00:34:09dsnrk:andytoshi: I think gmax mentioned the answer to the second question earlier (no, you can't trim anything so there's scaling issues)
00:36:45tacotime_:utxo is next to impossible as long as some or all users are using mixin>0, unfortunately.
00:40:13andytoshi:ok, well these outputs have this nice property of being identifiable through these "key images" which is how double-spends are detected. suppose every block commits to (a) a merkle root of the txo set (b) a merkle root of the spent-key-image set. both are append-only
00:41:06andytoshi:then nobody needs to have an explicit view of the utxoset, they just need to be aware of their own outputs as well as some random ones for anonymity's sake
00:41:32tacotime_:right, i suppose that might work.
00:42:47tacotime_:and it'd free up a lost of the nasty slowness upon wallet syncing that currently plagues the software, because it seems to check outputs in every block to see if they belong to you.
00:43:59andytoshi:hmm..you'd hope the wallet would know the first blockheight at which it ever might've received funds and be able to skip that for earlier ones
00:44:04tacotime_:(part of which is also our fault, because the pool software is implemented a little naively and generates a lot more dust than it should.)
00:44:13tacotime_:andytoshi, yeah, i've been meaning to integrate that too.
00:45:18andytoshi:but there's still a ton of slowness, these ringsigs are not very cheap (mainly, they make you look up every single input they reference) and if we're also tracking these merklized appends that's a lot
00:45:35tacotime_:right now it syncs from 0, which is unfortunate; the simplewallet refresh command should allow an optional argument to choose the height at which to begin looking for outputs.
00:45:40tacotime_:* tacotime_ makes an issue
00:46:29tacotime_:it'll get _really_ ugly when we move to a non-RAM database soon. probably users will need ssds.
00:49:24andytoshi:can you expand on that comment? what database and why should it be non-RAM?
00:50:08tacotime_:andytoshi, there is no database implementation in the cryptonote reference code. it just stores the blockchain in memory.
00:50:39andytoshi:oh, you mean RAM memory, i read it as "non-random access database" and was wondering what kind of weird optimization you might get by forcing reading every record..
00:50:52tacotime_:oh, no, sorry X)
00:51:24andytoshi::P no my bad, i don't want to start a thing where we have to say "RAM memory" around here..
00:53:01dsnrk:helps distinguish from those using mercury delay line memory.
00:53:04tacotime_:right now, because of the tx dust generated by pools, it's taking almost an hour just to sync a new wallet on a modern pc with the blockchain in ram. it'll probably be at least a bit worse when you offload it to an hdd/ssd.
00:53:20dsnrk:yipe, that's slow.
01:07:08tromp_:how is that hour divided between verifying sigs and pows?
01:07:34tacotime_:tromp_, this is all sigs
01:07:48tacotime_:pow verification is separate (daemon behaviour)
01:08:37tacotime_:i think we're using reference code for the ecdh for stealth addressing though
01:08:45tacotime_:so there's probably room for some optimization
01:10:07tacotime_:well really there's room everywhere for optimization, we just need to sit down and profile where the code is dragging its heels. unfortunately there's lot to deal with fixing, so we're trying to prioritize trying to fix what's most broken in the implementation (that doesn't require a hardfork) first.
01:10:33tacotime_:(anyway, sorry if this is OT dev-related stuff)
02:10:51ghtdak:ghtdak has left #bitcoin-wizards
03:49:35alferzz:alferzz is now known as alferz
06:36:57cym:cym is now known as pen_
08:23:22Guest40907:Guest40907 is now known as maaku
12:16:37pangpang:pangpang is now known as pen_
13:42:24maaku:maaku is now known as Guest14473
14:08:56Guyver2:Guyver2 has left #bitcoin-wizards
14:40:49Eliel:I wonder, if the mining reward system was tweaked to give some slight bonus mining reward for including all transactions from an earlier block attempt that didn't quite match the target but got reasonably close. Perhaps scale the bonus reward so that if the earlier block attempt got to 10% of the target, the extra reward is 10% of the maximum. If 50%, then 50% of the maximum.
14:41:42Eliel:Would that be enough to make it sensible to treat those earlier blocks as weaker confirmations than 1 confirmation.
14:44:50Eliel:Also, if it required referencing the same previous block, wouldn't it also lead to faster consensus in the event of a fork?
