00:00:53midnightmagic:gmaxwell: http://magicrulesunpaa6.onion/rich_people_and_ethics_bib.txt I don't think it's an availability bias or a researcher shelving bias, as a badly-written review of Piff's work asserted.
00:02:21justanotheruser:justanotheruser is now known as just[dead]
00:13:41just[dead]:just[dead] is now known as justanotheruser
00:33:01justanotheruser:justanotheruser is now known as just[dead]
01:28:46HobGoblin:HobGoblin is now known as Guest27571
01:50:55roasbeef_:roasbeef_ is now known as roasbeef
02:16:35BCB:BCB has left #bitcoin-wizards
03:08:54Emcy_:http://torrentfreak.com/bitcoin-donations-now-integrated-into-bittorrent-client-140227/ seems cool
03:09:58Emcy_:it seems like it just opens bitpay or something
03:10:14Emcy_:would have been nicer if they had done somthing with bitcoinj instead
03:11:26Emcy_:oh no it just creates a bitcoin URI QR and wants you to scan it with your phone
03:17:33Luke-Jr:lol
03:32:25emsid:so its not really integrated?
03:51:53gmaxwell:https://people.xiph.org/~greg/decentralized-time.txt
03:58:03realazthat:can the bitcoin keys be used for encryption as well as signing messages, theoretically?
03:58:57realazthat:I just watched Kevin Greene's presentation on BIP 70
03:59:43realazthat:am thinking it can easily be modified to use bitcoin public keys to avoid SSL
04:00:56tacotime:I hope so, I'm using it for my ssh sessions :|
04:01:24realazthat:what?
04:01:30tacotime:Or is that just for signin?
04:01:47realazthat:you are using bitcoin keys to auth for ssh?
04:02:16realazthat:I never heard of that heh
04:02:17tacotime:No, you can use ecdsa keys as opposed to rsa keys though.
04:03:26realazthat:ah thats what you meant
04:03:28realazthat:yeah sure
04:03:41realazthat:I assume you can, I just want to know if there is any reason not to
04:09:04tacotime:I think you use ECDH to share a symmetric cipher... but that's not exactly what you're looking for.
04:09:13tacotime:*symmetric cipher key
04:09:39tacotime:I thought you could, but apparently I'm mistaken (unless no one else corrects me).
04:13:15tacotime:Yeah, that's what bitmessage uses https://bitmessage.org/wiki/Encryption
04:14:50tacotime:This thread gives an explanation, but I don't know if it's the correct one; https://bitcointalk.org/index.php?topic=238714.msg2528883#msg2528883
04:16:50tacotime:bitcoin-wizards seems to be the place where i fill in all these gaps in my knowledge, heh.
04:18:18Emcy_:>nakamoto chain
04:18:26Emcy_:wow that seems obvious now
04:19:42tacotime:So when ssh is using ECDSA for auth and encryption, it's actually using ECDH for AES key exchange and ECDSA for signing the auth?
04:23:08tacotime:Apparently http://www.snailbook.com/docs/rfc5656.txt
04:44:36realz:tacotime: ah interesting
04:55:24tacotime:Looks like NDCoin is now trying to do the same thing as Ethereum
04:55:46tacotime:https://dl.dropboxusercontent.com/u/3133557/Bitcoin/Introducing%20NDcoin.pdf
04:56:09tacotime:And promising SCIP moon magic to make useful decentralized computing for proof of work
05:04:16realazthat:gah
05:04:18realazthat:did I split
05:04:20realazthat:tacotime: SCIP can be used to make almost *anything* a PoW algorithm
05:04:56tacotime:right. i'm waiting to see how zerocash fares first with it, though.
05:05:05tacotime:parameter sizes are still kind of daunting.
