00:44:34maaku:maaku is now known as Guest79553
03:37:54maaku:maaku is now known as Guest34141
04:02:14jgarzik:moxiebox now does load-by-hash
04:02:24atgreen:what does that mean?
04:02:33jgarzik:./sandbox -E runtime/ -e a6e1650089117241a25c5a32e0b46b6a28f82fec38a466d6435ba8d2894b372e -o -
04:02:51jgarzik:given a hash, it searches through a directory for a file that matches that hash, and executes it
04:04:26atgreen:ah.. btw, how do programs get distributed in the first place?
04:05:12atgreen:got it
04:05:45jgarzik:atgreen, perhaps a [not-primary] blockchain, perhaps PGP-signed email, ...
04:06:41jgarzik:atgreen, users might even submit programs via webpage to N websites, and measure the results
04:08:00jgarzik:atgreen, if google, facebook, ... sandboxes all agree on the result, you may assign more trust to the result
04:08:10jgarzik:atgreen, consider the interesting possibilities for simple remote execution
04:08:46jgarzik:atgreen, might be a fun new standard for shipping remote computing job request around the cloud
04:09:23jgarzik:a program need only specify its dependencies as hashes
04:09:25atgreen:let's do it!
04:10:28jgarzik:atgreen, thus a user can say "execute a6e1650089117241a25c5a32e0b46b6a28f82fec38a466d6435ba8d2894b372e with input ABCDEF", dependencies are and you have a reliable, producible environment
04:11:47jgarzik:atgreen, the primary ELF program needs to somehow say "reference shared library whose name is <32-byte opaque hash>"
04:12:33jgarzik:atgreen, rather than the expected "ref shared lib named libfoo.so."
04:13:33jgarzik:then moxiebox loads normal ELF shared libs via this same load-by-hash method
04:32:04atgreen:hmm... we might be able to do that with an ld hack.
04:32:14atgreen:well, night time for me. l8r
07:26:47gmaxwell:andytosh1: think we should update the BRS-values writup to include script flexibility?
07:54:42andytosh1:gmaxwell: i do. i've spent a bit of time thinking about the identify-by-repeated-script problem...haven't gotten anywhere. but we should mention it anyway because it's already true for values
07:55:21andytosh1:andytosh1 is now known as andytoshi
07:55:59gmaxwell:yes, ... though the values are perhaps easier in the sense that you can mimick existing usage... vs a script, where you likely can't (e.g. script distinct per user)
07:56:54andytoshi:hmm, yeah
07:57:18andytoshi:i haven't quite internalized that that's a real problem, it still seems like there could be a stupid hash trick to get around it
07:58:02gmaxwell:well I suspect there is some kind of polynomial interpolation we could to to have multiple distinct valid values or something... but with overhead.
08:00:49andytoshi:yeah, i'm envisioning something cleverer than that. like, we've already got this "blinding key" they need to produce the signature, can't we do a proof or something using that key that the script is satisfied?
08:01:09andytoshi:like, not zero-knowledge because it "reveals" the blinding key (p + i + H)
08:01:21andytoshi:but still zero-knowledge in the actual script input
08:03:38andytoshi:hmm, maybe there is a much simpler problem with what i'm proposing: like, i want people to be able to plausibly claim they've satisfied the script, so they can use it in their anonymity set....but if the script can be gamed like that, then it's not functioning as a signature scheme is it
08:03:54andytoshi:and no matter what games i play, i can't get around that conceptual barrier
08:05:54gmaxwell:yea, I ran into that too. "Oh what if you show that X of Y of the scripts are satisfied. oh but no that doesn't work, then you could spend with the wrong script for the coin"
08:06:24andytoshi:yep, that's the other side of the coin, trying to disguise what the actual script is
08:06:49andytoshi:i think i need to step back and draw some pictures where i assume crypto primitives for everything, and ask if what i'm trying for even makes sense
08:21:07maaku:maaku is now known as Guest6234
08:31:01fanquake:fanquake has left #bitcoin-wizards
09:07:57maaku:maaku is now known as Guest83207
09:24:34DonnchaC:DonnchaC is now known as Guest75730
13:38:46vfor:vfor has left #bitcoin-wizards
14:48:18a5m0_:a5m0_ is now known as a5m0
17:57:41zooko`:zooko` is now known as zooko
20:04:18gmaxwell:andytoshi: man, it's like its 1995 and I'm back on sci.crypt, crazy unsound misguided custom crypto run rampant https://bitcointalk.org/index.php?topic=698460.0
20:06:03andytoshi:ha! yes!