14:48:53sipa:Eliel: there is no consensus on what was to be included in an earlier block attempt
14:49:17sipa:so you can't have this as a consensus rule
14:49:28sipa:which means no consensus about the reward...
14:50:02Eliel:sipa: it would of course require referencing the earlier attempt and publicizing it.
14:50:14Eliel:is there something that prevents this?
14:50:45tromp__:a lot of complexity for highly questionable benefits
14:50:49sipa:how do you prevent the miner from making something up about the previous attempt?
14:51:07Eliel:make something up == almost no benefit
14:51:17Eliel:it'd require considerable hashing on average to produce one
14:51:31Eliel:that gives meaningfully high bonus
14:51:41sipa:i misread part
14:51:44sipa:never ind
14:53:03Eliel:tromp__: I believe it could be implemented such that including just the block headers of the earlier attempt is sufficient to check that the rules have been followed.
14:53:42Eliel:as long as the merkle root in the attempt is present in the merkle tree of the block you found.
14:54:40Eliel:this might require separating coinbase from the merkle tree to work properly though.
14:55:02andytoshi:one problem is that it's hard to say what "reasonably close" means.. if you are within some range [1, N] you've got 1/2 chance of being in [1, N/2], 1/4 chance of [1, N/4], etc.
14:55:54Eliel:andytoshi: I don't see any especialy reason for a hard limit. The scaling reward is enough, no?
14:57:07andytoshi:no, because a person could mine a block in secret spending coins to himself. then whenever he lucks out and gets a valuable block, he can broadcast some conflicting tx knowing that he has a good chance of overwhelming any other partial blocks
14:59:18Eliel:is that fundamentally worse than having to find a full block before you can do that? The point here would be to speed up the consensus.
14:59:48andytoshi:it is worse because it makes analysis that much harder
15:00:09andytoshi:it doesn't speed up consensus because it's still a gamble until you're several blocks deep
15:00:11Eliel:would be beneficial for small payments. Even one confirmation is overkill for small amounts.
15:01:10andytoshi:small payments don't need fast global consensus, they can use the same trust mechanism that they do today... which is "people are mostly honest"
15:01:45andytoshi:or they could use debit cards from trusted banks, or casascius coins, or ....
15:02:16Eliel:well, the core of my idea was to incentivice miners to publicize what set they're mining.
15:02:55andytoshi:the set could change at any time tho because mining is progress-free
15:03:20Eliel:yes, but that's what the bonus is for. It encourages miners to publicize _and_ keep to it.
15:07:12andytoshi:ok, i see. i'll have to think about it, i think it is an improvement but i can't say how much
15:13:37andytoshi:does this make mining non-progress-free? how badly?
15:15:03andytoshi:i think it might really benefit huge pools since they'd be practically guaranteed to find partial blocks
15:20:27Eliel:ah, right, it's missing a strong incentive to actually publicize the partial blocks.
15:22:18Eliel:perhaps the bonus should go to both the finder of the actual block as well as the finder of the partial block.
15:22:19andytoshi:yeah, it's kinda weak actually because you'd expect most miners to have and use their own partial blocks
15:22:57Eliel:andytoshi: if you stick to your own partial blocks, most of the time the bonus you get would be less due to scaling.
15:23:01andytoshi:yeah, you said that above, maybe a 10/90 split or something. but (a) i'm not sure it makes the incentive strong enough to publicize, and (b) i'm pretty sure it'll incentivize people to join big pools
15:23:11andytoshi:oh, i see
15:24:18Eliel:... could this actually make it costly for a 51% attacker to selectively leave transactions out of their blocks...
15:25:58andytoshi:yeah, you'd want to ensure that the partial block is only legit iff its transaction set is a subset of the real block's, otherwise you don't really get your "commit to a txset" property
15:26:22andytoshi:but the centralization incentive i think is serious
15:28:32Eliel:perhaps, but I also get the feeling that this idea could lead to a mining system where 51% attack is less serious and potentially removes the possibility for a 51% attacker to make mining completely unattractive to anyone else.
15:29:53dsnrk:andytoshi: it's a harder question to answer once you go back to the core idea. do you really want one vote per cpu, per person? there's all these ideas of limiting but I still can't work out what the limiting factor is supposed to do.
15:30:40andytoshi:Eliel: can you describe how your suggestion differs from "let's use a sequential PoW that only allows growing the txoset, then miners won't be able to remove transactions" except in scale?
