| 00:44:34 | maaku: | maaku is now known as Guest79553 |
| 03:37:54 | maaku: | maaku is now known as Guest34141 |
| 04:02:14 | jgarzik: | moxiebox now does load-by-hash |
| 04:02:24 | atgreen: | what does that mean? |
| 04:02:33 | jgarzik: | ./sandbox -E runtime/ -e a6e1650089117241a25c5a32e0b46b6a28f82fec38a466d6435ba8d2894b372e -o - |
| 04:02:51 | jgarzik: | given a hash, it searches through a directory for a file that matches that hash, and executes it |
| 04:04:26 | atgreen: | ah.. btw, how do programs get distributed in the first place? |
| 04:04:38 | jgarzik: | atgreen, |
| 04:05:12 | atgreen: | got it |
| 04:05:45 | jgarzik: | atgreen, perhaps a [not-primary] blockchain, perhaps PGP-signed email, ... |
| 04:06:41 | jgarzik: | atgreen, users might even submit programs via webpage to N websites, and measure the results |
| 04:08:00 | jgarzik: | atgreen, if google, facebook, ... sandboxes all agree on the result, you may assign more trust to the result |
| 04:08:10 | jgarzik: | atgreen, consider the interesting possibilities for simple remote execution |
| 04:08:46 | jgarzik: | atgreen, might be a fun new standard for shipping remote computing job request around the cloud |
| 04:09:23 | jgarzik: | a program need only specify its dependencies as hashes |
| 04:09:25 | atgreen: | let's do it! |
| 04:10:28 | jgarzik: | atgreen, thus a user can say "execute a6e1650089117241a25c5a32e0b46b6a28f82fec38a466d6435ba8d2894b372e with input ABCDEF", dependencies are and you have a reliable, producible environment |
| 04:10:33 | jgarzik: | *reproducible |
| 04:11:47 | jgarzik: | atgreen, the primary ELF program needs to somehow say "reference shared library whose name is <32-byte opaque hash>" |
| 04:12:33 | jgarzik: | atgreen, rather than the expected "ref shared lib named libfoo.so.1.2.2.4" |
| 04:13:33 | jgarzik: | then moxiebox loads normal ELF shared libs via this same load-by-hash method |
| 04:32:04 | atgreen: | hmm... we might be able to do that with an ld hack. |
| 04:32:14 | atgreen: | well, night time for me. l8r |
| 07:26:47 | gmaxwell: | andytosh1: think we should update the BRS-values writup to include script flexibility? |
| 07:54:42 | andytosh1: | gmaxwell: i do. i've spent a bit of time thinking about the identify-by-repeated-script problem...haven't gotten anywhere. but we should mention it anyway because it's already true for values |
| 07:55:21 | andytosh1: | andytosh1 is now known as andytoshi |
| 07:55:59 | gmaxwell: | yes, ... though the values are perhaps easier in the sense that you can mimick existing usage... vs a script, where you likely can't (e.g. script distinct per user) |
| 07:56:54 | andytoshi: | hmm, yeah |
| 07:57:18 | andytoshi: | i haven't quite internalized that that's a real problem, it still seems like there could be a stupid hash trick to get around it |
| 07:58:02 | gmaxwell: | well I suspect there is some kind of polynomial interpolation we could to to have multiple distinct valid values or something... but with overhead. |
| 08:00:49 | andytoshi: | yeah, i'm envisioning something cleverer than that. like, we've already got this "blinding key" they need to produce the signature, can't we do a proof or something using that key that the script is satisfied? |
| 08:01:09 | andytoshi: | like, not zero-knowledge because it "reveals" the blinding key (p + i + H) |
| 08:01:21 | andytoshi: | but still zero-knowledge in the actual script input |
| 08:03:38 | andytoshi: | hmm, maybe there is a much simpler problem with what i'm proposing: like, i want people to be able to plausibly claim they've satisfied the script, so they can use it in their anonymity set....but if the script can be gamed like that, then it's not functioning as a signature scheme is it |
| 08:03:54 | andytoshi: | and no matter what games i play, i can't get around that conceptual barrier |
| 08:05:54 | gmaxwell: | yea, I ran into that too. "Oh what if you show that X of Y of the scripts are satisfied. oh but no that doesn't work, then you could spend with the wrong script for the coin" |
| 08:06:24 | andytoshi: | yep, that's the other side of the coin, trying to disguise what the actual script is |
| 08:06:49 | andytoshi: | i think i need to step back and draw some pictures where i assume crypto primitives for everything, and ask if what i'm trying for even makes sense |
| 08:21:07 | maaku: | maaku is now known as Guest6234 |