20:08:28andytoshi:impossible to analyze, might even work, uses math from way out-of-field, has a well-respected egomaniac behind the mathematics
20:10:48andytoshi:he can quote basically any sentence from A New Kind of Science (and he does) to get the "revolutionary martyr ignored by the establishment" claim while simultaneously arguing from authority
20:11:00andytoshi:pepper in some original insights like "if every other row is skipped (for stronger cryptography)..."
20:12:23andytoshi:o.O ...then jam an PRNG into into the input when even you realize that there are tons of simple patterns?
20:15:33andytoshi:That being said, I do find Wolfram's Theory of Computation Irreducibility very interesting. I expect that he is right, and I think it would imply that there exists a certain group of hash functions that are fundamentally impenetrable by cryptanalysis. In essence, they are already fully dense in their complexity."
20:21:22andytoshi:he brings up the usual "did you know that SHA256 has never been PROVEN to work? suddenly your demands for evidence of security are looking pretty silly, huh?", demonstrates a collision and dismisses it as "that's just the pigeonhole principle", suggests creating an altcoin to incentives adversaries, speculates that SHA256 may be broken (or even compromised by NSA) (never mind that MD5d still works as
20:21:24andytoshi:random oracle despite MD5 itself being almost totally destroyed..), use of meaningless terms "computational irreducibility" in arguments, it goes on and on
20:21:38andytoshi:i could probably actually rewrite the crank index just from this
20:22:30sipa:hint: ignore
20:22:53andytoshi:sorry, it's just fun :)
20:30:46jcorgan:gmaxwell: the DSP world sometimes gets "crazy unsound misguided custom" stuff too, though not nearly as bad as crypto does
21:02:02gmaxwell:andytoshi: Computation Irreducibility doesn't hold for all inputs, for pratically any kind of remotely interesting function there are large classes of easily discovered trivial inputs.
21:02:26gmaxwell:(e.g. not 'approximation free')— can matter greatly for cryptographic applications.
21:03:34gmaxwell:andytoshi: I wrote a cellular automata RNG for use as a stream cipher when I was ... probably 13? in basic. I wonder if there is a way to find it, and if I could break it now.
21:04:34andytoshi::P i did that too, when i read stephen wolfram's book
21:05:04gmaxwell:oh wow, were you that young when the book came out?
21:05:58gmaxwell:mine was years before it... might be possible to find it, it ended up on a bunch of bbses. I'd read about one time pads, and this was basically before real cryptographic software was widely available (or at least, to the extent that it was I didn't know about it)
21:07:04sipa:gmaxwell: heh, i'm sure i wrote an RNG in basic once too...
21:08:50andytoshi:gmaxwell: i was 11 when a new kind of science came out... but 14 or 15 when it got to my local library :P
21:09:19andytoshi:i never lived in a world without real cryptographic software everywhere
21:09:39gmaxwell:andytoshi: wrt thread to his credit, he finds the collision himself, which is way better than most. ... but disregards it, though any real cryptographic function would be considered broken with such an example.
21:10:18andytoshi:yeah, he definitely put some effort into this. i think if he read a few papers and learned the importance and definition of standard security properties he'd be fine
21:11:04andytoshi:saying "that's just the pigeonhole principle" suggests that he's a hs or uni math student who is just exploring things
21:14:58n4997:n4997 is now known as add55