01:23:05c0rw1n_:c0rw1n_ is now known as c0rw1n
01:40:04kanzure_:kanzure_ is now known as kanzure
07:55:15OneFixt_:OneFixt_ is now known as OneFixt
10:52:31wallet421:wallet421 is now known as wallet42
10:54:42OneFixt_:OneFixt_ is now known as OneFixt
11:11:15fanquake:fanquake has left #bitcoin-wizards
12:19:14HM:Suppose I had something I had encrypted, and I wanted it to be decryptable by someone at some point within the next 10 years, could be tomorrow but upperbound almost guaranteed. Without putting anything in to the blockchain, is there anyway to utilise the hashing power of the network to achieve that?
12:20:07HM:The idea would be, the bitcoin network having more hashing power than most self-funded crackers, the secret would become known to a broad audience all at once, essentially equal access
12:22:15HM:just a thought i had doing some dishes
12:29:53e4xit:I guess you encrypt it using a randomly generated password of a set length/difficulty for the algorithm chosen to encrypt it, so that it will intersect with predicted computing power at a certain point in time...
12:30:46HM:right, but you can't actually use the computing power of the network for arbitrary sha256 hashing
12:31:39HM:i don't think its possible myself
12:32:29e4xit:oh i just thought you meant that "at time 'x' in the future, 'someone' will have a computer powerful enough to brute force encryption of 'y' difficulty"
12:32:48HM:nah that would be easy
12:32:48e4xit:it sounds like you would need an alt coin
12:33:46e4xit:there are coins which search for prime numbers and proteins and such
12:36:20HM:right, but that defeats the point ;) you'd have to get everyone using it and there's no incentive except the public good. the idea was an ancillary use to the existing cpu cycles being burned
12:36:33HM:I can't see how the current pow can be useful though
12:43:50edulix:edulix is now known as eduli
12:43:51eduli:eduli is now known as edulix
15:29:05tacotime_:tacotime_ is now known as tt_away
16:09:09Emcy_:Participating nodes would sample RF noise on some agreed band(s) being
16:09:09Emcy_:emitted by the Sun and continually record it, with their sampling clock
16:09:09Emcy_:being driven by their stable local oscillator. Nodes would then publish
16:09:09Emcy_:timestamped recent fragments of this signal.
16:09:37Emcy_:would this require nodes to know precisely their own postion on the surface of the earth
16:10:25Emcy_:cos a node at midday is about an earth radius closer to the sun asd one at dawn or dusk
16:35:06coryfields:coryfields is now known as cfields
16:59:24maaku_:Emcy_: plus atmospheric effects which may have larger effects
17:00:06Emcy_:i dont think even gps accounts for that
17:00:27maaku_:HM: gmaxwell has explored that idea of having (breaking) timelock encryption as the proof of work
17:01:28maaku_:Emcy_: good ones do, as it is a significant enough source of noise
17:02:17maaku_:although the situation is a little different there as there are multiple sources at different vectors
17:02:59maaku_:hrm can't seem to find a reference for the speed of light in atmosphere
17:03:08Emcy_:what exactly radio emissions does the sun give off that is good as a reference signal any way
17:03:10maaku_:obviously would depend on altitude too
17:03:32maaku_:Emcy_: random EM noise in just about every spectrum
17:03:41Emcy_:yeah but its random
17:04:06maaku_:that's exactly the point...
17:04:07maaku_:otherwise it could be predicted
17:04:16maaku_:the point is to provide a truly random oracle/beacon
17:04:31Emcy_:oh yeah
17:04:32maaku_:for which you can get global consensus
17:05:05Emcy_:i wonder is the albedo of the moon is good enough in those spectrums to work at night too
17:05:31maaku_:so besides accurate time consensus, you could do things like, say, have a source of randomness available to smart contracts
17:06:05maaku_:yeah, it is, but that's why you have to be careful about choosing the right spectra
17:07:06maaku_:i remember seeing a poster at one of the lunar science conferences about the amzing reflection properties of the moon in various spectra
17:07:12maaku_:wish i had a cite for it right now :(
17:08:29maaku_:but of course there are times neither the moon nor the sun are available
17:08:58Emcy_:cant the NSa just rock up and beam a few kw at your computer and fuck this scheme up
17:09:06maaku_:then you can use any large metallic satellite (ISS would be great, or some of the older GEO birds)
17:09:47Emcy_:well they can rocl up and shoot you i suppose so meh.
