--- Log opened Sat May 04 00:00:03 2013
00:19 < amiller> the requirements for super duper moon math blockchain verification are weird
00:19 < amiller> let me try to interpret some of them for you here.
00:20 < amiller> the basic thing is that we only know how to do constant-time-verification for boolean circuit programs
00:20 < amiller> a boolean circuit program is a really restricted form of program
00:20 < amiller> it's like C but with all the loops unrolled
00:20 < amiller> everything get done instantaneously in one enormous step
00:21 < amiller> youd have to have bounded size inputs
00:21 < amiller> if you assume that my authenticated data structure merkle UTXO thing works
00:21 < amiller> and there's a bound of M on the number of outstanding elements at any given time
00:22 < amiller> then to check N operations (lets just say N blocks) it will take O(N log M) hashes to validate a bunch of blocks
00:22 < amiller> to validate N blocks i men
00:22 < amiller> okay so where the moon math comes in
00:23 < amiller> is that i can take a single setup phase to construct a big ol' circuit that does one huge chunk of validating N blocks and this takes me O(N log M) to prepare
00:24 < amiller> think of it as spending O(N log M) effort to compile a "big-ol'-program-that-validates-N-blocks" circuit
00:24 < amiller> now for each one of these, if some untrusted agglomeration of network nodes gives me a proof, i can validate this proof with one crazy crypto field multiply.
00:25 < amiller> also no secrets are involved, so the big ol' crazy program can be compiled once for everyone and maybe we can agree on them using checkpoints
00:25 < amiller> or validate them piecemeal or something
--- Log closed Sun May 05 00:00:05 2013