05:06:14realazthat:yeah, I am not sure how useful it would actually make a network
05:06:34realazthat:since, it would be wasting some constant at a minimum
05:06:56realazthat:so a network that wastes 10X resources to make 1X resource useful
05:06:58realazthat:it is useful
05:07:05tacotime:it's kind of been the cryptobuzzword as of late :P
05:07:10realazthat:but really, is that gonna save the planet
05:07:14realazthat:but it is cool
05:07:20realazthat:there are other uses aside from PoW
05:07:26realazthat:it is a very powerful concept
05:07:46tacotime:yeah
05:07:46realazthat:you can use other computers to prove things for you
08:21:52gmaxwell:realazthat: bitcoin public keys are worthless for that, not because of encryption or whatever, bip 70 doesn't need encryption or ssl. it uses x509 certs for human identity, because nothing else exists.
08:23:30gmaxwell:realazthat: I don't agree that "SCIP can be used to make almost *anything* a PoW algorithm" in fact, PCP only makes claims of the soundness of the proof not non-optimization and nothing else is anything better.
08:23:50gmaxwell:In theory— if the statement is true you can produce a passing proof without doing any work at all
08:24:13Luke-Jr:?
08:24:24gmaxwell:(not that anyone knows how to do that generally since it would prove P=NP if it really was general)
08:24:28Luke-Jr:I think I agree with him about that maybe
08:25:01Luke-Jr:SCIP proves you did the work
08:25:03Luke-Jr:no?
08:25:57gmaxwell:no. It doesn't it proves the statement is true.
08:26:26Luke-Jr:what statement?
08:27:22gmaxwell:you have some thing that you're computing and you're proving for these inputs you got these outputs, for example. You can use a snark to prove that the outputs are the true outputs for the inputs... but they is no promise you did 'the work'.
08:28:00gmaxwell:maybe in practice no one currently knows how to optimize something under any particular zk-snark system, but there is no promise you cannot.
08:28:16Luke-Jr:well, doesn't that apply to SHA2 as well?
08:29:25gmaxwell:if the hash is sound you only get luck, were .. say for example you had a scip over a progrm that just made the output equal the input and had a busy loop in it. It seems very likely to me that you can optimize out actually computing the busy loop.
08:29:57Luke-Jr:sure
08:30:38Luke-Jr:but I took it to mean, the POW would be a fixed algorithm, and SCIP would only be used to prove that you got the right result (and implicitly, used the algorithm)
08:30:40gmaxwell:this applies to less trivial examples too. how less trival who knows. Probably whole advancements in approximation theory are waiting in this space.
08:31:10gmaxwell:okay sure, to make validation cheap.... but normally we want pow to not be trapdoored or overly optimizable.
08:31:21gmaxwell:e.g. someone finds an optimization to make it 100x faster... thats bad.
08:31:33gmaxwell:some people thought you could use scip to prove that you didn't optimize, but thats not so.
08:31:44gmaxwell:(or at least no guarenteed)
08:42:54gmaxwell:realazthat: 10x? more like 1000x. :P
09:57:11DoogieHouser:DoogieHouser has left #bitcoin-wizards
10:09:49austinhill:for those of you at dinner tonight, thanks - whay a great conversation
10:10:14austinhill: what
10:35:59stonecoldpat:ah is that why its so quiet here today? they are all hungover?
10:41:40austinhill:Hopefully no worse for the wear
11:39:37airbreather_1:airbreather_1 is now known as airbreather
12:19:11edulix_:edulix_ is now known as edulix
13:10:04comboy:gmaxwell: took me long enough but I run this histogram on your gox addresses, nothing interesting, same as prev just much less data, looking at these I'm not buying theory of 500k+ btc slowly escaping because of TM and automatic reissues
14:35:43fanquake:fanquake has left #bitcoin-wizards
14:44:59comboy:would be interesting to put it together with bitcoin days destroyed because of the latest statement and peak in bitcoin days destroyed in feb, but Im done with this stuff for now
14:51:19realazthat:gmaxwell: mmm bar sasson indicated that it was so to me in an email
14:51:28realazthat:gmaxwell: heh, I was giving some lower bound
14:51:40realazthat:but yeah, 1000x to 1x useful
14:51:48realazthat:whatever, a huge constant
14:52:26realazthat:ben*
14:53:06realazthat:"Is there a guarantee that there is no way to generate a signature if a correct answer is otherwise found in a quicker manner than running `P`, the original program, via running `Q` instead?"
