00:00:38gmaxwell:andytoshi: see my reply: https://bitcointalk.org/index.php?topic=492969.msg5515776#msg5515776
00:00:52andytoshi:i know. and he was already on my ignore list, so i didn't expect much
00:01:30andytoshi:thx a ton for the support tho
00:02:14andytoshi:my reply was pretty curt, i should work on being more patient, he actually read my doc so perhaps if i'd been nicer he would've listened to it..
00:09:50realazthat:gmaxwell: the interpreter, assembler and disassembler are almost ready
00:10:09realazthat:I need to ask eli some minor questions, mostly about the latest version
00:10:24realazthat:I also wrote a bunch of unit tests for the interpreter
00:11:44gmaxwell:realazthat: looked into adding gdb support for it interpreter? :P
00:11:49gmaxwell:er for the
00:11:55realazthat:I wouldn't know how
00:12:06realazthat:it is all in python btw
00:12:11gmaxwell:lol okay.
00:12:25gmaxwell:it's actually pretty straight forward, grab the source, look at sim/moxie ... but it is in C.
00:13:08realazthat:I know C, but I am not sure how they would interact
00:13:26realazthat:ok I'll look into that once it is usable
00:28:47realazthat:gmaxwell: would I be implementing this for tinyram assembly?
00:28:59realazthat:usually gdb is for a higher level language, no?
00:30:38gmaxwell:realazthat: gdb works on assembly, but no the idea is that gdb can simulate the machine in question, and with the right debugging symbols on your binary, gdb allows you to debug the C code you started with.
00:31:15realazthat:ah it can simulate the entire thing
00:31:29realazthat:so basically I would be porting it to some gdb-scripting-language?
00:32:08realazthat:or how does it know how to simulate the machine
00:32:31gmaxwell:you implement a simulator in gdb, thats whats in the sim directory... there are simulators for basically every arch gdb supports.
00:32:51realazthat:ok so now I understand
00:32:56realazthat:and I should look at moxie
00:33:48gmaxwell:moxie has a lot of references... as its very much like tinyram, and has gdb and gcc support.
00:53:29irc.freenode.net:Disconnected from irc.freenode.net (ERROR :Closing Link: S0106c0c1c0894c25.vs.shawcable.net (Ping timeout: 252 seconds))
00:57:52orwell.freenode.net:topic is: "Bitcoin research, hardfork wishlist, ideas for the future - see also: https://en.bitcoin.it/wiki/Hardfork_Wishlist https://en.bitcoin.it/wiki/User:Gmaxwell/alt_ideas. This channel is logged at http://download.wpsoftware.net/bitcoin/wizards/. For questions about the logs talk to andytoshi."
00:57:52orwell.freenode.net:Users on #bitcoin-wizards: andytoshi-logbot c0rw1n andytosh1 rdymac eristisk tromp Emcy digitalmagus7 Krellan pajarillo samesong go1111111 spin123456 e4xit Hunger- forrestv pigeons ageis ens midnightmagic shinybro maaku samson_ just[dead] roidster realazthat shesek Ursium asoltys adam3us iddo thrasher liteStrikening airbreather stonecoldpat ebfull [\\\] Luke-Jr tt_texas imsaguy mikalv sirius perrier_ phantomcircuit Anduck copumpkin davvblack emsid jgarzik azariah4
00:57:52orwell.freenode.net:Users on #bitcoin-wizards: artifexd austinhill nOgAnOo situation ttttetra OneFixt epscy CodeShark mr_burdell postpre a5m0 rs0 nanotube HM2 sl01 Muis so jrmithdobbs jcorgan roasbeef UukGoblin tucenaber jron Logicwax gribble michagogo|cloud edulix kanzure Sangheili c--O-O espes__ kinlo Fistful_of_Coins tromp_ wumpus trn Graet helo otoburb warren zacm d34th weex keus sipa Alanius_ mmozeiko hno EasyAt K1773R gmaxwell Ryan52 area harrow comboy amiller matrixfox petertodd
00:57:52orwell.freenode.net:Users on #bitcoin-wizards: heakins @ChanServ optimator ryan-c Manfred__ wangbus cfields Sorcier_FXK jarpiain grzs bobke BitCoroner crucif0rm BlueMatt poggy
01:23:31andytosh1:andytosh1 is now known as andytoshi
01:53:47Guest80181:Guest80181 is now known as kaptah
03:12:08phantomcircuit:gmaxwell, when did hashfast hire general council?
07:06:33gmaxwell:phantomcircuit: mid december
07:07:24gmaxwell:phantomcircuit: probably in response to one of their customers suing— who bought very early on before they'd given the dec31st "refund date" and the only date that person had was oct 20th.