18:07:04licnep_:licnep_ is now known as licnep
19:31:24gmaxwell:"If you're around, would you have any idea why Zeitcoin would be stuck at block 500 for the entire network?" < (I bet half of you instantly make the same guess I made)
19:44:09andytoshi:block reward so high that something overflowed?
19:45:01sipa:block 500... that sounds like the getblocks limit
19:45:09michagogo|cloud:* michagogo|cloud checks checkpoints.cpp
19:45:53pigeons:cause no one bothers to mine it
19:46:04gmaxwell:yea, I was assuming they forked code with a checkpoint at 500.
19:46:21gmaxwell:so michagogo|cloud gets the point for the same guess as me. (Dunno what their actual issue was)
19:46:22andytoshi:oh :P much simpler
19:46:37sipa:well, bitcoin doesn't have a checkpoint at 500
19:46:46sipa:but maybe they forked something else
19:46:51andytoshi:they use scrypt, probably they forked doge or osmething
19:46:51michagogo|cloud:sipa: Yeah, hence 21:45:30 nah
19:46:53michagogo|cloud:Ah, maybe
19:47:09michagogo|cloud:Do any other coins have a checkpoint at 500? o_O
19:47:41gmaxwell:testnet does IIRC.
19:47:55gmaxwell:oh these guys forked ppcoin
19:48:08gmaxwell:so actually their issue is probably that they aren't broadcasting checkpoints.
19:48:33michagogo|cloud:Uh, broadcasting checkpoints?
19:48:48gmaxwell:yep. exactly. hurray for ppcoin.
19:49:04jcorgan:consider it evolution in action
19:49:07michagogo|cloud:...wait, what?
19:49:19gmaxwell:michagogo|cloud: they hijacked the alert mechenism so that the developer has a key to broadcast checkpoints. Seriously. Most of the users don't even know it.
19:49:19michagogo|cloud:They... broadcast checkpoints?
19:49:25michagogo|cloud:How does that work?
19:49:30gmaxwell:The system stops working if the developer stops for >1 week.
19:50:44sipa:hurray for decentralozation
19:50:59gmaxwell:michagogo|cloud: To be fair there are at least some limitations on it, the a node won't take a replacement at or below a height it already has one. So they can't conduct free reorgs, only one shot reorgs, and 'only' can reorg a week of blocks — or they can forever split the network.
19:51:16gmaxwell:(I am obviously not arguing that it isn't loltastic horrible)
19:51:19andytoshi:zeit is hilarious, 30 second blocks and difficulty retargets every blocks, block reward is 1mil
19:51:36gmaxwell:Worse, when you criticize peercoin's stuff here you get piled on by people saying bitcoin has the same thing. :(
19:52:01michagogo|cloud:Are people really that dumb?
19:52:07Emcy_:why would someone set retarget to every block
19:52:20michagogo|cloud:Emcy_: ikr
19:52:25pigeons:same thin meaning the developer provided checkpoints?
19:52:33gmaxwell:Emcy_: because they like isolation attacks? and weird incentives to lie about the time?
19:52:36michagogo|cloud:pigeons: I think so, yeah
19:52:57gmaxwell:pigeons: who knows what they _mean_, but they dismiss this as being a criticial flaw.
19:52:57Emcy_:why do people fork coins at look at its fundamental parameters and just say "yeah lets just make all this faster"
19:53:12andytoshi:because they haven't read alts.pdf
19:53:15gmaxwell:Emcy_: shed painting.
19:53:17andytoshi:and because alts.pdf is not done :(
19:53:32Emcy_:shed painting?
