sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
son0p_ has quit [Quit: leaving]
TheoStorm has quit [Quit: Leaving]
jeremyrubin has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
jeremyrubin has quit [Ping timeout: 252 seconds]
jeremyrubin has joined #bitcoin-wizards
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
<yoleaux> GitHub - dalek-cryptography/merlin: Composable proof transcripts for public-coin arguments of knowledge
jeremyrubin has quit [Ping timeout: 260 seconds]
Nebraskka has quit [Ping timeout: 246 seconds]
BCBot has quit [Read error: Connection reset by peer]
nickler has quit [Ping timeout: 246 seconds]
nickler has joined #bitcoin-wizards
BCBot has joined #bitcoin-wizards
Nebraskka has joined #bitcoin-wizards
jeremyrubin has joined #bitcoin-wizards
arubi has quit [Ping timeout: 256 seconds]
arubi has joined #bitcoin-wizards
Newyorkadam has joined #bitcoin-wizards
jeremyrubin has quit [Ping timeout: 252 seconds]
alferz has joined #bitcoin-wizards
CheckDavid has quit [Quit: Connection closed for inactivity]
Newyorkadam has quit [Quit: Newyorkadam]
rh0nj has quit [Remote host closed the connection]
alferz has quit [Ping timeout: 240 seconds]
rh0nj has joined #bitcoin-wizards
jeremyrubin has joined #bitcoin-wizards
ynakasone has joined #bitcoin-wizards
Empact has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Belkaar has quit [Read error: Connection reset by peer]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
gribble has quit [Remote host closed the connection]
gribble has joined #bitcoin-wizards
jb55 has quit [Quit: WeeChat 2.2]
jb55 has joined #bitcoin-wizards
jeremyrubin has quit [Ping timeout: 244 seconds]
a5m0 has quit [Remote host closed the connection]
Newyorkadam has joined #bitcoin-wizards
a5m0 has joined #bitcoin-wizards
nephyrin has quit [Quit: ... besides, it was hot]
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
jeremyrubin has joined #bitcoin-wizards
nephyrin has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 272 seconds]
ynakasone has joined #bitcoin-wizards
jeremyrubin has quit [Ping timeout: 268 seconds]
Krellan has quit [Remote host closed the connection]
grubles has quit [Remote host closed the connection]
grubles has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
Empact has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 268 seconds]
ynakasone has joined #bitcoin-wizards
thomasan_ has joined #bitcoin-wizards
Emcy has quit [Ping timeout: 260 seconds]
Empact has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Newyorkadam has quit [Quit: Newyorkadam]
Empact has joined #bitcoin-wizards
Emcy has joined #bitcoin-wizards
Empact has quit [Client Quit]
Empact has joined #bitcoin-wizards
Empact has quit [Client Quit]
Empact has joined #bitcoin-wizards
Empact has quit [Client Quit]
Empact has joined #bitcoin-wizards
Empact has quit [Client Quit]
thomasan_ has quit [Remote host closed the connection]
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 268 seconds]
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
ynakasone has joined #bitcoin-wizards
shesek has quit [Ping timeout: 246 seconds]
shesek has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
Empact has joined #bitcoin-wizards
jeremyrubin has joined #bitcoin-wizards
Newyorkadam has joined #bitcoin-wizards
Newyorkadam has quit [Client Quit]
<CubicEarth> aj: great talk!
jeremyrubin has quit [Ping timeout: 246 seconds]
Chris_Stewart_5 has quit [Ping timeout: 252 seconds]
jeremyrubin has joined #bitcoin-wizards
Empact has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Empact has joined #bitcoin-wizards
<aj> CubicEarth: thanks
jeremyrubin has quit [Ping timeout: 252 seconds]
<CubicEarth> I've long envisioned something similar, and I expect that, in due time, it will come to pass. I am glad you put the effort into giving context, and high level mechanisms by which such could be implemented
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 268 seconds]
ynakasone has joined #bitcoin-wizards
state_bits has joined #bitcoin-wizards
state_bits has left #bitcoin-wizards [#bitcoin-wizards]
<CubicEarth> A bit of a courageous talk at that!
