01:12:33Guest6546:Guest6546 is now known as pigeons
03:06:06freewil:freewil has left #bitcoin-wizards
03:52:47Pan0ram1x_:Pan0ram1x_ is now known as Guest72358
03:52:48Guest72358:Guest72358 is now known as Pan0ram1x
03:52:51gmaxwell_:gmaxwell_ is now known as Guest90080
03:52:51CryptOprah_:CryptOprah_ is now known as CryptOprah
03:53:18Pan0ram1x:Pan0ram1x is now known as Guest12955
03:53:33Guest90080:Guest90080 is now known as gmaxwell
03:53:39quackgyver_:quackgyver_ is now known as quackgyver
04:01:19luke-jr_:luke-jr_ is now known as Luke-Jr
04:44:33maaku:maaku is now known as Guest45558
05:10:00asoltys_:asoltys_ is now known as asoltys
05:15:57wump:wump is now known as wumpus
06:17:35cookie:are there any zero knowledge zk snarks systems in existence?
06:18:27sipa:zkzk snarks? :p
06:22:48gmaxwell:I heard they use them for ATM machines.
06:23:52sipa:the SMS short message system uses them afaik
06:24:15gmaxwell:cookie: There is libsnark, but I'm guessing this isn't likely to be useful to you if you didn't already know about it.
06:24:28cookie:lol sipa
06:25:02cookie:no i meant projects using it already
06:27:30cookie:i've been wondering for a while if proof of funds scheme could be replaced by a zkp
06:27:52cookie:for an hour to be exact lol.
06:28:13gmaxwell:I've described pretty extensively in here before whats required.
06:28:19gmaxwell:go check the logs.
06:28:23cookie:ah crap
06:28:26cookie:how do i do that?
06:28:41gmaxwell:wget and grep? http://download.wpsoftware.net/bitcoin/wizards/
06:29:18cookie:gmaxwell what do you think about peter todds proof of funds?
06:29:36gmaxwell:I think you've made me sad and I'm going to go away now.
06:29:36gmaxwell:gmaxwell has left #bitcoin-wizards
06:34:56cookie:kanzure: thanks, so many logs.
06:50:03gmaxwell:jgarzik: I've got another application for moxie box— verifying the code is constant time.
06:50:37gmaxwell:e.g. CI tests on libsecp256k1 could do this.
07:14:01gandalfthegrey:fly you fools
07:25:46Luke-Jr:gmaxwell: intentionally not letting him actually fly? :p
07:25:54Luke-Jr:oh, he left on his own
08:05:16barjavel.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged at http://download.wpsoftware.net/bitcoin/wizards/. For questions about the logs talk to andytoshi.
08:05:16barjavel.freenode.net:Users on #bitcoin-wizards: andy-logbot cbeams edulix Ursium gmaxwell LarsLarsen jaekwon lclc wumpus LaptopZZ grandmas- cym kdomanski__ Krellan__ epscy Guest54659 nsh [7] Guest12955 Luke-Jr o3u espes___ quackgyver zling__ Taek CryptOprah eizh__ Dr-G px1NbxQzEC OneFixt justusranvier roconnor execut3 DougieBot5000 e4xit forrestv tromp ryan-c jchp_ pigeons berndj-blackout [Derek] SDCDev Gnosis phedny so Mikalv waxwing digitalmagus7 iddo_ irc88_ Dyaheon- super3 michagogo
08:05:16barjavel.freenode.net:Users on #bitcoin-wizards: nkuttler a5m0 Aquent nsh_ samson_ putler realazthat kinlo daniel pi07r jbenet roasbeef Graet Sangheili Kretchfoop gavinandresen go1111111 EasyAt nickler BigBitz Muis artifexd HaltingState Anduck gribble copumpkin dgenr8 melvster TD-Linux tacotime DoctorBTC zenojis pajarillo wiretapped Hunger- jgarzik polyclef phantomcircuit CodeShark Cory jcorgan abc56889 kiddouk_ Alanius mr_burdell optimator UukGoblin HM otoburb andytoshi SomeoneWeird
08:05:16barjavel.freenode.net:Users on #bitcoin-wizards: nanotube spinza Keefe midnightmagic mmozeiko harrow Ken` @ChanServ mhanne tromp__ danneu burcin aynstein [\\\] poggy wizkid057 jaromil K1773R helo comboy Apocalyptic bbrittain smooth cfields lechuga_ kanzure crescendo BrainOverfl0w lianj BlueMatt zibbo_ asoltys warren dansmith_btc sl01 gwillen throughnothing petertodd catcow Logicwax trn @sipa rs0 amiller starsoccer Adohgg Iriez weex Eliel_
08:09:02BlueMatt: I think you've made me sad and I'm going to go away now. <-- can we get this in a topic somewhere?
