bitcoin-wizards
<stevenroose> if I understand the extension blocks proposal (the to the moon one) correctly, it's more like a "block extension" than "extension blocks" in the sense that there is only one extension block per block, no?
<stevenroose> not sure
<stevenroose> sipa, is there a specific reason for the choice of the commitment header value (0xaa21a9ed)? I always wondered, especially now that extension blocks are using the same value incremented (0xaa21a9ef)
Guyver2 has joined #bitcoin-wizards
<sipa> stevenroose: no
<sipa> it's just random, unlikely to ever appear randomly in a transaction output
<stevenroose> sipa, not randomly no, what happens if it's included intentionally? the block is just gonna be considered invalid, right?
<stevenroose> makes sense
<sipa> yes, it would make the block invalid
<sipa> so it's chosen to be unlikely to appear accidentally
<stevenroose> pickandomHeader() { return 0xaa21a9ed; /* chosen by Pieter Wuille. guaranteed to be random. */ }
<stevenroose> (cfr xkcd :D)
dnaleor has quit [Ping timeout: 256 seconds]
dnaleor has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
thrmo has joined #bitcoin-wizards
<sipa> stevenroose: it's like the network magic
dn2k has quit [Read error: Connection reset by peer]
BashCo has quit [Ping timeout: 240 seconds]
BashCo has joined #bitcoin-wizards
<stevenroose> sipa, yeah I know. satoshi picked that one, right? no one ever found any symbolism in the value?
<stevenroose> I love when people go nuts looking for Satoshi symbolism, like here https://www.reddit.com/r/Bitcoin/comments/229qvr/happy_birthday_satoshi_nakamoto/
<da2ce7> andytoshi, a pow system that doesn't break when QC becomes available, so it must have a smooth transaction from conventional computing to quantum computing.
<sipa> da2ce7: i don't see how that is possible
<sipa> da2ce7: any PoW system is going to be subject to Grover's algorithm, I think?
<da2ce7> sipa: the solution is to set the bit-length of the hash as the difficulty, not a target number. Increase the difficulty will make it harder to design a QC computer for the problem.
<da2ce7> the problem is that sha256 has a constant engineering difficulty for QC.
<da2ce7> and the engineering intersection point between conventional and qc computers may be something like 40bit apart.
BashCo_ has joined #bitcoin-wizards
<da2ce7> If the bit-length IS the difficulty, then there will be a smooth transaction.
<sipa> ah, you're relying on the engineering difficulty for QC
<sipa> rather than assuming an arbitrary-qbit machine will randomly appear
<da2ce7> of course, as non-qc is just a subset of qc computing.
<da2ce7> what is happening is that non-qc pow can be seen as a very inefficient qc computer.
BashCo has quit [Ping timeout: 240 seconds]
BashCo has joined #bitcoin-wizards
BashCo_ has quit [Ping timeout: 240 seconds]
mol has quit [Ping timeout: 260 seconds]
<da2ce7> If we used a shorter hash, maybe 100bit, then I don't think that we would be qc vulnerable, as the intersection point would always be in the non-pow favour.
<da2ce7> er. non-qc-pow favour.
<da2ce7> as-in, it will always be cheaper to emulate the state of a 100bit computer than to compute it with qc.
<da2ce7> *hash function not computer.
<da2ce7> like it is with the extreme case, nobody is going to use a qc to solve 16bit hashes.
<da2ce7> it would be nice for bitcoin to one-day drive the development of QC for humanity, so picking a 'fair' pow system would mean that you don't preference qc or non-qc.
<da2ce7> this also means that Bitcoin has a hard-coded difficulty bomb, kinda like etherium; that strongly preferences qc computing. I believe that this is extremely centralising; as it is about designing a computer that has a single state, the bigger-and-more-isolated it is; the better it will be.
<da2ce7> having a balanced qc / non-qc computing problem also solves the '"The bitcoin miner just ate the last energy of the sun", problem. As is becomes both a engineering and resource usage problem.
<da2ce7> As energy becomes more expensive, people will move to qc mining, as energy becomes cheaper, they move back to conventional computing.
RubenSomsen has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
moli_ has joined #bitcoin-wizards
pro has joined #bitcoin-wizards
<da2ce7> just like there is two forms of money: bullion, and jewellery. We should balance the "proof-of-work", between manual labour and creative design.