_whitelogger has joined #bitcoin-wizards
<maaku> tromp: then I challenge you to implement forward blocks. it is rediculously simple
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 268 seconds]
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 268 seconds]
rusty has quit [Ping timeout: 245 seconds]
jeremyrubin has joined #bitcoin-wizards
jeremyrubin has quit [Ping timeout: 268 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
jeremyrubin has joined #bitcoin-wizards
jeremyrubin has quit [Quit: Konversation terminated!]
jeremyrubin has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
Empact has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Empact has joined #bitcoin-wizards
Empact has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Empact has joined #bitcoin-wizards
Empact has quit [Client Quit]
Empact has joined #bitcoin-wizards
Empact has quit [Client Quit]
Empact has joined #bitcoin-wizards
TheoStorm has quit [Quit: Leaving]
betawaffle has quit [Ping timeout: 252 seconds]
betawaffle has joined #bitcoin-wizards
ynakasone has joined #bitcoin-wizards
Empact has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Empact has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 244 seconds]
ynakasone has quit [Ping timeout: 240 seconds]
phwalkr has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
Empact has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ynakasone has joined #bitcoin-wizards
jeremyrubin has quit [Ping timeout: 244 seconds]
Empact has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 240 seconds]
Empact has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ynakasone has joined #bitcoin-wizards
Deinogalerix21 has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 252 seconds]
_whitelogger has joined #bitcoin-wizards
Deinogalerix21 has quit [Quit: WeeChat 2.2]
setpill has joined #bitcoin-wizards
<stevenroose> maaku: what's your take on the far future scenario where 99.9% of clients is upgraded to a forward-blocks software? It doesn't seem to be possible to phase out the compat chain as it's the only place where results from all shards are bundled.
<stevenroose> But then again, at some point all forward chain activity will be non-backwards-compatible, so only pegins and coinbases will be handled in the compat chain
<stevenroose> Or would f.e. CT activity also be made available in the compat chain?
<stevenroose> with zero-value outputs
rusty has quit [Ping timeout: 252 seconds]
CheckDavid has joined #bitcoin-wizards
reallll has joined #bitcoin-wizards
<maaku> stevenroose: it's a necessary synchronization point. the compatibility chain never goes away
<maaku> but it only adds a small constant amount per block
<maaku> since the contents are deterministic
belcher_ has quit [Ping timeout: 272 seconds]
reallll is now known as belcher
phwalkr has quit [Remote host closed the connection]
nephyrin has quit [Ping timeout: 240 seconds]
nephyrin has joined #bitcoin-wizards
douglas_ has joined #bitcoin-wizards
NanashiFish has joined #bitcoin-wizards
<NanashiFish> Hey all
<NanashiFish> I have some questions regarding BIP39
<NanashiFish> Would there be anybody willing to help
<NanashiFish> Any input appreciated
<NanashiFish> But there seems to be some daring differences among different codbases that claim to implement the BIP39 standard
<NanashiFish> Which imho is not good?
<waxwing> i'm confused about something in the early part of the article: they make a generic construct for things like RFC6979, but as well as hashing in the transcript, the secret they also hash in an external randomness source. so it's not deterministic any more.
<waxwing> i don't really understand why they do that
SopaXorzTaker has joined #bitcoin-wizards
floam412 has joined #bitcoin-wizards
Emcy has quit [Remote host closed the connection]
floam412 has quit [Ping timeout: 252 seconds]
nuncanada has joined #bitcoin-wizards
Emcy has joined #bitcoin-wizards
valwal has joined #bitcoin-wizards
Emcy has quit [Ping timeout: 260 seconds]
valwal has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
floam412 has joined #bitcoin-wizards
uiuc-slack1 has joined #bitcoin-wizards
uiuc-slack has quit [Read error: Connection reset by peer]
tombusby has quit [Remote host closed the connection]
<jcorgan> in the referenced documentation of TranscriptRng: " In Merlin's setting, the only secrets available to the prover are the witness variables for the proof statement, so in the presence of a weak or failing RNG, the "backup" entropy is limited to the entropy of the witness variables."
tombusby has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
<jcorgan> also: "Binding the output to the Transcript state ensures that two different proof contexts always generate different outputs. This prevents repeating blinding factors between proofs. Binding the output to the prover's witness data ensures that the PRF output has at least as much entropy as the witness does. Finally, binding the output to the output of an external RNG provides a backstop and avoids the downsides of fully deterministic genera
phwalkr has joined #bitcoin-wizards
<waxwing> yeah; in that second text chunk, it's all clear, except the third (btw your text got cut off) ... i'm not sure what are considered the 'disadvantages of fully deterministic generation'
<waxwing> iirc Pornin gave some reasonable motivation for deterministic in RFC6979
<waxwing> but the first of the two you quoted may be an interesting aspect, not sure i got it yet. i guess there are cases where the witness doesn't have much entropy ... but then .. ?
