| 00:00:38 | gmaxwell: | andytoshi: see my reply: https://bitcointalk.org/index.php?topic=492969.msg5515776#msg5515776 |
| 00:00:52 | andytoshi: | i know. and he was already on my ignore list, so i didn't expect much |
| 00:01:30 | andytoshi: | thx a ton for the support tho |
| 00:02:14 | andytoshi: | my reply was pretty curt, i should work on being more patient, he actually read my doc so perhaps if i'd been nicer he would've listened to it.. |
| 00:09:50 | realazthat: | gmaxwell: the interpreter, assembler and disassembler are almost ready |
| 00:10:09 | realazthat: | I need to ask eli some minor questions, mostly about the latest version |
| 00:10:24 | realazthat: | I also wrote a bunch of unit tests for the interpreter |
| 00:11:44 | gmaxwell: | realazthat: looked into adding gdb support for it interpreter? :P |
| 00:11:49 | gmaxwell: | er for the |
| 00:11:51 | realazthat: | lol |
| 00:11:55 | realazthat: | I wouldn't know how |
| 00:12:06 | realazthat: | it is all in python btw |
| 00:12:11 | gmaxwell: | lol okay. |
| 00:12:25 | gmaxwell: | it's actually pretty straight forward, grab the source, look at sim/moxie ... but it is in C. |
| 00:13:08 | realazthat: | I know C, but I am not sure how they would interact |
| 00:13:26 | realazthat: | ok I'll look into that once it is usable |
| 00:28:47 | realazthat: | gmaxwell: would I be implementing this for tinyram assembly? |
| 00:28:59 | realazthat: | usually gdb is for a higher level language, no? |
| 00:30:38 | gmaxwell: | realazthat: gdb works on assembly, but no the idea is that gdb can simulate the machine in question, and with the right debugging symbols on your binary, gdb allows you to debug the C code you started with. |
| 00:31:15 | realazthat: | ah it can simulate the entire thing |
| 00:31:17 | realazthat: | interesting |
| 00:31:29 | realazthat: | so basically I would be porting it to some gdb-scripting-language? |
| 00:32:08 | realazthat: | or how does it know how to simulate the machine |
| 00:32:31 | gmaxwell: | you implement a simulator in gdb, thats whats in the sim directory... there are simulators for basically every arch gdb supports. |
| 00:32:51 | realazthat: | ok so now I understand |
| 00:32:56 | realazthat: | and I should look at moxie |
| 00:33:48 | gmaxwell: | moxie has a lot of references... as its very much like tinyram, and has gdb and gcc support. |
| 00:53:29 | irc.freenode.net: | Disconnected from irc.freenode.net (ERROR :Closing Link: S0106c0c1c0894c25.vs.shawcable.net (Ping timeout: 252 seconds)) |
| 00:57:52 | orwell.freenode.net: | topic is: "Bitcoin research, hardfork wishlist, ideas for the future - see also: https://en.bitcoin.it/wiki/Hardfork_Wishlist https://en.bitcoin.it/wiki/User:Gmaxwell/alt_ideas. This channel is logged at http://download.wpsoftware.net/bitcoin/wizards/. For questions about the logs talk to andytoshi." |
| 00:57:52 | orwell.freenode.net: | Users on #bitcoin-wizards: andytoshi-logbot c0rw1n andytosh1 rdymac eristisk tromp Emcy digitalmagus7 Krellan pajarillo samesong go1111111 spin123456 e4xit Hunger- forrestv pigeons ageis ens midnightmagic shinybro maaku samson_ just[dead] roidster realazthat shesek Ursium asoltys adam3us iddo thrasher liteStrikening airbreather stonecoldpat ebfull [\\\] Luke-Jr tt_texas imsaguy mikalv sirius perrier_ phantomcircuit Anduck copumpkin davvblack emsid jgarzik azariah4 |
| 00:57:52 | orwell.freenode.net: | Users on #bitcoin-wizards: artifexd austinhill nOgAnOo situation ttttetra OneFixt epscy CodeShark mr_burdell postpre a5m0 rs0 nanotube HM2 sl01 Muis so jrmithdobbs jcorgan roasbeef UukGoblin tucenaber jron Logicwax gribble michagogo|cloud edulix kanzure Sangheili c--O-O espes__ kinlo Fistful_of_Coins tromp_ wumpus trn Graet helo otoburb warren zacm d34th weex keus sipa Alanius_ mmozeiko hno EasyAt K1773R gmaxwell Ryan52 area harrow comboy amiller matrixfox petertodd |
