| 02:32:35 | Adohgg: | Adohgg is now known as BITCORN |
| 02:32:47 | BITCORN: | BITCORN is now known as PROFBITCORN |
| 02:32:53 | PROFBITCORN: | PROFBITCORN is now known as FUBTOSHI |
| 02:39:45 | crescend1: | crescend1 is now known as crescendo |
| 06:02:05 | FUBTOSHI: | FUBTOSHI is now known as Adohgg |
| 08:05:16 | holmes.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:16 | holmes.freenode.net: | Users on #bitcoin-wizards: andy-logbot super4 skinnkavaj BigBitz Starduster_ jchp_ artifexd [\\\] dansmith_btc berndj-blackout mkarrer Dr-G2 spinza kmels damethos AaronvanW grandmaster2 austinhill Taek42 ericp4 pen TheSeven fanquake RoboTeddy melvster1 oujh devrandom mr_burdell justanotheruser bsm117532 hashtag samson_ atgreen grubles nanotube jaromil Graftec @ChanServ Apocalyptic lianj wumpus nkuttler gribble phedny so kinlo petertodd jcorgan optimator_ burcin LaptopZZ_ |
| 08:05:16 | holmes.freenode.net: | Users on #bitcoin-wizards: danneu amiller catcow a5m0 TD-Linux lechuga_ abc56889 weex Guest50253 helo Anduck pigeons smooth otoburb BrainOverfl0w gwillen kanzure ryan-c pi07r Starsoccer nickler_ Alanius K1773R Guest47516 throughnothing CodeShark eAndrius Eliel mmozeiko Meeh andytoshi roasbeef Dyaheon rs0 harrow poggy DoctorBTC Fistful_of_coins gmaxwell zibbo azariah4 phantomcircuit Krellan maaku HM SomeoneWeird jgarzik crescendo pajarillo zenojis Adohgg copumpkin nsh- |
| 08:05:16 | holmes.freenode.net: | Users on #bitcoin-wizards: postpre bobke midnightmagic SDCDev [d__d] licnep coryfields sipa espes__ UukGoblin l_l_l_l_l Graet emsid tacotime drawingthesun digitalmagus7 epscy Luke-Jr comboy_ sl01 shesek nuke1989 Grishnakh Muis tromp iddo Transisto Logicwax tucenaber EasyAt wiretapp1d tromp_ Emcy roconnor__ GAit mortale jbenet btc_ zlinn_ mappum CryptOprah_ HaltingState gavinandresen [Derek] Iriez waxwing LarsLarsen dgenr8 Hunger- asoltys warren nsh jaekwon BlueMatt |
| 08:05:16 | holmes.freenode.net: | Users on #bitcoin-wizards: bbrittain OneFixt michagogo |
| 11:15:36 | wallet421: | wallet421 is now known as wallet42 |
| 12:38:46 | Starduster_: | Starduster_ is now known as Starduster |
| 12:51:25 | Meeh: | Meeh is now known as mikalv |
| 14:08:19 | hearn_: | hearn_ is now known as hearn |
| 14:55:29 | altoz_: | altoz_ is now known as altoz |
| 15:02:59 | lmatteis: | hello! is there a good technical description as to how proof-of-stake type of system works for reaching consensus? the peercoin paper (which uses proof-of-stake) says that consensus is based on "The block chain with highest total consumed coin age is chosen as main chain" |
| 15:03:55 | gavinandresen: | lmatteis: https://download.wpsoftware.net/bitcoin/pos.pdf is a good technical description of why we think proof-of-stake systems are doomed. Probably. Maybe. |
| 15:06:10 | lmatteis: | thanks! |
| 15:12:58 | lmatteis: | i need a more introductory version perhaps. it doesn't explain the concept of coin age which seems at the heart of proof of stake systems |
| 15:18:56 | lmatteis: | first off, what is the incentive for people to create blocks. and can only rich people do it? |
| 15:25:30 | tromp: | same incentive as in PoW: get coinbase and/or tx fees |
| 15:26:36 | tromp: | rich ppl have more chances than poor |
| 15:30:13 | lmatteis: | tromp: so imagine you create a block because you have lots of coins (that's the gist of it i hope). do you give up those coins that you've "proved" in that block? |
| 15:30:22 | lmatteis: | or can you just continue creating blocks |
| 15:33:12 | tromp: | those coins lose their "coin-age" |
| 15:34:06 | tromp: | since their age is reset in the act of block creation |
| 15:34:39 | lmatteis: | tromp: ah |
| 15:35:11 | lmatteis: | tromp: so how is distribution achieved? |
| 15:35:37 | tromp: | by some IPO or prior PoW phase |
| 15:36:22 | tromp: | or by using a PoW/PoS hybrid |
| 15:37:29 | lmatteis: | so the fact that coins are unspent makes it so that the main chain can be chosen and agreed upon by everyone |
| 15:38:45 | lmatteis: | so i have a transaction with a certain coin age, and i try creating a block with it and i broadcast it right? who decides my block (with that coin age) is the one that wins compared to others with larger coin age |
| 15:38:49 | gavinandresen: | lmatteis: … everyone who is online and has been participating, assuming that everyone can communicate with everyone else. The notion of “everyone” is very slippery in a distributed consensus system that allows participants to come and go. |
