sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
jMCg has quit []
captjakk has quit [Remote host closed the connection]
captjakk has joined #bitcoin-wizards
Zenton has quit [Ping timeout: 240 seconds]
captjakk has quit [Remote host closed the connection]
captjakk has joined #bitcoin-wizards
GsC_RuL3Z has joined #bitcoin-wizards
captjakk has quit [Ping timeout: 255 seconds]
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
shush has quit [Remote host closed the connection]
belcher has quit [Quit: Leaving]
shush has joined #bitcoin-wizards
shush has quit [Ping timeout: 258 seconds]
bitdex has joined #bitcoin-wizards
shush has joined #bitcoin-wizards
nuncanada has quit [Quit: Leaving]
nick_fre_ has joined #bitcoin-wizards
zmnscpxj has joined #bitcoin-wizards
nick_freeman has quit [Ping timeout: 248 seconds]
GsC_RuL3Z has quit []
TheoStorm has quit [Quit: Leaving]
AaronvanW has quit [Remote host closed the connection]
hollisb has joined #bitcoin-wizards
shush has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 258 seconds]
AaronvanW has quit [Ping timeout: 240 seconds]
shush has joined #bitcoin-wizards
captjakk has joined #bitcoin-wizards
Belkaar has quit [Ping timeout: 240 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
nick_fre_ has quit [Remote host closed the connection]
nick_freeman has joined #bitcoin-wizards
shush has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
shush has joined #bitcoin-wizards
shush has quit [Remote host closed the connection]
captjakk has quit [Remote host closed the connection]
captjakk has joined #bitcoin-wizards
shush has joined #bitcoin-wizards
shush has quit [Remote host closed the connection]
AaronvanW has quit [Ping timeout: 255 seconds]
captjakk has quit [Remote host closed the connection]
nick_freeman has quit [Remote host closed the connection]
guest534543 has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 258 seconds]
guest534543 has quit [Quit: Leaving]
Kiminuo has joined #bitcoin-wizards
hollisb has quit []
harrigan_ has joined #bitcoin-wizards
aupiff has quit [Ping timeout: 272 seconds]
harrigan has quit [Ping timeout: 255 seconds]
aupiff has joined #bitcoin-wizards
Fiver has joined #bitcoin-wizards
aupiff has quit [Ping timeout: 258 seconds]
<ariard>
waxwing: re: timelocking you don't need only to timelock but also inter-timelocks deltas to be ones observable with the set of txn you want to be undistinguishable?
<ariard>
doable but care of not introducing a bias
<zmnscpxj>
context?
Kiminuo has quit [Ping timeout: 260 seconds]
<ariard>
on the multi-tx construction protocol, you may reuse the tx interactive tx pprotocol
<ariard>
when matures
<zmnscpxj>
Is this for CoinJoinXT?
<ariard>
yes
<ariard>
because if you commit timelocks with N+42,N+84,...
<zmnscpxj>
ah
<ariard>
that's an obvious flag
<zmnscpxj>
for CoinJoinXT we need to emulate "normal" behavior for a wallet
<zmnscpxj>
and most wallets are controlled by humans
<zmnscpxj>
which are difficult to model
<ariard>
yeah that's my point
<zmnscpxj>
we could try to emulate this by observing the typical coin-depth of transactions
<zmnscpxj>
I mean.... the confirmation depth of inputs
<zmnscpxj>
figure out its distribution
<zmnscpxj>
then sample from a distribution from the same model
<zmnscpxj>
which leads me to think that it is likely that most transactions will have a long confirmation depth for inputs
<ariard>
and hardcode in timelock PTG algo + a bit of randomness
<zmnscpxj>
which is mildly undesirable since it would make CoinJoinXT very long
<ariard>
fast, confidential, liquidity, pick two
<zmnscpxj>
since CoinJoinXT is (we hope) multi-participant, how does the PTG algo get done?
<ariard>
also can you combine coinjoinXT and coinshuffle and still keep outputs unlinkability? because if I announce my exit points on different stages of the PTG..
<zmnscpxj>
Ideally the PTG algo would be deterministic: the participants contribute to some random seed, there is an algorithm which samples from a PRNG, and deterministically generates the PTG.
<zmnscpxj>
If only one participant does the PTG, how do the others know the PTG was done correctly without biases?
<ariard>
ah I see, users don't decide the tree, just inputs they want to mix
<ariard>
you valid the announced PTG against your set of desirable tree templates but mehhh...
<zmnscpxj>
including in ways that are biased and possibly easily leaked
<ariard>
what do we aim for? if at least two honest users are part of the protocol, you get a bit of privacy?
<zmnscpxj>
seems a reasonable goal?
<ariard>
yes, even in case of malicious PTG server
<ariard>
-> sleep
<ariard>
(but will brood on it)
aupiff has joined #bitcoin-wizards
<zmnscpxj>
another thought: if you have some transaction that you sign *now*, but which is timelocked in the future, you lock in a particular feerate *now* which might be outside a "reasonable" fee range in the future
shush has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
shush has quit [Ping timeout: 252 seconds]
AaronvanW has quit [Ping timeout: 258 seconds]
Belkaar has quit [Quit: bye]
marcoagner has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Client Quit]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
rafalcpp has quit [Ping timeout: 240 seconds]
queip has quit [Ping timeout: 258 seconds]
rafalcpp has joined #bitcoin-wizards
queip has joined #bitcoin-wizards
Fiver has quit []
Guyver2 has joined #bitcoin-wizards
Plasmastar1 has joined #bitcoin-wizards
aupiff has quit [Ping timeout: 255 seconds]
RubenSomsen has quit []
RubenSomsen has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
murrayn has quit [Read error: Connection reset by peer]
rockhouse has quit [Quit: Ping timeout (120 seconds)]
aupiff has joined #bitcoin-wizards
rockhouse has joined #bitcoin-wizards
murray has joined #bitcoin-wizards
murray is now known as Guest23538
aupiff has quit [Ping timeout: 258 seconds]
AaronvanW has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
rafalcpp has quit [Ping timeout: 272 seconds]
aupiff has joined #bitcoin-wizards
Emcy has quit [Ping timeout: 255 seconds]
Emcy has joined #bitcoin-wizards
shush has joined #bitcoin-wizards
shush has quit [Ping timeout: 248 seconds]
<yanmaani>
What are the current constructions for set membership proofs? I know of the Merklix tree (and friends, e.g. sorted Merkle tree), where each insertion requires the re-hash of some amount of data
<yanmaani>
and the other one that they use in Bitcoin Cash, where you can't prove membership, just hash the set
<yanmaani>
(RSA accumulator?)
