| 00:43:07 | Guest56997: | Guest56997 is now known as maaku |
| 00:51:10 | c0rw1n_: | c0rw1n_ is now known as c0rw1n |
| 01:13:24 | rdponticelli: | rdponticelli has left #bitcoin-wizards |
| 02:21:08 | rusty: | Dumb q: is there any code yet for IBLTs and O(1) block propagation? |
| 02:21:26 | rusty: | (Or a BIP?) |
| 02:24:06 | phantomcircuit: | rusty, BlueMatt's relay network is iirc the best available which can be O(1) but i dont think it is |
| 02:24:15 | phantomcircuit: | (since not all the transactions in the block are available) |
| 02:37:10 | rusty: | phantomcircuit: I was referring to Gavin's O(1) block propagation gist |
| 02:39:29 | phantomcircuit: | rusty, the invertible bloom stuff? |
| 02:39:35 | phantomcircuit: | i dont think anybody has implemented that |
| 02:40:33 | rusty: | phantomcircuit: exactly. I'd be interested in how many of the transactions in the block have already reached other miners, which seems to be the critical component. |
| 02:45:31 | phantomcircuit: | rusty, BlueMatt 's relay network stuff does that and has that data |
| 02:45:35 | phantomcircuit: | run a node and you'll see |
| 02:46:29 | rusty: | phantomcircuit: thanks; googling now... |
| 03:03:30 | bryanvu_: | bryanvu_ is now known as bryanvu |
| 04:46:04 | gmaxwell: | ::sigh:: http://www.reddit.com/r/Bitcoin/comments/2l83y5/an_attack_on_the_timestamp_semantics_of_bitcoin/ |
| 04:49:23 | gmaxwell: | What magic property of Bitcoin is that that otherwise intelligent people make clowns of themselves on interaction with it? |
| 06:18:58 | bryanvu_: | bryanvu_ is now known as bryanvu |
| 06:23:16 | c0rw1n: | c0rw1n is now known as c0rw|sleep |
| 06:30:15 | spiftheninja: | spiftheninja has left #bitcoin-wizards |
| 07:20:27 | contrapumpkin: | contrapumpkin is now known as copumpkin |
| 08:07:38 | gmaxwell: | sipa: found a bug in frama-c while trying to prove that field multiply code correct. ... seems it is losing the typedefs when generating the theorems from the code... (stupidly I didn't notice that it was using 2^32-1 as the overflow check and wasted a bunch of time scratching my head as to why really simple theorems were not proving) |
| 08:08:44 | gmaxwell: | Now we just need a GCC bug to know we've really been testing it well. (You know you might be doing at least a barely acceptable job testing your software when you've found several bugs in your tools/dependencies) |
| 09:05:15 | morgan.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 09:05:15 | morgan.freenode.net: | Users on #bitcoin-wizards: andy-logbot adam3us bit2017 cbeams Jokosh damethos NeueWelt stonecoldpat aburan28 austinhill NewLiberty_ jaekwon_ copumpkin bryanvu DougieBot5000_ Keefe todays_tomorrow TheSeven PRab ryanxcharles justanotheruser c0rw|sleep prodatalab fanquake Emcy_ CodeShark hashtag_ devrandom heath johndoe01_ atgreen helo ericp4 phedny iambernie wallet42 shesek zwischenzug K1773R MRL-Relay fluffypony berndj [\\\] Flyer9933 samson_ phantomcircuit spinza |
| 09:05:15 | morgan.freenode.net: | Users on #bitcoin-wizards: kyletorpey Transisto maaku nuke1989 Luke-Jr waxwing sekoe iddo Baz__ zenojis mmozeiko SDCDev tacotime PaulCapestany pi07r btcdrak digitalmagus grandmaster2 fragiletag midnightmagic sl01 nsh wizkid057 Muis Alanius Guest1930 arowser LarsLarsen go1111111 sipa altoz Anduck poggy NikolaiToryzin cfields coryfields Sangheili mappum hollandais jbenet epscy bosma kjj21__000 DoctorBTC Taek Cory sneak EasyAt warptangent Hunger- optimator_ Starduster |
| 09:05:15 | morgan.freenode.net: | Users on #bitcoin-wizards: kumavis andytoshi dgenr8 BrainOverfl0w fds4345 gazab Iriez bbrittain BigBitz Apocalyptic emsid Starsoccer throughnothing warren tromp_ null_radix gavinandresen dansmith_btc Meeh kyuupichan Nightwolf AdrianG Logicwax pigeons nanotube Grishnakh lnovy asoltys weex_ kanzure gribble Krellan kinlo a5m0 superobserver artifexd fenn [d__d] LaptopZZ gnusha HM_ espes__ CryptOprah Graet burcin livegnik gmaxwell _2539 hguux bobke petertodd smooth BlueMatt |