| 08:31:01 | fanquake: | fanquake has left #bitcoin-wizards |
| 09:07:57 | maaku: | maaku is now known as Guest83207 |
| 09:24:34 | DonnchaC: | DonnchaC is now known as Guest75730 |
| 13:38:46 | vfor: | vfor has left #bitcoin-wizards |
| 14:48:18 | a5m0_: | a5m0_ is now known as a5m0 |
| 17:57:41 | zooko`: | zooko` is now known as zooko |
| 20:04:18 | gmaxwell: | andytoshi: man, it's like its 1995 and I'm back on sci.crypt, crazy unsound misguided custom crypto run rampant https://bitcointalk.org/index.php?topic=698460.0 |
| 20:06:03 | andytoshi: | ha! yes! |
| 20:08:28 | andytoshi: | impossible to analyze, might even work, uses math from way out-of-field, has a well-respected egomaniac behind the mathematics |
| 20:10:48 | andytoshi: | he can quote basically any sentence from A New Kind of Science (and he does) to get the "revolutionary martyr ignored by the establishment" claim while simultaneously arguing from authority |
| 20:11:00 | andytoshi: | pepper in some original insights like "if every other row is skipped (for stronger cryptography)..." |
| 20:12:23 | andytoshi: | o.O ...then jam an PRNG into into the input when even you realize that there are tons of simple patterns? |
| 20:15:31 | andytoshi: | " |
| 20:15:33 | andytoshi: | That being said, I do find Wolfram's Theory of Computation Irreducibility very interesting. I expect that he is right, and I think it would imply that there exists a certain group of hash functions that are fundamentally impenetrable by cryptanalysis. In essence, they are already fully dense in their complexity." |
| 20:21:22 | andytoshi: | he brings up the usual "did you know that SHA256 has never been PROVEN to work? suddenly your demands for evidence of security are looking pretty silly, huh?", demonstrates a collision and dismisses it as "that's just the pigeonhole principle", suggests creating an altcoin to incentives adversaries, speculates that SHA256 may be broken (or even compromised by NSA) (never mind that MD5d still works as |
| 20:21:24 | andytoshi: | random oracle despite MD5 itself being almost totally destroyed..), use of meaningless terms "computational irreducibility" in arguments, it goes on and on |
| 20:21:38 | andytoshi: | i could probably actually rewrite the crank index just from this |
| 20:22:30 | sipa: | hint: ignore |
| 20:22:53 | andytoshi: | sorry, it's just fun :) |
| 20:30:46 | jcorgan: | gmaxwell: the DSP world sometimes gets "crazy unsound misguided custom" stuff too, though not nearly as bad as crypto does |
| 21:02:02 | gmaxwell: | andytoshi: Computation Irreducibility doesn't hold for all inputs, for pratically any kind of remotely interesting function there are large classes of easily discovered trivial inputs. |
| 21:02:26 | gmaxwell: | (e.g. not 'approximation free')— can matter greatly for cryptographic applications. |
| 21:03:34 | gmaxwell: | andytoshi: I wrote a cellular automata RNG for use as a stream cipher when I was ... probably 13? in basic. I wonder if there is a way to find it, and if I could break it now. |
| 21:04:34 | andytoshi: | :P i did that too, when i read stephen wolfram's book |
| 21:05:04 | gmaxwell: | oh wow, were you that young when the book came out? |
| 21:05:58 | gmaxwell: | mine was years before it... might be possible to find it, it ended up on a bunch of bbses. I'd read about one time pads, and this was basically before real cryptographic software was widely available (or at least, to the extent that it was I didn't know about it) |
| 21:07:04 | sipa: | gmaxwell: heh, i'm sure i wrote an RNG in basic once too... |
| 21:08:50 | andytoshi: | gmaxwell: i was 11 when a new kind of science came out... but 14 or 15 when it got to my local library :P |
| 21:09:19 | andytoshi: | i never lived in a world without real cryptographic software everywhere |
| 21:09:39 | gmaxwell: | andytoshi: wrt thread to his credit, he finds the collision himself, which is way better than most. ... but disregards it, though any real cryptographic function would be considered broken with such an example. |
| 21:10:18 | andytoshi: | yeah, he definitely put some effort into this. i think if he read a few papers and learned the importance and definition of standard security properties he'd be fine |
| 21:11:04 | andytoshi: | saying "that's just the pigeonhole principle" suggests that he's a hs or uni math student who is just exploring things |
| 21:14:58 | n4997: | n4997 is now known as add55 |