19:54:00gmaxwell:Emcy_: http://bikeshed.com/
19:55:02Emcy_:bikeshed is a metaphor for....software development
19:55:45gmaxwell:it's not just software development, it arises everywhere in engineering and design. People nitpitch the minutia because its the minutia they (think they) understand.
19:55:52midnightmagic:arguing at length about minor seemingly cosmetic details which have no basis in effectively pushing the state of the software forward, but mean an irrational lot to the people arguing about them.
19:55:58Emcy_:oh there was something about bikesheds on tha tmaximum tinfoil video with the swedish guy
19:55:59Emcy_:i remember
19:56:47gmaxwell:most people touching these altcoins have nary an idea how this stuff works, but some of these parameters like block times are figures users are all familar with and understand at least one effect of.
19:56:56andytoshi:it's weird here, it's not a normal bikeshed because they somehow do a -lot- of damage with these "trivial" changes
19:57:10Emcy_:midnightmagic why not jsut say politics. That word is still enough of a derogatory term to carry the meaning
19:57:17andytoshi:like if you said, "i want to paint the shed with radium so that it'll glow"
19:58:10sipa:give N people X amount of time to decide Y
19:58:27gmaxwell:andytoshi: well they mistake this stuff as color which has no other effects, but by paiting the shed black it gets too hot and the equipment inside all fails. The shed had to be white or near white for non-aesthetic engineering reasons.
19:58:30sipa:independent of N and Y, they will use X time to discuss
19:59:14Emcy_:andytoshi most of these alts have no intention of lasting a decent amount of time. Nakamoto chain currencies can be really, really pyramidy in the wrong hands
20:00:11jcorgan:it is rather telling that all of them "cash out" by getting the coin adopted on a crypto exchange and then trading with a greater fool for bitcoin
20:00:31Emcy_:gmaxwell we must calculate the exact shade of white to maintain an optimal operating temerature for the quipment inside a maximal amount of the time
20:00:51Emcy_:ill look up solar forecasts for the next ten years, you look up manufacturer infomation
20:18:09antephialtic:gmaxwell: since they retarget difficulty every block, could someone with a lot of hashpower essentially freeze the network by mining for a few blocks, then stopping, so the difficulty was left so high that the network would take way too long to mine a block without them? (regarding your previous question about Zeitcoin)
20:19:18gmaxwell:antephialtic: presumably they have a maximum change per block, if so that also means there is a nasty non-linearity in their difficulty change rules where you can earn more by mining in bursts (and riding against the rail).
20:19:39gmaxwell:(bitcoin has such a non-linearity, but it's do hard to hit— and never been hit on the network— that it doesn't matter)
20:20:40antephialtic:yeah, if you had enough hashpower to do it with bitcoin, you probably would have enough to just do some double spends or selfish mine anyway
20:22:39gmaxwell:since it starts getting into miner incentives stuff it's hard to analyize, so I dunno how bad it really is... still— something I'd avoid.
20:35:26nsh_:nsh_ is now known as nsh
21:11:12HM:I'm finally getting Stefan brands blind signature scheme
21:11:22HM:i also rediscovered the page that i first read it on
21:11:48HM:which is nice
21:12:21HM:It's taken me ages to boil down the concept
21:12:41HM:(rather than just follow the algebra, which isn't enlightening)
21:16:20nsh:can you synopsise?
21:17:30HM:not yet ;)
21:18:21midnightmagic:ehh.. I hate to ask here, but is there a summary document somewhere which describes in salient, short points all altcoins that have been analyzed by.. well anybody reputable anyway that can be used as a reference somewhere?