| 00:57:52 | orwell.freenode.net: | Users on #bitcoin-wizards: heakins @ChanServ optimator ryan-c Manfred__ wangbus cfields Sorcier_FXK jarpiain grzs bobke BitCoroner crucif0rm BlueMatt poggy |
| 01:23:31 | andytosh1: | andytosh1 is now known as andytoshi |
| 01:53:47 | Guest80181: | Guest80181 is now known as kaptah |
| 03:12:08 | phantomcircuit: | gmaxwell, when did hashfast hire general council? |
| 07:06:33 | gmaxwell: | phantomcircuit: mid december |
| 07:07:24 | gmaxwell: | phantomcircuit: probably in response to one of their customers suing— who bought very early on before they'd given the dec31st "refund date" and the only date that person had was oct 20th. |
| 07:48:58 | just[dead]: | just[dead] is now known as justanotheruser |
| 09:01:28 | Alanius_: | Alanius_ is now known as Alanius |
| 09:09:59 | justanotheruser: | justanotheruser is now known as just[dead] |
| 09:14:37 | maaku: | the channel has a logo/mascot : http://imgur.com/vTN6Z3n |
| 09:15:14 | maaku: | just need to make the beard red like gmaxwell's |
| 09:15:56 | gmaxwell: | oh wow. |
| 09:16:12 | gmaxwell: | thats going on the quiz webpage once we have one. (well if we do need to go that route) |
| 09:17:09 | maaku: | quiz webpage? |
| 09:18:39 | gmaxwell: | maaku: we're going to try setting #bitcoin +m +z (so only ops can see unvoiced people talking) and run an op in there that if it sees someone non-voiced talking it directs them to a webpage that gives them mandatory cluestick material then remembers their hostmask can continues to +v them. |
| 09:19:18 | gmaxwell: | if in the future we have too much derp in here we could invoke the same magic, but have it be an actual quiz. :) |
| 09:19:30 | maaku: | ah ok |
| 09:20:09 | gmaxwell: | s/run an op/run a op-bot/ |
| 09:21:35 | maaku: | not my wizard mind you, it came from reddit : http://www.reddit.com/r/Bitcoin/comments/1zlypk/my_take_on_the_bitcoin_wizard/ |
| 09:21:44 | maaku: | (in case you want to use it) |
| 09:22:31 | nshsplit: | nshsplit is now known as nsh |
| 09:38:36 | sipa: | does that wizard intentionally look like gmaxwell? |
| 09:39:52 | TD: | or does gmaxwell intentionally look like a wizard? |
| 09:40:51 | stonecoldpat: | the wizard looks very feminine... |
| 09:41:03 | gmaxwell: | I don't have a hat like that. |
| 09:41:29 | jcorgan: | now i know what to get you for christmas |
| 09:41:58 | nsh: | * nsh kinds wants a wizard staff with an amber bitcoin sphere in its crux |
| 09:42:04 | gmaxwell: | when I was younger and before I had the facial hair (but did have the long hair) I had kind of a baby face, and old farts frequently confused me for a woman. But guys with long hair were less common in south florida. |
| 09:42:04 | nsh: | and by kinda, i mean, a lot |
| 09:42:39 | stonecoldpat: | gmaxwell: so you confirm thats an accurcate portrait of your younger years? |
| 09:42:53 | stonecoldpat: | and tbh i thought the guy was holding dragonballs, not bitcoins when i first seen the wizard picture |
| 09:42:58 | gmaxwell: | perhaps? well I didn't have glasses then either. |
| 09:43:01 | gmaxwell: | Whats a dragonball? |
| 09:43:13 | stonecoldpat: | im sure you could have borrowed your mums |
| 09:43:22 | nsh: | annoying-voice cartoon artefact, presumably |
| 09:43:32 | stonecoldpat: | dragonballs - its from dragonball z (a cartoon) |
| 09:43:43 | stonecoldpat: | yeah, i watched it when i was a kid |
| 09:43:57 | stonecoldpat: | if you collect 7, you can summon a dragon who grants your wish |
| 09:44:58 | gmaxwell: | there is a picture of me from when I was 15 on a silly userpage on wikipedia (as part of an old elaborate joke which has been lost in the mists of time): https://en.wikipedia.org/wiki/User:%E2%98%AE |
| 09:46:41 | jcorgan: | you did have a kind of Farrah Fawcett hair thing going on there, no wonder the old Florida dudes took a liking :) |