15:30:59dsnrk:the core idea usually seems to be "one vote per person" without actually trying to identify miners.
15:31:04andytoshi:(a sequential PoW is a totally non-progress-free one, so mining is actually a race and everybody wants to join the biggest pool)
15:31:27andytoshi:dsnrk: well, the idea is there are no votes really, there is no majority rule, it is just consensus
15:31:37Eliel:andytoshi: it sounds pretty similar, except that it doesn't require redesigning the PoW function.
15:32:23andytoshi:Eliel: right. but a sequential PoW would completely destroy bitcoin's mining model, so if it's an extreme form of what you're suggesting maybe it's easier to see what my concern is
15:32:27Eliel:and you might still get lucky and find a block before you find a partial block
15:32:51dsnrk:andytoshi: still not sure I see the point. anything that can be done by one miner can be done better in bulk.
15:33:37andytoshi:dsnrk: that's not true, there is no benefit to two miners at 1PH vs one miner at 2PH... except the single guy will have more cooling problems
15:33:38Eliel:andytoshi: I tend to value censorship resistance over other concerns.
15:33:57andytoshi:Eliel: what you're suggesting will lead to total centralization and no censorship resistance
15:35:04andytoshi:the whole point of progress-freeness is that you don't have anything "better in bulk", otherwise the biggest pool would just take over the network
15:35:46dsnrk:andytoshi: there's always savings in bulk. shipping is cheaper, getting power is cheaper, setup time verses income is better
15:35:51Eliel:the mining system already fails the "nothing better in bulk" requireent if you ask me.
15:37:53andytoshi:sure, those are incentives toward centralization, but the thermodynamic limit stuff counters it so there is a limit to how centralized you can get
15:38:20andytoshi:as asics become commodity things will improve relative to where they are now, setup/shipping costs are basically nil compared to running costs
15:39:13andytoshi:you can't design your PoW so it's unconditionally better to be centralized, that can't support a distributed consensus
15:39:43Eliel:There's the pool centralization thing too. Although, I think that's mostly due to missing framework to allow automated config-free cooperation between miners.
15:40:28andytoshi:yeah, a lot of it is an accident of history. amiller's non-outsourceable puzzle work can also counter it, so there's something that a better bitcoin would support
15:40:50Eliel:I still can't quite see why my proposal would incentivice centralization though.
15:42:21andytoshi:can you see why a sequential PoW would incentivize centralization?
15:42:48Eliel:actually, no. Do you have a link about it?
15:44:00andytoshi:one sec, i have a link for what sequential PoW actually is.. for centralization you'd just have to think about it, i don't think it's written out
15:48:29andytoshi:oh, also q2.5 of https://download.wpsoftware.net/bitcoin/asic-faq.pdf talks about progress freeness
15:49:26Eliel:one difference that I can think of is that in the model I'm suggesting, you only lose the bonus part of the block reward by ignoring work done by others. In sequential, you have to keep up or you'll get nothing.
15:50:28Eliel:I was envisioning the bonus as something like 5% of the total reward.
15:53:50Eliel:also, the partial block that increases the reward, why would that be so different from the necessity of being up to date on what's the latest block in the mining system currently?
15:58:15Eliel:I think that the centralization incentive due to this can be largely dealt with by providing a proper framework for miners to communicate without too much delay.
16:01:24andytoshi:so the current mining community has an advantage over new miners?
16:01:37andytoshi:so you can't mine anonymously?
16:02:09Eliel:well, obviously, you have an advantage if you can get new blocks faster than other miners, no?
16:05:48Eliel:although, I guess the major factor in pool centralization is that it takes more effort to mine at several pools than it takes to mine in a single pool.
16:06:15Eliel:effort in this case being the miner's attention
16:06:57Eliel:I think a framework to automate this process could help a lot.
16:18:36hearn:is this new? http://bitcoin.stanford.edu/
16:24:49Pan0ram1x:hearn: since dec 8, 2013 (https://web.archive.org/web/20131208074631/http://bitcoin.stanford.edu/)
16:25:05hearn:i never heard about it before
16:25:32Pan0ram1x:me neither.. reading it now
16:32:46Pan0ram1x:coinsafe uses bockscore.com. interesting.
