03:20:09justanotheruser:justanotheruser has left #bitcoin-wizards
19:53:40card.freenode.net:topic is: "Bitcoin research, hardfork wishlist, ideas for the future - see also: https://en.bitcoin.it/wiki/Hardfork_Wishlist https://en.bitcoin.it/wiki/User:Gmaxwell/alt_ideas. This channel is logged at http://download.wpsoftware.net/bitcoin/wizards/. For questions about the logs talk to andytoshi."
19:53:40card.freenode.net:Users on #bitcoin-wizards: andytoshi-logbot nomailing orperelman Shibe_tabsa mappum c0rw1n adam3us TD Emcy andytoshi rdymac nsokl_ _ingsoc go1111111 DougieBot5000 jtimon tromp phrackage Ursium_ Guest63294 roidster hnz RoboTedd_ nOgAnOo johnsoft OneFixt Graet firepacket perrier imsaguy qwertyoruiop comboy gavinandresen EasyAt pajarillo UukGoblin poeticlobster Alanius espes__ Luke-Jr tromp__ Muis nanotube salsa__ salsa_ salsa ioi CodeShark ghtdak sl01 rs0_ crescend1
19:53:40card.freenode.net:Users on #bitcoin-wizards: Fistful_of_Coins spinza MoALTz maaku forrestv edulix kinlo typex K1773R BlueMatt crucif0rm Krellan aksyn bobke iddo Sangheili midnightmagic tt_away realazthat gribble gmaxwell wumpus wrabbit grazs warren otoburb zacm epscy licnep tucenaber Mikalv wangbus a5m0 harrow hno heakins lianj optimator @ChanServ sipa helo Ryan52 azariah4 phantomcircuit amiller pigeons petertodd jrmithdobbs jron asoltys poggy Sorcier_FXK ryan-c ageis cfields jgarzik
19:53:40card.freenode.net:Users on #bitcoin-wizards: michagogo|cloud
19:53:53andytoshi:systemd says irc-logger was running continuously since Sun 2014-01-19 09:39:07 PST <.<
20:25:48tromp:i put a new version of my cuckoo cycle paper on https://github.com/tromp/cuckoo that discusses parallelizability
20:41:26tt_away:tt_away is now known as tacotime
20:41:30tacotime:tacotime is now known as tacotime_
20:52:30amiller:i'm frustrated, i found a bunch of errors in this line of work i've been following closely and trying to build off of
20:52:45amiller:in the "universally composable" security framework / network model
20:52:58amiller:i'm trying to submit a paper in like a week
20:53:12amiller:basically the best thing for me to do is to just inherit all of those errors for now.
20:53:35amiller:since the whole thing is unrelated to the main points i'm trying to make
20:57:39gmaxwell:Theoretical work that isn't sound, say it aint so!
21:12:14amiller:theory tends to be neither sound nor practical, but can be broad/expansive and is relatively efficient to work on
21:12:43amiller:practical implementations tend to be neither generic nor sound
21:13:20amiller:and formal methods coq-stroking exercises are sound but neither practically useful nor generic
21:13:37maaku:amiller: but practical implementations to tend to work ;)
21:13:55amiller:mostly :)
21:15:46jtimon:tromp the very term "non-parallelizable pow" seems contradictory to me
21:16:01jtimon:oh, he's gone...
21:16:51jtimon:if two miners can try to solve the same block in parallel, how can't the same miner do the same?
21:17:10jtimon:how can't a single miner do the same?
21:17:44jtimon:well, I'll tell him to find another term another time...
21:18:17tromp__:i'm back
21:18:59tromp__:different miners will work on difference instances, i.e. different cuckoo graphs
21:19:17jtimon:so what you really mean by "non-parallelizable pow"? is non-parallelizable using a given architecture, no?
21:19:19tromp__:i want a single instance to be hard to parallellize
21:20:12jtimon:hard to parallelize in current GPUs and x86 archs?