<yanmaani>
Is there a 'nice' one, where you have a function f(set hash, new data) -> set hash w/ new data, and a function f(set hash, some data) -> bool data_is_in_set?
<yanmaani>
or f(set hash, some data, succinct proof)
<zmnscpxj>
Merkle trees are f(set hash, some data, succinct proof) for some definitions of "succinct"
<yanmaani>
or I mean nonmembership proofs
<yanmaani>
Yeah but you can't insert.
<zmnscpxj>
you can, you just have to change every proof you have
<yanmaani>
Yeah but you can't do it from the hash
<zmnscpxj>
similar to how functional programming languages do their trees
<yanmaani>
if you have a gazillion items, you can't make a new proof with a gazillion + 1 items
<zmnscpxj>
a hash is just a pointer, you just change all the pointers in all your proofs
<yanmaani>
without first having to get the whole tree
<yanmaani>
Yeah but that requirest you to have the tree on disk/in memory
Zenton has joined #bitcoin-wizards
<zmnscpxj>
yes, on disk
<yanmaani>
Yeah but is there an option which doesn't require this?
<zmnscpxj>
otherwise you are trying to compress a lot of data into a single succinct hash, which is information-theoertically impossible
<yanmaani>
In theory, no. The proof could contain the data you are putting in there.
<zmnscpxj>
unless I misunderstand exactly what your goals are
<yanmaani>
so for bitcoin specifically
<yanmaani>
you make a set hash accumulator thing
<yanmaani>
you put all the UTXOs in there
<yanmaani>
you query nodes, "Is this in the UTXO set"
<zmnscpxj>
then just Merklize a functional-programming ("persistent") red-black tree
<zmnscpxj>
Or you use Utreexos, and mutate all your proofs at each block
<yanmaani>
they either say "yes, here's your UTXO" (as things are now with SPV unchanged)
<yanmaani>
or they say "no it's not, here is proof"
<yanmaani>
Utreexos?
<zmnscpxj>
A tree of merkle trees, do not have the math on hand
<yanmaani>
"We don’t have good tools to combat UTXO growth ... For example, timestamping applications often create unspendable outputs due to ease of implementation ... These non-btc-value-transfer use-cases can often afford to pay far higher fees per UTXO created than competing btc-value-transfer use-cases; many users could afford to spend $50 to register a new PGP key, yet would rather not spend $50 in fees
<yanmaani>
to create a standard two output transaction"
<yanmaani>
what about something like a security deposit?
<yanmaani>
Each time you create an UTXO you have to pay X, but each time you destroy an UTXO you also get X.
mdunnio has joined #bitcoin-wizards
aupiff has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 255 seconds]
aupiff has quit [Ping timeout: 255 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Zenton has quit [Ping timeout: 255 seconds]
nick_freeman has joined #bitcoin-wizards
nick_freeman has quit [Ping timeout: 248 seconds]
mdunnio has quit [Remote host closed the connection]
_whitelogger has joined #bitcoin-wizards
aupiff has joined #bitcoin-wizards
aupiff has quit [Ping timeout: 255 seconds]
nick_freeman has joined #bitcoin-wizards
mauz555 has joined #bitcoin-wizards
nick_fre_ has joined #bitcoin-wizards
nick_freeman has quit [Ping timeout: 272 seconds]
captjakk has quit [Remote host closed the connection]
nuncanada has quit [Read error: Connection reset by peer]
Noldorin has quit [Client Quit]
nuncanada has joined #bitcoin-wizards
<gleb>
Yeah I was bringing up this work here and there. Super cool and creative, but Bitcoin should be fine. Unless it is combined with some other crazy thing like 25-depth CPFP (I don't have an exact scenario).
Chris_Stewart_5 has quit [Ping timeout: 265 seconds]
captjakk has quit [Remote host closed the connection]
Emcy has quit [Ping timeout: 260 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
captjakk has joined #bitcoin-wizards
Emcy has joined #bitcoin-wizards
Emcy has quit [Client Quit]
Zenton has joined #bitcoin-wizards
aupiff has joined #bitcoin-wizards
wez has quit []
aupiff has quit [Ping timeout: 258 seconds]
Emcy has joined #bitcoin-wizards
aupiff has joined #bitcoin-wizards
tvn has joined #bitcoin-wizards
aupiff has quit [Ping timeout: 258 seconds]
aupiff has joined #bitcoin-wizards
slivera has joined #bitcoin-wizards
aupiff has quit [Ping timeout: 260 seconds]
shush has joined #bitcoin-wizards
slivera has quit [Remote host closed the connection]
aupiff has joined #bitcoin-wizards
aupiff has quit [Ping timeout: 265 seconds]
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
captjakk has quit [Remote host closed the connection]