sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
rusty has quit [Read error: Connection reset by peer]
rusty has joined #bitcoin-wizards
CheckDavid has quit [Quit: Connection closed for inactivity]
dvknv has quit [Ping timeout: 244 seconds]
dvknv has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
CheckDavid has joined #bitcoin-wizards
deusexbeer has quit [Quit: Konversation terminated!]
rusty has quit [Read error: Connection reset by peer]
rusty1 has joined #bitcoin-wizards
TheoStorm has quit [Quit: Leaving]
copumpkin has quit [Read error: Connection reset by peer]
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
copumpkin has joined #bitcoin-wizards
instagibbs has quit [Ping timeout: 240 seconds]
instagibbs has joined #bitcoin-wizards
meshcollider_ has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 260 seconds]
RubenSomsen has joined #bitcoin-wizards
CheckDavid has quit [Quit: Connection closed for inactivity]
residuals has joined #bitcoin-wizards
Guest12588 has quit [Quit: reconnect]
d9b4bef9 has joined #bitcoin-wizards
Madars has joined #bitcoin-wizards
residuals has quit [Ping timeout: 256 seconds]
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
meshcollider_ has quit [Quit: Connection closed for inactivity]
Jbaczuk has joined #bitcoin-wizards
vicenteH has quit [Read error: Connection reset by peer]
vicenteH has joined #bitcoin-wizards
Kaizen_ has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
BashCo has quit [Read error: Connection reset by peer]
Kaizen_ has quit [Ping timeout: 265 seconds]
BashCo has joined #bitcoin-wizards
rusty1 is now known as rusty
Kaizen_ has joined #bitcoin-wizards
rusty has quit [Read error: Connection reset by peer]
Kaizen_ has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
BashCo has quit [Read error: Connection reset by peer]
BashCo_ has joined #bitcoin-wizards
himanshu_ has joined #bitcoin-wizards
himanshu_ has quit [Quit: Konversation terminated!]
BashCo_ has quit [Read error: Connection reset by peer]
BashCo has joined #bitcoin-wizards
jeremyrubin has quit [Ping timeout: 276 seconds]
jeremyrubin has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 268 seconds]
tromp has joined #bitcoin-wizards
himanshu_ has joined #bitcoin-wizards
himanshu_ has quit [Client Quit]
himanshu_ has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
himanshu_ has quit [Quit: Konversation terminated!]
himanshu_ has joined #bitcoin-wizards
enemabandit has joined #bitcoin-wizards
himanshu_ has quit [Quit: Konversation terminated!]
himanshu_ has joined #bitcoin-wizards
setpill has joined #bitcoin-wizards
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
Krellan has quit [Ping timeout: 265 seconds]
uiuc-slack2 has quit [Remote host closed the connection]
uiuc-slack has joined #bitcoin-wizards
enemabandit has quit [Ping timeout: 252 seconds]
grubles has quit [Remote host closed the connection]
grubles has joined #bitcoin-wizards
maaku has quit [Ping timeout: 268 seconds]
maaku has joined #bitcoin-wizards
himanshu_ has quit [Remote host closed the connection]
himanshu_ has joined #bitcoin-wizards
deusexbeer has joined #bitcoin-wizards
enemabandit has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
Aaronvan_ has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 264 seconds]
Kaizen_ has joined #bitcoin-wizards
thrmo has quit [Quit: Waiting for .007]
Kaizen_ has quit [Ping timeout: 260 seconds]
marcoagner has joined #bitcoin-wizards
himanshu_ has quit [Remote host closed the connection]
himanshu_ has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
SopaXorzTaker has joined #bitcoin-wizards
vcorem has quit [Ping timeout: 256 seconds]
vcorem has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
thrmo has joined #bitcoin-wizards
thrmo has quit [Quit: Waiting for .007]
enemabandit has quit [Quit: Page closed]
wildermind has joined #bitcoin-wizards
Aaronvan_ has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 256 seconds]
laurentmt has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
Guyver2 has joined #bitcoin-wizards
funnymaths has quit [Remote host closed the connection]
RubenSomsen has quit [Quit: Connection closed for inactivity]
funnymaths has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
TheoStorm has quit [Quit: Leaving]
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
himanshu_ has quit [Remote host closed the connection]
satwo has joined #bitcoin-wizards
wbnns_ has joined #bitcoin-wizards
ChristopherA_ has joined #bitcoin-wizards
Lightsword_ has joined #bitcoin-wizards
BCBot_ has joined #bitcoin-wizards
erwounn_ has joined #bitcoin-wizards
sipa_ has joined #bitcoin-wizards
zxzzt_ has joined #bitcoin-wizards
ChristopherA has quit [Ping timeout: 240 seconds]
wallet42 has quit [Ping timeout: 240 seconds]
sipa has quit [Ping timeout: 240 seconds]
wbnns has quit [Ping timeout: 240 seconds]
Gurgulor has quit [Ping timeout: 240 seconds]
erwounn has quit [Ping timeout: 240 seconds]
dEBRUYNE has quit [Ping timeout: 240 seconds]