<da2ce7> qc being the creative design, and non-qc being manual labour.
n1ce has joined #bitcoin-wizards
RubenSomsen has quit [Ping timeout: 240 seconds]
King_Rex has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
MaxSan has joined #bitcoin-wizards
MaxSan has quit [Ping timeout: 264 seconds]
RubenSomsen has joined #bitcoin-wizards
kristofferR has quit [Quit: Textual IRC Client: www.textualapp.com]
mountaingoat has quit [Ping timeout: 240 seconds]
mountaingoat has joined #bitcoin-wizards
katu has joined #bitcoin-wizards
jannes has joined #bitcoin-wizards
nejon has quit [Ping timeout: 264 seconds]
BashCo has quit [Remote host closed the connection]
BashCo has joined #bitcoin-wizards
null_radix has quit [Excess Flood]
null_radix has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 246 seconds]
BashCo has joined #bitcoin-wizards
brianhoffman has joined #bitcoin-wizards
rockhouse has quit [Quit: rockhouse]
str4d has quit [Ping timeout: 268 seconds]
skeuomorf has joined #bitcoin-wizards
mryandao has quit [Quit: do not disturb. look busy...]
mryandao has joined #bitcoin-wizards
mryandao has joined #bitcoin-wizards
mryandao has quit [Changing host]
Firescar96 has joined #bitcoin-wizards
rockhouse has joined #bitcoin-wizards
mountaingoat has quit [Ping timeout: 260 seconds]
mountaingoat has joined #bitcoin-wizards
Logicwax has quit [Ping timeout: 240 seconds]
bsm117532 has joined #bitcoin-wizards
kexkey has joined #bitcoin-wizards
cannedprimates has quit [Quit: Connection closed for inactivity]
Davasny has joined #bitcoin-wizards
Davasny is now known as Guest85558
RCasatta has joined #bitcoin-wizards
nejon has joined #bitcoin-wizards
Wikiscratch has joined #bitcoin-wizards
Samdney has joined #bitcoin-wizards
Wikiscratch has quit [Ping timeout: 256 seconds]
thrmo has quit [Quit: Waiting for .007]
kristofferR has joined #bitcoin-wizards
Firescar96 has quit [Ping timeout: 240 seconds]
RCasatta has quit [Remote host closed the connection]
BashCo has quit [Remote host closed the connection]
<tromp__> da2cey: only hashcash pow is vulnerable to grover search
<tromp__> da2ce7 i mean...
abpa has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
oleganza has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
atgreen has quit [Ping timeout: 268 seconds]
andrew4 has quit [Ping timeout: 256 seconds]
smartcontracts1 has quit [Ping timeout: 260 seconds]
andrew4 has joined #bitcoin-wizards
smartcontracts1 has joined #bitcoin-wizards
kexkey has quit [Quit: Leaving]
Guest10 has joined #bitcoin-wizards
Guest10 has quit [Client Quit]
Guest10 has joined #bitcoin-wizards
<kanzure> "The proof of constraint satisfaction problem dichotomy conjecture" https://arxiv.org/abs/1704.01914
<kanzure> "A dichotomy theorem for nonuniform CSPs" https://arxiv.org/abs/1703.03021
cz has joined #bitcoin-wizards
Firescar96 has joined #bitcoin-wizards
King_Rex has quit [Remote host closed the connection]
bsm117532 has quit [Ping timeout: 268 seconds]
priidu has joined #bitcoin-wizards
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Guest10 has joined #bitcoin-wizards
RubenSomsen has quit [Ping timeout: 240 seconds]
d9b4bef9 has quit [Remote host closed the connection]
oleganza has quit [Quit: oleganza]
kristofferR has quit [Quit: Textual IRC Client: www.textualapp.com]
d9b4bef9 has joined #bitcoin-wizards
nu11p7r has joined #bitcoin-wizards
King_Rex has joined #bitcoin-wizards
kristofferR has joined #bitcoin-wizards
Firescar96 has quit [Ping timeout: 240 seconds]
atgreen has joined #bitcoin-wizards
King_Rex has quit [Quit: Leaving...]
alpalp has quit [Ping timeout: 246 seconds]
oleganza has joined #bitcoin-wizards
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
abpa has quit [Quit: Textual IRC Client: www.textualapp.com]
Guest10 has joined #bitcoin-wizards
saintromuald has joined #bitcoin-wizards
kristofferR has quit [Quit: Textual IRC Client: www.textualapp.com]
atgreen has quit [Ping timeout: 260 seconds]
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
pedrovian has joined #bitcoin-wizards
pedrovian_ has quit [Ping timeout: 246 seconds]
<kanzure> is there a proof-of-work function that could be horrendously large to implement (megabytes?), without non-obvious optimizations and other speedups (by some sort of guarantee), but also still absurdly fast to verify?
Firescar96 has joined #bitcoin-wizards
Firescar96 has quit [Ping timeout: 264 seconds]
moli_ has quit [Ping timeout: 260 seconds]
echonaut has quit [Remote host closed the connection]
echonaut3 has joined #bitcoin-wizards
Davasny has joined #bitcoin-wizards
Davasny is now known as Guest86475
moli_ has joined #bitcoin-wizards
Guest85558 has quit [Ping timeout: 260 seconds]
_whitelogger has joined #bitcoin-wizards
<kanzure> it doesn't seem to give us anything, though.
