00:04:37 | andytoshi: | on the subject of no peer review (and blind ECDSA, incidentally), i found this earlier today https://crypto.stackexchange.com/questions/16021/is-there-a-flaw-in-this-ecc-blind-signature-scheme |
00:04:51 | andytoshi: | sadly it's not a workable signature scheme, but it's bad enough to be funny :) |
02:31:24 | petertodd: | http://arxiv.org/abs/1405.0534 <- sheesh, small alt-coins do not make a good bitcoin analogy... |
02:42:34 | davidlatapie: | Hi, I discovered this chan via https://bitcointalk.org/index.php?topic=584719.0 |
02:43:38 | davidlatapie: | It seems this chan is populated by people able to audit code. Would some of you be interested in auditing monero's code? https://github.com/monero-project/ |
02:44:05 | davidlatapie: | monero is based on the cryptonote technology - https://cryptonote.org |
02:44:08 | davidlatapie: | Thanks! |
02:48:23 | gmaxwell: | petertodd: same author had done some prior paper whos innovations where 'inventing' midstate compression, skipping the final three rounds of sha256, and using longer carry save adders... (the first two optimizations have been in every miner out there, and the latter optimization is in some existing hardware); and the latter half ... all caps ranting about the geometric decline ensuring that bitcoin will 'fail' within 4 years and ... |
02:48:29 | gmaxwell: | ... insted demanding that the subsidy be adjusted every 600 blocks. |
03:16:04 | contrapumpkin: | contrapumpkin is now known as copumpkin |
03:55:20 | andytoshi: | i like the reference to "orthodoxies" in the abstract, reminds me of something in john baez' crank index (maybe we should adapt it to cryptocurrencies) |
03:55:32 | andytoshi: | http://math.ucr.edu/home/baez/crackpot.html |
04:02:01 | andytoshi: | davidlatapie: from http://monero.cc/ if "algorithm: cryptonight (64-bit CPU only)" refers to the PoW algo then i have addressed this in https://download.wpsoftware.net/bitcoin/asic-faq.pdf; the fact that the difficulty retargets every block opens the cryptocurrency makes some serious attacks trivial (i mean to address this in alts.pdf, but haven't yet), the 60sec blocktime means it will not converge, |
04:02:03 | andytoshi: | blocksize determined by miners means you have strong incentives for centralization and will also ruin convergence |
04:02:19 | andytoshi: | no need to read the code, if they got these basic things wrong i guaranteed they fucked up the ring signatures and stuff |
04:02:35 | davidlatapie: | Hi andytoshi I was reading about you recently |
04:03:17 | davidlatapie: | I will forward this to the dev |
04:03:17 | andytoshi: | hi davidlatapie, nice to meet you |
04:04:31 | andytoshi: | you are welcome to, but bear in mind nothing i said there is my own idea |
04:07:56 | andytoshi: | davidlatapie: also if you have not already, please don't mention this channel by name in the altcoin communitcy |
04:09:13 | davidlatapie: | andytoshi: I just did on #monero (I have the habit of quoting my source). I take good note on it and won't mention it again. I hope I am still welcome. |
04:10:09 | andytoshi: | davidlatapie: no worries, this isn't a secret channel and everyone here is strongly anti-censorship (i think). but we do try to keep it low-volume and high-iq so there shouldn't be an easy jump from silly altcoins to here |
04:10:35 | davidlatapie: | High signal-to-noise ratio. The way I like it. |
04:11:28 | davidlatapie: | Hi experienced the opposite (high noise-to-ratio signal) with the Blackcoin threads: humanity never cease to surprise you... |
04:11:50 | stqism: | Blackcoin? |
04:12:28 | stqism: | Boy, another coin |
04:12:29 | andytoshi: | yup :) and don't be afraid to ask questions here (though you might be ignored or redirected if it's not really research-related) |
04:14:02 | stqism: | Research based, eh? Must it be bitcoin related? I have a crypto related question that doesn't involve any of the coins. |
04:14:24 | andytoshi: | cryptography research is always ok |
04:20:59 | stqism: | Okay, are their any issues using when using arc4random with rc4 outside of biased outputs? |
04:21:24 | ghtdak: | ghtdak has left #bitcoin-wizards |
04:23:07 | gmaxwell: | rc4 has a whole mountain of state recovery attacks, where an attacker with enough of your random state can recover the rc4 key. |
04:24:01 | gmaxwell: | I'd avoid using it for anything important myself. |
04:25:00 | stqism: | I know the issues with rc4 as a stream cipher, I'm trying to figure out the rational of the FreeBSD security team in not merging a patch that replaces rc4 in arc4random with chacha20 like OpenBSD. |
04:26:28 | gmaxwell: | oh openbsd is changing theirs? (I guess I now need to update beliefs to either lower the probablity of openbsd being intelligence agency controlled or up the probablity of chacha20 being compromised… :) :P ) |
04:28:27 | hanncx: | hanncx has left #bitcoin-wizards |
04:30:54 | stqism: | Hah, oddly enough I seem to trust Bernstein and his work, something about being the guy to overturn the US's restrictions on exporting crypto all by himself. |
04:31:34 | andytoshi: | do you have a link to freebsd not going along with chacha20? i see this mailing list post http://lists.freebsd.org/pipermail/freebsd-bugs/2013-October/054018.html which brings the patch over but no replies.. |