14:53:19realazthat:A: "Yes, the only way (assuming you cannot break crypto) is to run P, not Q."
14:53:36realazthat:now, tbh I don't understand the crypto at all
14:56:21andytoshi:realazthat: i'd need to see a pretty solid argument for that claim, if you do an SHA256 outside of the POW, you know exactly how many iterations need to be done before finding the right hash. the claim that you can't make a proof of exactly that many iterations of the same program, without actually doing them under proof, is nontrivial
14:56:33andytoshi:interesting that ben-sasson makes that claim tho, thx for that
14:57:13andytoshi:iterations of the same code*
15:11:58aksyn:anyone looked to see if they can tie a gox address to a transaction with an nlocktime? obviously we wouldn't see the real one, but undoubtedly if mark were going to do this he would experiment first and might give us a rough timestamp on when he locked away his deep cold coins (if indeed that's what happened - i'm basing this on him saying they were not lost, but "inaccessible"). him using a lock_time seems more plausible to me than losing the privat
15:11:59aksyn:keys.
15:12:39aksyn:(i imagine the gox address would be a few hops away from the address where he did that experiment)
15:13:12aksyn:mining the blockchain I found 47 transactions using an epoch lock_time, and have a list of gox addresses (from reddit) - just wondered if anyone is going down the same path
15:13:18aksyn:*datamining
15:22:16andytoshi:aksyn: if mark is using an nlocktime tx to keep coins from himself (and i do not find this a likely story), he won't publish the tx until it can be mined
15:22:36andytoshi:oh, i see, you think there's an experiment one
15:22:38aksyn:andytoshi: i realise that, but you wouldn't just blindly do it without testing the theory
15:22:44aksyn:andytoshi: exactly
15:23:10andytoshi:i think that's worth looking that, i'd be curious about nlocktime use in general
15:23:14aksyn:andytoshi: he may have been doing it for security reasons, or for his personal stash, or maybe even some nefarious reason (like putting it 5-10 years in the future when any criminal action has gone away)
15:24:33andytoshi:what's cool (and more -wizardly) is that you can create single signatures where you don't know the privkey
15:24:55andytoshi:you sign with random data and calculate the pubkey from that (which will also be random) which makes the sig valid
15:25:53andytoshi:unfortunately you can't use this to locktime funds because you need to know the txid of your input, but to create the input tx you need to know the pubkey :(
15:27:33andytoshi:if we could reference inputs by txout instead of txid:index this would work, a totally secure way to lock funds from yourself. and you could make the signature be some nothing-up-my-sleeve number to prove to others that you don't possess the key
15:27:43andytoshi:s/don't possess/never possessed/
15:29:24andytoshi:oh, never mind, even referencing by txout does not work. you'd need to somehow refer to a specific txout without knowing what it is beforehand
15:32:17aksyn:andytoshi: "you can't use this to locktime funds" - so.. what other use case is there?
15:33:01aksyn:andytoshi: that's an interesting idea, the txout one..
15:33:43wallet421:wallet421 is now known as wallet42
15:34:31andytoshi:aksyn: can't think of any 'real' uses off the top of my head, making uniformly random valid signatures may be useful for security proofs
15:34:54andytoshi:aksyn: but i figured out how you can locktime funds with this, tho you need a few more opcodes
15:37:06andytoshi:nvr mind, dammit. all i got was a twisted version of pay-to-pubkeyhash
15:37:19andytoshi:"pay-to-(r,s)-hash"
15:44:56andytoshi:if there was a signature type which simply did not sign its input reference, then we could lock funds this way.
15:45:59andytoshi:create a locktimed TX which does not sign its input reference, with a random ECDSA signature. compute the pubkey for the sig. spend to the corresponding address. use that spend as the input of the locktime'd tx
16:50:01justanotheruser:justanotheruser is now known as just[dead]
17:52:16grau:grau is now known as Guest70785
18:25:28gmaxwell:realazthat: Alas, I think Eli might not have understood or thought it through, been ignoring cases where P and Q are black-box indistinguishable, or answering for the general case vs specific optimizations because I'm pretty sure this is not so. I can dig up some citations later.