Jeremy_Rand[m] has quit [Ping timeout: 240 seconds]
huseby has quit [Ping timeout: 240 seconds]
zxzzt has quit [Ping timeout: 240 seconds]
Lightsword has quit [Ping timeout: 240 seconds]
BCBot has quit [Ping timeout: 240 seconds]
dEBRUYNE_ has joined #bitcoin-wizards
Lightsword_ is now known as Lightsword
<waxwing>
might be of interest (haven't read it): https://eprint.iacr.org/2018/209 Auditable Sharing of Private Data over Blockchains
p0nziph0ne- has quit [Ping timeout: 264 seconds]
Jeremy_Rand[m] has joined #bitcoin-wizards
michaelsdunn1 has joined #bitcoin-wizards
huseby has joined #bitcoin-wizards
dEBRUYNE_ has left #bitcoin-wizards ["Leaving"]
laurentmt has quit [Quit: laurentmt]
RubenSomsen has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
Gurgulor has joined #bitcoin-wizards
<kanzure>
for bip32 things (or other key derivation schemes), would it make sense to ask people to sign their child keys with their master keys, to prove that the owner of the parent key actually knows about the bip32 child key derivation path?
<kanzure>
otherwise someone would hand you a bip32 child key, a bip32 path, and a parent key, and show that yes it's derived from the parent, but that doesn't really mean the owner knows about the bip32 path
p0nziph0ne- has joined #bitcoin-wizards
bsm117532 has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
TheoStorm has joined #bitcoin-wizards
<bsm117532>
I'm looking for kanzure's list of proposed bitcoin opcodes, if anyone has the link handy
<bsm117532>
FYI I want to enumerate all the ways of implementing some kind of "covenant" for a compare/contrast project
<bsm117532>
Yeah it's that 2015 post that I'm remembering
priidu has joined #bitcoin-wizards
priidu has quit [Client Quit]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 248 seconds]
Krellan has quit [Ping timeout: 260 seconds]
deusexbeer has quit [Quit: Konversation terminated!]
Krellan has joined #bitcoin-wizards
<instagibbs>
kanzure, why can't the prover just sign using the child key?
thrmo has joined #bitcoin-wizards
setpill has quit [Quit: o/]
p0nziph0ne- is now known as p0nziph0ne
<kanzure>
instagibbs: they could. i'm suggesting maybe it should be a recommendation that users ask for that signature before paying to some derived child key.
<kanzure>
oh, you mean the child key provides the signature. ok fine. either way the recommendation is that the user should ask for at least one signature of something :-).
Kaizen_ has joined #bitcoin-wizards
Kaizen_ has quit [Ping timeout: 276 seconds]
Krellan has quit [Remote host closed the connection]
Chris_Stewart_5 has quit [Read error: Connection reset by peer]
sipa_ has quit [Changing host]
sipa_ has joined #bitcoin-wizards
sipa_ is now known as sipa
tromp has joined #bitcoin-wizards
dougsland has joined #bitcoin-wizards
tromp has quit [Ping timeout: 256 seconds]
CryptAxe has quit [Ping timeout: 255 seconds]
dougsland has quit [Client Quit]
dougsland has joined #bitcoin-wizards
dougsland has quit [Changing host]
dougsland has joined #bitcoin-wizards
CryptAxe has joined #bitcoin-wizards
DougieBot5000_ has joined #bitcoin-wizards
shesek has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
DougieBot5000 has quit [Ping timeout: 264 seconds]
sipa has quit [Quit: leaving]
sipa has joined #bitcoin-wizards
sipa has quit [Changing host]
sipa has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
DougieBot5000_ is now known as DougieBot5000
SopaXorzTaker has quit [Remote host closed the connection]
SopaXorzTaker has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
SopaXorzTaker has quit [Remote host closed the connection]
samm__ has quit [Quit: Leaving]
samm_ has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 240 seconds]
TheoStorm has joined #bitcoin-wizards
wizkid057 has quit [Read error: Connection reset by peer]
wizkid057 has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 256 seconds]
p0nziph0ne has quit [Quit: Leaving]
schmidty has joined #bitcoin-wizards
schmidty has quit [Changing host]
schmidty has joined #bitcoin-wizards
<arubi>
I wonder if using the difference between (parent-child) as pubkey (the payer knows parent and child pubkeys") is enough to assert both ownership of both /and/ that one is a tweak of the other.. but yea by itself it doesn't prove bip32 explicitly without the path too
<arubi>
it feels like it should prove ownership of both keys at least
<arubi>
heh well you'll have to check that parent and child are not the same key, otherwise it's possible to sign any made up difference :)
Krellan has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
<instagibbs>
kanzure, what does this protect against? I always self-sign before handing out an address, just in case of <catastrophic alpha particle>
son0p has joined #bitcoin-wizards
Krellan has quit [Ping timeout: 240 seconds]
otoburb has quit [Quit: leaving]
shesek has quit [Ping timeout: 248 seconds]
wildermind has quit [Quit: Connection closed for inactivity]
<kanzure>
instagibbs: er, but surely you know that most people don't self-sign.