08:09:22BlueMatt:"dont make gamxwell sad, dont ask noob questions"
08:26:09sipa:i wonder how he feels about typo's in his nickname
08:44:49Luke-Jr:IMO that was a case for +q <.<
08:51:45maaku:maaku is now known as Guest57788
08:51:48Guest12955:Guest12955 is now known as Pan0ram1x
09:04:41kdomanski__:kdomanski__ is now known as kdomanski
09:45:24iddo_:iddo_ is now known as iddo
12:17:51jgarzik:gmaxwell, RE constant time... I had an interesting thought related to that and crypto-accelerators.
12:18:11jgarzik:gmaxwell, right now, without accel, things are slower but CPU accounting is accurate.
12:18:40jgarzik:gmaxwell, with accel, you jump out of the simulator to run OpenSSL code, making CPU budget accounting much, much more difficult.
12:21:54gmaxwell:jgarzik: indeed, my thinking was that part of the accelerator defintion would be the number of 'cycles' they take.
12:22:28gmaxwell:and have that just be part of the system definition or 'accelrator version' defintion.
12:23:24gmaxwell:and care should be taken to budget for their worst case. (easy for most direct crypto primitives, harder for— say— a bignum accelerator set)
12:27:50jgarzik:gmaxwell, Indeed. I was planning on going dumb, initially: "if (crypto accel) cpu_cycles += 10000;" (ie. treat a crypto instruction as taking 10,000 cpu cycles) Not the best logic, but it gives a very rough approximation for moxiebox.
12:29:52jgarzik:gmaxwell, Including bitcoin transaction and script verf in the moxiebox runtime lib should be easy, too. Obviously, you have to provide the full transaction inputs of the TX being verf'd, since there is no I/O, there is no blockchain or other data to query.
12:30:03gmaxwell:yea, can be tuned later. I imagine that adjusting for real costs will find they're not all that high.
12:30:48gmaxwell:e.g. so if a busyloop of accele-sha256 and moxie-sha256 are compared I bet the cost of a accele-sha256 is only a fairly small number of cycles.
12:31:25jgarzik:I just worry about algorithmic attacks
12:31:51gmaxwell:sha256 and the ecdsa operations have clearly defined upper bounds at least.
12:31:58jgarzik:ie. budget A cycles, but sneaky person figures out how to make an algorithm behave wildly different from your guess
12:32:06gmaxwell:(well sha256 is ~constant)
12:33:22gmaxwell:jgarzik: yea, wrt transaction and script this is partly why I think the C ports of bitcoin-qt code are interesting. :)
12:34:01jgarzik:it seems easy to abuse a bignum implementation, if bignum accel primitives are exported. MUCH less so for aes, sha256, ...
12:34:26jgarzik:well, s/easy/more difficult to account/
12:34:35jgarzik:well, s/easy to abuse/more difficult to account/
12:34:38gmaxwell:yea, a generic bignum is trivially abusable if great care isn't taken to confine it.
12:36:43jgarzik:Related: For sha256 accel, I was going to add number-of-rounds as an input. Makes implementing double-sha256 easy, but provides interesting properties if the round count is simply a variable.
12:36:59jgarzik:AES functions in some C libs take a round count, so why count start doing it with hashes too.
12:37:13jgarzik:sigh. *so why not start....
12:37:19jgarzik:* jgarzik goes to look for coffee (Pepsi)
12:37:33gmaxwell:because sha256 isn't just a set of rounds, there is message expansion and the length adding and such?
12:37:52gmaxwell:(though you could have a sha256 round function call, and have the caller implement the complete function)
12:38:09jgarzik:gmaxwell, I view it as a tail call or extra finalization step
12:38:50gmaxwell:though the accelrator can be faster for long messages if you just pass in a pointer to the whole message and a length, as there are techniques to accelerate when working on multiple blocks at once (see the avx2 sha512 in the linux kernel)
12:40:18gmaxwell:(meh, you've written a miner, no need for me to lecture you on what sha256 looks like!)
12:41:19gmaxwell:w.r.t. round function, see the intel instruction set for broadwell.
12:42:04gmaxwell:but I suspect something exposed as a round function won't be able to get within a factor of 3 of the speed of one that has 'hash this stuff' interface.
12:44:54jgarzik:gmaxwell, nod there are two levels. The existing cpu instructions, such as Intel's, tend to implement "the meat", ie. hash or crypto one block BLOCK_SIZE block of [AES | SHA256] but leave the setup and finalize to non-accel code. I think there is sufficient utility in a higher level doit(data,len,rounds)
12:45:08jgarzik:so, implement both
12:45:47jgarzik:metaphorically, implement SHA256() and SHA256_Update() in accelerated code.
13:26:41jgarzik:As this is also appropriate -wizards material, here is mmx-test.c: https://gist.github.com/jgarzik/2e2c4373b88d90ee4859
13:26:57jgarzik:C (w/ inline asm) for storing uint256's in registers, rather than RAM.
14:51:23afrotec:afrotec has left #bitcoin-wizards
14:53:46andytoshi:judging from the abstract, no content but probably very silly: http://arxiv.org/abs/1408.2824
14:56:40nsh:raises more kookery flags than biting satire flags, sadly
15:01:13Aquent_:Aquent_ is now known as Aquent
15:03:06jgarzik:It's not just cryptographic.... it's cryptocubic!