| 09:46:47 | stonecoldpat: | i love it |
| 09:47:05 | stonecoldpat: | the hippy-sign username, it makes my life |
| 09:47:31 | nsh: | separated at woodstock? http://www.troll.me/images/conspiracy-keanu/mind-blown.jpg |
| 09:47:35 | nsh: | :P |
| 09:49:10 | sipa: | gmaxwell: facial hair does seem to work! |
| 09:50:41 | gmaxwell: | it's almost as if I look 20 years older now! |
| 09:51:29 | gmaxwell: | if mtgox's AML data was really leaked you'll get to see a passport photo not much newer that that one. |
| 09:54:56 | nsh: | the (purported) hackers are unlikely to have a motive to publically leak the passport photos. they'd more likely either be sold to fraudsters or kept, depending on ethics |
| 09:59:20 | gmaxwell: | well I asked them to publish mine, which would prove they had something. |
| 09:59:42 | nsh: | oh, interesting move |
| 10:06:10 | gmaxwell: | (mine is expired in any case) I doubt it contains anything that useful that someone else couldn't get. |
| 10:09:36 | nsh: | * nsh nods |
| 11:10:24 | TD_: | TD_ is now known as TD |
| 11:13:33 | TD: | cheap[er] provable computations for cases where you're doing set arithmetic: http://eprint.iacr.org/2014/160.pdf |
| 11:14:48 | TD: | looks at first glance like it could be integrated into scip as the constructions is special kinds of gates that work on sets natively, along with split/merge gates to convert to/from arithmetic gates |
| 14:18:48 | helo_: | helo_ is now known as helo |
| 15:13:26 | artifexd_: | artifexd_ is now known as artifexd |
| 15:21:58 | nsh__: | nsh__ is now known as nsh |
| 15:50:17 | Luke-Jr: | andytoshi: ping |
| 15:52:41 | andytoshi: | Luke-Jr: heya |
| 15:52:46 | andytoshi: | i did not receive an email or anything.. |
| 15:52:54 | Luke-Jr: | andytoshi: probably won't |
| 15:52:59 | andytoshi: | coolio |
| 15:53:02 | Luke-Jr: | andytoshi: when you planning to go? |
| 15:53:10 | andytoshi: | i'm at school until at least 1:30, then i gotta head home then it's about an hour bike ride |
| 15:53:16 | Luke-Jr: | >_< |
| 15:53:24 | andytoshi: | so i'll be there by 4 tonight, but earlier tomorrow |
| 15:53:45 | andytoshi: | like, 1 or so |
| 15:56:52 | andytoshi: | oh, i see your q on #bitcoin, sorry, i have no ride for you :) |
| 15:57:07 | Luke-Jr: | :P |
| 16:01:22 | TD_: | TD_ is now known as TD |
| 16:03:59 | Guest61739: | Guest61739 is now known as amiller |
| 18:56:29 | jtimon: | gmaxwell are you following the discussion about "scripting 2.0" in the concatenative mailing list? Do you mind if I copy you to my next post in case I'm saying something stupid you would like to correct? |
| 19:49:18 | adam3us: | when it is said that snarks can prove (compactly) that a given program was run on given inputs, some of which maybe hidden; am i right in presuming the verifier needs all the inputs to verify the proof. (either in hidden aka committed form or clear text form.) |
| 19:49:55 | adam3us: | (as well as the moderately large public param which relates to the program) |
| 19:52:29 | tromp_: | if the verifier needed hidden inputs, then how would that be different from given inputs? |
| 19:56:38 | ens: | adam3us: i'm interested in the stuff you are talking about, what kind of thing are you building / researching? |
| 20:04:36 | gmaxwell: | adam3us: the verfier needs only the public inputs. (which also means you can do a neat compression to make the public inputs small: hash them, provide their real value as a non-public input) |
| 20:05:12 | gmaxwell: | (the reason you'd want to make them small is that the verifier has linear performance in the size of the public inputs you're giving to it) |
| 20:05:40 | gmaxwell: | tromp_: they aren't needed but if they were needed they could be encrypted, which is what adam was thinking. |
| 20:10:34 | ens: | the hardest case is the negative case, where there are no inputs that satisfy the program. obviously. |