| 15:40:53 | lmatteis: | gavinandresen: right but in a PoW system you know the block is good because you see it was solved. with this coin age system (PoS) it seems likely that you may receive multiple winning solutions. or perhaps you see a block that could be added to the chain, but then you receive another one with a slightly larger coin age. |
| 15:41:53 | gavinandresen: | lmatteis: the idea with the PoS systems I’ve looked at is a distributed vote happens, where number of coins you own determines your chance of winning a “random” vote |
| 15:41:57 | lmatteis: | i guess this is the same as a having 2 blocks being found at similar times in PoW systems. |
| 15:42:33 | gavinandresen: | … where transaction hashes are XOR’ed with the last block’s hash (or last eleven) to determine the winner |
| 15:42:46 | gavinandresen: | … or some more complicated scheme (I don’t pay a lot of attention) |
| 15:42:49 | gmaxwell: | lmatteis: PoS doesn't appear to be workable for consenus under the same assumptions bitcoin makes. It sounds like it is workable under dramatically weaker assumptions (or less useful, e.g. that you already have some other global consensus). Perhaps someone clever will find yet another set of assumptions which it works under which are useful, but so far it seems to not be happening. You should really read the paper linked above and ... |
| 15:42:56 | gmaxwell: | ... think about it a bit. |
| 15:44:23 | gmaxwell: | consensus |
| 15:44:25 | gmaxwell: | There are a lot of very complicated schemes proposed (and in use) and they do not appear to address the fundimentals, but mostly just shift around the attacks. It's very costly to review these things, especially since most don't even state their assumptions upfront... so it's certantly possible I/we have missed something interesting. |
| 15:45:01 | lmatteis: | hrm ok |
| 15:46:42 | tromp: | there is huge variation among PoS implementations. e.g. go read the peercoin whitepaer for a PoW-like mechanism |
| 15:47:13 | tromp: | in NXT like systems, your coinage determines a delay in seconds, after which you can announce the next block |
| 15:47:18 | lmatteis: | also, imagine i wait long enough so that i collect multiple address with a good amounts of coins. so i have multiple addresses that have a large coin age. this would allow me double spend and publish several blocks after another no? since the coins are on different addresses |
| 15:48:58 | tromp: | only if you can persist the fork across as many blocks as the required #confirmations |
| 15:49:28 | tromp: | similar to PoW |
| 15:49:50 | gavinandresen: | gmaxwell: if a PoS coin comes out with a whitepaper that references academic literature on distributed consensus algorithms (e.g. Paxos) that might be one worth paying a little attention to |
| 15:50:13 | sipa: | distributed consensus with paxos works perfectly |
| 15:50:28 | gavinandresen: | … as long as nobody cheats.... |
| 15:50:42 | sipa: | but it doesn't apply to a system with unknown (and variable) participants |
| 15:51:09 | lmatteis: | so it's not a currency? |
| 15:51:13 | zooko: | Here are some papers that I haven't read that might be more useful by stating their assumptions more clearly, etc.: http://eprint.iacr.org/2014/452 http://www.cs.technion.ac.il/~idddo/CoA.pdf |
| 15:51:19 | zooko: | About Proof-of-Stake, I mean. |
| 15:51:41 | sipa: | lmatteis: it may be a currency between a group of 15 banks that all know eachother in advance |
| 15:51:56 | zooko: | I haven't yet read them because for now I, too, am giving up on trying to figure out how to make proof-of-stake work. |
| 15:52:19 | gmaxwell: | If you fix the signers up front for all time everything works lovely. (well, perhaps with quadratic communication costs between the signers in the worst case, but, meh) |
| 15:52:29 | gavinandresen: | RE: Paxos: interesting paper I read yesterday on “Paxos for mere mortals” : https://ramcloud.atlassian.net/wiki/download/attachments/6586375/raft.pdf |
| 15:52:44 | gavinandresen: | (well, NOT paxos…) |
| 15:53:06 | lmatteis: | is it old? not referencing bitcoin |
| 15:53:16 | hearn: | sipa: technically, you could have some mechanism (pow based or not) where people can enter and leave the consensus at fixed, well-agreed points |