18:26:45gmaxwell:Maybe in practice it would actually be fine (because the kinds of optimizations that would actually be interesting have no pratically obvious way to trick it anyways).
18:42:10realazthat:gmaxwell: ok
18:42:22realazthat:yes, that would make it substantially weaker I think
18:42:26realazthat:if you are right
18:42:43realazthat:it would mean you must use provably hard problems
18:43:14realazthat:still exciting tech
18:44:00realazthat:actually, I am thinking,
18:44:22realazthat:gmaxwell: wouldn't it be possible to have a hash of the state each step,
18:44:30realazthat:and the output would output the hash at the end
18:44:43realazthat:thus it would be practically provable that one went through the entire program
18:44:44andytoshi:realazthat: how do you verify that?
18:45:06realazthat:andytoshi: because SCIP will prove that it is the correct answer
18:45:14realazthat:because the hashing is itself *part* of the program
18:45:20gmaxwell:realazthat: consider my busy loop example, you could just run the hash instead of the busyloop for the part of the code where you detect the loop.
18:45:21andytoshi:ah, hmm
18:45:45realazthat:gmaxwell: right, but just running the hash in a busy loop pretty much proves that you ran it
18:45:49realazthat:I don't see a practical difference
18:46:14gmaxwell:Because it's just a very roundable way of doing POW at that point. The security is all in the hash.
18:46:39realazthat:gmaxwell: I agree it has no advantage over the current PoW, which is analgous to just doing the hash
18:47:23andytoshi:realazthat: how do you enforce people chaining hashes like this? what is the difference between starting a new miner and restarting the scip with a new nonce?
18:47:29andytoshi:(and searching for the nonce secretly outside of scip)
18:47:45realazthat:andytoshi: you start with a known input
18:47:48realazthat:that changes
18:47:52realazthat:like the last block hash
18:47:58realazthat:it changes the entire program state
18:48:12andytoshi:realazthat: but then you make it a race, you lose the memoryless property
18:48:52realazthat:oh wait I misunderstood your question
18:49:05andytoshi:it seems like conceptually if you want miners to be able to start/stop at any time without disadvantage, you can't enforce a long mining time in SCIP
18:49:56realazthat:mmm yeah, requires pondering
18:50:02gmaxwell:(well also, it enforces sequentialness, which means its not progress free...)
18:50:18realazthat:another point to consider,
18:50:25realazthat:is that the only "useful" work would be part of the chain
18:50:30realazthat:all the other work is thrown away
18:50:45realazthat:so thats a terrible other 1/1000X + factor
18:51:27realazthat:what I once dreamed about was a computation market
18:51:31realazthat:where people would put up jobs
18:51:38realazthat:and the miners would do the jobs
18:51:42realazthat:and get paid
18:51:59realazthat:and then, the block reward would go to one of the miners randomly
18:52:15realazthat:so all the work wouldn't be wasteful
18:52:28realazthat:but yeah, there are lots of practical issues with it
18:52:29andytoshi:realazthat: there is a conceptual problem there, suppose i give a miner a graph to find a 3-coloring of
18:52:43andytoshi:but secretly i know a 3-coloring, i created the graph to have one, and i give this to the miner who i'm colluding with
18:53:05andytoshi:then he gets the coins for 'guessing' a 3-coloring
18:53:14realazthat:andytoshi: right, but if SCIP proved that the miner actually *RAN* the entire program
18:53:27realazthat:then knowing the answer wouldn't help
18:53:52realazthat:but I see your point
18:53:55realazthat:people would give themselves jobs
18:54:01realazthat:to play in the lottery
18:54:16andytoshi:then you'd be forcing people to do things in the most inefficient way, and it could still be gamed anyway
18:54:44realazthat:andytoshi: the efficiency would move to making the SCIP implementation very efficient
18:55:00realazthat:but yeah, it would be forced to run the algorithm as given
18:55:01andytoshi:ok, but you've lost the usefulness benefit. if i invent some crazy 3-coloring heuristic, i'd like to join this market and clean up with it.