07:48:58just[dead]:just[dead] is now known as justanotheruser
09:01:28Alanius_:Alanius_ is now known as Alanius
09:09:59justanotheruser:justanotheruser is now known as just[dead]
09:14:37maaku:the channel has a logo/mascot : http://imgur.com/vTN6Z3n
09:15:14maaku:just need to make the beard red like gmaxwell's
09:15:56gmaxwell:oh wow.
09:16:12gmaxwell:thats going on the quiz webpage once we have one. (well if we do need to go that route)
09:17:09maaku:quiz webpage?
09:18:39gmaxwell:maaku: we're going to try setting #bitcoin +m +z (so only ops can see unvoiced people talking) and run an op in there that if it sees someone non-voiced talking it directs them to a webpage that gives them mandatory cluestick material then remembers their hostmask can continues to +v them.
09:19:18gmaxwell:if in the future we have too much derp in here we could invoke the same magic, but have it be an actual quiz. :)
09:19:30maaku:ah ok
09:20:09gmaxwell:s/run an op/run a op-bot/
09:21:35maaku:not my wizard mind you, it came from reddit : http://www.reddit.com/r/Bitcoin/comments/1zlypk/my_take_on_the_bitcoin_wizard/
09:21:44maaku:(in case you want to use it)
09:22:31nshsplit:nshsplit is now known as nsh
09:38:36sipa:does that wizard intentionally look like gmaxwell?
09:39:52TD:or does gmaxwell intentionally look like a wizard?
09:40:51stonecoldpat:the wizard looks very feminine...
09:41:03gmaxwell:I don't have a hat like that.
09:41:29jcorgan:now i know what to get you for christmas
09:41:58nsh:* nsh kinds wants a wizard staff with an amber bitcoin sphere in its crux
09:42:04gmaxwell:when I was younger and before I had the facial hair (but did have the long hair) I had kind of a baby face, and old farts frequently confused me for a woman. But guys with long hair were less common in south florida.
09:42:04nsh:and by kinda, i mean, a lot
09:42:39stonecoldpat:gmaxwell: so you confirm thats an accurcate portrait of your younger years?
09:42:53stonecoldpat:and tbh i thought the guy was holding dragonballs, not bitcoins when i first seen the wizard picture
09:42:58gmaxwell:perhaps? well I didn't have glasses then either.
09:43:01gmaxwell:Whats a dragonball?
09:43:13stonecoldpat:im sure you could have borrowed your mums
09:43:22nsh:annoying-voice cartoon artefact, presumably
09:43:32stonecoldpat:dragonballs - its from dragonball z (a cartoon)
09:43:43stonecoldpat:yeah, i watched it when i was a kid
09:43:57stonecoldpat:if you collect 7, you can summon a dragon who grants your wish
09:44:58gmaxwell:there is a picture of me from when I was 15 on a silly userpage on wikipedia (as part of an old elaborate joke which has been lost in the mists of time): https://en.wikipedia.org/wiki/User:%E2%98%AE
09:46:41jcorgan:you did have a kind of Farrah Fawcett hair thing going on there, no wonder the old Florida dudes took a liking :)
09:46:47stonecoldpat:i love it
09:47:05stonecoldpat:the hippy-sign username, it makes my life
09:47:31nsh:separated at woodstock? http://www.troll.me/images/conspiracy-keanu/mind-blown.jpg
09:49:10sipa:gmaxwell: facial hair does seem to work!
09:50:41gmaxwell:it's almost as if I look 20 years older now!
09:51:29gmaxwell:if mtgox's AML data was really leaked you'll get to see a passport photo not much newer that that one.
09:54:56nsh:the (purported) hackers are unlikely to have a motive to publically leak the passport photos. they'd more likely either be sold to fraudsters or kept, depending on ethics
09:59:20gmaxwell:well I asked them to publish mine, which would prove they had something.
09:59:42nsh:oh, interesting move
10:06:10gmaxwell:(mine is expired in any case) I doubt it contains anything that useful that someone else couldn't get.
10:09:36nsh:* nsh nods
11:10:24TD_:TD_ is now known as TD
11:13:33TD:cheap[er] provable computations for cases where you're doing set arithmetic: http://eprint.iacr.org/2014/160.pdf
11:14:48TD:looks at first glance like it could be integrated into scip as the constructions is special kinds of gates that work on sets natively, along with split/merge gates to convert to/from arithmetic gates
14:18:48helo_:helo_ is now known as helo
15:13:26artifexd_:artifexd_ is now known as artifexd
15:21:58nsh__:nsh__ is now known as nsh
15:50:17Luke-Jr:andytoshi: ping
15:52:41andytoshi:Luke-Jr: heya
15:52:46andytoshi:i did not receive an email or anything..
15:52:54Luke-Jr:andytoshi: probably won't
15:53:02Luke-Jr:andytoshi: when you planning to go?
