00:00:42andytoshi:ah, the target size is the average of past sizes?
00:05:46gmaxwell:andytoshi: in the bytecoin whitepaper they propose a mechnism where the target size of this block is the median of the last N. If you wish to make a larger block than the target you must throw away a portion of your income. The portion is some quadratic function on the excess size. The rational is that there is an equlibrium size which maximizes income.
00:06:21andytoshi:ah, that's right
00:06:24gmaxwell:My immediate observation is that this is basically open loop in the long run, because you can just get paid out of band (e.g. via outputs), and thus bypass the burning.
00:06:47andytoshi:yeah, i recall that problem with many many proposals
00:07:21gmaxwell:it has other issues, e.g. foxes guarding the hen-house problem with letting miners control block sizes— but ISTM that by simply changing where the penality happens removes that issue.
00:28:30andytoshi:are there any merkle structures which really minimize inclusion proof size? like, you give me some string and with nothing else i can find a merkle root that commits to it?
00:31:00gmaxwell:I'm not sure what you're asking. Try again?
00:31:13gmaxwell:I mean H(string) = commit. tada.
00:32:15andytoshi:i want to be able to commit lots of strings to a single hash tho
00:32:44gmaxwell:Do you want a homorphic hash?
00:32:45andytoshi:but still have users be able to do lookups given just the string (and a minimum amount of extraneous data, like a 10-bit number is probably ok)
00:33:12gmaxwell:You want an O(1) cryptographic accumulator?
00:33:37andytoshi:i believe so, lemme just make sure that term means what i think it does..
00:34:15gmaxwell:like, I tell you the string, and some small constant amount of additional data, and a root, and you can say 'yep' string is in the root.
00:35:17andytoshi:yeah ... but also i don't want to need the root :P
00:35:34nsh:verification is O(1)
00:35:44nsh:accumulation is O(n)
00:36:00gmaxwell:really I meant proof or storage size being O(1)
00:36:01nsh:per my (probably faulty) reading of https://cs.brown.edu/research/pubs/theses/ugrad/2013/tremel.pdf
00:37:19gmaxwell:andytoshi: well there must be some overhead. Because at the end of the data the user must be able to compute the joint commitment of all the other strings and their string, so you must have overhead at least equal to size commitment for all the other strings.
00:38:50andytoshi:hmm, yeah, you're right
00:39:04andytoshi:i've got somebody on PM wanting to store commitments in the blockchain ... i want to say, at least accumulate them so you can combine multiple commitments in one utxo
00:39:28andytoshi:but he wants easy lookups without users needing to carry around merkle proofs
00:39:59nsh:commitments would require external data store to make any bloat reduction, wouldn't they?
00:40:44gmaxwell:andytoshi: impossible even if there is no accumulation, someone must carry around merkle proofs. Really what he's asking for is some external service his users can abuse to carry around the proofs for them. Which could be provided, interestingly, the bitcoin network is not such a system— you cannot query nodes by transaction.
00:41:23gmaxwell:So why not just accumulate, and throw the proofs in some DHT storage or whatever. And users can query for their total extracted proof— or not.
00:41:37andytoshi:if you use "most recent transaction to commitment", you can get away with only querying for utxos ;)
00:42:07gmaxwell:andytoshi: we have no query for that too (intentionally so)
00:42:26andytoshi:lol, i forgot DHT's were a thing
00:42:42nsh:most DHTs forget they are a thing eventually too
00:42:46nsh:that's the problem
00:42:48gmaxwell:I probably should have copied you on a thread I started with cjd (cjdns person)
00:43:05andytoshi:fwiw for any given application you can force the app users to maintain a utxo index ... that's cheap
00:43:20gmaxwell:I propose creating a DHT service that uses bitcoin activity as admissions control, in order to prevent flooding attacks... as a way to setup something for these things to use.
00:43:47gmaxwell:andytoshi: so far no one doing this kind of stuff has ever considered anything like that.
