sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
weez17 has quit [Remote host closed the connection]
weez17 has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 268 seconds]
negatratoron has joined #bitcoin-wizards
negatratoron is now known as jcarpenter2
son0p has quit [Remote host closed the connection]
rmwb has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 252 seconds]
jcarpenter2 has quit [Remote host closed the connection]
rusty has quit [Ping timeout: 268 seconds]
DougieBot5000_ is now known as DougieBot5000
meshcollider has quit [Quit: Connection closed for inactivity]
Belkaar_ has quit [Ping timeout: 240 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 256 seconds]
Fugazi has joined #bitcoin-wizards
hdevalence has quit [Quit: hdevalence]
rusty has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
belcher has quit [Quit: Leaving]
rmwb has quit [Ping timeout: 260 seconds]
rusty has quit [Quit: Leaving.]
rusty has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
richardkiss has quit [Quit: richardkiss]
rmwb has quit [Ping timeout: 240 seconds]
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
Noldorin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
bsm117532 has joined #bitcoin-wizards
Fugazi has quit []
richardkiss has joined #bitcoin-wizards
bsm117532 has quit [Remote host closed the connection]
bsm117532 has joined #bitcoin-wizards
droark has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
tromp has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
Giszmo has quit [Ping timeout: 265 seconds]
rmwb has quit [Ping timeout: 260 seconds]
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
cryptojanitor has quit [Quit: Connection closed for inactivity]
ctr has joined #bitcoin-wizards
shesek has quit [Ping timeout: 256 seconds]
shesek has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
Samdney has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 256 seconds]
jtimon has quit [Remote host closed the connection]
dougsland has quit [Ping timeout: 248 seconds]
rusty has quit [Ping timeout: 260 seconds]
ctr has quit [Quit: Going offline, see ya! (www.adiirc.com)]
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
<waxwing>
tromp, yes, of course (CT is that :)) ... i need to find a way to express the idea that a single challenge can be computationally enough to fix a vector based on m roots amongst p numbers (m/p chance to hit), but this example doesn't make sense (for your reason and perhaps others -- no bandwidth required to communicate a 0 vector!)
<waxwing>
that's one of 2 or three things in the doc i wasn't happy with; i'll be sticking it on github shortly (some annoying conversion ongoing). then can make changes there.
samm_ has quit [Ping timeout: 256 seconds]
<tromp>
m/p is also the odds of randomly guessing the discrete log of any of the m generators
<waxwing>
sure, that's good :) trying to argue it's not computationally feasible to get P(e) to be zero
<waxwing>
afk
samm_ has joined #bitcoin-wizards
shpx has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
shpx has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 252 seconds]
bildramer has joined #bitcoin-wizards
CheckDavid has quit [Quit: Connection closed for inactivity]
richardkiss has quit [Quit: richardkiss]
rmwb has quit [Ping timeout: 260 seconds]
naribia has quit [Quit: Page closed]
daszorz has joined #bitcoin-wizards
samm_ has quit [Ping timeout: 256 seconds]
samm_ has joined #bitcoin-wizards
RegulatorsToMars has joined #bitcoin-wizards
thrmo_ has quit [Ping timeout: 260 seconds]
rmwb has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 256 seconds]
RegulatorsToMars has quit [Ping timeout: 245 seconds]
samm_ has quit [Ping timeout: 256 seconds]
thrmo_ has joined #bitcoin-wizards
samm_ has joined #bitcoin-wizards
CubicEarths has quit [Remote host closed the connection]
son0p has joined #bitcoin-wizards
CubicEarths has joined #bitcoin-wizards
CubicEarths has quit [Ping timeout: 248 seconds]
rusty has joined #bitcoin-wizards
samm_ has quit [Ping timeout: 240 seconds]
rmwb has joined #bitcoin-wizards
