| 00:00:42 | andytoshi: | ah, the target size is the average of past sizes? |
| 00:05:46 | gmaxwell: | andytoshi: in the bytecoin whitepaper they propose a mechnism where the target size of this block is the median of the last N. If you wish to make a larger block than the target you must throw away a portion of your income. The portion is some quadratic function on the excess size. The rational is that there is an equlibrium size which maximizes income. |
| 00:06:21 | andytoshi: | ah, that's right |
| 00:06:24 | gmaxwell: | My immediate observation is that this is basically open loop in the long run, because you can just get paid out of band (e.g. via outputs), and thus bypass the burning. |
| 00:06:47 | andytoshi: | yeah, i recall that problem with many many proposals |
| 00:07:21 | gmaxwell: | it has other issues, e.g. foxes guarding the hen-house problem with letting miners control block sizes— but ISTM that by simply changing where the penality happens removes that issue. |
| 00:25:35 | gmaxwell: | http://da-data.blogspot.com/2014/08/minting-money-with-monero-and-cpu.html |
| 00:28:30 | andytoshi: | are there any merkle structures which really minimize inclusion proof size? like, you give me some string and with nothing else i can find a merkle root that commits to it? |
| 00:31:00 | gmaxwell: | I'm not sure what you're asking. Try again? |
| 00:31:13 | gmaxwell: | I mean H(string) = commit. tada. |
| 00:32:15 | andytoshi: | i want to be able to commit lots of strings to a single hash tho |
| 00:32:44 | gmaxwell: | Do you want a homorphic hash? |
| 00:32:45 | andytoshi: | but still have users be able to do lookups given just the string (and a minimum amount of extraneous data, like a 10-bit number is probably ok) |
| 00:33:12 | gmaxwell: | You want an O(1) cryptographic accumulator? |
| 00:33:37 | andytoshi: | i believe so, lemme just make sure that term means what i think it does.. |
| 00:33:49 | andytoshi: | yup |
| 00:34:15 | gmaxwell: | like, I tell you the string, and some small constant amount of additional data, and a root, and you can say 'yep' string is in the root. |
| 00:35:17 | andytoshi: | yeah ... but also i don't want to need the root :P |
| 00:35:34 | nsh: | verification is O(1) |
| 00:35:44 | nsh: | accumulation is O(n) |
| 00:36:00 | gmaxwell: | really I meant proof or storage size being O(1) |
| 00:36:01 | nsh: | per my (probably faulty) reading of https://cs.brown.edu/research/pubs/theses/ugrad/2013/tremel.pdf |
| 00:37:19 | gmaxwell: | andytoshi: well there must be some overhead. Because at the end of the data the user must be able to compute the joint commitment of all the other strings and their string, so you must have overhead at least equal to size commitment for all the other strings. |
| 00:38:50 | andytoshi: | hmm, yeah, you're right |
| 00:39:04 | andytoshi: | i've got somebody on PM wanting to store commitments in the blockchain ... i want to say, at least accumulate them so you can combine multiple commitments in one utxo |
| 00:39:28 | andytoshi: | but he wants easy lookups without users needing to carry around merkle proofs |
| 00:39:59 | nsh: | commitments would require external data store to make any bloat reduction, wouldn't they? |
| 00:40:44 | gmaxwell: | andytoshi: impossible even if there is no accumulation, someone must carry around merkle proofs. Really what he's asking for is some external service his users can abuse to carry around the proofs for them. Which could be provided, interestingly, the bitcoin network is not such a system— you cannot query nodes by transaction. |
| 00:41:23 | gmaxwell: | So why not just accumulate, and throw the proofs in some DHT storage or whatever. And users can query for their total extracted proof— or not. |
| 00:41:37 | andytoshi: | if you use "most recent transaction to commitment", you can get away with only querying for utxos ;) |
| 00:42:07 | gmaxwell: | andytoshi: we have no query for that too (intentionally so) |
| 00:42:26 | andytoshi: | lol, i forgot DHT's were a thing |
| 00:42:42 | nsh: | most DHTs forget they are a thing eventually too |
| 00:42:46 | nsh: | that's the problem |
| 00:42:48 | gmaxwell: | I probably should have copied you on a thread I started with cjd (cjdns person) |