00:44:19nsh:hmm, that might work
00:44:25gmaxwell:if they'd be willing to do that, presumably they'be be willing to run some kind of dht client too... but they're not, they want O(0) effort, not O(1) with small constant. :P
00:44:32andytoshi:my PM guy is already requiring commitments to satisfy some hard constraints to deter bitcoin output spam ... if accumulators were available that would really incentivize people to buddy up
00:45:18gmaxwell:hopefully they're not producing utxo set pollution.
00:45:40andytoshi:you mean weirdly shaped addresses instead of prunable outs?
00:46:02andytoshi:yeah, first thing i said was don't do that, there was no resistance there :P
00:46:21andytoshi:so i think, a DHT which stores these proofs + some vanitygen requirement on the roots (which will wind up on the blockchain in OP_RETURN outputs) is a decently nonabusive system
00:47:17gmaxwell:yea, cjd was concerned that he (and no one) has any idea of how to make a sybil resistant DHT with open access.
00:47:21andytoshi:the vanitygen thing has the dual incentive for people (a) to buddy up and not spam the blockchain, (b) don't spam the DHT
00:57:34gmaxwell:Facepalm of the day: https://github.com/bitcoin/bitcoin/issues/4786
00:57:48gmaxwell:(yes, thats a checksum passing mastercard number).
00:58:22nsh:* nsh blinks
00:58:41sipa:but but! we don't know the expiry date!
00:59:08gmaxwell:okay, I need to delete it, no way to hide the title.
00:59:30sipa:can you?
00:59:32gmaxwell:hm. it seems I cannot delete it.
00:59:32Apocalyptic:I was just wondering what the number actually was
00:59:48sipa:i had no clue
01:00:17gmaxwell:bluematt called it, it didn't really look like one but the checksum passes.
01:25:58Apocalyptic:i'm getting a 404 for the page, so it seems you can delete it after all
01:28:38gmaxwell:took a manual request.
01:29:00gmaxwell:Apocalyptic: someone opened an issue with a title [credit card number] and text "help mi deposit"
01:29:23Apocalyptic:I see
01:29:24gmaxwell:"oh, I'm sure you're going to get help making all the deposits now, my friend"
01:31:57amiller:are there issues like that on any other githubs?
01:33:45gmaxwell:many people have needed to delete things in the past— e.g. at one point someone was flooding our github with malware links... esp bad since you can't really block people from a group repository, first time I've seen credit card numbers.
01:37:48kanzure:there have been other issues on other projects like with auto-posting issues about he/she word choices
01:38:42kanzure:(which then attracts a thousand posts of "+1" and "-1" content)
01:39:10gmaxwell:yea, we've had issues with people linking to things on reddit and getting a flood of comments from people who are confused.
01:39:32gmaxwell:costs of working in public, to some extent.
08:05:17barjavel.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:17barjavel.freenode.net:Users on #bitcoin-wizards: andy-logbot ebfull lclc mortale CoinMuncher Graftec EasyAt|sofa nickler zling____ jgarzik toffoo fanquake mappum pen TrollsRoyce TD-Linux Cer3bus iddo Adohgg TheSeven px1NbxQzEC grubles BigBitz Dr-G super3 DougieBot5000 kmels_ moa tromp tjopper torsthaldo rfreeman_w LarsLarsen wiretapped jwo zooko irc88 Guest40803 gavinandresen Emcy mikalv altoz SDCDev davidlatapie melvster Grishnakh go1111111 samson_ at0mat polyclef Jasper-Schmitt koshii