16:42:56lechuga_:the group leader is also a general partner @ a16z
17:05:39OneFixt_:OneFixt_ is now known as OneFixt
17:40:37Pasha:Pasha is now known as Cory
18:12:07pangpang:pangpang is now known as pen_
18:12:08Emcy_:http://p2pool-nodes.info/ is that what really happened to p2pool
18:12:28Emcy_:the rentiers moved in?
18:13:24Emcy_:not a case of convenience for a fee, some people seem genuinely unaware that p2pool is something youre supposed to do on your own
18:27:11hearn_:yes that seems a very common problem
18:27:14hearn_:hearn_ is now known as hearn
18:27:37hearn:as gmaxwell says, we have lost our ability to transmit cultural knowledge. a lot of people seem to think that Bitcoin Core exists only to run the p2p network
18:27:45hearn:they don't seem to realise it has any relevance to mining at all: a very remarkable outcome
18:27:54hearn:i am thinking we need to build a miners section of the website
18:28:09hearn:it may be a bit too late now, but explaining to people what mining is supposed to be like can't hurt
18:34:19ielo:ielo has left #bitcoin-wizards
18:37:47Emcy_:hearn i do my crappy little bit
18:37:57Emcy_:by referring to enforcement nodes and whatnot
19:09:07nsh:nsh has left #bitcoin-wizards
19:11:45phantomcircuit:hearn, just tell them to use the cloudhashing pool
19:11:54phantomcircuit:i prettttty promise not to do anything weird
19:17:05Guest81385:i want to get a bankloan to offer swaps at bitfinex, is there a better way to explain this to a bank than saying its bitcoin related
19:17:46phantomcircuit:Guest81385, lololol
19:18:05Guest81385:are there other forex sites like bitfinex that allow users to offer swaps?
19:18:56Dizzle:Guest81385: what you'd effectively be asking for is margin. If you explain the position to them and they have a maintenance margin calculation strategy to employ for determining what collateral would required of you, then you might have a chance. You generally have to "know people" for such a thing though.
19:19:21Dizzle:You'd have better luck securing a loan from prosper.com or another p2p lending site.
19:19:25phantomcircuit:Dizzle, he has no chance, bitfinex is operated illegally
19:19:39Guest81385:right i wouldn't want to tell them its for bitfinex
19:19:43phantomcircuit:that much will be obvious to anybody at a bank almost instantly
19:20:15phantomcircuit:Guest81385, do you plan on personally backing the loan?
19:20:25phantomcircuit:do you have assets in excess of the amount you wish to borrow?
19:20:36phantomcircuit:unless you can say yes to both of those you're wasting your time
19:21:42pigeons:what made you decide to ask this particular channel?
19:21:44Guest81385:yeah we do
19:22:11Guest81385:but they are locked up in CD's, but i can use them as collateral to get large loans i'd want to put on bitfinex swap offers
19:25:04Guest81385:which looks to me like an extremely high paying CD
19:29:16phantomcircuit:Guest81385, did you miss the part about bitfinex operating entirely in contradiction to law?
19:30:01Guest81385:is it really? i thought it was just unregulated
19:31:50phantomcircuit:its illegal
19:32:29Guest81385:why exactly? the high interest rates?
19:32:42phantomcircuit:Guest81385, they are acting as issuer, broker, dealer, and clearinghouse for unregistered securities offered to the general public
19:33:05phantomcircuit:they operate out of france but claim to be a hong kong corporation
19:33:30phantomcircuit:the entire operation is based on source code used without license from bitcoinica
19:33:59phantomcircuit:that's at least a dozen felonies
19:34:04Guest81385:so u think bitfinex is going to collapse
19:34:30phantomcircuit:i think the owner will spent a very long time in prison in various countries
19:34:40phantomcircuit:the stupid mans way of traveling the world
19:35:27Guest81385:woudln't he just be subject to hong kong laws
19:35:43phantomcircuit:that isn't how the world actually works
19:37:13Guest81385:is there a reddit thread about this
19:37:50andytoshi:Guest81385: this is really funny, but it's also OT here..
20:46:18shazow:shazow has left #bitcoin-wizards
21:45:56justanotheruser:Would it be ideal to have a power that involved making ZKPs of the rest of the chain (along with finding a small hash)?
23:53:34abc56889:Isn't the p2pool 30sec chain itself vulnerable to a 51% attack?
23:56:31Eliel:abc56889: as far as I know, yes.