04:31:49 | hanncx: | hanncx has left #bitcoin-wizards |
04:32:18 | stqism: | andytoshi: It's the lack of replies, it's been months and they ignored it, a number of FreeBSD developers have been pushing for it. |
04:32:25 | andytoshi: | weird |
04:32:39 | stqism: | Yup |
04:33:05 | andytoshi: | i can almost see "i personally don't like djb" as a reason, but rc4 is really bad.. |
04:33:56 | stqism: | Though at this point I might just migrate to OpenBSD, I love FreeBSD, but I have a blind trust in OpenBSD |
04:34:06 | stqism: | It's all these little things |
04:36:30 | gmaxwell: | Best to not blindly trust anything. :) |
04:36:48 | andytoshi: | i've been thinking again to switch since the ssl valhalla stuff started, but their hardware support is not great and i'm on a laptop |
04:37:45 | andytoshi: | and there's a bit of "better the devil you know" with linux, even though i know it's not so great |
04:38:11 | stqism: | Well, for me personally it's production machines |
04:38:24 | Luke-Jr: | andytoshi: you should add BSD support to bitcoind ;) |
04:38:49 | stqism: | Luke-Jr: You should tell that to bitcoind in FreeBSD ports :) |
04:39:00 | Luke-Jr: | stqism: I probably have. |
04:39:56 | andytoshi: | iirc i tried building 0.7 on an openbsd vm, at the time i didn't know bitcoind well enough to even know where to start with the build errors |
04:43:41 | stqism: | andytoshi: Might want to ask the FreeBSD ports maintainer for help, net-p2p/bitcoin works great |
05:02:51 | hanncx: | hanncx has left #bitcoin-wizards |
05:08:13 | Luke-Jr: | stqism: until it doesn't? :P |
06:29:18 | hanncx: | hanncx has left #bitcoin-wizards |
11:00:30 | nsh_: | nsh_ is now known as nsh |
11:32:39 | david: | david is now known as Guest25978 |
11:32:42 | Guest25978: | Guest25978 is now known as davidlatapie |
12:21:49 | SuperResistant: | Hi there, I came here thanks to davidlatapie |
12:23:16 | davidlatapie: | Hi all. SuperResistant is interested in deeper considerations regarding future of bitcoin and other crypto beyond your daily pump and dump. I informed him about discretion |
13:39:33 | mike4: | mike4 is now known as money |
13:59:38 | maaku: | maaku is now known as Guest36916 |
15:08:57 | cr3pe: | cr3pe has left #bitcoin-wizards |
15:29:32 | c0rw1n: | c0rw1n is now known as c0rw|afk |
15:47:12 | Guest52259: | Guest52259 is now known as amiller |
17:46:31 | Quanttek_: | Quanttek_ is now known as Quanttek |
17:59:33 | nsh_: | nsh_ is now known as nsh |
18:13:15 | nsh_: | nsh_ is now known as nsh |
18:26:05 | nsh_: | nsh_ is now known as nsh |
18:55:53 | nsh: | On The Longest Chain Rule and Programmed - Self-Destruction of Crypto Currencies http://cryptome.org/2014/05/bitcoin-suicide.pdf |
18:56:33 | nsh: | anyone dealt with that one yet? |
19:03:14 | gmaxwell: | someone probably should; I'm so not eager after the authors prior paper. |
19:03:17 | gmaxwell: | 19:48 < gmaxwell> petertodd: same author had done some prior paper whos innovations where 'inventing' midstate compression, skipping the final three rounds of sha256, and using longer carry save adders... (the first two optimizations have been in every miner out there, and the latter optimization is in some |
19:03:23 | gmaxwell: | existing hardware); an the latter half ... all caps ranting about the geometric decline eansuring that bitcoin will 'fail' within 4 years and ... |
19:03:26 | gmaxwell: | 19:48 < gmaxwell> ... insted demanding that the subsidy be adjusted every 600 blocks. |
19:04:32 | nsh: | ah, right |
20:22:19 | gmaxwell: | Meni linked to a paper (http://eprint.iacr.org/2013/868.pdf) which includes an interesting variation on the reorg lottery game (where someone with low hashrate hopes to get lucky and reorg out a chunk of the chain far in excess of their hashrate). In particular they show, that if you assume exponential growth of the hashrate for both defenders and attackers, an attacker of any hashrate has a finite probability of replacing the whole ... |
20:22:25 | gmaxwell: | ... chain. (though, of course, in actuality its negligible, but its interesting that the exponential growth assumption makes it finite). |
20:22:45 | gmaxwell: | (The paper could use some serious editorial work, but the content is interesting) |
20:30:11 | iddo: | yes this paper was written at same time as "majority is not enough" paper, the analysis is more thorough than that other paper, but it was written by BSc math student and rejected from same conference that the other paper appeared in |
20:30:31 | iddo: | and yes, he didn't bother to edit it afterwards |
20:33:22 | iddo: | most analysis is about "selfish mining" which is more practical than this negligible diff readjust theoretical attacks, but maybe selfish mining isn't really practical either |
20:34:23 | gmaxwell: | right, "interesting" was my comment above. |
20:37:17 | iddo: | the other paper did those blog posts with "bitcoin is broken", they create buzz that helps them while publishing their paper, then everyone forgets about this non-practical ideas and moves on |
20:43:21 | jaekwon: | hi |
20:50:08 | nsh_: | nsh_ is now known as nsh |
23:22:59 | nanotube: | nanotube is now known as bitcoin |
23:23:30 | bitcoin: | bitcoin is now known as nanotube |
23:35:14 | stqism: | stqism is now known as ^_^ |
23:35:19 | ^_^: | ^_^ is now known as stqism |