00:18:17woah:bsm117532 what are the main issues in PoS?
00:18:50woah:PoW seems to be completely unsustainable, a weird ritualistic energy sacrifice almost like the pyramids
00:20:38justanot1eruser:woah: the fact that there it requires no work to make a fork
00:21:10woah:ah yes
00:21:37woah:hmm i guess i should be better informed... are there any post-mortems of past PoS coins that have failed in this way?
00:22:10justanot1eruser:woah: almost every PoScoin is a fork of Peercoin (which is centralized)
00:22:16justanot1eruser:they are almost all centralized in the same way
00:23:31woah:hmm ok, i guess i'll take a look around some of the btc forums
00:23:53justanot1eruser:peercoin had a stake grinding attack done on it
00:25:25woah:huh interesting... will read about this
00:25:49woah:is anyone trying to get around this, or are coins mostly back to PoW at this point?
00:26:48justanot1eruser:woah: there probably isn't away around the nothing-at-stake problem
00:26:59justanot1eruser:*a way
00:27:04woah:yea huh...
00:27:24woah:ironic that 'proof of stake' has the 'nothing at stake' problem
00:28:18tromp:ethereum thinks they can solve the problem by burying it under enough complexity:)
00:28:21justanot1eruser:I think it was the problem was named like that to discredit the consensus mechanisms name intentionally
00:28:33justanot1eruser:tromp: then it is PoW
00:28:49woah:well ethereum is PoW anyway, right?
00:28:49justanot1eruser:where your work is attacking the currency and it is about constant with the developers work
00:29:04woah:Proof of Developer
00:30:18tromp:see https://blog.ethereum.org/2014/07/05/stake/
00:33:09tromp:and more recently: https://docs.google.com/document/d/1irOyVlKll6XDKp_oOx1UZGNaqI8ao7ETRgEIepUBh4c/edit
00:33:56tromp:no pow, just a lot of complexity, and a sprinkle of centralization
00:34:17justanot1eruser:"so if there is a reward for participating in the voting process (as there arguably must be) the optimal strategy in the event of a fork is to simultaneously vote for all chains."
00:34:26justanot1eruser:vote.. with stake?
01:49:11mircea_popescu:mircea_popescu has left #bitcoin-wizards
02:43:15jtimon:* jtimon keeps using the old name ppcoin as it's pronounciated form describes the system much more approapriately
03:03:04grubles:it will always be ppcoin to me
03:03:57tacotime:tromp: transaction weighting blocks for consensus nnnnnnnnnnnn
03:05:12tacotime:that mangles consensus because it exacerbates the "bitcoin and red balloons" problem
03:07:37jtimon:"bitcoin and red balloons" problem?
03:39:19tacotime:jtimon: http://research.microsoft.com/pubs/156072/bitcoin.pdf
03:39:24tacotime:one of the oldest papers on bitcoins
03:40:26tacotime:that basically states that as subsidy approaches 0 there is a significant problem in which nodes are incentivized to hoard transactions for their fees rather than retransmit them
03:40:47tacotime:now if tx carry weight themselves to also generate the blocks
03:40:56tacotime:you end up with twice the problem
03:41:22tacotime:this was always the problem with larimer's tpos which i don't really think he ever bothered addressing
03:45:54jtimon:mhmm, freicoin would arguably be better prepared for this problem since it has perpetual subsidy (from demurrage fees)
06:16:42michagogo_:michagogo_ is now known as Guest37288
07:09:50gmaxwell:andytoshi: so someone kinda trolly seeming is claiming the crypto in monero is broken (well he claims coins can be stolen and it cannot be fixed without breaking the anonymity). Seems suspect, but might be a good reason to do some internal analysis.
07:13:38Neko3:gmaxwell i rather believe in you than random claims, still i think everything should be verified so its a good move
07:16:02gmaxwell:well the claims are obviously BS in the sense that they're very unlikely to be correlated with any actual weakness, but I bring it up to point out that the users of these systems might be thankful for some more analysis right now.
