00:04:37andytoshi:on the subject of no peer review (and blind ECDSA, incidentally), i found this earlier today https://crypto.stackexchange.com/questions/16021/is-there-a-flaw-in-this-ecc-blind-signature-scheme
00:04:51andytoshi:sadly it's not a workable signature scheme, but it's bad enough to be funny :)
02:31:24petertodd:http://arxiv.org/abs/1405.0534 <- sheesh, small alt-coins do not make a good bitcoin analogy...
02:42:34davidlatapie:Hi, I discovered this chan via https://bitcointalk.org/index.php?topic=584719.0
02:43:38davidlatapie:It seems this chan is populated by people able to audit code. Would some of you be interested in auditing monero's code? https://github.com/monero-project/
02:44:05davidlatapie:monero is based on the cryptonote technology - https://cryptonote.org
02:48:23gmaxwell:petertodd: same author had done some prior paper whos innovations where 'inventing' midstate compression, skipping the final three rounds of sha256, and using longer carry save adders... (the first two optimizations have been in every miner out there, and the latter optimization is in some existing hardware); and the latter half ... all caps ranting about the geometric decline ensuring that bitcoin will 'fail' within 4 years and ...
02:48:29gmaxwell:... insted demanding that the subsidy be adjusted every 600 blocks.
03:16:04contrapumpkin:contrapumpkin is now known as copumpkin
03:55:20andytoshi:i like the reference to "orthodoxies" in the abstract, reminds me of something in john baez' crank index (maybe we should adapt it to cryptocurrencies)
04:02:01andytoshi:davidlatapie: from http://monero.cc/ if "algorithm: cryptonight (64-bit CPU only)" refers to the PoW algo then i have addressed this in https://download.wpsoftware.net/bitcoin/asic-faq.pdf; the fact that the difficulty retargets every block opens the cryptocurrency makes some serious attacks trivial (i mean to address this in alts.pdf, but haven't yet), the 60sec blocktime means it will not converge,
04:02:03andytoshi:blocksize determined by miners means you have strong incentives for centralization and will also ruin convergence
04:02:19andytoshi:no need to read the code, if they got these basic things wrong i guaranteed they fucked up the ring signatures and stuff
04:02:35davidlatapie:Hi andytoshi I was reading about you recently
04:03:17davidlatapie:I will forward this to the dev
04:03:17andytoshi:hi davidlatapie, nice to meet you
04:04:31andytoshi:you are welcome to, but bear in mind nothing i said there is my own idea
04:07:56andytoshi:davidlatapie: also if you have not already, please don't mention this channel by name in the altcoin communitcy
04:09:13davidlatapie:andytoshi: I just did on #monero (I have the habit of quoting my source). I take good note on it and won't mention it again. I hope I am still welcome.
04:10:09andytoshi:davidlatapie: no worries, this isn't a secret channel and everyone here is strongly anti-censorship (i think). but we do try to keep it low-volume and high-iq so there shouldn't be an easy jump from silly altcoins to here
04:10:35davidlatapie:High signal-to-noise ratio. The way I like it.
04:11:28davidlatapie:Hi experienced the opposite (high noise-to-ratio signal) with the Blackcoin threads: humanity never cease to surprise you...
04:12:28stqism:Boy, another coin
04:12:29andytoshi:yup :) and don't be afraid to ask questions here (though you might be ignored or redirected if it's not really research-related)
04:14:02stqism:Research based, eh? Must it be bitcoin related? I have a crypto related question that doesn't involve any of the coins.
04:14:24andytoshi:cryptography research is always ok
04:20:59stqism:Okay, are their any issues using when using arc4random with rc4 outside of biased outputs?
04:21:24ghtdak:ghtdak has left #bitcoin-wizards
04:23:07gmaxwell:rc4 has a whole mountain of state recovery attacks, where an attacker with enough of your random state can recover the rc4 key.
04:24:01gmaxwell:I'd avoid using it for anything important myself.
04:25:00stqism:I know the issues with rc4 as a stream cipher, I'm trying to figure out the rational of the FreeBSD security team in not merging a patch that replaces rc4 in arc4random with chacha20 like OpenBSD.
04:26:28gmaxwell:oh openbsd is changing theirs? (I guess I now need to update beliefs to either lower the probablity of openbsd being intelligence agency controlled or up the probablity of chacha20 being compromised… :) :P )
04:28:27hanncx:hanncx has left #bitcoin-wizards
04:30:54stqism:Hah, oddly enough I seem to trust Bernstein and his work, something about being the guy to overturn the US's restrictions on exporting crypto all by himself.
04:31:34andytoshi:do you have a link to freebsd not going along with chacha20? i see this mailing list post http://lists.freebsd.org/pipermail/freebsd-bugs/2013-October/054018.html which brings the patch over but no replies..
04:31:49hanncx:hanncx has left #bitcoin-wizards
04:32:18stqism:andytoshi: It's the lack of replies, it's been months and they ignored it, a number of FreeBSD developers have been pushing for it.