08:05:17barjavel.freenode.net:Users on #bitcoin-wizards: wizkid057 [d__d] execut3 dgenr8 spinza pi07r_ burcin_ jchp K1773R smooth gwillen amiller weex mmozeiko a5m0 gmaxwell bbrittain Fistful_of_Coins Transisto copumpkin kinlo OneFixt helo HaltingState CodeShark so Gnosis phedny mkarrer Guest10516 DoctorBTC gribble roasbeef Dyaheon- bobke comboy grandmaster2 dansmith_btc pajarillo Keefe Graet digitalmagus artifexd warren drawingthesun Logicwax LaptopZZ Alanius nanotube espes__ SomeoneWeird chocah
08:05:17barjavel.freenode.net:Users on #bitcoin-wizards: forrestv epscy [\\\] Luke-Jr Hunger- cfields Krellan lechuga_ CryptOprah jaromil_ hollandais sipa pigeons quackgyver Anduck HM nuke1989 zenojis andytoshi throughnothing BrainOverfl0w ryan-c jcorgan starsoccer prepost jbenet @ChanServ mhanne tromp__ danneu poggy Apocalyptic kanzure crescendo lianj BlueMatt zibbo_ asoltys sl01 petertodd catcow rs0 harrow midnightmagic otoburb UukGoblin optimator abc56889 phantomcircuit Muis [Derek] Pan0ram1x
08:05:17barjavel.freenode.net:Users on #bitcoin-wizards: Guest54659 wumpus nkuttler Eliel mr_burdell Ken` berndj-blackout nsh waxwing Iriez
08:05:17barjavel.freenode.net:[freenode-info] if you're at a conference and other people are having trouble connecting, please mention it to staff: http://freenode.net/faq.shtml#gettinghelp
09:22:55pigeons:pigeons is now known as Guest67224
09:27:40[Tristan]:[Tristan] is now known as Guest1632
09:52:44meowmoo:meowmoo is now known as catcow
10:02:46_Iriez:_Iriez is now known as Iriez
10:09:33[\\\\]:[\\\\] is now known as [\\\]
10:16:34BlueMatt_:BlueMatt_ is now known as BlueMatt
10:51:53otoburb_:otoburb_ is now known as Guest74374
10:55:50therealnanotube:therealnanotube is now known as nanotube
10:55:58forrestv_:forrestv_ is now known as forrestv
10:55:59Aesthetic:Aesthetic is now known as Logicwax
11:03:07tomaw:[Global Notice] Hi all. As you've probably noticed we're having some connectivity issues across some of our servers today. Sadly this is again due to DDoS attacks. Please join us in a collective sigh.
11:23:34otoburb:otoburb is now known as Guest53808
11:30:08gmaxwell_:gmaxwell_ is now known as Guest80499
11:31:13Guest80499:Guest80499 is now known as gmaxwell
12:13:37bbrittain_:bbrittain_ is now known as bbrittain
12:14:51jgarzik:Couldn't resist: https://twitter.com/jgarzik/status/505327612408119296
12:51:51jgarzik:jgarzik is now known as home_jg
13:47:44maaku:maaku is now known as Guest32448
14:17:36kanzure_:kanzure_ is now known as kanzure
14:52:39o3u:o3u is now known as Fistful_of_Coins
14:54:25home_jg:home_jg is now known as jgarzik
15:16:15jcorgan_:jcorgan_ is now known as jcorgan
19:02:56gavinandresen_:gavinandresen_ is now known as gavinandresen
21:03:35Alanius:has anybody ever thought about using controllable-malleable proofs for bitcoin?
21:03:46Alanius:and if so, where can I read up on it?
21:07:23gmaxwell:Alanius: our signature system already gives a form of controllable-malleable proof of knoweldge, thats what the sighash flags accomplish.
21:07:29gmaxwell:(or why you're able to coinjoin)
21:12:59phantomcircuit_:phantomcircuit_ is now known as phantomcircuit
21:23:54Ursium_:Ursium_ is now known as Ursium
21:28:29Quanttek_:Quanttek_ is now known as Quanttek
21:48:29gmaxwell_:gmaxwell_ is now known as Guest4185
21:48:40smooth:smooth is now known as Guest25299
21:48:42SDC:SDC is now known as SDCDev
21:52:58TD--Linux:TD--Linux is now known as TD-Linux
21:53:02_Iriez:_Iriez is now known as Iriez
22:04:01Guest4185:Guest4185 is now known as gmaxwell
22:13:04mr_burdell:mr_burdell is now known as Guest70396
22:32:19jtimon:that's a very clear way to describe sighash flags to me
22:58:03SDC:SDC is now known as SDCDev
22:59:25Guest67224:Guest67224 is now known as pigeons