18:55:20andytoshi:but now i can't. only if i invent a way to optimize SCIPs for POW
18:55:23amiller:PoW isn't the right abstraction, you want it to be random and incremental like lottery tickets
18:55:42realazthat:andytoshi: right, it is up to the employer to find the good algorithm, it is true that they can't compete in the type of algorithm
18:55:57realazthat:andytoshi: but if they *could* compete for the right algorithm, then ofc that defeats the PoW aspect
18:57:01gmaxwell:realazthat: while you're here— how far did you get with doing tinyram in llvm?
18:57:20realazthat:gmaxwell: I have an interpreter, but nothing usable in LLVM
18:57:43gmaxwell:realazthat: odd question: how big did your tinyran interpreter turn out to be?
18:57:58gmaxwell:er tinyram
18:58:07realazthat:code size?
18:58:11realazthat:it is pretty trivial
18:58:11gmaxwell:yea.
18:58:43realazthat:are you interested in it
18:58:56realazthat:I can polish it up a bit and put the code up next week
19:00:27gmaxwell:Sure.
19:01:40amiller:in case anyone's interested, i've written a mathematical security definition I call "scratch-Off puzzles", distinct from "proof-of-work puzzles", that captures the memory-free / progress-free properties you've been mentioning
19:02:57andytoshi:i would definitely be interested in that, i'd like some concrete security definitions for my alts.pdf
19:03:14amiller:andytoshi, let me show you it, i have to find it somehwre
19:08:22goeaijrgo:better then paying for a lottery ticket? beastie boys" you have got to be in it to win it?"
19:10:36goeaijrgo:goeaijrgo has left #bitcoin-wizards
19:29:52maaku_:realazthat: that would be good to see (tinyram)
19:30:30realazthat:maaku_: its just an interpreter
19:30:43realazthat:an LLVM backend would be good to see :D
19:40:18maaku_:gmaxwell: what would be the benefit of the decentralized time at that accuracy?
19:43:17maaku_:also you're talking about location determination on a solar system scale, right? do ou think it'd be accurate enough for geolocation?
19:57:59gmaxwell:maaku_: the last bit was a bit of a wanky lark, with enough SNR you could do geolocation but the solar system is almost entirely colinear so the system of equations would likely be very poorly conditioned and even with good SNR (not going to happen) it probably wouldn't actually work.
19:58:33gmaxwell:But I thought worth mentioning because it was a fun idea, and is theoretically possible even if the engineering wouldn't work out in practice. It's the sort of thing you could probably get a military grant to just try.
19:59:37phantomcircuit:gmaxwell, good morning
20:00:08gmaxwell:maaku_: wrt time— we seem to want to have very accurate time, it gets used for many things, like embargoed announcements that have market impact so that people can't do latency advantaged HFT arb. ... but the existing ways are centeralized, and thats unfortunate.
20:14:48azariah4:gmaxwell: How do you mean the solar system is almost entirely colinear?
20:15:34azariah4:maaku_: gmaxwell not sure what the exact discussion was about, but something worth noting is that with e.g. SPICE you can convert between various solar system time systems with high precision
20:15:45gmaxwell:well, 'coplanar'
20:16:30gmaxwell:azariah4: read the link from last night, some old silly whitepaper I wrote that had come up in dinner discussion
21:21:07dickson.freenode.net:topic is: "Bitcoin research, hardfork wishlist, ideas for the future - see also: https://en.bitcoin.it/wiki/Hardfork_Wishlist https://en.bitcoin.it/wiki/User:Gmaxwell/alt_ideas. This channel is logged at http://download.wpsoftware.net/bitcoin/wizards/. For questions about the logs talk to andytoshi."