04:33:05andytoshi:i can almost see "i personally don't like djb" as a reason, but rc4 is really bad..
04:33:56stqism:Though at this point I might just migrate to OpenBSD, I love FreeBSD, but I have a blind trust in OpenBSD
04:34:06stqism:It's all these little things
04:36:30gmaxwell:Best to not blindly trust anything. :)
04:36:48andytoshi:i've been thinking again to switch since the ssl valhalla stuff started, but their hardware support is not great and i'm on a laptop
04:37:45andytoshi:and there's a bit of "better the devil you know" with linux, even though i know it's not so great
04:38:11stqism:Well, for me personally it's production machines
04:38:24Luke-Jr:andytoshi: you should add BSD support to bitcoind ;)
04:38:49stqism:Luke-Jr: You should tell that to bitcoind in FreeBSD ports :)
04:39:00Luke-Jr:stqism: I probably have.
04:39:56andytoshi:iirc i tried building 0.7 on an openbsd vm, at the time i didn't know bitcoind well enough to even know where to start with the build errors
04:43:41stqism:andytoshi: Might want to ask the FreeBSD ports maintainer for help, net-p2p/bitcoin works great
05:02:51hanncx:hanncx has left #bitcoin-wizards
05:08:13Luke-Jr:stqism: until it doesn't? :P
06:29:18hanncx:hanncx has left #bitcoin-wizards
11:00:30nsh_:nsh_ is now known as nsh
11:32:39david:david is now known as Guest25978
11:32:42Guest25978:Guest25978 is now known as davidlatapie
12:21:49SuperResistant:Hi there, I came here thanks to davidlatapie
12:23:16davidlatapie:Hi all. SuperResistant is interested in deeper considerations regarding future of bitcoin and other crypto beyond your daily pump and dump. I informed him about discretion
13:39:33mike4:mike4 is now known as money
13:59:38maaku:maaku is now known as Guest36916
15:08:57cr3pe:cr3pe has left #bitcoin-wizards
15:29:32c0rw1n:c0rw1n is now known as c0rw|afk
15:47:12Guest52259:Guest52259 is now known as amiller
17:46:31Quanttek_:Quanttek_ is now known as Quanttek
17:59:33nsh_:nsh_ is now known as nsh
18:13:15nsh_:nsh_ is now known as nsh
18:26:05nsh_:nsh_ is now known as nsh
18:55:53nsh:On The Longest Chain Rule and Programmed - Self-Destruction of Crypto Currencies http://cryptome.org/2014/05/bitcoin-suicide.pdf
18:56:33nsh:anyone dealt with that one yet?
19:03:14gmaxwell:someone probably should; I'm so not eager after the authors prior paper.
19:03:17gmaxwell:19:48 < gmaxwell> petertodd: same author had done some prior paper whos innovations where 'inventing' midstate compression, skipping the final three rounds of sha256, and using longer carry save adders... (the first two optimizations have been in every miner out there, and the latter optimization is in some
19:03:23gmaxwell:existing hardware); an the latter half ... all caps ranting about the geometric decline eansuring that bitcoin will 'fail' within 4 years and ...
19:03:26gmaxwell:19:48 < gmaxwell> ... insted demanding that the subsidy be adjusted every 600 blocks.
19:04:32nsh:ah, right
20:22:19gmaxwell:Meni linked to a paper (http://eprint.iacr.org/2013/868.pdf) which includes an interesting variation on the reorg lottery game (where someone with low hashrate hopes to get lucky and reorg out a chunk of the chain far in excess of their hashrate). In particular they show, that if you assume exponential growth of the hashrate for both defenders and attackers, an attacker of any hashrate has a finite probability of replacing the whole ...
20:22:25gmaxwell:... chain. (though, of course, in actuality its negligible, but its interesting that the exponential growth assumption makes it finite).
20:22:45gmaxwell:(The paper could use some serious editorial work, but the content is interesting)
20:30:11iddo:yes this paper was written at same time as "majority is not enough" paper, the analysis is more thorough than that other paper, but it was written by BSc math student and rejected from same conference that the other paper appeared in
20:30:31iddo:and yes, he didn't bother to edit it afterwards
20:33:22iddo:most analysis is about "selfish mining" which is more practical than this negligible diff readjust theoretical attacks, but maybe selfish mining isn't really practical either
20:34:23gmaxwell:right, "interesting" was my comment above.
20:37:17iddo:the other paper did those blog posts with "bitcoin is broken", they create buzz that helps them while publishing their paper, then everyone forgets about this non-practical ideas and moves on
20:50:08nsh_:nsh_ is now known as nsh
23:22:59nanotube:nanotube is now known as bitcoin
23:23:30bitcoin:bitcoin is now known as nanotube
23:35:14stqism:stqism is now known as ^_^
23:35:19^_^:^_^ is now known as stqism