sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
valli1 has quit []
tromp has quit [Ping timeout: 240 seconds]
bitcoin-wizards1 has joined #bitcoin-wizards
<bitcoin-wizards1>
Hi. I had a question about confidential.transactions..
<bitcoin-wizards1>
I wanted to know if you are still able to verify total amount of coins at any given time in a blockchain - say btc or xmr (where confidential tx's exist)
<bitcoin-wizards1>
And the reason(s) as to why Conf tx's seem to not want to be implemented by Core
pinheadmz has quit [Remote host closed the connection]
<zmnscpxj__>
do you mean, indepedently of what the confidential transaction implies? no
<zmnscpxj__>
but there is no real *need* to validate the *total*, only to validate individual txes
<zmnscpxj__>
however, depending on exact commitment style you use, in case of a quantum computer break, you either break privacy, or allow uncontrolled inflation, with no way to fix either
<zmnscpxj__>
assuming you get a QC break though
Belkaar has quit [Ping timeout: 258 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 258 seconds]
zmnscpxj__ has quit [Remote host closed the connection]
zmnscpxj__ has joined #bitcoin-wizards
jay98 has quit [Ping timeout: 245 seconds]
vtnerd has quit [Ping timeout: 240 seconds]
vtnerd has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 256 seconds]
justan0theruser has quit [Ping timeout: 272 seconds]
edunham1 has quit []
johanna has joined #bitcoin-wizards
vtnerd has quit [Ping timeout: 260 seconds]
vtnerd has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 260 seconds]
justanotheruser has joined #bitcoin-wizards
zmnscpxj__ has quit [Remote host closed the connection]
zmnscpxj__ has joined #bitcoin-wizards
zmnscpxj__ has quit [Ping timeout: 240 seconds]
justanotheruser has quit [Ping timeout: 272 seconds]
a5m0 has quit [Remote host closed the connection]
<sanket1729>
zmnscpxj: I would disagree. It might still be useful to have a another ZKP about total supply incase there is a bug in implementation of confidential transactions.
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 264 seconds]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 256 seconds]
johanna has quit []
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 265 seconds]
tromp has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 272 seconds]
kephra has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
kabaum has joined #bitcoin-wizards
jonatack has quit [Ping timeout: 264 seconds]
jesseposner has quit [Ping timeout: 272 seconds]
bildramer has joined #bitcoin-wizards
jesseposner has joined #bitcoin-wizards
jesseposner has quit [Ping timeout: 256 seconds]
wxss has quit [Quit: leaving]
wxss has joined #bitcoin-wizards
jonatack has joined #bitcoin-wizards
belcher_ has joined #bitcoin-wizards
belcher has quit [Ping timeout: 256 seconds]
kephra has quit [Remote host closed the connection]
jesseposner has joined #bitcoin-wizards
jesseposner has quit [Ping timeout: 260 seconds]
jesseposner has joined #bitcoin-wizards
DuncanT1 has joined #bitcoin-wizards
jesseposner has quit [Ping timeout: 260 seconds]
zmnscpxj__ has joined #bitcoin-wizards
Jeremy_Rand_DT[m has quit [Quit: killed]
remaeus has quit [Quit: killed]
charuto has quit [Quit: killed]
martindale has quit [Quit: killed]
lederstrumpf has quit [Quit: killed]
h4sh3d[m] has quit [Quit: killed]
_whitelogger has joined #bitcoin-wizards
h4sh3d[m] has joined #bitcoin-wizards
S3RK has joined #bitcoin-wizards
willcl_ark has quit [Ping timeout: 264 seconds]
ttc has joined #bitcoin-wizards
zkao has joined #bitcoin-wizards
charuto has joined #bitcoin-wizards