| 09:05:15 | morgan.freenode.net: | Users on #bitcoin-wizards: @gwillen michagogo jrayhawk_ yoleaux amiller crescendo btc_ danneu catcow TD-Linux [Tristan] otoburb ryan-c roasbeef pajarillo Gnosis ahmed_ so harrow abc56889 lechuga_ @ChanServ wumpus myeagleflies Dyaheon firepacket kgk SomeoneWeird tromp zibbo_ Eliel mr_burdell |
| 09:08:22 | phantomcircuit: | gmaxwell, ha |
| 09:24:42 | gmaxwell: | boo ya |
| 09:24:43 | gmaxwell: | S_r[0..1] ∈ [0..67108863] |
| 09:24:43 | gmaxwell: | [2] ∈ [0..68157440] |
| 09:24:43 | gmaxwell: | [3..8] ∈ [0..67108863] |
| 09:24:43 | gmaxwell: | [9] ∈ [0..4194303] |
| 09:31:14 | sipa: | hmm? |
| 09:31:56 | phantomcircuit: | sipa, assuming he fixed the bug in frama-c |
| 09:32:12 | gmaxwell: | thats the ranges of the output r[] on the 'old' versions of secp256k1_fe_mul_inner (10x26) |
| 09:32:39 | gmaxwell: | the new one in pull 73 now is giving me |
| 09:32:40 | gmaxwell: | S_r[0..8] ∈ [0..67108863] |
| 09:32:40 | gmaxwell: | [9] ∈ [0..4194304] |
| 09:33:12 | sipa: | odd! |
| 09:33:16 | sipa: | 73 normalizes stronger? |
| 09:33:50 | sipa: | oh, the new version of 73 may |
| 09:33:59 | gmaxwell: | thats what value analysis is telling me. |
| 09:34:01 | sipa: | i haven't looked at that yet |
| 09:34:21 | sipa: | what does it say about the version in my opt-mul-sqr branch? (which contains an older version of 73) |
| 09:34:24 | gmaxwell: | fortunately now that I have it working its no effort to run it again. |
| 09:34:40 | gmaxwell: | link me to the code? |
| 09:35:08 | gmaxwell: | the first numbers I gave were PR91. |
| 09:35:13 | sipa: | https://github.com/sipa/secp256k1/tree/opt-mul-sqr |
| 09:36:23 | sipa: | oh, opt-mul-sqr == pr91 |
| 09:36:31 | sipa: | yeah, that's expected |
| 09:36:33 | gmaxwell: | yea. I was about to say. okay. |
| 09:36:40 | sipa: | interesting that 73 normalizes stronger |
| 09:38:59 | gmaxwell: | sqr in 73 is |
| 09:38:59 | gmaxwell: | S_r[0..8] ∈ [0..67108863] |
| 09:38:59 | gmaxwell: | [9] ∈ [0..4194304] |
| 09:39:19 | sipa: | should be the same as mul, indeed |
| 09:45:33 | kefkius_: | kefkius_ is now known as kefkius |
| 09:47:25 | gmaxwell: | sipa: sadly, frama-c doesn't support the __int128, alas. |
| 09:51:46 | sipa: | gmaxwell: also sadly, the rewritten 32-bit version seems slower when effectively compiled for 32-bit host |
| 09:52:07 | gmaxwell: | yea, just saw that. weird. |
| 09:52:21 | gmaxwell: | well not a shocker, probably running out of registers? |
| 09:52:52 | sipa: | the new version should use less temporary values |
| 09:53:22 | sipa: | but maybe the long-term ones were already swapped out of registers on 32-bit |
| 09:53:29 | sipa: | and there are more short-term ones now |
| 09:53:51 | gmaxwell: | try it on arm? |
| 09:54:03 | sipa: | * sipa has none |
| 10:29:37 | gmaxwell: | andytoshi: you see sipa is working on schnorr for libsecp256k1? https://github.com/bitcoin/secp256k1/pull/87 |
| 10:30:08 | gmaxwell: | (including multisignatures) |
| 10:40:11 | phantomcircuit: | gmaxwell, neat |
| 10:40:14 | phantomcircuit: | sipa, ^ |
| 13:30:28 | wallet42: | wallet42 is now known as Guest46835 |
| 13:30:28 | wallet421: | wallet421 is now known as wallet42 |
| 13:35:29 | fanquake: | fanquake has left #bitcoin-wizards |
| 13:39:34 | andytoshi: | gmaxwell: oh, nice! he told me that we was working on it (and had some disappointing perf improvements relative to what we'd hoped), but i hadn't seen the pull |
| 13:41:06 | sipa: | andytoshi: by now it should also have constant-time signing |
| 13:41:32 | sipa: | (apart from potential doublings/cancellations in the addings, but a blinding mechanism prevents exploiting that) |
| 13:41:48 | andytoshi: | the last couple days i've been trying to build cargo so that i can get back to rust dev and update the libsecp256k1 wrapper |
| 13:41:54 | sipa: | cool |