15:03:52gmaxwell:Not temporal cubic?
15:04:54wumpus:cryptocubists are just repressed temporal cubists
15:08:31nsh:we joke, but at some point someone will or already has contrasted the development of the aperspectival vantage in cubism with the elaboration of systems of decentralised consensuation
15:08:37nsh:or words like that
15:08:53nsh:Cubism and Relativity -- http://www.jstor.org/discover/10.2307/774982?uid=3738032&uid=2&uid=4&sid=21104055796361
15:33:17wallet421:wallet421 is now known as wallet42
15:48:01andytoshi:do sidechains require sidechain validators to also be bitcoin validators? is there any clever way around this?
15:48:53Luke-Jr:andytoshi: they don't.
15:48:54nsh:how do you mean?
15:49:15Luke-Jr:andytoshi: they don't even need to be PoW-based
15:50:26andytoshi:Luke-Jr: they still need to be aware of transfers
15:50:31andytoshi:i don't see what PoW wolud have to do with it
15:50:57andytoshi:oh, i see, with a private chain you could just trust the chain signer
15:51:00Luke-Jr:andytoshi: transfers are just SPV validation, more or less
15:52:13gmaxwell:andytoshi: You can use the same mechenism in both directions, though you could get a stronger security argument if it was tightly coupled on one side.
15:52:34andytoshi:ok, sure
15:52:41andytoshi:i was hoping the answer wouldn't be so open-ended :)
15:53:19andytoshi:it is in some sense easier to do full validation when transfering into a sidechain, since there is one bitcoin and many sidechains (in the "bitcoin is the center of the universe" model)
15:53:28gmaxwell:I mean, I've mostly invisioned it as being tightly coupled one one side because why not, validating bitcoin is cheap and.. exactly.
15:54:04gmaxwell:the only case where I've really thought it interesting to do otherwise is when you're simultaniously 2-way pegging against multiple chains.
15:55:38andytoshi:ok, that's in line with what i was thinking
16:49:49tromp__:amazing what kind of garbage passes for whitepaper these days; https://www.dropbox.com/s/m5nop0ev0jn16t6/whitepaper.pdf
16:55:28gmaxwell:tromp__: pft. well it's not asking for money at least!
16:56:45tromp__:someone used this for some scammy ipo: https://bitcointalk.org/index.php?topic=739018.0
17:00:46gmaxwell:tromp__: ah. nevermind then!
17:01:24tromp__:i guess behind every crappy whitepaper there is a scammy coin
17:01:31gmaxwell:Or three.
17:04:05hearn:tromp__: lol
17:04:24hearn:"BitKey\texttrademark is an platform- and cryptocurrency-independent softwarepackage"
17:04:27hearn:looks legit
17:04:56gmaxwell:I giggled at the thought of emailing them to let them know that fradulently claiming to have a registered mark is unlawful in the US.
17:05:59gmaxwell:"scamcoin foiled by lifebuoy soap poisoning"
17:06:21justanotheruser:gmaxwell: tms don't require registration
17:06:54kdomanski_:kdomanski_ is now known as kdomanski
17:07:04gmaxwell:justanotheruser: they do— if you hold out that you have a _registered mark_ its some administrative code violation, with no real consequence except gumming up your trademark enforcement.
17:07:57justanotheruser:gmaxwell: where do they have (R)?
17:08:19gmaxwell:(normally you need to use the circle-r mark to end up in that state, but if you had an intent of misleading people, e.g. here where it looks like they are just using it to create false authority., then you can still run afowl)
17:09:21helo:* helo ™
17:09:34tacotime_:helo, take my money
17:09:56tacotime_:tacotime_ is now known as tacotime
17:10:37gmaxwell:I like that their whitepaper seems to be claiming that they've been NSA-inside enhanced via inclusion of secp256_r_1
17:12:04justanotheruser:helo: when is your IPO?
17:17:45gmaxwell:going the route of dank and his failed personal singularity? https://bitcointalk.org/index.php?topic=93003.0
17:20:20justanotheruser:"By the end of this year, 2012, I believe I will be a highly known guitarist/musician. This time frame may seem unrealistically short, for I have only started playing electric guitar towards the end of August, but recent realizations have led me to believe this is possible."
17:23:58tromp__:it's like the nigerian spam having red flags on purpose in order to target only the most gullible of ppl
17:25:00gmaxwell:serves a dual use, when it eventually doesn't pan out you think "I was an idiot, what did I expect? I better tell no one."
19:02:14maaku:maaku is now known as Guest25963
19:06:32wallet42:wallet42 is now known as Guest59394
19:06:32wallet421:wallet421 is now known as wallet42
20:06:39kdomanski__:kdomanski__ is now known as kdomanski
21:02:15wallet42:wallet42 is now known as Guest81150
21:02:15wallet421:wallet421 is now known as wallet42
22:27:09DougieBot5000_:DougieBot5000_ is now known as DougieBot5000
22:46:48wyager:wyager has left #bitcoin-wizards
22:52:34wyager:wyager has left #bitcoin-wizards