Jeremy_Rand_DT[m has joined #bitcoin-wizards
martindale has joined #bitcoin-wizards
remaeus has joined #bitcoin-wizards
TheFuzzStone[m] has joined #bitcoin-wizards
lederstrumpf has joined #bitcoin-wizards
ghost43 has quit [Remote host closed the connection]
ghost43_ has joined #bitcoin-wizards
willcl_ark has joined #bitcoin-wizards
hebasto has joined #bitcoin-wizards
jonatack has quit [Ping timeout: 272 seconds]
shesek has quit [Remote host closed the connection]
alferz has joined #bitcoin-wizards
jesseposner has joined #bitcoin-wizards
alferz has quit [Ping timeout: 240 seconds]
jesseposner has quit [Ping timeout: 256 seconds]
DuncanT1 has quit []
jtimon has joined #bitcoin-wizards
zmnscpxj_ has joined #bitcoin-wizards
zmnscpxj__ has quit [Ping timeout: 240 seconds]
oerjan has joined #bitcoin-wizards
morcos has quit [Ping timeout: 240 seconds]
sr_gi has quit [Read error: Connection reset by peer]
sr_gi has joined #bitcoin-wizards
kabaum has quit [Ping timeout: 260 seconds]
morcos has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
jonatack has joined #bitcoin-wizards
jonatack has quit [Client Quit]
jonatack has joined #bitcoin-wizards
asoltys has joined #bitcoin-wizards
sr_gi2 has joined #bitcoin-wizards
sr_gi has quit [Quit: Ping timeout (120 seconds)]
corollari__ has quit [Ping timeout: 260 seconds]
ryan-c has quit [Quit: znc]
sr_gi2 is now known as sr_gi
ryan-c has joined #bitcoin-wizards
justinmoon has quit [Quit: No Ping reply in 180 seconds.]
corollari__ has joined #bitcoin-wizards
justinmoon has joined #bitcoin-wizards
jesseposner has joined #bitcoin-wizards
jesseposner has quit [Ping timeout: 264 seconds]
oerjan has quit [Remote host closed the connection]
<jtimon>
so there's people asking me about CT
<jtimon>
did we ever get to informational security on inflation and computational on the privacy?
<zmnscpxj_>
I believe with ElGamal commitments yes?
<zmnscpxj_>
"just" substitute ElGamal for the Pedersen commitments
<zmnscpxj_>
<--- not a real cryptographer, just parrots what he reads
<jtimon>
nice, and performance wise, is it much worse than with peterson commitments?
<zmnscpxj_>
no idea
<jtimon>
yeah, well, me neither
<zmnscpxj_>
it "just" adds an extra R point
<zmnscpxj_>
but with computational on the privacy, that means a QC break reveals historical information, which you might not want getting leaked either
<jtimon>
not sure how that translates into performance, but thanks
<zmnscpxj_>
not really performance, but loss of historical privacy can put ex-owners at risk
<jtimon>
well, it's much better than QC breaking the inflation, isn't it?
b_b1 has joined #bitcoin-wizards
<jtimon>
and they proved you can't have both at once IIRC
<zmnscpxj_>
a possible deployment would be to "wall off" the CT part of the blockchain into a separate extension block
<jtimon>
why?
<zmnscpxj_>
everything in the CT part of the blockchain is in a "single" "anyone" can spend on the public part
<zmnscpxj_>
to limit the inflation on the public part
<jtimon>
why not just add it as a sf to bitcoin mainnet?
<zmnscpxj_>
that *is* one way to softfork it in
<jtimon>
why not just add it as a SF to mainnet with elgammal?
<jtimon>
no, you know what I mean, with no extensio block thingy
<zmnscpxj_>
how would you be back-compatible with nodes that insist every UTXO has to have a publicly-known amount?
<zmnscpxj_>
you have to hide the CT from old nodes
<zmnscpxj_>
easiest way is to split off the CT bits and aggregate the value in all CT UTXOS as a "single" "anyone" can spend UTXO
<jtimon>
well, ok, so it's just "extension blocks" in the same sense segwit is?