21:20:38tromp__:yes, because they limit how many random accesses you can make to main memory in parallel
21:20:42gmaxwell:andytoshi: I'm reading LWN and "Hey, the same thing happened to andytosh...ahh"
21:21:29jtimon:tromp__ what's the point?
21:21:34tromp__:and because path conflicts will reduce the prob. of finding a ccyle
21:22:10tromp__:the point of what?
21:22:45jtimon:the point of "hard to parallelize in current GPUs and x86 archs pow"
21:23:20sipa:sc? rs? ch?
21:24:29tromp__:because being able to have many simultaneous random accesses to main memory is generally useful
21:24:52jtimon:for bitcoin?
21:25:10tromp__:for general computation
21:25:27jtimon:in other words...what's the problem you see in SHA256 that you're trying to solve with cucko?
21:26:04tromp__:it promotes custom hardware that it not generally useful
21:26:19tromp__:and centralizes mining power
21:26:20maaku:tromp__: no matter how much you try, dedicated hardware will still be faster/more-'hash'-per-watt by some factor
21:26:29jtimon:and cucko-ASICs will be generally useful?
21:26:32maaku:and our experience shows that it will not be long until someone makes an asic
21:26:38maaku:that is not general-purpose
21:27:07tromp__:fast parallal RAM access is more generally useful yes
21:27:34jtimon:tromp__ with or without RAM, it's still specialized hardware
21:28:14jtimon:ASIC != general purpose computer
21:28:59tromp__:cheap better memory interconnects will be commoditizeed
21:29:26tromp__:your intel CPU and your memory chips are also ASICs
21:29:50tromp__:but because they're general purpose they are commoditized
21:29:53jtimon:no, they're general purpose
21:30:08jtimon:asic = application specific
21:30:25andytoshi:gmaxwell: :P i wondered if you'd catch that. (thx for checking the key for me!)
21:30:27tromp__:here's the thing
21:31:00tromp__:to optimize cuckoo, you have to optimize a more general thing: namely parallel random memory access
21:31:27jtimon:cool, but I'm still not able to run emacs on my old cucko-ASIC
21:31:27tromp__:it's still all about memory
21:31:32maaku:tromp__: no, they will just put all the memory and custom circuits on a single die, because that's the most efficient thing to do
21:31:44maaku:you won't get any commoditization of general purpose hardware
21:31:51tromp__:rather than building an asic full of specific computational steps
21:32:39jtimon:so your goal is for asic manufacturers to research random memory access?
21:32:50tromp__:that doesn't work for random memory access, maaku
21:33:51maaku:tromp__: it absolutely does. an integrated system-on-chip would always be more efficient than having external interconnects
21:34:16jtimon:I still don't understand the goal, and it's sad for me to see so many smart people dedicated to something I consider a complete waste of time
21:34:21tromp__:pls explain how you'd implement pointer chasing on a die
21:34:23maaku:and because of heat dissapation and power issues, it may even end up having asic vs. gpu/cpu be an even *larger* performance jump than sha256
21:35:04tromp__:the goal is a pow constrained by memory latency
21:35:16jtimon:but why?
21:35:17maaku:tromp__: the same way you do on a cpu, but put the cpu + memory on the same die
21:35:35maaku:so, no need for an interconnect (except at the gate level inside the chip)
21:36:01jtimon:why do you think that "pow constrained by memory latency" is any better than SHA256?
21:36:21jtimon:you have to think is somehow better if you're spending on time on it
21:37:32tromp__:because commoditized hardware gets optimized partly for low latency
21:37:59jtimon:how would bitcoin be better by replacing SHA256 ASICs with cucko ASICs ?
21:38:38jtimon:"[I'm missing a claim here] because commoditized hardware gets optimized partly for low latency"
21:38:43tromp__:i expect cukoo asics will be way harder to develop
21:38:53tromp__:way harder than scrypt ones
21:39:17jtimon:tromp__ harder to develop mean less companies doing it, no? how does that help centralization?
