sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
<sipa>
gmaxwell: instead of (R.xy())[0] you can use R[0]
<andytoshi>
relaly?
<andytoshi>
niice
<sipa>
i didn't even know about .xy() ...
<andytoshi>
sipa: .xy() gives you an actual tuple so you can write "%x %x" % G.xy() ... which is used in the comment describing how to compute the Elements H generator
<andytoshi>
R[0], R[1], R[2] are all well define and appear to be jacobian (or projective? can't tell when z = 1) coordinates .. but "%x %x %x" % R does not work
shesek has quit [Read error: Connection reset by peer]
<sipa>
R[2] always gives 1 for me
<sipa>
(for whatever operations i do with EC points in sage)
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
floam412 has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
<uiuc-slack>
<smk7> I guess we also say similar about bypassing the hash step in Schnorr? Set R = sG - mP . I pick(s,m) and get a R value.
<andytoshi>
the thing with schnorr is that you can't really "bypass the hash step"
<andytoshi>
if you don't hash R the whole thing is trivially insecure
<andytoshi>
the difference i guess is that in the ECDSA version you don't get to pick m, it's picked for you
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
michaelsdunn1 has joined #bitcoin-wizards
michaelsdunn1 has quit [Ping timeout: 260 seconds]
floam412 has quit [Ping timeout: 240 seconds]
spinza has quit [Quit: Coyote finally caught up with me...]
spinza has joined #bitcoin-wizards
douglas_ has quit [Ping timeout: 244 seconds]
harrymm has quit [Remote host closed the connection]
Dizzle has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
Zenton has quit [Read error: Connection reset by peer]
Zenton has joined #bitcoin-wizards
Zenton has quit [Read error: Connection reset by peer]
AaronvanW has joined #bitcoin-wizards
Zenton has joined #bitcoin-wizards
Zenton has quit [Ping timeout: 240 seconds]
AaronvanW has quit [Ping timeout: 268 seconds]
Zenton has joined #bitcoin-wizards
Krellan has quit [Remote host closed the connection]
nuncanada has quit [Quit: Leaving]
<gmaxwell>
dgenr8: whatever private venue Scamtoshi was sharing those signatures in sounds like an ecochamber that was specifically setup to amplify that sort of fraud. It would probably be mentally healthy for you to avoid such places.
shesek has quit [Ping timeout: 240 seconds]
floam412 has joined #bitcoin-wizards
mn3monic has quit [Excess Flood]
mn3monic has joined #bitcoin-wizards
mn3monic has quit [Excess Flood]
mn3monic has joined #bitcoin-wizards
Belkaar has quit [Ping timeout: 268 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
floam412 has quit [Ping timeout: 240 seconds]
douglas_ has joined #bitcoin-wizards
fabianfabian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
douglas_ has quit [Ping timeout: 240 seconds]
ryanofsky_ is now known as ryanofsky
thomasan_ has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 240 seconds]
alferz has joined #bitcoin-wizards
michaelsdunn1 has joined #bitcoin-wizards
michaelsdunn1 has quit [Ping timeout: 240 seconds]
<dongcarl>
Well, seems like a simple paper with a simple solution... But I've come to realize that most papers aren't what they seem, so I'm just wondering people's thoughts and whether it's a good idea or not.
<gmaxwell>
dongcarl: if including orphans prevents difficulty from going down, why would any miner do so, or choose to extent the block of another miner that had?
<dongcarl>
gmaxwell: choose to extend (the block (of another miner) that had included orphans)?
<gmaxwell>
if you commit to some orphans in block N, why wouldn't I just ignore your N when mining? -- including them will make us all earn less. (as I understand their proposal)
<dongcarl>
Right... You're always better off with n' = 0
<dongcarl>
I believe to motivate this, they want to change consensus by " including a rule that, in case of competition between two blocks with the same height, nodes should always broadcast the block with the most proof-of-work i.e., the block which includes the most proofs of existence of uncles"
morcos has quit [Ping timeout: 256 seconds]
ghost43 has quit [Ping timeout: 256 seconds]
<gmaxwell>
dongcarl: that has it's own other consequences, but why would any miner follow that rule? it doesn't seem incentive compatible to me.
<gmaxwell>
as any decision to do so will lower all miner's income.
<gmaxwell>
if miners ignore that particular preference, it doesn't matter what other nodes do.
morcos has joined #bitcoin-wizards
<dongcarl>
as in the miners will be incentivized to only make blocks with n' = 0 making the change null and void? If a single miner followed that preference, wouldn't the rest be forced to follow it too? Or I guess they can just fork away to a chain where consensus doesn't include this "uncles" preference?
michaelfolkson has joined #bitcoin-wizards
<gmaxwell>
dongcarl: consensus can't really 'include' a preference, a preference is invisible.
ghost43 has joined #bitcoin-wizards
<dongcarl>
Oh I see... In this case it only matters what the miners do, as they're the only one producing blocks, and are incentivized heavily to not mine on anything with n' > 0
thomasan_ has quit [Ping timeout: 260 seconds]
michaelfolkson has quit [Quit: Sleep mode]
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
peornvweporn has joined #bitcoin-wizards
peornvweporn has left #bitcoin-wizards [#bitcoin-wizards]
AaronvanW has joined #bitcoin-wizards
<RubenSomsen>
From the sidechains paper: "A futuristic idea for a low-value or experimental sidechain is to invoke a trusted authority, whose only job is to execute a trusted setup for a SNARK scheme. Then blocks could be constructed which prove their changes to the unspent-output set, but do so in zero-knowledge in the actual transactions. [...] These proofs could also replace the DMMSes used to move coins from another chain
<RubenSomsen>
by proving that the sending chain is valid according to some rules previously defined."