<zmnscpxj_>
a little
<zmnscpxj_>
except you have a single UTXO in the public part that represents all UTXOs in the CT part
<zmnscpxj_>
which is not how SegWit works, every UTXO in SegWit is also a UTXO in the legacy blockchain
<jtimon>
well, I was thinking of something else by extension blocks, I gues
<zmnscpxj_>
I could be misusing the term
<jtimon>
it's alright, I guess the term has changed its meaning over time
<jtimon>
thanks kanzure
<zmnscpxj_>
aggregating the UTXOs means (1) you hide the exact values of CT UTXOs from older nodes *and* new nodes (2) you can put a cap on the inflation, since you will not allow withdrawal of more than the single UTXO value is
<zmnscpxj_>
so we can live with Pedersen and at least get information-theoretic historical privacy
<zmnscpxj_>
I believe that is the "best" thinking right now, could be wrong
<jtimon>
zmnscpxj_: oh, I see, that way you get the best of both worlds, kind of
<zmnscpxj_>
yes
<jtimon>
but not really, because let's say we get QC
<zmnscpxj_>
but in case of a quantum break, everyone HODLing long-term in a CT UTXO will find their funds stolen since the backing store will be stolen
<jtimon>
let's say there's 15 M in CT
<zmnscpxj_>
but if say you move some funds over to the CT, non-equal CoinJoin it a few times, and move it back to the public, that should help reduce the traceability
<jtimon>
the cracker takes 15M for him even if there's a 21 hard limit, doesn't he?
<zmnscpxj_>
yes, the entire 15M can be stolen in a QC break
<zmnscpxj_>
so you just use the CT part for what it is good for: doing a bunch of non-equal CoinJoins and then withdrawing back to the public part
<zmnscpxj_>
which limits your risk
<jtimon>
so I think I still prefer elgammal
<zmnscpxj_>
(but lowers your anonymity set LOL)
<jtimon>
yeah, but I think the QC case is way less catastrophic
<jtimon>
specially because I think most funds will eventually move to CT if not all
<zmnscpxj_>
one can argue that for some individuals, getting their funds traced can be *more* catastrophic. dunno
<jtimon>
given there are ways to pay lower fees using CT with schnoor and coinjoin and stuff, no?
<jtimon>
how is it traced worse than stolen?
<jtimon>
perhaps I'm missing an example of such individuals
<zmnscpxj_>
if you can mix it, then *move out* of the CT part into the public part, then you cannot be traced and it cannot be stolen either
<zmnscpxj_>
assuming historical privacy is maintained even in a QC break
<zmnscpxj_>
but if historical privacy is broken in a QC break
<jtimon>
yes, in the QC case all funds in CT gets stolen, no? I thought we already agreed on that
<zmnscpxj_>
then the unequal CoinJoins in the CT historically will now be traceable back into the public part
<jtimon>
yes, yes, I know
<zmnscpxj_>
then the unequal CoinJoins in the CT historically will now be traceable back into the public part
<zmnscpxj_>
so the use-case is: (tainted) public part -> CT convert -> coinjoin with some peoplpe -> CT convert to public -> public part (unlinkable to previous public part)
<jtimon>
but I still don't get why anyone would prefer having their funds traced over having them stolen
<zmnscpxj_>
because of what I mentioned as the use-case
<zmnscpxj_>
jt *cannot* be stolen now, since you keep it in the public part
<jtimon>
no, the 15M in the CT part (in my example)
<zmnscpxj_>
.... we are talking past each other
<jtimon>
even though I think it will be more like 21 M in the CT part
<jtimon>
yeah, it looks like it
<zmnscpxj_>
What I am trying to say is, there will *NOT* be 15M in the CT part
<jtimon>
why not?
<zmnscpxj_>
because people will just pub->CT, coinjoin, CT->pub
<jtimon>
why?
<zmnscpxj_>
so the amount of money in the CT part at any one time will be small
<jtimon>
I think people will prefer to keep it in CT
<zmnscpxj_>
precisely to avoid it getting stolen
<zmnscpxj_>
while still preventing historical correlation
<zmnscpxj_>
even if a QC break occurs, historical coinjoins remain hidden
<zmnscpxj_>
so you still get the best of both worlds
<jtimon>
nah, I don't feel like you're getting the best of both worlds here
<jtimon>
I think I prefer elgammal and 21 M in the CT part
<zmnscpxj_>
because if we go with "move every satoshi into CT", in case of a QC break, it gets you nothing: historical information is now known
<zmnscpxj_>
but you are still maintaining all the big heavy rangeproofs and etc
<jtimon>
I know
<zmnscpxj_>
whereas with Pedersen, you move out of the CT part ASAP, to limit your QC risk
<zmnscpxj_>
while still maintaining a delinking from your previous public part
<zmnscpxj_>
which cannot be broken even with a QC break
<zmnscpxj_>
so you avoid losing your funds
<queip>
doing both CJs in pairs, is not somehow possible, to get both benefits?