21:21:22nsh:no, but i'm sure there's something from the 18th century about the merits of buying tinctures and cure-alls from people in three-dollar suits on the back of touring wagons
21:21:32nsh:that might be still appropriate
21:23:43HM:nsh, the critical point seems to be using a DSA like construct to prove the result of a exponentiation is as promised
21:24:14rdymac_:rdymac_ is now known as rdymac
21:24:15nsh:HM, hmm, thanks. will investigate :)
21:24:39comboy:oh I want to join alt questions, is proof of stake actually proven to work? assuming most coins are in hands of rational actors that don't want to destroy the currency but are optimizing for personal profit? because I still don't know answer to that
21:24:39HM:nsh, so the bank has a secret for the withdrawal, w, and a secret key x. It returns xM and wM where M is an EC point (well it would be in EC terms)
21:25:09HM:normally you can't prove anything about those values
21:25:29nsh:right, a second spend fixes the line equation revealing the secret
21:25:41HM:but you combine them algebraicly and challenge the bank to prove it did it correctly
21:26:10HM:after more blinding you get a shadow line with an intercept the bank can't know
21:26:14nsh:"payment information may be efficiently stored (17 bytes per payment);" that seems very optimistic in retrospect
21:26:47HM:hmm yeah tis
21:27:05HM:I think you need at least 64 bytes and thensome
21:41:20sipa:comboy: afaik, (pure) proof of stake cannot work, and not because of economic reasons
21:42:47michagogo|cloud:With PoS, AIUI, a rational miner will mine every possible fork
21:44:03michagogo|cloud:The reason PoW works is that the miners are irreversibly expending valuable resources mining, so they had better put that effort into what they believe to be the most likely chain to survive
21:47:22petertodd:comboy: there's something almost, but not quite, proof-of-stake that I've taken to calling proof-of-internal-sacrifice, but it places very high and probably unrealistic demands on the flood-fill network required to broadcast new information about the state of consensus
21:51:28HM:internal sacrifice sounds pretty hardcore
22:00:12comboy:sipa: it's hard for me to distinguish technical from economic reasons since it all seems to be about incentives, but you mean that even if majority of owners are not selfish it cannot work?
22:00:56sipa:comboy: well, up to a certain point, economics are always involved
22:01:21sipa:comboy: but there is no reason why any PoS miner wouldn't extend every fork he has ever seen, as it costs just as much as mining on one chain
22:01:41sipa:which means no convergence
22:04:44comboy:long story short we cannot avoid work :/
22:05:21comboy:petertodd: is there something to read about it?
22:06:25nsh:.wik IMT international
22:06:30nsh:(oops, wrong chan)
22:10:08petertodd:HM: for the love of god, please come up with a better name for it for me
22:10:46tromp_:in PoS, stake blocks must still meet a hash target. but this target is per unit coin age, so the more stake you have the easier it is to meet the target
22:10:48petertodd:comboy: sigh, not yet, it's on my mythical "I need to write a biook" todo list
22:10:59HM:petertodd, would if i could. no idea what you're talking about
22:11:08petertodd:(holy crap this airport wifi sucks)
22:11:32petertodd:HM: heh, so, proof-of-sacrifice means proving you sacrificed some digital asset, say, spending some bitcoins to an unspendable output
22:12:03HM:nsh, the 17 bytes might not be that unrealistic after all. i just discovered 3 of 4 EC points are redundant because you can regenerate them from the other (you just need to vertify the challenge hash)
22:12:12tromp_:if you make the unit hash target small (hard) enough, then it will be very hard for stake holders to work on many parallel chains
22:12:23petertodd:proof-of-internal-sacrifice means the thing you sacrificed was a digital asset within the system itself, which means for it to be a true sacrifice the consensus of the system in the long run must include the fact you made that sacrifice - tricky!
22:12:39HM:petertodd, the mtgox method? :P
22:12:48HM:proof of stupidity
22:13:19tromp_:proof of karpeles tunnel syndrome
22:14:21HM:proof of pauperism
22:15:06HM:proof of philanthropy?
22:15:26HM:because discarding coins would make everyone elses worth more in real terms? :S
22:15:49HM:no idea
22:17:22andytoshi:midnightmagic: this is the plan for alts.pdf eventually. i was hoping some people more familiar with the history would contribute
22:17:57petertodd:HM: problem if, mtgox doesn't have any proof...
22:18:02comboy:petertodd: I mean for bootstrappnig it seems reasonable to do this proof-of-making-gods-happy, but what do you mean about this "places very high and probably unrealistic demands on the flood-fill network required to broadcast new information about the state of consensus"?