<RubenSomsen>
Is the assumption here that the trusted authority still commits block hashes into the bitcoin blockchain? Otherwise it seems you could have multiple valid chains.
AaronvanW has quit [Ping timeout: 240 seconds]
mikestevens has joined #bitcoin-wizards
<RubenSomsen>
The reason I ask is because of Poelstra's PoS paper: "Is it necessary to use a DMMS to produce a distributed consensus? This is an open question. The author’s guess is “no”. In particular, simple changes to Bitcoin’s protocol, such as rewarding miners with “coupons” to mine far-future blocks with lower difficulty[BCD+14, Section 6.1] seem unlikely to harm consensus while definitely not satisfying the
<RubenSomsen>
given definition of DMMS."
<RubenSomsen>
It seems to me you still require DMMS for block ordering.
<RubenSomsen>
andytoshi: am I misunderstanding the quote?
rh0nj has quit [Remote host closed the connection]
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
shesek has quit [Ping timeout: 240 seconds]
shesek has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
satwo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mikestevens has quit [Quit: Page closed]
satwo has joined #bitcoin-wizards
satwo has quit [Client Quit]
Murch has joined #bitcoin-wizards
Murch has quit [Ping timeout: 268 seconds]
AaronvanW has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 252 seconds]
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 264 seconds]
shesek has quit [Ping timeout: 245 seconds]
Krellan has quit [Ping timeout: 276 seconds]
Guyver2 has joined #bitcoin-wizards
lukedashjr has joined #bitcoin-wizards
luke-jr has quit [Ping timeout: 245 seconds]
lukedashjr is now known as luke-jr
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 244 seconds]
Krellan has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 252 seconds]
<nsh>
which cardboard and/or glossy magazine things do i have to cut with tiny scissors to get these mining coupons?
<nsh>
PoW discounts are an interesting way to layer incentives but I think it would tend towards 'stakeiness' and there would have to be some baseline PoW to keep things going
<nsh>
so i don't really follow andytoshi/?'s musing there. i think it's just saying you can dilute the 'Dynamic' aspect somewhat without compromising near-term consensus
spinza has quit [Quit: Coyote finally caught up with me...]
<nsh>
at some point however, presumably, the preferencing in consensus of particular keyholders over "anyone with hash and the mempool" would affect the security properties
fabianfabian has joined #bitcoin-wizards
<nsh>
or preferencing in a reward-distributed-signing-of-consensus-state
rh0nj has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
<nsh>
sipa, are we sure there's no way to converge upon a valid signature for a given message digest using the two free variables in the forgery trick above?
<nsh>
(would imply an ECDSA i suppose, but maybe if you have access to a large number of signatures to begin tweaking from you can do some weird parallel stuff)
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 252 seconds]
AaronvanW has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
nuncanada has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
sysoce_ has joined #bitcoin-wizards
booyah has quit [Ping timeout: 264 seconds]
nuncanada has quit [Quit: Leaving]
<andytoshi>
RubenSomsen: i don't remember what i was thinking with that sidechains.pdf quote
<andytoshi>
nsh: my point with the pos.pdf quote was simply that my DMMS definition wasn't good enough
<andytoshi>
RubenSomsen: it sounds like i was trying to come up with some sort of verifiable chaum bank or something .. but you're right that nobody can verify a lack of multiple histories, and what's written seems to suggest that anyone can add blocks so there _would_ be multiple histories
<andytoshi>
nsh: any valid signature can be translated into the "forged" form and back. it is impossible to get two that have any useful relation to each other without knowing the secret key
<andytoshi>
and if an honest signer is using random nonces, they won't be producing anything with useful relations to each other
<andytoshi>
and if they're not, you can extract their secret key wit lattice methods
Aaronvan_ has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 244 seconds]
rh0nj has quit [Remote host closed the connection]
michaelfolkson has joined #bitcoin-wizards
rh0nj has joined #bitcoin-wizards
booyah has joined #bitcoin-wizards
asoltys has quit [Ping timeout: 260 seconds]
asoltys has joined #bitcoin-wizards
sdaftuar has quit [Ping timeout: 260 seconds]
sdaftuar has joined #bitcoin-wizards
michaelfolkson has quit [Quit: Sleep mode]
<RubenSomsen>
andytoshi: OK I see, thanks. Yeah, it seems to DMMS is unavoidable
drexl_ has joined #bitcoin-wizards
drexl has quit [Ping timeout: 260 seconds]
sysoce_ has quit [Ping timeout: 256 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 268 seconds]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
opdenkamp has joined #bitcoin-wizards
morcos has quit [Remote host closed the connection]
morcos has joined #bitcoin-wizards
rh0nj has quit [Remote host closed the connection]
rh0nj has joined #bitcoin-wizards
<dgenr8>
gmaxwell: an echo-chamber participant shared it with me. my response was to ask him if he would abandon csw as satoshi if it were fraudulent. so maybe one less of those in the world now.
drexl__ has joined #bitcoin-wizards
drexl_ has quit [Ping timeout: 240 seconds]
Aaronvan_ has quit [Remote host closed the connection]