15:53:10andytoshi:i'm at school until at least 1:30, then i gotta head home then it's about an hour bike ride
15:53:24andytoshi:so i'll be there by 4 tonight, but earlier tomorrow
15:53:45andytoshi:like, 1 or so
15:56:52andytoshi:oh, i see your q on #bitcoin, sorry, i have no ride for you :)
16:01:22TD_:TD_ is now known as TD
16:03:59Guest61739:Guest61739 is now known as amiller
18:56:29jtimon:gmaxwell are you following the discussion about "scripting 2.0" in the concatenative mailing list? Do you mind if I copy you to my next post in case I'm saying something stupid you would like to correct?
19:49:18adam3us:when it is said that snarks can prove (compactly) that a given program was run on given inputs, some of which maybe hidden; am i right in presuming the verifier needs all the inputs to verify the proof. (either in hidden aka committed form or clear text form.)
19:49:55adam3us:(as well as the moderately large public param which relates to the program)
19:52:29tromp_:if the verifier needed hidden inputs, then how would that be different from given inputs?
19:56:38ens:adam3us: i'm interested in the stuff you are talking about, what kind of thing are you building / researching?
20:04:36gmaxwell:adam3us: the verfier needs only the public inputs. (which also means you can do a neat compression to make the public inputs small: hash them, provide their real value as a non-public input)
20:05:12gmaxwell:(the reason you'd want to make them small is that the verifier has linear performance in the size of the public inputs you're giving to it)
20:05:40gmaxwell:tromp_: they aren't needed but if they were needed they could be encrypted, which is what adam was thinking.
20:10:34ens:the hardest case is the negative case, where there are no inputs that satisfy the program. obviously.
20:12:53tromp_:one of these days i hope to read all 53 pages of the SNARK paper
20:19:12just[dead]:just[dead] is now known as justanotheruser
21:09:16justanotheruser:justanotheruser is now known as just[dead]
21:21:07nsh__:nsh__ is now known as nsh
21:22:21adam3us:gmaxwell: dont u need at least a commitment to the hidden values in aggregate (eg the hash of them, or a merkle root hash)?
21:23:26adam3us:gmaxwell: i mean doesnt the verifier need a commitment to the hash of the hidden values (if not individuall, in total) in a kind of signature sense of what is being proven vs?
21:24:31gmaxwell:adam3us: maybe. Depends on your application. If you want some kind of commitment to the hidden data, then you can include one in the public inputs and the program can verify the agreement between the commitment and the non-determinstic (secret) inputs.
21:24:53gmaxwell:If you don't really care what the secret data is, only that it exists and satisfies the rules— then you don't.
21:25:35gmaxwell:"I know a solution to this sodoku puzzle" ... doesn't require I tell you anything more about the the solution I know.
21:26:22adam3us:gmaxwell: well i guess the prover has to know a solution, in order to make the proof (not just that a solution exists)
21:28:10nsh_:nsh_ is now known as nsh
21:28:16adam3us:gmaxwell: so the motivation to put a commitment to the hidden inputs in the public inputs would be external to the scheme... eg you want to selectively disclose and provably tie to the proof specific inputs (which ones to disclose decided later)
21:29:32gmaxwell:Right, there are plenty of cases where you need to do that... e.g. if you use a SNARK to achieve a publically verifyable hash based signature, for example. ... you need your public key (hash of the secret) to be a public input in order to know who is signing. :)
21:32:42ens:making a proof of an input validating a program without revealing the input can also be done by generating an instance of the program in 3sat, then expressing that as a graph where the solution is a hamiltonian path through the input and generating an isomorphism of that graph, commiting to it and then either showing the isomorphism between the original and the new graph or the cycle
21:32:43ens:in the new graph on request.
21:34:55gmaxwell:ens: ... yes? in any case: such proofs are not succinct, in that they are typically quadratic (and a large constant factor) in the size of the program.
21:36:25ens:maybe i'm just butting it on this without knowing the context. i'll step back.
21:37:47adam3us:gmaxwell: so talking with maaku if the program becomes complex so that the public verification key is impractically large is it the case that most of the key is not involved in individual proofs, then maybe the verifier can store only a merkle root committing to the verification key bits and then a proof can be accompanied by the bits and merkle paths to prove it.
21:40:17gmaxwell:adam3us: for GGPR12 the verification keys are small. (like a dozen group elements) effectively all the succinct systems (ones with sublinear proofs and sublinear verification time) can be seen as effectively working work by recursively performing the verification in the prover. ... so your verification key is really only verifying the last step, and its turtles all the way down after that.
21:41:34maaku:* maaku checks the paper and sees that he misremembered
21:48:10gmaxwell:the proving keys OTOH become huge.
23:01:06poggy:did yall see the ars tech thread on alt coins
23:09:03maaku:poggy: is it relevant?
23:09:18poggy:no just funny
23:45:41jcorgan_:jcorgan_ has left #bitcoin-wizards