21:21:07dickson.freenode.net:Users on #bitcoin-wizards: andytoshi-logbot antephialtic cpacia rdymac Krellan_ wallet42 nsh adam3us roidster grau jtimon_ _ingsoc Luke-Jr HM CodeShark sl01 OneFixt pajarillo spinza petertodd heakins a5m0 @ChanServ optimator ryan-c Manfred__ wangbus ageis coryfields pigeons Sorcier_FXK jarpiain Krellan grzs bobke BitCoroner crucif0rm BlueMatt perrier_ poggy matrixfox amiller comboy harrow area nanotube Ryan52 forrestv gmaxwell K1773R nOgAnOo EasyAt hno mmozeiko
21:21:07dickson.freenode.net:Users on #bitcoin-wizards: Alanius_ sipa keus weex d34th azariah4 zacm warren otoburb helo Graet trn wumpus tromp_ copumpkin Fistful_of_Coins imsaguy sirius_ oooooo mappum maaku_ kinlo midnightmagic phantomcircuit thrasher iddo crescendo samson_ emsid espes__ aksyn c--O-O Sangheil- kanzure_ edulix Hunger- Emcy_ michagogo|cloud just[dead] rs0 gribble eristisk Logicwax jron tucenaber DBordello UukGoblin realazthat airbreather roasbeef austinhill shinybro__ jcorgan
21:21:07dickson.freenode.net:Users on #bitcoin-wizards: jrmithdobbs Ursium so DougieBot5000 Muis shesek
21:30:01just[dead]:just[dead] is now known as justanotheruser
21:31:43indico:anyone know of a tool that will sort blocks n through m by bitcoin days destroyed ?
21:38:40indico_:sorry, was disconnected. if anyone know of any code let me know thanks
21:53:21ens_:ens_ is now known as ens
21:59:12irc.freenode.net:Disconnected from irc.freenode.net (ERROR :Closing Link: S0106c0c1c0894c25.vs.shawcable.net (Ping timeout: 240 seconds))
22:00:50irc.freenode.net:Disconnected from irc.freenode.net (ERROR :Closing Link: S0106c0c1c0894c25.vs.shawcable.net (Connection timed out))
22:08:43kornbluth.freenode.net:topic is: "Bitcoin research, hardfork wishlist, ideas for the future - see also: https://en.bitcoin.it/wiki/Hardfork_Wishlist https://en.bitcoin.it/wiki/User:Gmaxwell/alt_ideas. This channel is logged at http://download.wpsoftware.net/bitcoin/wizards/. For questions about the logs talk to andytoshi."
22:08:43kornbluth.freenode.net:Users on #bitcoin-wizards: andytoshi-logbot zzyzx Dizzle _ingsoc rs0 c0rw1n mappum__ OneFixt kill\switch indico_ ens rdymac nanotube nsh Luke-Jr HM CodeShark sl01 pajarillo shesek Muis DougieBot5000 so Ursium jrmithdobbs jcorgan shinybro__ austinhill roasbeef airbreather realazthat UukGoblin DBordello tucenaber jron Logicwax eristisk gribble justanotheruser michagogo|cloud Emcy_ Hunger- edulix kanzure_ Sangheil- c--O-O aksyn espes__ emsid samson_ crescendo iddo
22:08:43kornbluth.freenode.net:Users on #bitcoin-wizards: thrasher phantomcircuit midnightmagic kinlo maaku_ oooooo sirius_ imsaguy Fistful_of_Coins copumpkin tromp_ wumpus trn Graet helo otoburb warren zacm azariah4 d34th weex keus sipa Alanius_ mmozeiko hno EasyAt nOgAnOo K1773R gmaxwell forrestv Ryan52 area harrow comboy amiller matrixfox poggy perrier_ BlueMatt crucif0rm BitCoroner bobke grzs Krellan jarpiain Sorcier_FXK pigeons coryfields ageis wangbus Manfred__ ryan-c optimator @ChanServ
22:08:43kornbluth.freenode.net:Users on #bitcoin-wizards: heakins petertodd
22:11:23azariah4:gmaxwell: like this part "However, we can instead us another globally
22:11:27azariah4:available reference signal which is strongly attack resistant: The sun"
22:11:43gmaxwell:You were supposted to chuckle there.
22:12:08azariah4:the idea is brilliant, and reflection from the sun on objects is not the only useful reference signal
22:12:18azariah4:starts also works, after all star navigation can be quite precise
22:12:22azariah4:*stars
22:12:57gmaxwell:yea, I mention that you can use any available osc. There must be enough variation to time off it. Pulsars would work great but they require far too much equipment to detect.