| 15:53:28 | hearn: | of course this turns the consensus problem from "what are we agreeing on" to "whom is agreeing" |
| 15:56:24 | zooko: | hearn: +1 |
| 15:56:30 | sipa: | right, indeed |
| 15:57:20 | gmaxwell: | hearn: you can but only if the admissions system is an external consensus. |
| 15:58:00 | gmaxwell: | (otherwise the admitted parties (or someone who's stolen their keys) at any point in the past can go and create an alternative history where they admitted different people; and a newcomer cannot distinguish these histories) |
| 16:00:53 | hearn: | i suspect the most interesting alt consensus mechanisms will in future simply play with the centralised/decentralised tradeoff. e.g. there are lots of timestamping servers on the net that will timestamp arbitrary hashes of things against atomic clocks, they can't see what they're timestamping. the simplest possible block chain is "just pick some of them and require blocks to have n-of-m signing by them". and if a threshold of |
| 16:00:53 | hearn: | the TSA's turn bad simultaneously for some reason, OK, everyone has to temporarily stop the system, pick some new servers and restart it. |
| 16:01:08 | hearn: | such a system is not as decentralised as bitcoin but might be good enough in practice |
| 16:01:37 | hearn: | or at least it's not as decentralised in theory. with the state of mining as it is, it'd actually be better, as timestamp servers can't see what they're timestamping whereas miners can |
| 16:02:01 | lmatteis: | to me the main difference between a PoW and PoS seems that with PoW i get a piece of information (the block) that contains a mathematical proof that its solution was worked on by several people (perhaps several thousand). this is important for consensus i think. with PoS it seems as though i get a back a proof that simply states something (such as the size |
| 16:02:02 | lmatteis: | of the coin age) but doesn't directly prove that several thousand people have worked on finding |
| 16:03:25 | hearn: | ( i mean timestamps per transaction here .... double spends resolved by whichever was timestamped first and it's assumed the timestamps are of sufficiently high resolution that one can always be picked ) |
| 16:03:28 | lmatteis: | not sure if that means anything for the consensus though :) |
| 16:03:31 | hearn: | pretty half baked idea |
| 16:03:44 | hearn: | lmatteis: pow says nothing about "people" |
| 16:03:49 | zooko: | I think that people should proceed to set up notaries right away that publish signatures of the blockchain. |
| 16:04:31 | lmatteis: | hearn: sure but the idea is that the size of difficulty implies distributed work - no single machine can do that type of work |
| 16:17:17 | skinnkavaj: | Can someone explain without any hate towards LTC, why are not LTC and BTC securing each other in some way? So you would have to 51% attack both LTC and BTC to gain control? Wouldn't it be really good for decentralization when LTC hardware is totally different and probably not placed in all the same hosting centers? |
| 16:24:14 | Dr-G: | Dr-G is now known as _420blazeitfeggi |
| 16:40:46 | gmaxwell: | "If it makes a difference, it makes an attack" |
| 16:43:07 | jtimon: | timestampers and two-phase commit work great for user issued assets (not p2p currency), if you need more p2pness at a given time, you can use a public blockchain as timestamper |
| 16:43:42 | jtimon: | that was the approach in the old ripple distributed protocol (and part of freimarkets) |
| 16:45:08 | jtimon: | then of course r.com choice was a "variable" membership paxos-like approach, with its known problems... |
| 16:47:17 | woah: | anyone seen this bitnation thing? |
| 16:47:33 | woah: | shiny site, link to the whitepaper is dead lol |
| 17:05:35 | gavinandresen: | hearn: RE: getting random servers to timestamp idea: I had the same half-baked thought. |
| 17:06:42 | hearn: | skinnkavaj: ltc started out by saying "we're different because our consensus mechanism is gpu resistant". so the separation is fundamental. |
| 17:56:39 | skinnkavaj: | hearn: Yes, but doesn't having another ASIC network with different hardware and different placed around the world make BTC more secure? |
| 17:57:52 | Quanttek_: | Quanttek_ is now known as Quanttek |
| 18:00:05 | tromp: | skinnkavaj: scrypt is not all that different from sha256^2; both are very computation intensive |