| 13:42:03 | sipa: | feel free to submit when it's clean enough |
| 13:42:30 | andytoshi: | cargo does not build from git HEAD right now, and i need a reasonably recent copy (i.e. not 2 months old) to do rust dev :/ |
| 13:43:12 | andytoshi: | there is something like 5 commits/hour in the rust world, it's just a probabilistic game when it works :) |
| 13:58:07 | kanzure: | andytoshi: er, why don't they just not let people push to that branch unless it really, really works? |
| 14:34:20 | andytoshi: | kanzure: because there are like 20 different projects at play in a pre-1.0 environment moving at extremely high speed |
| 14:35:14 | andytoshi: | kanzure: even if there was one body in charge of them all the coordination hassle would freeze things. (fwiw people are claiming on IRC that the nightlies work. i have no disk space to try them) |
| 14:36:16 | andytoshi: | kanzure: also the stdlib is what's changing, which is what causes almost all of the breakage. you can't block that in a pre-1.0 language |
| 14:41:40 | c0rw1n: | c0rw1n is now known as c0rw|away |
| 14:41:41 | kanzure: | oh brother, developers running out of disk space |
| 14:56:27 | penny: | penny is now known as Guest3595 |
| 16:09:38 | ericp4: | ericp4 is now known as eric |
| 18:12:58 | c0rw|away: | c0rw|away is now known as c0rw|timetravl |
| 18:28:58 | c0rw|timetravl: | c0rw|timetravl is now known as c0rw1n |
| 19:12:14 | maaku: | maaku is now known as Guest89369 |
| 19:30:10 | gandalf: | so is sidechains appendix B currently under development? |
| 19:31:24 | cryptokeeper: | who has some good documentation on side chains |
| 19:31:32 | cryptokeeper: | i know basics and thats it... want moar info |
| 19:32:03 | andytoshi: | cryptokeeper: the whitepaper is best documentation right now |
| 19:32:12 | Luke-Jr: | cryptokeeper: http://blockstream.com/sidechains.pdf |
| 19:32:27 | cryptokeeper: | thank you sirs |
| 19:32:47 | cryptokeeper: | after i am done studying my vmware shit i want to go over that |
| 19:49:27 | amiller: | gandalf, the appendix B right now lays out a lot of good approaches but IMO more work is needed and its ongoing |
| 20:32:59 | Guest89369: | Guest89369 is now known as maaku |
| 20:35:11 | maaku: | gandalf: yes-ish. I have an open pull request that does the commitment mechanism |
| 20:35:35 | maaku: | and the scheme under consideration re-uses patricia trie stuff I've done for UTXO commitments |
| 20:35:55 | maaku: | using a heap structure that has been worked out, but still some work to be done in getting a reference implementation |
| 20:38:06 | gandalf: | sidechains will have a speed limit since they are blockchain based, are there any blockchain alternatives like maidsafe's transaction manager or Ripple? |
| 20:39:43 | maaku: | everything has a speed limit. there are certainly plenty of opportunites for alternative architectures |
| 20:39:47 | maaku: | but those can be sidechains too |
| 20:40:04 | maaku: | you send bitcoin to a sidechain which understands the alt ledger achitecture, and works as a middleman |
| 20:40:17 | gandalf: | how does blockstream plan to make money on this? |
| 20:40:39 | gandalf: | hoping for consulting services is nice, but the effort reward ratio seems off compared to other ventures. |
| 20:41:01 | maaku: | http://www.reddit.com/r/IAmA/comments/2k3u97/we_are_bitcoin_sidechain_paper_authors_adam_back/clhoo7d |
| 21:18:01 | cbeams_: | cbeams_ is now known as cbeams |
| 21:21:12 | NewLiberty_: | NewLiberty_ is now known as Joseph_of_New_Li |
| 21:51:44 | cpacia: | cpacia has left #bitcoin-wizards |
| 22:03:23 | happycamper: | hello |
| 22:20:51 | Joseph_of_New_Li: | Joseph_of_New_Li is now known as NewLiberty |
| 23:02:29 | HM_: | something that occurs to me is that the Bitcoin RPC could be protected by TLS-SRP |
| 23:02:51 | HM_: | it'd eliminate the complexity of having certificates |
| 23:03:52 | HM_: | sadly wouldn't play nicely with scriptable http/json clients though |