| 00:43:05 | andytoshi: | fwiw for any given application you can force the app users to maintain a utxo index ... that's cheap |
| 00:43:20 | gmaxwell: | I propose creating a DHT service that uses bitcoin activity as admissions control, in order to prevent flooding attacks... as a way to setup something for these things to use. |
| 00:43:47 | gmaxwell: | andytoshi: so far no one doing this kind of stuff has ever considered anything like that. |
| 00:44:19 | nsh: | hmm, that might work |
| 00:44:25 | gmaxwell: | if they'd be willing to do that, presumably they'be be willing to run some kind of dht client too... but they're not, they want O(0) effort, not O(1) with small constant. :P |
| 00:44:32 | andytoshi: | my PM guy is already requiring commitments to satisfy some hard constraints to deter bitcoin output spam ... if accumulators were available that would really incentivize people to buddy up |
| 00:45:18 | gmaxwell: | hopefully they're not producing utxo set pollution. |
| 00:45:40 | andytoshi: | you mean weirdly shaped addresses instead of prunable outs? |
| 00:45:44 | gmaxwell: | yea |
| 00:46:02 | andytoshi: | yeah, first thing i said was don't do that, there was no resistance there :P |
| 00:46:08 | gmaxwell: | whew |
| 00:46:21 | andytoshi: | so i think, a DHT which stores these proofs + some vanitygen requirement on the roots (which will wind up on the blockchain in OP_RETURN outputs) is a decently nonabusive system |
| 00:47:17 | gmaxwell: | yea, cjd was concerned that he (and no one) has any idea of how to make a sybil resistant DHT with open access. |
| 00:47:21 | andytoshi: | the vanitygen thing has the dual incentive for people (a) to buddy up and not spam the blockchain, (b) don't spam the DHT |
| 00:57:34 | gmaxwell: | Facepalm of the day: https://github.com/bitcoin/bitcoin/issues/4786 |
| 00:57:48 | gmaxwell: | (yes, thats a checksum passing mastercard number). |
| 00:58:22 | nsh: | * nsh blinks |
| 00:58:41 | sipa: | but but! we don't know the expiry date! |
| 00:58:43 | nuke1989: | glool |
| 00:59:08 | gmaxwell: | okay, I need to delete it, no way to hide the title. |
| 00:59:30 | sipa: | can you? |
| 00:59:32 | gmaxwell: | hm. it seems I cannot delete it. |
| 00:59:32 | Apocalyptic: | I was just wondering what the number actually was |
| 00:59:48 | sipa: | i had no clue |
| 01:00:17 | gmaxwell: | bluematt called it, it didn't really look like one but the checksum passes. |
| 01:25:58 | Apocalyptic: | i'm getting a 404 for the page, so it seems you can delete it after all |
| 01:28:38 | gmaxwell: | took a manual request. |
| 01:29:00 | gmaxwell: | Apocalyptic: someone opened an issue with a title [credit card number] and text "help mi deposit" |
| 01:29:23 | Apocalyptic: | I see |
| 01:29:24 | gmaxwell: | "oh, I'm sure you're going to get help making all the deposits now, my friend" |
| 01:31:57 | amiller: | are there issues like that on any other githubs? |
| 01:33:45 | gmaxwell: | many people have needed to delete things in the past— e.g. at one point someone was flooding our github with malware links... esp bad since you can't really block people from a group repository, first time I've seen credit card numbers. |
| 01:37:48 | kanzure: | there have been other issues on other projects like with auto-posting issues about he/she word choices |
| 01:38:42 | kanzure: | (which then attracts a thousand posts of "+1" and "-1" content) |
| 01:39:10 | gmaxwell: | yea, we've had issues with people linking to things on reddit and getting a flood of comments from people who are confused. |
| 01:39:32 | gmaxwell: | costs of working in public, to some extent. |
| 08:05:17 | barjavel.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:17 | barjavel.freenode.net: | Users on #bitcoin-wizards: andy-logbot ebfull lclc mortale CoinMuncher Graftec EasyAt|sofa nickler zling____ jgarzik toffoo fanquake mappum pen TrollsRoyce TD-Linux Cer3bus iddo Adohgg TheSeven px1NbxQzEC grubles BigBitz Dr-G super3 DougieBot5000 kmels_ moa tromp tjopper torsthaldo rfreeman_w LarsLarsen wiretapped jwo zooko irc88 Guest40803 gavinandresen Emcy mikalv altoz SDCDev davidlatapie melvster Grishnakh go1111111 samson_ at0mat polyclef Jasper-Schmitt koshii |