| 18:00:30 | tromp: | sha256 is just a lot simpler |
| 18:01:49 | Taek42: | it would make Bitcoin more secure given that it's extra hardware, but the miners could have just spent the money on Bitcoin hardware in the first place. Also, the total volume of litecoin mining hardware is not very much compared to the total volume of bitcoin mining hardware, wouldn't make much of a dent even today |
| 18:02:14 | skinnkavaj: | tromp: My point is that it's probably not all the same people in control of LTC as BTC. LTC probably have different pool owners and is placed in different data centers. |
| 18:02:17 | tromp: | the big bitcoin mining factories could easily add dozens of scrypt mining rigs |
| 18:02:45 | tromp: | they alrd have secured the cheapest power |
| 18:04:01 | tromp: | replace dozens by thousands |
| 18:04:03 | skinnkavaj: | tromp: The power would be more distributed nontheless, we could even add a third network to secure BTC. Hopefully one with completley different hardware |
| 18:20:24 | gmaxwell: | skinnkavaj: Meditate on my "if it makes a different it makes an attack" comment |
| 18:22:36 | Taek42: | * Taek42 meditates on the meaning of such phrase |
| 18:24:58 | jtimon: | bitcoin adding scrypt? that sounds like a terrible idea, what did I missed? |
| 18:25:10 | gmaxwell: | er. "difference" :) |
| 18:25:24 | sipa: | jtimon: not everything suggested here is a good idea :) |
| 18:25:36 | jtimon: | if we needed to change bitcoin's pow I would suggest something with similar properties as sha256d, not scrypt |
| 18:26:04 | sipa: | "Meh." |
| 18:26:37 | jtimon: | any quality that makes scrypt better than a sha256d "equivalent"? |
| 18:26:55 | Taek42: | can someone provide a commentary on this paper: http://arxiv.org/abs/1311.0243 "Majority is not enough: Bitcoin mining is vulnerable". Is this a legitimate problem? |
| 18:39:41 | gmaxwell: | Taek42: it's been commented on many times by many people on bitcoin talk. Perhaps someone can provide a link. |
| 18:41:13 | Taek42: | I'm currently reading a thread of the same title on bitcoin talk, which has many responses by people here. Was a formal response ever thrown together or is the thread about it? |
| 18:41:28 | sipa: | "formal" ? |
| 18:45:24 | Taek42: | like a single analysis that got vetted by multiple people and published somewhere relevant |
| 18:54:56 | gmaxwell: | maaku: https://en.bitcoin.it/wiki/User:Gmaxwell/covenant_busting |
| 18:57:52 | lmatteis: | Taek42: also search for selfish mining |
| 18:58:14 | Taek42: | will do, thanks |
| 18:59:42 | iddo: | Taek42: try page 7 of this pdf: http://arxiv.org/abs/1402.1718 |
| 19:03:31 | Taek42: | iddo thanks, this is pretty close to what I was looking for |
| 19:05:12 | justanotheruser: | gmaxwell: is it normal if I don't understand that the first time reading it? |
| 19:09:01 | lmatteis: | depends :) should be simple for people in the same field |
| 19:10:29 | justanotheruser: | heh |
| 19:11:52 | justanotheruser: | I'm just not sure why it's more useful than just requiring your signature |
| 19:18:01 | justanotheruser: | I am confused about what this accomplishes. It allows you to have the control to remove the covenant, but they can spend it anyways with the covenant that you are able to remove your covenant? |
| 19:18:12 | justanotheruser: | can someone tell me how badly I'm misunderstanding this? |
| 19:36:36 | _420blazeitfeggi: | _420blazeitfeggi is now known as Dr-G |
| 19:45:16 | hearn: | hearn has left #bitcoin-wizards |
| 20:05:10 | amiller_: | i've just looked at the covenant busting thing three times and don't get it at all |
| 20:06:20 | justanotheruser: | thank you, it's not just me |
| 20:40:14 | gmaxwell: | it was out of context. |
| 20:40:25 | gmaxwell: | "I dont understand" is not helpful though! |
| 20:40:54 | gmaxwell: | justanotheruser: you're failing to understand what a covenant is, read some of the linked thread. |
| 20:47:24 | justanotheruser: | gmaxwell: read that and we have discussed it |
| 20:47:54 | justanotheruser: | just not sure why that covenant in particular is useful (not implying it's not though) |
| 20:52:45 | nuke_: | nuke_ is now known as nuke1989 |
| 21:52:39 | Taek42: | does anyone know where I can get help with a probability problem? |
| 22:02:47 | tromp: | try ##math ?! |
| 22:03:16 | Taek42: | worth a shot |