| 23:05:42 | justanotheruser: | HM_: the bitcoin RPC really shouldn't be accessed over the net in general |
| 23:07:46 | HM_: | then why does it support SSL? ;) |
| 23:08:09 | justanotheruser: | because people do it anyways. |
| 23:11:06 | HM_: | people can hijack your traffic on a LAN |
| 23:11:23 | justanotheruser: | you shouldn't do it over LAN if thats a risk |
| 23:12:21 | HM_: | malware on your machine can connect to loopback... |
| 23:13:10 | justanotheruser: | If you hvave malware on your machine, none of this is an issue anyways |
| 23:16:02 | HM_: | your just a party pooper |
| 23:16:06 | HM_: | *you're |
| 23:20:21 | gmaxwell: | HM_: you should go implement SRP over secp256k1 and submit it to sipa's library. IIRC it can be implemented over any group where discrete log is hard. :P |
| 23:21:24 | HM_: | yes, but then you'd need your own custom transport protocol. |
| 23:21:47 | HM_: | since, I'm pretty sure TLS doesn't support mythical SRP-EC |
| 23:22:04 | gmaxwell: | HM_: not so, since you could authenticate the ssl session from within it. :) |
| 23:22:09 | HM_: | what would that even be called hmm... SRP-ECDSA? |
| 23:22:57 | gmaxwell: | ECSRP I guess. certantly not ECDSA, since there would be no DSA in it. |
| 23:23:20 | HM_: | but there's a method called SRP-DSS in the TLS spec |
| 23:23:40 | gmaxwell: | Yea, but almost nothing implements it. |
| 23:23:51 | HM_: | yeah, i was looking at the wiki page |
| 23:23:56 | gmaxwell: | And god knows anything that does is probably even more buggy than everything that implements TLS already is. |
| 23:24:10 | HM_: | perhaps |
| 23:24:20 | HM_: | SRP is easier to verify than anything using certificates |
| 23:25:20 | gmaxwell: | yea, I like that you brought it up. we've talked before about having authenticated peerings for the p2p protocol with some custom encrypted transport before... supporting SPR natively would be nice. (e.g. your choice of asymetric key or SRP auth) |
| 23:25:44 | HM_: | SPR? |
| 23:26:44 | gmaxwell: | typo |
| 23:27:16 | HM_: | the major problem with SRP is you still need a protocol for registration, and some out of band authentication method so you can trust the server while you register your username and password |
| 23:27:37 | HM_: | like a CA |
| 23:28:04 | gmaxwell: | sure, SRP is no silver bullet by any means, it just basically makes any case where you'd use a password better. |
| 23:28:10 | HM_: | in that respect it's not much better than trusting a CA and then pinning the certificate |
| 23:28:24 | HM_: | oh absolutely |
| 23:30:02 | HM_: | I've been writing a toy echo server using TLS-SRP + GnuTLS before I consider integrating it in to some other projects |
| 23:30:03 | gmaxwell: | part of the recent SRP hasn't been adopted is because lucent was patent-fuding it and all other password based key exchange schemes; but the patents lucent was abusing for that have now expired (and didn't apply to SRP anyways, but whatever) |
| 23:30:58 | HM_: | Afaict the only broadly workable alternative is local binding + SSH |
| 23:31:02 | gmaxwell: | HM_: why not write a bitcoind rpc wrapper? I'd like to get TLS out of the daemon entirely. E.g. it could run in a seperate process. would make supporting things like SRP easier. |
| 23:31:02 | HM_: | or something like libssh |
| 23:32:01 | phantomcircuit: | gmaxwell, seems like pretty much everything except for the consensus code should be moved into a separate process |
| 23:32:05 | HM_: | gmaxwell, and locally bind plaintext? |
| 23:32:58 | HM_: | world <--tcp/tls --> wrapper <-- tcp/clean --> bitcoind |
| 23:34:19 | HM_: | I'm not sure if that's wise if you move the authentication to the wrapper |
| 23:34:36 | gmaxwell: | HM_: it could even be a unix domain socket or whatever between bitcoind and the wrapper. The rational would be to get the huge attack surface of TLS out of the daemon. You can use stunnel for this already, but it doesn't get you things like SRP support. |