22:18:53HM:keeps ISPs happy perhaps, not sure about Zeus
22:19:07petertodd:comboy: well, basically since the sacrifice only happens if it gets incorporated into the consensus, you can play games by jamming the jam-free flood-fill network that all crypto-consensus schemes need to function
22:20:03petertodd:as it is, these schemes - bitcoin included - are really trying to achieve proof-of-publication, and they do that by bootstrapping on top of a really shitty proof-of-publication scheme - just broadcasting some data on a flood-fill network
22:20:04comboy:petertodd: but is this somehow different than what's present in PoW networks?
22:20:32petertodd:comboy: yes, because in pow you've sacrificed something valuable - energy - even if no-one ever hears about it
22:21:11nsh:(you can't sacrifice energy :)
22:21:22HM:as far as we know
22:21:28nsh:* nsh nods
22:21:32petertodd:nsh: !@#$ pedants
22:21:38nsh:* nsh smiles
22:22:46nsh:i'm in a position where pedantry is a survival skill, and worthy of practice :)
22:22:53amiller:petertodd, sipa, isn't the best idea to use a one-time-use-only signature, such that once you attempt to spend a coin on one block, if you attempt to publish a second one voting for a different block, you lose the coin altogether?
22:23:32petertodd:amiller: that's exactly the kind of thing I'm talking about - point is it depends on a jam free network for someone to find out about that other spend attempt
22:23:42petertodd:amiller: that's a seriously non-trivial requirement
22:24:10amiller:i kinda feel like all the other good stuff relies on this jam free network too
22:24:10nsh:what does 'jam' mean, technically-speaking?
22:24:28HM:50% fruit, 50% sugar, boil it down
22:24:31nsh:(it's slang for sex in glasgow. The More You Know (tm))
22:24:44amiller:once you pass a message to one member of the network
22:24:48petertodd:amiller: yes it does, hence why I keep saying the point of bitcoin is to take a shitty jam-free-network/proof-of-publication system and make it strong
22:24:48amiller:absolutely everyone hears about it in short order
22:25:09petertodd:nsh: jam == censor
22:25:15nsh:ah, gotcha
22:25:32amiller:or equivalently, if you pass one half of an interesting transaction to one person on the network, and the other half to any other person on the network, then the two halves will find each other and make it onto the blockchain
22:25:39comboy:isn't jamming problem solved in good part if everybody is using tor? I mean with some reasonable amount of connections it's really hard to do something
22:25:42nsh:so any viable incentive system must strongly discourage selective gossip...
22:26:00petertodd:nsh: yup
22:26:06nsh:* nsh nods
22:26:08petertodd:comboy: no! not at all! tor makes it worse
22:26:09amiller:the significance of the way i explain it is that the two halves of a transaction aren't necessarily themselves significant enough to get included in the public log
22:26:23amiller:it's only when they come together somehow that it's worth publishing
22:26:36petertodd:comboy: fortunately bitcoin is so strong that tor doesn't do it any harm, but lesser systems... ugh
22:26:38amiller:for example an "attempted green-address double spend"
22:26:51amiller:right now if someone attempts to double spend, the double spends are forgotten
22:27:08amiller:but if someone attempts to double spend a green address, it's Big Fucking News and sohuld probably trigger other things like insuarnce payouts
22:27:48petertodd:amiller: if you puruse chat logs from a year ago you'll notice how I was talking about proof-of-publication in everything but name w/ fidelity bonded banking for that kind of reason
22:28:02comboy:uh oh, but even if somebody creates a lot of "bad" nodes, he would have to have *much* more of them than the actual network to have any chance with you, no?
22:28:15amiller:petertodd, i guess, i think what i'm talking about is a little different
22:28:19amiller:but i dunno maybe
22:28:23austinhill:I offer you alll this gem of a short documentary on fractional reserves :) http://www.youtube.com/watch?v=ADv5-Pen1L4#aid=P-Z3ijodCiQ
22:28:25amiller:i've been pointing this out for over a year ago too
22:28:26comboy:I mean apart from the way addrs are currently propagated..
