sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
botro has quit []
Kiminuo has quit [Ping timeout: 265 seconds]
fox2p has quit [Ping timeout: 240 seconds]
Kiminuo has joined #bitcoin-wizards
nuncanada has joined #bitcoin-wizards
guest534543 has quit [Ping timeout: 260 seconds]
fox2p has joined #bitcoin-wizards
guest534543 has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 240 seconds]
mauz555 has quit [Remote host closed the connection]
aupiff has joined #bitcoin-wizards
Emcy has quit [Remote host closed the connection]
marcoagner has quit [Ping timeout: 265 seconds]
Kiminuo has joined #bitcoin-wizards
guest534543 has quit [Ping timeout: 240 seconds]
moth has joined #bitcoin-wizards
guest534543 has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 265 seconds]
Emcy has joined #bitcoin-wizards
Kiminuo has joined #bitcoin-wizards
guest534543 has quit [Ping timeout: 265 seconds]
guest534543 has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 265 seconds]
Zenton has quit [Remote host closed the connection]
Kiminuo has joined #bitcoin-wizards
guest534543 has quit [Ping timeout: 240 seconds]
bitdex has joined #bitcoin-wizards
guest534543 has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 272 seconds]
Kiminuo has joined #bitcoin-wizards
zmnscpxj has joined #bitcoin-wizards
guest534543 has quit [Ping timeout: 272 seconds]
guest534543 has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 265 seconds]
Kiminuo has joined #bitcoin-wizards
bildramer1 is now known as bildramer
guest534543 has quit [Ping timeout: 272 seconds]
aupiff has quit [Ping timeout: 240 seconds]
<kanzure>
suppose you had a pre-signed transaction tree protocol and you wanted a limited hardware wallet device for signing,
<kanzure>
if you trusted the computer it was wired to, you wouldn't really need the wallet, and so you don't, and you therefore don't necessarily trust the transaction tree from the computer either
<kanzure>
ideally, a signing device would know the template of the tree and check that everything conforms, but this requires memory and cpu that these devices don't have
<kanzure>
proposal: the underpowered hardware wallet device should maintain a rolling hash of every signature ever, user connects to a verification computer after signing everything, and the user takes the list of all signatures from their possibly-compromised computer and checks that the device's hash can be recomputed from all the signatures the user was given.
<kanzure>
if the user was given one minus signature, then the integrity check will fail because the hashes won't match.
guest534543 has joined #bitcoin-wizards
<kanzure>
s/one minus/minus one
Kiminuo has quit [Ping timeout: 240 seconds]
<kanzure>
context: in pre-signed transactions it's important to be certain about the set of transactions that were signed during the lifetime of the private key. at some point you delete the key. if you find an unexpected signature, then you throw away the tree because you're compromised somehow.
alferz has joined #bitcoin-wizards
guest534543 has quit [Ping timeout: 272 seconds]
alferz has quit [Ping timeout: 255 seconds]
Kiminuo has joined #bitcoin-wizards
someone235 has quit [Quit: Connection closed for inactivity]
Kiminuo has quit [Ping timeout: 268 seconds]
mappum has joined #bitcoin-wizards
Kiminuo has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 272 seconds]
<jeremyrubin>
I think this stems from our conversation about signature transcripts right?
<jeremyrubin>
The issue with something like this is that you need to maintain potentially a lot of state outside of the hardware device, right? And the signatures themselves you may need to store as encrypted backups etc if they're sensitive (i.e., if broadcasting early is undesirable)
<jeremyrubin>
The other issue is that you need not just the transcript, but also a proof that the nonces are derived correctly?
<jeremyrubin>
Also I think you can just use a classic RSA accumulator in this case
<jeremyrubin>
(or whatever trusted setup variant)
<jeremyrubin>
Or actually even just a streaming hash function
<jeremyrubin>
No need for a rolling hash if you alway have all the data
<kanzure>
excuse me, yes, streaming hash
<jeremyrubin>
The issue with this is that old proofs become kinda dangerous
harrigan has quit [Read error: Connection reset by peer]
rusty has quit [Quit: Leaving.]
harrigan has joined #bitcoin-wizards
Logicwax has quit [Ping timeout: 268 seconds]
michal_kubenka has joined #bitcoin-wizards
Logicwax has joined #bitcoin-wizards
harrigan has quit [Read error: Connection reset by peer]
harrigan has joined #bitcoin-wizards
Kiminuo has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 272 seconds]
harrigan has quit [Read error: Connection reset by peer]
harrigan has joined #bitcoin-wizards
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
Kiminuo has joined #bitcoin-wizards
harrigan has quit [Read error: Connection reset by peer]
harrigan has joined #bitcoin-wizards
sipa has quit [Remote host closed the connection]
sipa has joined #bitcoin-wizards
jungly has joined #bitcoin-wizards
harrigan has quit [Read error: Connection reset by peer]
harrigan has joined #bitcoin-wizards
spinza has quit [Ping timeout: 240 seconds]
spinza has joined #bitcoin-wizards
harrigan has quit [Read error: Connection reset by peer]
harrigan has joined #bitcoin-wizards
zmnscpxj_ has joined #bitcoin-wizards
zmnscpxj has quit [Ping timeout: 240 seconds]
harrigan has quit [Read error: Connection reset by peer]
harrigan has joined #bitcoin-wizards
aupiff has joined #bitcoin-wizards
zmnscpxj_ has quit [Quit: Leaving]
zmnscpxj_ has joined #bitcoin-wizards
mryandao has quit [Ping timeout: 240 seconds]
mryandao has joined #bitcoin-wizards
imawhale has quit [Ping timeout: 240 seconds]
imawhale has joined #bitcoin-wizards
aupiff has quit [Read error: Connection reset by peer]
harrigan has quit [Read error: Connection reset by peer]
harrigan has joined #bitcoin-wizards
imawhale1 has joined #bitcoin-wizards
imawhale has quit [Ping timeout: 240 seconds]
marcoagner has joined #bitcoin-wizards
aupiff has joined #bitcoin-wizards
Kiminuo has quit [Quit: Leaving]
harrigan has quit [Read error: Connection reset by peer]
harrigan has joined #bitcoin-wizards
michal_kubenka has quit []
harrigan has quit [Read error: Connection reset by peer]
aupiff has quit [Ping timeout: 260 seconds]
Guyver2 has joined #bitcoin-wizards
Gohla1 has joined #bitcoin-wizards
Zenton has joined #bitcoin-wizards
EmmyNoether has quit [Ping timeout: 260 seconds]
EmmyNoether has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
EmmyNoether has quit [Ping timeout: 272 seconds]
EmmyNoether has joined #bitcoin-wizards
mn3monic has quit [Ping timeout: 260 seconds]
rafalcpp_ has quit [Ping timeout: 260 seconds]
rafalcpp_ has joined #bitcoin-wizards
rusty has quit [Ping timeout: 268 seconds]
<tromp_>
the Monero paper MRL-0005.pdf says it accessed https://people.xiph.org/~greg/confidential_values.txt on June 1 2015, while the bitcointalk CT thread appeared on June 9. when was the former published, gmaxwell? is that the earliest publication on CT?