07:16:46Neko3:ha, you are reading my mind
07:17:54Neko3:it looks and feel like bs but i think the community would really appreciate some more analysis on top
07:17:55gmaxwell:(if instead he'd been saying the software was buggy and could be exploited, I'd probably be more likely to believe that... but the person making these claims hast just never demonstrated the slightest cryptographic compentence ...)
07:18:58Neko3:the way he said monero had to give up the anonymity was the strangest
07:21:27Neko3:this will just catalyse improvment and auditing, no doubts code maybe has bugs
07:21:30wumpus:the cloak and dagger games around bytecoin and derivatives keep scaring me away from them
07:21:48Neko3:wumpus no one knows satoshi too c;
07:22:00wumpus:well at least he properly disappeared :-)
07:22:32Neko3:wumpus yeah its like he went to the moon
07:26:09Neko3:wumpus only time will tell if cryptonote will really stick around
07:29:03wumpus:sure... if the underlying cryptosystem proves feasible, one could always do a cleanroom reimplementation, just to get rid of hidden surprises
07:29:50Neko3:wumpus c: the system works, the reimplementation in c+ is being done by monero team, these things take time
07:38:12gmaxwell:wumpus: andytoshi suggested to me earlier tonight that he was thinking of just rederriving it from first principles and prior RS work, rather than analyizing the bcn whitepaper stuff or the code (which might be intentionally misleading).
07:46:06wumpus:gmaxwell: would indeed have to re-derive from first principles, to make sure that the reason for everything is known, as any earlier earlier design choice could be deceiving
07:47:18wumpus:agree with Neko3 that it would take a lot of time
07:50:13fluffypony:the most frustrating thing is the lack of comments
07:50:17fluffypony:design decisions aren't inherent
07:51:02wumpus:hey - at least that also means no deceiving comments :-)
07:51:08fluffypony:hah hah
07:51:25fluffypony:we're literally having to do incremental code documentation / mapping / refactoring
07:56:32Neko3:fluffypony the alias system is something else, very nice job c:
08:05:15wolfe.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:15wolfe.freenode.net:Users on #bitcoin-wizards: andy-logbot grubles wallet42 HaltingState Guyver2 MoALTz Graftec Muis CryptOprah_ jbenet licnep_ promoJo Guest37288 zlinn_ mappum btc_ Guest2024 cym todays_tomorrow x48 copumpkin ericp4 TheSeven DougieBot5000 qualiabyte atgreen dgenr8 at0mat digitalmagus8 Sangheili Quanttek emsid jaekwon torsthaldo br4n_ pigeons napedia Aquent arowser BrainOverfl0w lianj_ UukGoblin optimator gribble wumpus Apocalyptic gernika poggy_ kinlo rs0 jcorgan_ oujh
08:05:15wolfe.freenode.net:Users on #bitcoin-wizards: nanotube Iriez mr_burdell skinnkavaj justanot1eruser fluffypony epscy_ nuke1989 bsm117532 K1773R koshii_ OneFixt_ samson_ a5m0 SDCDev go1111111 GAit bbrittain nsh roconnor_ SomeoneWeird CoinMuncher mikalv mortale tacotime forrestv shesek fanquake livegnik jchp_ mkarrer wiretapped Anduck amiller Nightwolf altoz spinza rfreeman Keefe Krellan BigBitz Starduster [\\\] dansmith_btc berndj-blackout Taek42 jaromil BlueMatt warren asoltys Hunger-
08:05:15wolfe.freenode.net:Users on #bitcoin-wizards: LarsLarsen waxwing [Derek] Emcy tromp_ EasyAt tucenaber Logicwax Transisto iddo tromp Grishnakh @ChanServ phedny so petertodd burcin LaptopZZ_ danneu catcow TD-Linux lechuga_ abc56889 weex Guest50253 helo smooth otoburb gwillen kanzure ryan-c pi07r Starsoccer nickler_ Alanius Guest47516 throughnothing CodeShark Eliel mmozeiko andytoshi roasbeef Dyaheon harrow DoctorBTC Fistful_of_coins gmaxwell zibbo azariah4 phantomcircuit maaku HM jgarzik
08:05:15wolfe.freenode.net:Users on #bitcoin-wizards: crescendo pajarillo zenojis Adohgg nsh- postpre bobke midnightmagic [d__d] coryfields sipa espes__ Graet Luke-Jr comboy_ sl01
08:08:58fluffypony:"This wouldn't be the first time I had an insight that gmaxell didn't although he has returned the favor of me a few times too."