shesek has quit [Ping timeout: 248 seconds]
rmwb has quit [Ping timeout: 240 seconds]
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
hkjn0 has joined #bitcoin-wizards
rusty has quit [Ping timeout: 240 seconds]
Guyver2 has joined #bitcoin-wizards
samm_ has joined #bitcoin-wizards
Samdney has quit [Quit: Verlassend]
shpx has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
shpx has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
jonasschnelli has joined #bitcoin-wizards
Aaronvan_ has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 256 seconds]
rmwb has quit [Ping timeout: 256 seconds]
thrmo_ has quit [Quit: Waiting for .007]
son0p has quit [Quit: Lost terminal]
samm_ has quit [Ping timeout: 256 seconds]
bsm117532 has joined #bitcoin-wizards
meshcollider has joined #bitcoin-wizards
refknight has joined #bitcoin-wizards
kraftZero has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
<musalbas>
kanzure, what aj said basically. see this thread for more: https://twitter.com/musalbas/status/970735447520546816 I want to be able to commit to a set of values to append to a tree, while proving that i've only appended and not removed anything from the tree, in O(log n) time for n elements added, while supporting non-inclusion proofs
rmwb has quit [Ping timeout: 255 seconds]
sipa has quit [Ping timeout: 276 seconds]
dougsland has joined #bitcoin-wizards
sipa has joined #bitcoin-wizards
<kanzure>
i can do you for a drop O(log n) requirement then we talk
go1111111 has quit [Ping timeout: 248 seconds]
<musalbas>
well we already know how to do it for O(n)
<musalbas>
the question is, if we it can be done for O(log n) for merkle trees that don't support non-inclusion proofs, can it can be done for trees that do, or is there something inherently impossible about it
<musalbas>
if we know it can be done*
<musalbas>
i mean non-membership proofs, not non-inclusion proofs
<musalbas>
well, they're the same thing
samm_ has joined #bitcoin-wizards
Aaronvan_ is now known as AaronvanW
dougsland has quit [Ping timeout: 240 seconds]
rmwb has joined #bitcoin-wizards
maxfp has joined #bitcoin-wizards
<waxwing>
tromp, i think the best way to state it is something like: you can use a single challenge scalar to assert that two differently constructed commitment sets (or vectors) are actually to the same set of values, by the reasoning that P_1(x) = P_2(x) is an identity, using the commitments as coefficients in P_1, P_2, with the probability argument already mentioned.
<waxwing>
for example you see it play out at the end of sec 4.5, the first inner product proof, where you have (ex+d_x) dot (ey+d_y) = ze^2 + z_1 e + z_0 and you use it to assert z = x dot y
grubles has quit [Remote host closed the connection]
samm_ has quit [Ping timeout: 256 seconds]
rmwb has quit [Ping timeout: 248 seconds]
Aaronvan_ has joined #bitcoin-wizards
deusexbeer has quit [Ping timeout: 256 seconds]
AaronvanW has quit [Ping timeout: 260 seconds]
deusexbeer has joined #bitcoin-wizards
mr_burdell_ is now known as mr_burdell
mr_burdell is now known as Guest4974
SopaXorzTaker has joined #bitcoin-wizards
shpx has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
HashNuke has quit [Read error: Connection reset by peer]
suraeNoether has quit [Ping timeout: 256 seconds]
HashNuke has joined #bitcoin-wizards
Samdney has quit [Quit: Verlassend]
droark has joined #bitcoin-wizards
suraeNoether has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
droark has quit [Client Quit]
rmwb has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
Guest28544 has quit [Quit: Page closed]
laurentmt has joined #bitcoin-wizards
cryptojanitor has joined #bitcoin-wizards
Murch has joined #bitcoin-wizards
Murch has quit [Client Quit]
rmwb has quit [Ping timeout: 256 seconds]
Murch has joined #bitcoin-wizards
go1111111 has joined #bitcoin-wizards
hdevalence has quit [Quit: hdevalence]
hdevalence has joined #bitcoin-wizards
SopaXorzTaker has quit [Remote host closed the connection]
<stevenroose>
sipa: I read about taproot, let me check out graftroot
<stevenroose>
So it's still up for a lot of changes?
