sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
jb55 has quit [Quit: WeeChat 2.3]
jb55 has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
Murch has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
Murch has joined #bitcoin-wizards
Murch has quit [Client Quit]
pinheadmz has quit [Quit: pinheadmz]
drexl has quit [Quit: drexl]
_whitelogger has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
Aaronvan_ has joined #bitcoin-wizards
Aaronvan_ has quit [Client Quit]
AaronvanW has quit [Ping timeout: 246 seconds]
davec has quit [Ping timeout: 268 seconds]
davec has joined #bitcoin-wizards
ddustin has quit [Remote host closed the connection]
Murch has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
spinza has joined #bitcoin-wizards
Belkaar has quit [Read error: Connection reset by peer]
jkjk has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
pinheadmz has joined #bitcoin-wizards
pinheadmz has quit [Client Quit]
deusexbeer has quit [Quit: Konversation terminated!]
Krellan has quit [Remote host closed the connection]
Murch has quit [Quit: Snoozing.]
Dean_Guss has joined #bitcoin-wizards
spinza has quit [Read error: Connection reset by peer]
<nsh>
Switch Commitments: A Safety Switch for Confidential Transactions / Tim Ruffing and Giulio Malavolta
<nsh>
ie, in this case, if nontrivial ecDLP generator relations are found then the commitment security switches to elGamel
<nsh>
if i've understood correctly
<real_or_random>
yeah that's the basic idea
<nsh>
but also switching between computational and statistical blinding
<real_or_random>
but what grin implemented is a better variant which is not described in the paper
<real_or_random>
(we should update the paper at some point...)
<nsh>
oh nice
<waxwing>
deploy first, write paper later :)
<nsh>
:)
laurentmt has quit [Quit: laurentmt]
<real_or_random>
it's described here https://lists.launchpad.net/mimblewimble/msg00479.html the advantage is that it is opt-in in the sense that later each user can individually decide whether he wants to risk privacy and get the money back or just do nothing and keep privacy. and this decision can be postponed essentially forever
<nsh>
that's very neat
<real_or_random>
and there are more advantages mentioned in that post, primarily that it does not have storage overhead (before the switch at least)
<nsh>
look forward to the thesis :)
kbc has quit [Quit: kbc]
kbc has joined #bitcoin-wizards
kbc has quit [Client Quit]
<waxwing>
that 063.pdf looks interesting
kbc has joined #bitcoin-wizards
<nsh>
"The prover then performs the MPC computation using the values x1,x2,x3 and given a challenge e ∈ {1,2,3} returns the view of computations performed with inputs x_e and x_e+1. Executing these steps a number of times decreases the soundness error of the proof."
<nsh>
naively it would seem to me that repeating this would reveal more of the missing bit of the MPC
<nsh>
but i presume it doesn't somehow, which speaks to my naivete more than anything i guess
<nsh>
there is only a finite amount of circuit complexity and revealing a third of it over and over seems like it should return cumulatively more of it. i suppose in the context of pederson commitments any finite missing part is enough
<nsh>
as there's no notion of closeness that doesn't still require nontrivial discrete logarithm relations to close up completely
<nsh>
oh i see, the XOR commitment to 2/3rds of the MPC is very elegant
apeng has joined #bitcoin-wizards
<nsh>
was somebody working on a circuits implem of bulletproofs? i have this vague but pretty strong recollection of seeing a github issue/PR/update or something about circuits under bulletproofs