22:28:45amiller:for example in the differene between what you get with 'commitcoin' or whatever that other implementation is
22:29:02amiller:and how you can't use that to create a mastercoin-like overlay coin, because you get proof of timestamp but not proof of publication
22:29:23amiller:anyway yeah, the proof-of-publication == jam-free is really significant
22:30:14amiller:anyway the example i'm pointing out now is slightly stronger
22:30:15petertodd:comboy: the issue is how do you even know how big the actual network is? one way of thinking about bitcoin is that it helps solve that problem
22:30:50petertodd:comboy: that's why you can use bitcoin safely via tor provided your attacker isn't a large chunk of the hashing power: confirmations will be very slow and you'll be suspicious
22:30:51amiller:people with green addresses want to prove they aren't attempting double spends, that means a) every transaction needs to be published even if they aren't, and b) someone needs to keep an index so it's efficient to tel if there are conflicting ones
22:31:00amiller:proof of publication is close but not enough for that
22:31:18petertodd:comboy: or, the work-per-block will be low compared to your idea of what it should be (via third-party methods notably!)
22:31:58petertodd:amiller: ah, true, the index requirement is a real-world-consideration there
22:32:14petertodd:amiller: a flaw for any real proof-of-pub scheme
22:32:32ens_:proof of pub? ask any irishman
22:32:38amiller:but for sure we're narrowing in on the crucial abstractions over what bitcoin's already providing.
22:32:57petertodd:amiller: note how all my fidelity bonded banking discussion pretty much boiled down to "all these methods are imperfect, but together... hopefully!"
22:33:11amiller:petertodd, so, what's a shitty jam-free network?
22:33:19amiller:or a shitty index for that matter?
22:33:26amiller:how are we going to build a strong one out of the shitty parts?
22:33:49petertodd:amiller: well, bitcoin! ie, imagine if bitcoin had no pow, and was based purely on "hey look! I just published this tx to the jam free network, and no-one complained"
22:34:04petertodd:amiller: obviously it'd seem to work great until someone sybil attacked the network
22:34:25petertodd:amiller: bitcoin just makes sybil attacking the network have very well-defined costs - we call it the 51% attack
22:34:57amiller:in other words the pow blocks are the jam-free mechanism
22:35:01petertodd:amiller: as for a shitty index, the existing bloom filter implementation is a perfect example as nods can get away with lying
22:35:20petertodd:amiller: well, they're what makes the underlying jam-free mechanism feasible
22:35:35petertodd:amiller: you could say pow makes measuring the degree of jam feasible
22:35:44petertodd:* petertodd mmm... degree of jam
22:35:59amiller:proof of pudding
22:36:40petertodd:does it involve eating? i hope so
22:37:13amiller:proof of pudding would actually be a really good paper name because of bread-pudding protocols
22:37:20comboy:petertodd: of course jam free is not enough, but just talking about jam free I was expecting it to be easier achievable through tor, but maybe not indeed (although for attacker that has unlimited ipv4..)
22:37:54comboy:and I'm hungry
22:37:57amiller:does tor even provide any strong availability guarantees
22:38:07amiller:i guess by obscuring each link it makes it very hard to selectively jam
22:38:10amiller:that does seem pretty crucial
22:38:42petertodd:amiller: oh yeah? remind me again what is a bread-pudding protocol 
22:39:02amiller:it's basically merge mining from 20 years ago
22:39:22petertodd:(wtf, 35% packet loss...)
22:40:44petertodd:amiller: paywalled, email me a copy
22:41:11amiller:the .ps files are available on google scholar, i just felt like linking to a browser-readable version of the abstract
22:43:29petertodd:ah, yeah, I've read that one
22:53:52ens_:ens_ is now known as ens
22:57:09petertodd:from #ethereum: "I'm trying to build go client but it seems that it needs qt5, is it wise to put this kind of dependance" <- slapping a gui on it should be the last thing you do...