| 23:36:14 | HM_: | sure, socketpair and execve |
| 23:36:23 | HM_: | no idea about how you'd go about it on Windows though |
| 23:44:39 | phantomcircuit: | gmaxwell, would probably be easier to add srp to stunnel than bitcoind though :P |
| 23:45:36 | HM_: | he has a point, stunnel relies on openssl, which implements srp as of 1.0.1 |
| 23:46:00 | HM_: | https://www.stunnel.org/versions.html <-- this scares me |
| 23:46:05 | gmaxwell: | not interested in adding any anything to bitcoind atm. I would like to have an alternative P2P transport that support auth/encrypt (and doesn't use TLS because TLS is a huge attack vector). But thats seperate. |
| 23:46:18 | moa: | gnuTLS |
| 23:46:34 | gmaxwell: | all TLS implementations are a disaster, some know it better than others. |
| 23:47:04 | moa: | ha |
| 23:47:30 | moa: | whatever gets the job done sometimes |
| 23:47:34 | phantomcircuit: | moa, gnutls was a decent idea poorly implemented |
| 23:47:39 | phantomcircuit: | the docs were wrong until recently |
| 23:47:55 | moa: | just throwing another option into the mix |
| 23:49:01 | HM_: | having used gnutls today, i'll take it over openssl anyday |
| 23:49:04 | phantomcircuit: | i would bet that libressl will be the best implementation (if it's not already) |
| 23:49:23 | HM_: | botan supports SRP apparently |
| 23:49:38 | moa: | " I would like to have an alternative P2P transport that support auth/encrypt (and doesn't use TLS because TLS is a huge attack vector). But thats seperate." <---- but this sounds great |
| 23:50:07 | HM_: | if you want respect the only realistic alternative is SSH |
| 23:50:30 | HM_: | the only 3rd option i know of is zeromq's curvecp based transport |
| 23:50:36 | HM_: | and i'm not sure i'd take that seriously yet |
| 23:51:27 | gmaxwell: | nonsense. |
| 23:51:45 | HM_: | which bit? |
| 23:51:48 | gmaxwell: | (The SSH transport has also had a bad history too; including some long standing nasty exploitable vulnerabilties) |
| 23:51:57 | moa: | shhh |
| 23:52:02 | gmaxwell: | All of them suffer from too much flexibility. |
| 23:52:29 | phantomcircuit: | my favorite is environment variables transfered over ssh |
| 23:52:32 | phantomcircuit: | which is just bizarre |
| 23:52:52 | moa: | but really cool and useful |
| 23:53:03 | phantomcircuit: | how is that useful? |
| 23:53:10 | moa: | for taking control of remote machines that is |
| 23:53:33 | HM_: | gmaxwell, then maybe this is closer to your desired transport http://curvezmq.org/page:read-the-docs |
| 23:55:02 | moa: | IPSec? |
| 23:55:20 | phantomcircuit: | moa, ipsec == nasty |
| 23:55:41 | gmaxwell: | HM_: I'm familar with it. We already have a MACed transport in bitcoin, it's just unkeyed. |
| 23:56:19 | HM_: | moa, Ipsec solves no real world problems |
| 23:56:37 | moa: | but gets lots of use nontheless ... pick your posion |
| 23:57:49 | HM_: | bah, why the smeg did the zeromq guys factor out their secure protocol to libcurve if it depends on libzmq |
| 23:58:00 | gmaxwell: | moa: not really, a very very narrow subset of IPSEC gets used. (basically for point to point tunnels) It's really highly inapplicable to anything application level. |
| 23:58:18 | HM_: | it even depends on their C binding :S |
| 23:58:39 | phantomcircuit: | moa, afaict ipsec is only used because it's free on cisco equipment vs their ssl vpn |
| 23:58:42 | gmaxwell: | HM_: no shock there. |
| 23:58:46 | phantomcircuit: | i would bet that's like 99% of use |
| 23:59:11 | HM_: | i tried setting up IPSec/L2TP tunneling, it was a nightmare....ended up just using OpenVPN... then i realised that sucked too and just use SSH + SOCKS these days when on the road |
| 23:59:18 | moa: | right, but cisco routers are a big deal |
| 23:59:22 | HM_: | good old ssh -D |
| 23:59:52 | HM_: | so I leak DNS, meh |
| 23:59:54 | moa: | so total traffic on IPsec is not small |