<zmnscpxj_>
*and* avoid linking your previous public data
<jtimon>
you don't avoid losing your funds, you just tell people not to have many funs in the CT part in case there's QC
<zmnscpxj_>
yes
<jtimon>
and some people may listen to you
<zmnscpxj_>
*shrug* not everyone listens to "not your keys not your coins"
<jtimon>
I insist that I prefer algamal, I think the tradeoff is better. I guess we'll just have to agree to disagree
bitcoin-wizards3 has joined #bitcoin-wizards
bitcoin-wizards3 has quit [Client Quit]
<zmnscpxj_>
yes, it is another reason why CT is not getting any traction in Bitcoin blockchain I think
<zmnscpxj_>
there are deep disagreements on which has better or worse tradeoffs
<zmnscpxj_>
queip: I think you get the worst of both worlds then
<jtimon>
unless we can get quantum secure computational security for the privacy somehow, perhaps it can be proven that's imporssible, I don't know, or it has already been proven
<zmnscpxj_>
<-- not enough of a mathist to say
<zmnscpxj_>
all I know is that the lattice signature validation equation looks suspiciously like the Schnorr validation equation, but not sure if that means there is an equivalent concept o :linearity" with lattice signatures
<zmnscpxj_>
or homomorphism
darosior has quit [Quit: Ping timeout (120 seconds)]
<kanzure>
jtimon: wow, glad there's a transcript then!
justanotheruser has joined #bitcoin-wizards
andytoshi has quit [Quit: Lost terminal]
andytoshi has joined #bitcoin-wizards
andytoshi has quit [Changing host]
andytoshi has joined #bitcoin-wizards
andytoshi has quit [Remote host closed the connection]
andytoshi has joined #bitcoin-wizards
andytoshi has joined #bitcoin-wizards
andytoshi has quit [Changing host]
b_b1 has quit []
robotadam1 has joined #bitcoin-wizards
<grubles>
2
jesseposner has joined #bitcoin-wizards
jesseposner has quit [Ping timeout: 246 seconds]
jesseposner has joined #bitcoin-wizards
dionyziz has quit [Remote host closed the connection]
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 246 seconds]
bildramer has joined #bitcoin-wizards
bildramer1 has quit [Ping timeout: 246 seconds]
Herka_ has joined #bitcoin-wizards
ChristopherA____ has joined #bitcoin-wizards
nejon_ has joined #bitcoin-wizards
rich has joined #bitcoin-wizards
jbenet_ has joined #bitcoin-wizards
harding_ has joined #bitcoin-wizards
uiuc-slack has quit [Ping timeout: 260 seconds]
willcl_ark_ has joined #bitcoin-wizards
windsok_ has joined #bitcoin-wizards
jonasschnelli has joined #bitcoin-wizards
uiuc-slack has joined #bitcoin-wizards
afk|dbarrett has joined #bitcoin-wizards
willcl_ark has quit [*.net *.split]
lederstrumpf has quit [*.net *.split]
Herka has quit [*.net *.split]
Ed0 has quit [*.net *.split]
jbenet has quit [*.net *.split]
dbarrett has quit [*.net *.split]
ChristopherA___ has quit [*.net *.split]
windsok has quit [*.net *.split]
nejon has quit [*.net *.split]
harding has quit [*.net *.split]
paultroon has quit [*.net *.split]
morcos has quit [*.net *.split]
zmnscpxj_ has quit [*.net *.split]
ghost43_ has quit [*.net *.split]
jb55 has quit [*.net *.split]
DeanGuss has quit [*.net *.split]
yanmaani has quit [*.net *.split]
ChristopherA____ is now known as ChristopherA___
nejon_ is now known as nejon
Herka_ is now known as Herka
afk|dbarrett is now known as dbarrett
jbenet_ is now known as jbenet
dbarrett has quit [Changing host]
dbarrett has joined #bitcoin-wizards
uiuc-slack has quit [Ping timeout: 256 seconds]
Ed0 has joined #bitcoin-wizards
lederstrumpf has joined #bitcoin-wizards
<jtimon>
yeah
<jtimon>
but, I mean, was the video censored?