| 20:12:53 | tromp_: | one of these days i hope to read all 53 pages of the SNARK paper |
| 20:19:12 | just[dead]: | just[dead] is now known as justanotheruser |
| 21:09:16 | justanotheruser: | justanotheruser is now known as just[dead] |
| 21:21:07 | nsh__: | nsh__ is now known as nsh |
| 21:22:21 | adam3us: | gmaxwell: dont u need at least a commitment to the hidden values in aggregate (eg the hash of them, or a merkle root hash)? |
| 21:23:26 | adam3us: | gmaxwell: i mean doesnt the verifier need a commitment to the hash of the hidden values (if not individuall, in total) in a kind of signature sense of what is being proven vs? |
| 21:24:31 | gmaxwell: | adam3us: maybe. Depends on your application. If you want some kind of commitment to the hidden data, then you can include one in the public inputs and the program can verify the agreement between the commitment and the non-determinstic (secret) inputs. |
| 21:24:53 | gmaxwell: | If you don't really care what the secret data is, only that it exists and satisfies the rules— then you don't. |
| 21:25:35 | gmaxwell: | "I know a solution to this sodoku puzzle" ... doesn't require I tell you anything more about the the solution I know. |
| 21:26:22 | adam3us: | gmaxwell: well i guess the prover has to know a solution, in order to make the proof (not just that a solution exists) |
| 21:28:10 | nsh_: | nsh_ is now known as nsh |
| 21:28:16 | adam3us: | gmaxwell: so the motivation to put a commitment to the hidden inputs in the public inputs would be external to the scheme... eg you want to selectively disclose and provably tie to the proof specific inputs (which ones to disclose decided later) |
| 21:29:32 | gmaxwell: | Right, there are plenty of cases where you need to do that... e.g. if you use a SNARK to achieve a publically verifyable hash based signature, for example. ... you need your public key (hash of the secret) to be a public input in order to know who is signing. :) |
| 21:32:42 | ens: | making a proof of an input validating a program without revealing the input can also be done by generating an instance of the program in 3sat, then expressing that as a graph where the solution is a hamiltonian path through the input and generating an isomorphism of that graph, commiting to it and then either showing the isomorphism between the original and the new graph or the cycle |
| 21:32:43 | ens: | in the new graph on request. |
| 21:34:55 | gmaxwell: | ens: ... yes? in any case: such proofs are not succinct, in that they are typically quadratic (and a large constant factor) in the size of the program. |
| 21:36:25 | ens: | maybe i'm just butting it on this without knowing the context. i'll step back. |
| 21:37:47 | adam3us: | gmaxwell: so talking with maaku if the program becomes complex so that the public verification key is impractically large is it the case that most of the key is not involved in individual proofs, then maybe the verifier can store only a merkle root committing to the verification key bits and then a proof can be accompanied by the bits and merkle paths to prove it. |
| 21:40:17 | gmaxwell: | adam3us: for GGPR12 the verification keys are small. (like a dozen group elements) effectively all the succinct systems (ones with sublinear proofs and sublinear verification time) can be seen as effectively working work by recursively performing the verification in the prover. ... so your verification key is really only verifying the last step, and its turtles all the way down after that. |
| 21:41:34 | maaku: | * maaku checks the paper and sees that he misremembered |
| 21:48:10 | gmaxwell: | the proving keys OTOH become huge. |
| 23:01:06 | poggy: | did yall see the ars tech thread on alt coins |
| 23:09:03 | maaku: | poggy: is it relevant? |
| 23:09:18 | poggy: | no just funny |
| 23:45:41 | jcorgan_: | jcorgan_ has left #bitcoin-wizards |