22:13:44gmaxwell:but you can also potentially use things like the electrical grid within an area.. or any mutually observable radio transmission, even if you can't decode it.
22:14:15azariah4:hehe yepp, it's a good starting point for generic sensor input
22:14:32azariah4:one, perhaps more realistic application, could be distributed weather sensors
22:14:38gmaxwell:The sun was just a fun example because unlike GPS it's awful hard to turn off.
22:14:51gmaxwell:(we hope!)
22:14:54azariah4:not sure if there is really a attack scenario worth having a blockchain for that, but it could be useful
22:15:19maaku_:gmaxwell: giant sun-shades...
22:16:15azariah4:one could imagine using a combination of GPS, Galileo and Compass for less centralized satellite input
22:16:36maaku_:gmaxwell: also, it's quite simple to put up a reflector bird which makes the sun's EM signature measurable from the night sky (2-3 birds in a mid-earth orbit)
22:16:44azariah4:though of course they could still all conspire to attack nodes
22:16:48maaku_:azariah4: all are trivially simple to jab
22:16:52maaku_:*jam
22:17:44gmaxwell:maaku_: but _much_ easier to correlate against.
22:18:25maaku_:gmaxwell: yeah but I like the properties of using the sun as a source of randomness
22:20:00maaku_:but I wonder just how random it is - could you make short term predictions, even if somewhat inaccurate
22:20:08gmaxwell:maaku_: I've never actually tested it— in theory it should work... but it might be hard to find an observation channel with a good enough ratio of sun noise to background noise to make it work well.
22:20:46gmaxwell:it doesn't have to be random, e.g. if the sun put out a sinewave it would be fine so long as you had a way to get your initial time to get you within one cycle of the wave.
22:21:32maaku_:besides timestamping though, it's interesting to think what you can do with a globally available random oracle
22:21:57azariah4:http://en.wikipedia.org/wiki/Pyranometer
22:22:05gmaxwell:well sadly, many of those cool things require bit exact decisions and thats hard to get from an unstructured analog signal.
22:22:52gmaxwell:one of the other reasons that sun is interesting is that a huge portion of its output power is light, and it's cheap to make a really really high gain anteann for light.. so you can be super selective against jamming, if you don't mind a rig to track the sun.
22:23:33azariah4:the rig could be combined with a solar panel though
22:23:51maaku_:he engineering challenges are interesting .. you'd probably want to select spectra which reflect well off the lunar surface
22:23:54azariah4:bundled with one for people who already would invest in one perhaps?
22:24:23maaku_:* maaku_ is discussing with adam3us potential uses for a random beacon/oracle
22:26:47gmaxwell:maaku_: yea, basically I think it would be interesting to setup a light sensor in two different cities with gpsdo for timing, and measure the correlation of the sun signals at different wavelengths. Its a measurement I've never made, but I have a pair of gpsdos (somewhere) if you know anyone who wnats to make it.
22:28:13gmaxwell:I think you can extract somewhat reliable bits via a procedure which measures the lag time of peak self-similarity in the sun signals, and decodes it with an error correcting code so that if you get a few bits different you still get the same fingerprint.
22:29:46ens:light jamming?
22:30:29ens:"get out of the way, you're jamming the sun"
22:31:15azariah4:good point, the gpsdo could be placed near sunbathing enthusiasts to reduce chance of a jamming attack
22:31:42ens:lymann-alpha based intergalactic positioning system.
22:32:22ens:accuracy of about ~5 light years for civilian usage.
22:37:39wallet421:wallet421 is now known as wallet42
22:38:16petertodd:pigeons: yeah, they're hiring me to do a security audit, as well as another person in the bitcoin world (dunno if the info on who it is is public)
22:40:32petertodd:pigeons: mastercoin also doesn't work with multisig (although it's not a security issue) I got them to disable it, and re-enabling it will be the first real-world test of the embeded consensus system upgrade procedure I wrote about
22:41:47spin123456:spin123456 is now known as spinza
22:56:33tacotime:tacotime is now known as tacotime_
22:59:11justanotheruser:justanotheruser is now known as just[dead]