<jtimon>
they're getting crazzy on censorship lately
<jtimon>
very sad
<jtimon>
I really hope jack dorsey goes to jail, sorry, offtopic
kabaum has joined #bitcoin-wizards
uiuc-slack has joined #bitcoin-wizards
morcos has joined #bitcoin-wizards
harding_ is now known as harding
DeanGuss has joined #bitcoin-wizards
yanmaani has joined #bitcoin-wizards
ghost43 has joined #bitcoin-wizards
sr_gi has quit [Read error: Connection reset by peer]
sr_gi has joined #bitcoin-wizards
moneyball__ is now known as moneyball
jb55 has joined #bitcoin-wizards
nkuttler has joined #bitcoin-wizards
davispuh has joined #bitcoin-wizards
robotadam1 has quit []
angvp has joined #bitcoin-wizards
angvp is now known as Guest48991
kabaum has quit [Ping timeout: 246 seconds]
kabaum has joined #bitcoin-wizards
user___ has joined #bitcoin-wizards
vtnerd has quit [Ping timeout: 240 seconds]
vtnerd has joined #bitcoin-wizards
<eragmus>
@jtimon: The potentially censored video was on YouTube (Google), so Dorsey (Twitter) “did nothing wrong”.
<jtimon>
yeah, in this case it would be youtube, obviously, but it's twitter, alphabet, facebook, microsoft...all of them, no?
<jtimon>
it seems pretty clear to me that dorsey hates free speech, I don't know
<eragmus>
@jtimon: I’m just saying let’s not blame Dorsey for what he didn’t do, that’s all. Plenty that he does do that he can be blamed for ;)
<eragmus>
Also before he goes to jail, he has a right to a fair trial ;)
user___ has left #bitcoin-wizards [#bitcoin-wizards]
<jtimon>
sure
<jtimon>
if it's a fair trial, I'm sure he'll go to jail
vtnerd has quit [Ping timeout: 240 seconds]
jtimon has quit [Ping timeout: 256 seconds]
vtnerd has joined #bitcoin-wizards
Zenton has quit [Read error: Connection reset by peer]
Zenton has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
kabaum has quit [Ping timeout: 260 seconds]
Guest48991 has quit [Remote host closed the connection]
Lthere has joined #bitcoin-wizards
aguycalled has quit [Ping timeout: 244 seconds]
jtimon has quit [Remote host closed the connection]
jb55 has quit [Ping timeout: 240 seconds]
aguycalled has joined #bitcoin-wizards
jb55 has joined #bitcoin-wizards
berndj-blackout has joined #bitcoin-wizards
queip_ has joined #bitcoin-wizards
TheHoliestRoger_ has joined #bitcoin-wizards
jeremyrubin has quit [*.net *.split]
IGHOR has quit [*.net *.split]
queip has quit [*.net *.split]
nothingmuch has quit [*.net *.split]
spinza has quit [*.net *.split]
TheHoliestRoger has quit [*.net *.split]
troygiorshev has quit [*.net *.split]
berndj has quit [*.net *.split]
gambpang_ has quit [*.net *.split]
chjj has quit [*.net *.split]
berndj-blackout is now known as berndj
IGHOR has joined #bitcoin-wizards
jeremyrubin has joined #bitcoin-wizards
troygiorshev has joined #bitcoin-wizards
nothingmuch has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
gambpang_ has joined #bitcoin-wizards
queip_ is now known as queip
IGHOR has quit [Max SendQ exceeded]
IGHOR has joined #bitcoin-wizards
Zenton has quit [Ping timeout: 246 seconds]
Lthere has quit []
spinza has joined #bitcoin-wizards
son0p has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
ericbsd1 has joined #bitcoin-wizards
nick_freeman has joined #bitcoin-wizards
nick_fre_ has quit [Read error: Connection reset by peer]
tromp has quit [Remote host closed the connection]
justanotheruser has quit [Ping timeout: 272 seconds]