| 08:05:17 | barjavel.freenode.net: | Users on #bitcoin-wizards: wizkid057 [d__d] execut3 dgenr8 spinza pi07r_ burcin_ jchp K1773R smooth gwillen amiller weex mmozeiko a5m0 gmaxwell bbrittain Fistful_of_Coins Transisto copumpkin kinlo OneFixt helo HaltingState CodeShark so Gnosis phedny mkarrer Guest10516 DoctorBTC gribble roasbeef Dyaheon- bobke comboy grandmaster2 dansmith_btc pajarillo Keefe Graet digitalmagus artifexd warren drawingthesun Logicwax LaptopZZ Alanius nanotube espes__ SomeoneWeird chocah |
| 08:05:17 | barjavel.freenode.net: | Users on #bitcoin-wizards: forrestv epscy [\\\] Luke-Jr Hunger- cfields Krellan lechuga_ CryptOprah jaromil_ hollandais sipa pigeons quackgyver Anduck HM nuke1989 zenojis andytoshi throughnothing BrainOverfl0w ryan-c jcorgan starsoccer prepost jbenet @ChanServ mhanne tromp__ danneu poggy Apocalyptic kanzure crescendo lianj BlueMatt zibbo_ asoltys sl01 petertodd catcow rs0 harrow midnightmagic otoburb UukGoblin optimator abc56889 phantomcircuit Muis [Derek] Pan0ram1x |
| 08:05:17 | barjavel.freenode.net: | Users on #bitcoin-wizards: Guest54659 wumpus nkuttler Eliel mr_burdell Ken` berndj-blackout nsh waxwing Iriez |
| 08:05:17 | barjavel.freenode.net: | [freenode-info] if you're at a conference and other people are having trouble connecting, please mention it to staff: http://freenode.net/faq.shtml#gettinghelp |
| 09:22:55 | pigeons: | pigeons is now known as Guest67224 |
| 09:27:40 | [Tristan]: | [Tristan] is now known as Guest1632 |
| 09:52:44 | meowmoo: | meowmoo is now known as catcow |
| 10:02:46 | _Iriez: | _Iriez is now known as Iriez |
| 10:09:33 | [\\\\]: | [\\\\] is now known as [\\\] |
| 10:16:34 | BlueMatt_: | BlueMatt_ is now known as BlueMatt |
| 10:51:53 | otoburb_: | otoburb_ is now known as Guest74374 |
| 10:55:50 | therealnanotube: | therealnanotube is now known as nanotube |
| 10:55:58 | forrestv_: | forrestv_ is now known as forrestv |
| 10:55:59 | Aesthetic: | Aesthetic is now known as Logicwax |
| 11:03:07 | tomaw: | [Global Notice] Hi all. As you've probably noticed we're having some connectivity issues across some of our servers today. Sadly this is again due to DDoS attacks. Please join us in a collective sigh. |
| 11:23:34 | otoburb: | otoburb is now known as Guest53808 |
| 11:30:08 | gmaxwell_: | gmaxwell_ is now known as Guest80499 |
| 11:31:13 | Guest80499: | Guest80499 is now known as gmaxwell |
| 12:13:37 | bbrittain_: | bbrittain_ is now known as bbrittain |
| 12:14:51 | jgarzik: | Couldn't resist: https://twitter.com/jgarzik/status/505327612408119296 |
| 12:51:51 | jgarzik: | jgarzik is now known as home_jg |
| 13:47:44 | maaku: | maaku is now known as Guest32448 |
| 13:59:20 | andytoshi: | :} |
| 14:17:36 | kanzure_: | kanzure_ is now known as kanzure |
| 14:52:39 | o3u: | o3u is now known as Fistful_of_Coins |
| 14:54:25 | home_jg: | home_jg is now known as jgarzik |
| 15:16:15 | jcorgan_: | jcorgan_ is now known as jcorgan |
| 19:02:56 | gavinandresen_: | gavinandresen_ is now known as gavinandresen |
| 21:03:35 | Alanius: | has anybody ever thought about using controllable-malleable proofs for bitcoin? |
| 21:03:46 | Alanius: | and if so, where can I read up on it? |
| 21:07:23 | gmaxwell: | Alanius: our signature system already gives a form of controllable-malleable proof of knoweldge, thats what the sighash flags accomplish. |
| 21:07:29 | gmaxwell: | (or why you're able to coinjoin) |
| 21:12:59 | phantomcircuit_: | phantomcircuit_ is now known as phantomcircuit |
| 21:23:54 | Ursium_: | Ursium_ is now known as Ursium |
| 21:28:29 | Quanttek_: | Quanttek_ is now known as Quanttek |
| 21:48:29 | gmaxwell_: | gmaxwell_ is now known as Guest4185 |
| 21:48:40 | smooth: | smooth is now known as Guest25299 |
| 21:48:42 | SDC: | SDC is now known as SDCDev |
| 21:52:58 | TD--Linux: | TD--Linux is now known as TD-Linux |
| 21:53:02 | _Iriez: | _Iriez is now known as Iriez |
| 22:04:01 | Guest4185: | Guest4185 is now known as gmaxwell |
| 22:13:04 | mr_burdell: | mr_burdell is now known as Guest70396 |
| 22:32:19 | jtimon: | that's a very clear way to describe sighash flags to me |
| 22:58:03 | SDC: | SDC is now known as SDCDev |
| 22:59:25 | Guest67224: | Guest67224 is now known as pigeons |