--- Log opened Wed Jul 03 00:00:07 2013
06:05 < sipa> :o
06:06 < gmaxwell> you were out!
06:06 < gmaxwell> oh no!
06:06 < petertodd> ...we need a -wizards archive...
06:07  * sipa demugglifies
06:08 < gmaxwell> you totally missed me being an idiot and taking like .. an hour to understand what petertodd was talking about with "proof of possession" and application to proof of sacrifice identity.
06:08 < petertodd> Lol, well I can cut that part out from the archive...
06:08 < petertodd> Though really it's a subtle point, albeit one that you should grok. :P
06:11 < gmaxwell> well in my defense I joined midconversation and didn't read the backscroll.
06:11 < petertodd> ...and if you look you'll notice I changed some of my arguments a bit because I had come up with that idea on the spot nearly.
06:21 < gmaxwell> I still think that even the less secure form of tearable data is interesting until there is actually a problem with people accepting blocks without seeing the good stuff.
06:37 < petertodd> I think the issue there is once you've got to the trouble of having tearable data, why not have proof-of-posession?
06:38 < petertodd> Remember that the nonce can be the previous block hash to keep performance requirements minimal.
06:40 < gmaxwell> two blocks back, so you're not latency threatened perhaps
06:41 < gmaxwell> but I think I proposed this when people were really worried about the 1txn miner and miners without the utxo set. And it was pointed out that people could just advertise the roots.
06:41 < gmaxwell> (I'd proposed a kind of proof of possession to prove you had the utxo set so you couldn't mine without it)
06:41 < petertodd> Sure, and add a system where you can use that proof-of-posession to spend certain designated fees as your payment.
06:42 < petertodd> Heh, yeah, and I kinda reinvented that with my idea for doing low-bandwidth zero-validation cooperative P2Pool...
06:42 < gmaxwell> a general argument against needing that is that if there are sacrifices going on, you'll _want_ to know about them so you would be disinclined to accept blocks that have hidden them.
06:43 < petertodd> Well I'm assuming this would be just another part of a UTXO proof system so there's no way to hide anything.
06:45 < gmaxwell> I'm just saying that something simpler may be more adequate than you're giving it credit for.
06:46 < petertodd> I'm just saying once you've done a soft-fork you're 90% of the way there...
06:46 < petertodd> Really simplier would be to do it as a pure merge mined chain.
06:46 < petertodd> (or a non-soft-fork)
06:47 < gmaxwell> merged mined.. uh
06:47 < gmaxwell> warning: absense of incentive detected
06:47 < gmaxwell> :P
06:48 < gmaxwell> well, I suppose my argument applies: if this merged mined thing teaches you about valuable transactions…
06:48 < gmaxwell> then there is an incentive to particiate.
06:48 < petertodd> indeed, but without actual proof-of-posession you are relying on nothing more than people just using the defaults
06:48 < petertodd> that may be a much weaker assumption in the future...
06:49 < petertodd> Yeah, or if it's mined with some kind of proof-of-stake from people with a vested interestin the data itself.
06:50 < petertodd> *interest
06:50 < gmaxwell> how do you detect those people?
06:50 < petertodd> Heck, fidelity bond participants to pay rewards after some amount of merge mining...
06:50 < gmaxwell> the one who announced it isnt the useful one to mine it.
06:51 < petertodd> No, but for, say, a fidelity bonded bank thing you mind find a banks competitors proving that the fraud proof ledger is well distributed to discourage anyone from committing fraud, a bit weak sure, but at least the cost is pure bandwidth + some storage.
06:52 < petertodd> (remember the bitcoin blockchain can be used as a random beacon to keep the merge mining moving forward)
06:55 < petertodd> interesting thought: a bank might want to prove that their *clients* had been participating in some visible fraud proof storage system, so that if the bank gets sold one day the consent of the clients to the state of the fraud proof ledger is known and thus a proof disclosed after the fact can be declared invalid
06:56 < gmaxwell> petertodd: we're in cycles, we stumbed on this when talking about the IRC stuff: the irc bank could prune its transaction records once the customer provided a no-fraud ping.
06:56 < gmaxwell> because if they claimed fraud later you wouldn't have to prove them wrong, you'd just show their no fraud ping. :P
06:57  * gmaxwell predicts "what is a segmentation violation" in a minute.
06:57 < petertodd> Ah, I forgot about that bit... nice example of how it's a continuum of visibility options.
06:58 < petertodd> heh...
11:13 < adam3us> now you guys woke up: i was thinking the outcome is the miner will win the proportion of his own (and other peoples) sacrifice to miners in relation to his share of the network power
11:14 < adam3us> so that being the case, why not just pay to the set of miners (over some rolling transaction history) in proportion to how often they've been winning
--- Log closed Thu Jul 04 00:00:10 2013