<kanzure> botnet operators might be less willing to deploy a 200 MB pow function in the event of a pow change
<kanzure> if the total software required is like <100 kilobytes, that's really simple for a botnet operator to deploy to hundreds of thousands of machines. but 200 MB?
<gmaxwell> pretty sure thats trivial to deploy too.. step one link bittorent library.
kristofferR has joined #bitcoin-wizards
<kanzure> i wonder if the well-implemented botnets are already using torrenting these days. hm.
Guest86475 has quit [Remote host closed the connection]
skeuomorf has quit [Read error: Connection reset by peer]
Guyver2 has quit [Quit: :)]
str4d has joined #bitcoin-wizards
<tromp__> yes, kanzure, there are such pows. but the verifier will need access to those 100s of MB too
<gmaxwell> tromp__: why do you say this?
<gmaxwell> consider a system where you have some large amount of fixed data. Build a hashtree over it. Verifiers know the root.
<tromp__> ok, then verifiers can remain small
<gmaxwell> now, compute H(input)->key1 then compute H(input||key1)->key2 for some numbers of iterations, and you show the verifiers membership proofs.
<gmaxwell> but your proofs are then kinda big.
<tromp__> yes, that's downside
<gmaxwell> if you do not sample enough places the prover can just keep a subset and throw out answers that sample the wrong portions.
<tromp__> they go from a few hundred byte to dozens of kb
<gmaxwell> yes. Though you could negoiate sending the proofs on a case by case basis... or if showing multiple proofs (like in an initial download) take a union of their memberships.
<tromp__> in the merkle tree proof pow, they suggest using 70 samples
<gmaxwell> so if the verifier does have the data you could just skip sending the proof.
<gmaxwell> yes, you probably need a LOT so that a 'memoryless' implementation on some fast asic isn't a win.
Zoie2 has joined #bitcoin-wizards
<tromp__> do you remember the Momentum PoW?
<tromp__> covert ASICboost is basically solving a Momentum / Hashcash hybrid PoW
Giszmo has quit [Ping timeout: 268 seconds]
<tromp__> actually, the overt form as well
contrapumpkin has joined #bitcoin-wizards
instagibbs has joined #bitcoin-wizards
<gmaxwell> hm? there is no collision generating part in the overt form.
<gmaxwell> both are exploiting the fact that the first chunk of the second compression run depends on part of the input, to allow sharing work.
<gmaxwell> the covert kind uses a partial collision to arrange sharable work, the overt kind just does it directly
Guest10 has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
<tromp__> yes, you're right. only covert form generates collissions. sorry for misunderstanding overt form
Guest10 has quit [Client Quit]
Guest10 has joined #bitcoin-wizards
<tromp__> anyway, rationale for fixing covert asicboost is clear; we don't want pow to be a complex hybrid of two different pows
<tromp__> one of which is alrd broken in itself by having sublinear time/memory tradeoffs
talmai has joined #bitcoin-wizards
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
talmai has quit [Quit: working]
talmai has joined #bitcoin-wizards
atgreen has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
Guest10 has quit [Client Quit]
Guest10 has joined #bitcoin-wizards
jannes has quit [Quit: Leaving]
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Logicwax has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
talmai has quit [Quit: mining]
talmai has joined #bitcoin-wizards
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
alpalp has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
MaxSan has joined #bitcoin-wizards
blackwraith has joined #bitcoin-wizards
priidu has quit [Ping timeout: 240 seconds]
alpalp has quit [Ping timeout: 240 seconds]
<gmaxwell> random altcoiny observation, you can use an open ended presale to pretend an arbritarily large premine was actually open... just use whatever funds come in to also 'buy' more coins... and just print however many you want. Or you can use any fraction of the funds to still get a big upfront amount, but guarentee that you'll own whatever fraction of the result you want.
sausage_factory has joined #bitcoin-wizards
blackwraith has quit [Ping timeout: 260 seconds]
<oleganza> pardon my ignorance, i've asked that question 2 years ago. What's the reason in BIP32 for adding Hash(P,i)*G to parent pubkey instead of multiplying factor by the parent pubkey: Hash(P,i)*P? Is it only performance (scalarmult by a base point can use some precomputed data specific to base point)?
<oleganza> I'm asking to figure out if there are some weird schemes where "blinding" (in terms of Tor HKD proposal) by multiplication is more useful than adding?
<oleganza> (also signing is obviously faster because scalar addition is faster than multiplication)
<oleganza> Context: BIP32 uses addition, but Tor's "blinded keys" scheme uses multiplication.
skeuomorf has joined #bitcoin-wizards