<jcorgan> they claim that the fully deterministic form used in 6979 aids in "fault injection". i don't know what that is.
<jcorgan> i think the idea is "at least as much entropy as the witness variables, but the external PRF makes it unique for each proof"
laurentmt has quit [Quit: laurentmt]
<waxwing> oh no but, transcript + secret is always unique; it's like, imagine creating two versions of a schnorr sig; same message, same nonce, same privkey. you haven't; you've just created the same one twice :)
<waxwing> re: fault injection, i have a memory of people talking about evilness where someone builds a device say, with bad randomness, and silently leaks your privkey over time with it.
<waxwing> just a random memory though, not sure how/to what extent relevant here. interesting, though.
<jcorgan> i agree it's a little confusing
<jcorgan> that's actually a motivation *for* 6979
CheckDavid has quit [Quit: Connection closed for inactivity]
<waxwing> heh
<jcorgan> so after a little background reading i think what they are saying is that a fault injection attack as you describe in a secret key generator is more easily leaked through a deterministic nonce signature scheme
douglas_ has quit [Ping timeout: 264 seconds]
<waxwing> Just from a testing point of view, not using deterministic makes me a bit sad
<waxwing> but if i follow what you're saying, one can at least see the reasoning
<jcorgan> this is why i don't design cryptographic systems for a living, there would be a lot more sadness in the world :)
nuncanada has quit [Quit: Leaving]
phwalkr has quit [Ping timeout: 245 seconds]
phwalkr has joined #bitcoin-wizards
michaelsdunn1 has joined #bitcoin-wizards
michaelsdunn1 has joined #bitcoin-wizards
michaelsdunn1 has quit [Changing host]
dgenr8 has quit [Remote host closed the connection]
dgenr8 has joined #bitcoin-wizards
setpill has quit [Quit: o/]
Empact has joined #bitcoin-wizards
rh0nj has quit [Remote host closed the connection]
rh0nj has joined #bitcoin-wizards
maaku has left #bitcoin-wizards ["http://quassel-irc.org - Chat comfortably. Anywhere."]
<waxwing> Conner has published his 2P-ECDSA btw https://github.com/cfromknecht/tpec
phwalkr has quit [Remote host closed the connection]
Emcy has joined #bitcoin-wizards
Emcy has quit [Remote host closed the connection]
Zenton has quit [Ping timeout: 252 seconds]
Empact has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Emcy has joined #bitcoin-wizards
<Eliel_> maaku: couldnt the forward blocks be implemented such that the compatibility chain doesn't actually need to be stored because it can be generated on the fly from data stored in the new structure?
<Eliel_> or perhaps mostly doesn't need to be stored.
ynakasone has joined #bitcoin-wizards
phwalkr has joined #bitcoin-wizards
dgenr8 has quit [Quit: Leaving]
ynakasone has quit [Ping timeout: 264 seconds]
phwalkr has quit [Ping timeout: 246 seconds]
str4d has joined #bitcoin-wizards
SopaXorzTaker has quit [Remote host closed the connection]
phwalkr has joined #bitcoin-wizards
phwalkr has quit [Ping timeout: 272 seconds]
Newyorkadam has joined #bitcoin-wizards
michaelsdunn1 has quit [Remote host closed the connection]
michaelsdunn1 has joined #bitcoin-wizards
phwalkr has joined #bitcoin-wizards
str4d has quit [Ping timeout: 252 seconds]
phwalkr has quit [Ping timeout: 264 seconds]
Newyorkadam has quit [Quit: Newyorkadam]
deusexbeer has quit [Quit: Konversation terminated!]
Newyorkadam has joined #bitcoin-wizards
michaelsdunn1 has quit [Remote host closed the connection]
michaelsdunn1 has joined #bitcoin-wizards
_Sam-- has quit [Ping timeout: 245 seconds]
rusty has joined #bitcoin-wizards
michaelsdunn1 has quit [Remote host closed the connection]
michaelsdunn1 has joined #bitcoin-wizards
Krellan has joined #bitcoin-wizards
Zenton has joined #bitcoin-wizards
state_bits has joined #bitcoin-wizards
_Sam-- has joined #bitcoin-wizards
dgenr8 has joined #bitcoin-wizards
dgpv has joined #bitcoin-wizards
ynakasone has joined #bitcoin-wizards
<dgpv> in bip174, 'master key fingerprint' is used, that is defined in bip32 as 32-bit value, that is susceptible to collisions. Do this mean that when someone plans to use PBST, collision check needs to be done at the time of multisig scheme setup, and participant have to publish their fingerprints to avoid collisions ?
ynakasone has quit [Ping timeout: 250 seconds]
<waxwing> dgpv, well but you're still checking the key; that field (masterkeyfingerprint, path) is only telling you where to look to see if it matches.