23:00:51Luke-Jr:ugh, I think I need to open 2 freenode connections so I don't have to keep picking which channels
23:01:44austinhill::petertodd haha nice find. Anyone huffing ether should enjoy this :)
23:02:35nsh:Luke-Jr, just register yourself as a bot :)
23:02:57Luke-Jr:nsh: does that work?
23:03:37nsh:otherwise you can probably syndicate channels with znc or some other more-advanced bouncer
23:08:18petertodd:austinhill: colored coins I think made the same mistake
23:08:40petertodd:austinhill: should have focused on getting a top-notch library working first with a simple CLI interface
23:09:09petertodd:austinhill: and mastercoin too...
23:42:33adam3us:amiller: one-use sig are technically easy and have the property you mentioned if i understand (spend twice and the private key leaks).
23:43:07amiller:right, so, one of those gets you the best-in-breed proof-of-burn consensus i think
23:43:18adam3us:amiller: Q'=H(r=kG,Q) where Q=dG as normal, Q' is the extended address. sig is r,s normal s=k^-1(H(m)+rd)
23:43:57adam3us:amiller: because r is fixed, you are forced to reuse k, which leaks the private key by simultaneous equation if you double spend
23:45:32amiller:ok great, so, how do you actually make it so that losing your private key is worse than trying and hoping no one cares
23:45:33adam3us:amiller: which is probably a reasonably plausible semantics for 0-confirm. either you get the money, or if its double-spent - a miner does. probably better than the money going to the double-spender!
23:46:39adam3us:amiller: you could probably escalate it ... use the same private key for a larger bond perhaps.
23:47:33adam3us:amiller: the main downside is this places transactional requirements on clients. eg if you send a payment to the network, then your client crashes, you reboot and are unsure so do it again. the client needs to be transactional to ensure it sends exactly the same message the second time. or you accidentally double spend
23:48:00amiller:well this just needs to be for mining
23:48:16amiller:i dont see a problem with that basiclaly
23:48:51adam3us:amiller: accidentally double spending could be painful for a user
23:49:00adam3us:amiller: or are you talking about a different use case?
23:49:13amiller:i'm talking about proof-of-burn consensus
23:49:30amiller:where instead pow mining, you spend coins into a dev null lottery kinda thing
23:49:36amiller:dedicate them to voting for a block
23:50:11austinhill:petertodd: was not the mistake of coloured coins SPV and a myopic view of how the blockchain worked?
23:51:32adam3us:amiller: so then what? highest burn dictates what is the valid block? (modulo validation by other voters who wont (you hope) vote on top of former invalid blocks)?
23:53:16amiller:adam3us, i don't know, tbh, i kinda don't understand how proof-of-stake works either
23:53:22amiller:but this at least addresses one immediate problem with it
23:54:15adam3us:amiller: vote on multiple branches, you lose your coin? (the nothing-at-stake issue do you mean?)
23:55:08petertodd:austinhill: no, colored coins is fine with SPV
23:55:10adam3us:amiller: i think the nothing-at-stake is a way to turn proof of stake into proof of work, but you dont broadcast the failed ones. so i am not sure if it helps
23:55:23petertodd:austinhill: though I'm about to catch a flight, later
23:55:36adam3us:petertodd: colorcoins are non-spv compat, no. (ok later!)
23:55:37petertodd:see you all at financial crypto 2014!
23:55:58Luke-Jr:petertodd: nah, I'll be at the Bitcoin conference :P
23:56:03petertodd:adam3us: ask yourself what you mean by "non-spv" exactly, but anyway, later
23:56:27adam3us:petertodd: spv clients cant validate the colors (without bitcoin core changes)
23:59:33adam3us:amiller: it is a fun building block tho (one-use sig). if the transactional requirement could be made categorically safe somehow for clients. the problem is clients are cheap/unreliable hardware potentially. its also kind of separately interesting, another kind of use case, that a one-use sig is kind of non-malleable even by the signer. (ie no need to step 1 move the coin into a 2 of 2 address and have the counterpa
23:59:51amiller:adam3us, that is just not a real big problem here