21:39:56tromp__:i think you overerestimate the feasibility of putting many GB of memory with embedded cpus on a die
21:40:18jtimon:no, I believe that making a cucko ASIC will be harder
21:40:31tromp__:i think commoditzed hardware will remain competitive
21:40:39jtimon:I just don't see the point of making pow ASICs hard to develop
21:41:08jtimon:you want GPU mining to be competitive with ASIC mining?
21:41:42jtimon:because there's many companies building sha256 asics but only two making GPUs?
21:42:11tromp__:no, because it
21:42:16tromp__:'s commodotized
21:43:03jtimon:"it's commodotized" it's starting to sound like "mongodb is web-scale" like if that was something inherently good or something
21:43:31jtimon:I'm confused
21:44:30jtimon:you prefer only two companies, namely ATI and nVidia producing most of the mining equipment "because it's commodotized"
21:45:10tromp__:because everyone can easily buy a pc that can mine competitively
21:45:16jtimon:even if GPUs could be competitive with ASICs at all, I don't see the point
21:45:48tromp__:mining is no fun if you need to invest tons of capital preordering asics that will quickly become obsolete
21:45:48jtimon:tromp__ buying sha256 is now relatively easy and will only become easier
21:46:12maaku:tromp__: mining isn't about having fun...
21:46:32jtimon:at some point asics will stop "getting obsolete" so fast
21:46:33tromp__:i don't want to have the asic vs commodity hardware discussion right now
21:47:09maaku:tromp__: it'd be great if you could have a pow function that really did benefit from general hardware
21:47:16maaku:but that's rather impossible
21:47:28tromp__:there are many peopl who want a pow for which asic advantage over commodity hardware is mimimized
21:47:44jtimon:ad populum
21:48:14maaku:tromp__: minimizing the asic advantage makes the situation worse off!
21:48:15tromp__:and for them, cuckoo seems like the best option
21:48:56grazs:so the best PoW algorithm would be cryptographically secure, cheap to produce, easy to replicate, hard to improve, add additional value (like curing cancer), distributed as evenly as possible, hard to deanonymize the result and be cheap to verify?
21:49:02jtimon:and I still wonder why would they want such a thing
21:49:08maaku:either make general hardware *exactly equal* to custom hardware (impossible in practice), or make the asic advantage *as great as possible*
21:49:26gmaxwell:jtimon: maximum return from botnets, of course. :P
21:49:52jtimon:grazs add additional value (aka curecoin) is very different, I'm all for that
21:50:15maaku:grazs: not to mention progress-free, and all the other things I'm too distracted to think of which PoW requires
21:50:44jtimon:sipa there was a group collecting bounties and distributing them to people folding@home
21:50:59grazs:maaku: yes, think I included that with 'hard to improve'
21:52:01tromp__:anyway, thx for the "feedback"; i'm gonna have alittle break now
21:52:47jtimon:btw I actually liked charlee's intervention
21:53:11maaku:jtimon: well additional value is only good so long as it can't be monetized...
21:53:35jtimon:there were some stupid arguments I expected
21:54:37jtimon:and it was funny how he started to answer the question "What was your motivation for creating litecoin? When I created litecoin there was already other alternatives, but those were created by other people."
21:55:15jtimon:but overall good, I don't really think he went too technical, he even explained colored coins
21:55:24grazs:spoken like a tru playa
21:56:04jtimon:maaku would seti pow be monetizable?
21:56:44grazs:seti isn't a pow, it's just work
21:57:12jtimon:yes, I mean an hypothetical seti-based pow
21:58:14jtimon:not that SETI is the more useful thin for humanity in the world, but still better than hash collisions or prime numbers I think
21:58:38maaku:jtimon: someone could pay money per work unit completed, as a way of 'donating' to the seti project
21:58:38grazs:results held random until you send seticoins to the coming coinbase
21:58:44grazs:held ransom*
21:59:36maaku:more generally, if it was a general BOINC proof-of-work, it's easy to see how you could setup monetizable tasks
21:59:40jtimon:maaku, yes, I think that's simpler and I would like the foundation to do that
22:00:18jtimon:maaku, you said it yourself, they have to be hard-to-monetize tasks
22:00:30maaku:well, if/when freimarkets is completed it's a rather simple matter to issue assets based on the BOINC point system
22:00:33jtimon:no, general BOINC
22:00:56jtimon:maaku, yes I remember that plan
22:01:32jtimon:and gamers could make money with their GPUs again! everybody happy
22:04:15jtimon:btw, on the hearings, it is curious how so many people think that the blockchain's "main advantage" are somehow "cheap transactions", completely ignoring the big subsidies we have
22:05:13gmaxwell:jtimon: yea, "so you're telling me that your _global broadcast medium_'s value is that it's cheap?"