<waxwing> i'd see the fingerprint as purely functioning as a hint or sanity check, no?
<dgpv> well, if you have a match, you might try to derive and check if the derived pubkey matches the pubkey stored in the keypair
<dgpv> but if they do not match, do you consider PBST invalid, or ignore that ?
<waxwing> well say it was on an output, and say it's a hardware device; in that case, you just wouldn't sign it, as the output destination is not recognized.
<dgpv> if another participant have the same fingerprint...
<dgpv> that would mean the multisig setup is not functional
<dgpv> someone have the key with the same fingerprint as yours
Newyorkadam has quit [Quit: Newyorkadam]
<dgpv> and you cannot sign PBST because you deeming it invalid
<waxwing> well, the key in the k-v pair is not the fingerprint, but the pubkey (in the bip32 derivation field), so that'd be unique
<dgpv> but it is the derived pubkey, right ?
<dgpv> so the match against xprivkey needs to be done with fingerprint
<waxwing> and for a multisig you'd have to add the redeemscript k-v pair too right. so if you had two bip32derivations with the same fingerprint ... i'm not sure but i think you'd just check each and see if either matched your key?
Krellan has quit [Ping timeout: 245 seconds]
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
<dgpv> ... and the redeemScript (if provided) matches ...
<dgpv> so it may not be provided
<dgpv> maybe it may not be provided it participants are to reconstruct redeemscripts from derived pubkeys ?
<gmaxwell> stop
phwalkr has joined #bitcoin-wizards
<dgpv> ah, looks like its more redemscript or witness, ok
<gmaxwell> What "32 bit fingerprint" are you talking about?
<waxwing> the bip32 one that's specified as part of the Bip32Derivation k-v pair in BIP174
<dgpv> PSBT_IN_BIP32_DERIVATION
<dgpv> Value: The master key fingerprint as defined by BIP 32
<waxwing> (OUT as well as IN)
<dgpv> BIP32: The first 32 bits of the identifier are called the key fingerprint.
phwalkr has quit [Ping timeout: 252 seconds]
rusty has quit [Ping timeout: 272 seconds]
<dgpv> so you extract pubkeys from redeemscript or witness
<dgpv> and check against them
<waxwing> well now i see you're thinking about inputs, sure, you can't sign without redeemscript/witnessscript
<dgpv> but you have to add a code to handle this corner case
<waxwing> well .. meh, i mean, if you get a fingerprint that matches, but the key doesn't, then that one doesn't work, but .. that's just one way the data could fail to match right. not sure it's a very special corner case in practice.
<waxwing> i mean, maybe.
<waxwing> sorry we may be quite offtopic for this channel though it's probably #bitcoin or perhaps somewhere else
<dgpv> ok
<waxwing> i think it's best seen as a hint.
<dgpv> yeah, I see. Thanks
<dgpv> sorry for offtopic.
Newyorkadam has joined #bitcoin-wizards
dgenr8 has quit [Quit: Leaving]
dgpv has quit [Quit: Page closed]
Krellan has joined #bitcoin-wizards
deusexbeer has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
intcat has quit [Remote host closed the connection]
Chris_Stewart_5 has joined #bitcoin-wizards
michaelsdunn1 has quit [Remote host closed the connection]
intcat has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
floam412 has quit [Ping timeout: 244 seconds]
phwalkr has joined #bitcoin-wizards
alferz has joined #bitcoin-wizards
err0ne has quit [Remote host closed the connection]
alferz has quit [Ping timeout: 240 seconds]
erwanou has quit [Ping timeout: 252 seconds]
Zenton has quit [Ping timeout: 245 seconds]
dgenr8 has joined #bitcoin-wizards
dgenr8 has quit [Client Quit]
dgenr8 has joined #bitcoin-wizards
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 268 seconds]
Chris_Stewart_5 has quit [Ping timeout: 272 seconds]