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
<kanzure>
instagibbs: it's for situations where someone else is doing the derivation and handing someone else an address. they can prove it's a child key, and this can be used for later blackmail stuff. it's similar problems as ransomware.
<yoleaux>
@kanzure @n1ckler @adam3us @wintercooled Oh, your 2nd Q: the idea is to create a proof that the sighash preimage conforms to a certain structure: that it's a tx that the sender is expecting, but the input of the receiver is "blanked out"/blinded, then sender signs without learning input in advance (see previous attack) (@waxwing__, in reply to tw:1026559811931058176)
Krellan has joined #bitcoin-wizards
<waxwing>
like, imagine proving the preimage is <public data> || <unknown data> || <public data>
<instagibbs>
I think I'm missing the thread here.
Emcy_ has joined #bitcoin-wizards
<kanzure>
two separate threads.
Emcy has quit [Ping timeout: 248 seconds]
Xexe has left #bitcoin-wizards [#bitcoin-wizards]
tromp has quit [Remote host closed the connection]
deusexbeer has joined #bitcoin-wizards
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
Chris_Stewart_5 has quit [Ping timeout: 244 seconds]
dougsland has quit [Ping timeout: 264 seconds]
uiuc-slack3 has joined #bitcoin-wizards
uiuc-slack has quit [Read error: Connection reset by peer]
<gmaxwell>
a ZKP over a sighash is a generically useful thing for many protocols. Reciever-joins use of it needs an extra round trip over the privacy-vulnerable obvious alternative, which is kinda sad.
son0p has quit [Quit: leaving]
<gmaxwell>
What might be interesting is a ZKP that given sigh,althash,mask I know some tx such that H1(tx)==sigh && H2(tx | mask)==althash, and H2 can be selected to be cheap inside the ZKP at least.
<gmaxwell>
as aside, this kind of structure really begs for sighash to be tree structured.
<gmaxwell>
doing the current segwit sighasher inside a bulletproof is pretty painful.
<kanzure>
merkle inclusion proofs for sighashes :-/
<gmaxwell>
but if the sighash just has a hashtree over inputs and outputs, you wouldn't even need a blinking zkp.
<gmaxwell>
you'd just ... right, a merkle inclusion proof for the output.
<kanzure>
on that note, other weird constructions too like: scriptsig/witness just specifies it's valid for any transaction of shape... oh you said as much. ok.
<arubi>
I was just going to ask if a merkle tree was considered instead of the hash list for segwit in\outs
<gmaxwell>
instagibbs: as for the context, some coinjoin workshop people have been revisiting the old idea that CJ txn are far more indistinguishable from ordinary txn if the participants are paying each other. In particular, the case where alice pays bob can be replaced with a bob and alice provide funds, bob takes payment, alice takes change. And this special case has a lot of nice properties.
TheoStorm has quit [Ping timeout: 268 seconds]
<gmaxwell>
In particular alice was already going to pay bob, so we can basically assume that bob is not a deanonymizing attacker (otherwise alice has worse problems).
<gmaxwell>
It also consolidates bob's txouts, which he'll have a lot of if he's getting lots of small payments. Esp post signature aggregation this will save bob money.
<gmaxwell>
main complications are: that bob's payments need to go into a hotwallet. Though (1) that already seems to be the norm, and (2) the hotwallet could be secured by a HSM signer that only signs for coinjoins.
<gmaxwell>
And that alice can pretend to pay but fail, in order to enumerate bob's outputs.
tromp has joined #bitcoin-wizards
<gmaxwell>
Which is where the ZKP dreams come in. The idea is that you get alice to sign her payment before seeing which txins are bobs.
<gmaxwell>
this kind of join with payee also has a nice property that failure to sign and doublespend DOS attacks are just not so interesting.
dougsland has joined #bitcoin-wizards
<gmaxwell>
e.g. bob doublespending his join would just make him not get paid! Alice doublespending it doesn't do anything to harm bob more than no-join case (other than temporarily tying up one of his otherwise idle outputs)
tromp has quit [Ping timeout: 264 seconds]
TheoStorm has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 268 seconds]
TheoStorm has joined #bitcoin-wizards
michaelsdunn1 has quit [Remote host closed the connection]