22:06:18jtimon:off-chain credit transactions will always be cheaper, this is just trustless
22:06:41jtimon:although irreversible actually makes transactions cheaper
22:06:56jtimon:an fees non-proportional
22:16:34grazs:jtimon: what are these subsidies?
22:18:08sipa:grazs: mining subsidy
22:18:24sipa:grazs: our preset inflation that basically pays for the system's security
22:19:29grazs:sipa: ah, oh yes ofc
22:21:27maaku:you know, just $127,500 per hour
22:21:29maaku:nothing big
22:45:26andytoshi:who can be said to have invented POW? was it adam or hal?
22:46:23andytoshi:i don't mean that to be an exhastive list; english 'or' is ambiguous that way..
22:47:07gmaxwell:andytoshi: https://en.wikipedia.org/wiki/Hashcash
22:50:21gmaxwell:Am I the only person in here who ever used Hal's RPOW system?
22:50:28gmaxwell:I wonder if I can find some tokens from it.
22:51:01tromp__:this related work predates hashcash by 5 years: http://en.wikipedia.org/wiki/Memory_bound_function#Using_memory_bound_functions_to_prevent_spam
22:52:43maaku:it's not a proof of work though
22:54:05maaku:dwork and naor didn't have asymmetric validation times, which is the important innovation, I think
23:05:21jron:gmaxwell: I downloaded the source yesterday and assumed I was the only one who ever did that :P
23:07:50gmaxwell:jron: oh well it's long since dead as far as I know... or is hal's server back up again.
23:08:15gmaxwell:I downloaded it and used it and talked to hal about it some back when it was new... had suggested some improvements and he tried to talk me into making a GUI for it. :)
23:10:08jron:I was just got an urge to check it out after reading a story about him and his wife. I never compiled it\executed it.
23:12:45tacotime_:tacotime_ is now known as tt_away
23:13:04midnightmagic:tromp__: Adam Back has a very nuanced understanding of the origin of POW-like mechanisms/concepts and their history, including an extremely detailed response to an edit I made on the bitcoin.it wiki where I was wrecking Steve Gibson's video explanation of bitcoin. It's very fascinating if you can ever corner him somewhere.
23:13:35gmaxwell:you mean like in here where he talks almost every day?
23:13:42midnightmagic:oh is that him?
23:14:22midnightmagic:Well how am I supposed to know these nicknames, I live in the frozen north *grumble grumble*
23:14:36midnightmagic:Sorry Adam.
23:14:39gmaxwell:there are certantly differences in the requirements for anti-spam applications and consensus POW.
23:14:53gmaxwell:e.g. progress freeness is probably not really important for anti-spam.
23:14:56jron:midnightmagic: you might enjoy the interview he recently did on letstalkbitcoin.
23:15:11midnightmagic:ah yes I believe I will. He was very generous with his time in his emails with me.
23:16:45midnightmagic:aaargh produced by antonopoulos
23:17:07jron:midnightmagic: it was still enjoyable =)
23:17:26tromp__:midnightmagic: i would love to have adam's feedback on cuckoo cycle
23:19:13gmaxwell:oh apparently BFL's 28nm stuff has a test chip running now.
23:57:16jtimon:antonopolous was that guy that got himself filmed having dinner, drinking wine and talking about bitcoin in a restaurant?
23:57:32jron:jtimon: yes
23:57:36jtimon:I didn't watched the whole video but that was kind of odd