<stevenroose>
the musig paper was kinda general
<sipa>
the musig paper has very little to do with the schnorr proposal
<sipa>
it's more a "here's a nifty thing we discovered during our research, may be useful"
<sipa>
it solves the problem of how to combine plain public key security (=no need for a setup protocol) with key aggregation (=ability to make the combined signature look like a single single on a combined key)
<sipa>
for multisig in bitcoin we need key aggregation, but no plain public key security
<sipa>
for cross-input signature aggregation we need plain public key security, but not key aggregation
<sipa>
so the two problems can be solved perfectly fine without musig, if they use different solutions
<sipa>
musig is just a nifty way to deal with it if you insist on solving both with the same scheme
naribia has joined #bitcoin-wizards
contrapumpkin has joined #bitcoin-wizards
rusty has quit [Ping timeout: 256 seconds]
laurentmt has quit [Quit: laurentmt]
shesek has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
<stevenroose>
sipa: you know any resources that explain how Schnorr signatures can be implemented over an EC?
<sipa>
k = random
<sipa>
R = k*G
<sipa>
P = x*G (x = private key)
<sipa>
m = message
<sipa>
s = k + H(R,P,m)*x
<sipa>
sig = (R,m)
<sipa>
eh
<sipa>
sig = (R,s)
<naribia>
hello wizards, where should I begin if I want to understand and play with crypto primative stuff (like what you're describing sipa)
rmwb has joined #bitcoin-wizards
<stevenroose>
Hmm, ok, that seems like what I expected. Let me try that.
rmwb has quit [Ping timeout: 248 seconds]
<stevenroose>
Wait, sipa, does graftroot allow any M-of-N with constant overhead??
<sipa>
yes
<stevenroose>
N-of-N in the normal signature and any other combo using the surrogates
<stevenroose>
Wow
<stevenroose>
It's funny somehow to hear so many people complain about innovation going slow in Bitcoin, but it also makes sure you don't get a ton of features that get rendered useless by strictly better ones later :p
<stevenroose>
It's basically strictly better than MAST right?
airbreather has quit [Ping timeout: 256 seconds]
tylevine has joined #bitcoin-wizards
Belkaar has quit [Read error: Connection reset by peer]
airbreather has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
airbreather has quit [Ping timeout: 260 seconds]
Chris_Stewart_5 has quit [Ping timeout: 248 seconds]
rmwb has joined #bitcoin-wizards
maxfp has quit [Ping timeout: 256 seconds]
Logicwax has quit [Ping timeout: 240 seconds]
droark has joined #bitcoin-wizards
Krellan has joined #bitcoin-wizards
shpx has joined #bitcoin-wizards
Logicwax has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 256 seconds]
refknight has quit [Ping timeout: 260 seconds]
kraftZero has quit [Ping timeout: 256 seconds]
kraftZero has joined #bitcoin-wizards
Aaronvan_ is now known as AaronvanW
kraftZero has quit [Remote host closed the connection]
kraftZero has joined #bitcoin-wizards
douglas_ has joined #bitcoin-wizards
dougsland has quit [Ping timeout: 240 seconds]
dgenr8 has joined #bitcoin-wizards
hdevalence has quit [Quit: hdevalence]
hdevalence has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
douglas_ has quit [Ping timeout: 240 seconds]
cryptojanitor has quit []
MoneroV_ has joined #bitcoin-wizards
hdevalence has quit [Ping timeout: 252 seconds]
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
MoneroV_ has quit [Client Quit]
MoneroV_ has joined #bitcoin-wizards
davec has quit [Quit: leaving]
MoneroV_ has quit [Client Quit]
MoneroV has joined #bitcoin-wizards
hdevalence has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 240 seconds]
Murch has quit [Quit: Snoozing.]
Murch has joined #bitcoin-wizards
hdevalence has quit [Ping timeout: 256 seconds]
davec has joined #bitcoin-wizards
MoneroV has quit []
rusty has joined #bitcoin-wizards
cryptojanitor has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
naribia has quit [Quit: Page closed]
tromp has quit [Remote host closed the connection]