08:09:01fluffypony:this thread is laughable.
08:09:17fluffypony:"it might be possible using multiple intersecting rings to use a system of simultaneous equations to find the 'x' private keys that are supposed to be hidden by the non-interactive Zero Knowledge Proof. However, I didn't work through the math to see if my hunch is true."
08:22:09gmaxwell:I'm not claiming to have a insight or not, haven't even evaluated anything there seriously. But a jibbering claim can look like bullshit on its own merits, regardless of what I think.
08:23:29gmaxwell:These people in that thread are mostly idiots though, falling all over themselves to make whatever point they're trying to make. I didn't intend to say much there just a bit of "Bullshit" calling and a suggestion to put up or shutup.
08:33:47fluffypony:well we have testnet up and operational, so if he wants to do a "blockchain demonstration" he's welcome to
08:34:03fluffypony:he can even get a CVE ID for his trouble
13:21:22andytoshi:gmaxwell: :/ i've got a pretty busy weekend, hopefully i can take a look at something but i'm unwilling to touch any public discussion about it without doing the analysis
13:25:42gmaxwell:andytoshi: ::nods:: figured I'd point it out, since clearly you don't sleep. :)
13:28:36andytoshi::P i almost always sleep 12-6
13:29:13andytoshi:i certainly haven't ever posted anything here at 3AM ;)
13:31:20fluffypony:I'm in the 2am - 7am asleep cycle, works quite well
13:31:40fluffypony:thanks to coffee + provigil (modafinil)
14:10:31SDC:SDC is now known as SDCDev
14:13:44woah:fluffypony i take provigil sometimes too
14:13:53woah:doesn't make me any less tired if im tired tho
14:16:03fluffypony:yeah I know, it's more in the afternoon when I would otherwise have taken an afternoon nap
14:16:05fluffypony:keeps me going through that and then I get a second wind
14:41:09woah:yea i generally take a small amount in the morning if i am going to code
14:41:32woah:helps on bitcoin stuff
16:28:58fanquake_:fanquake_ is now known as fanquake
18:23:47wallet421:wallet421 is now known as wallet42
21:06:31Guyver2:Guyver2 has left #bitcoin-wizards
21:32:14fluffypony:gmaxwell, andytoshi - well we'll find out in 72 hours
21:32:29fluffypony:BCX says he's going to perform an attack then unless we release a patch before that time
21:32:32fluffypony:still no details
21:35:51Eliel:speaking of which, does someone have a link to an easy to follow explanation for how the ring signature algorithm in CryptoNote works?
21:36:41fluffypony:the CN whitepaper is reasonably simple
21:36:56fluffypony:or try our annotated one, if you can get past the academic snark :-P
21:39:43fluffypony:Eliel: https://monero.cc/downloads/whitepaper_annotated.pdf
22:04:42gmaxwell:how are you going to 'release a patch' when he's given no details?
22:04:56fluffypony:well exactly
22:05:26fluffypony:meh - I invite the "attack", if it flushes out some niggly issue hidden deep in the code then great
22:05:37gmaxwell:is he still implying that it's a BRS vulnerability?
22:05:41fluffypony:and if it's all FUD and market manipulation we won't budge and rush out a patch for something that doesn't exist
22:06:08fluffypony:last I gathered his implication is that there's an issue with the "factorization" in the implementation
22:06:36gmaxwell:what the heck does he mean there?
22:06:58fluffypony:no clue
22:07:15gmaxwell:I could certantly see there being a goofy bug that bypasses something sadly.
22:08:25fluffypony:I suspect the block 202612 attack was done by someone intimately familiar with the codebase
22:08:42fluffypony:as spotting that mistake would have been insanely hard
22:08:58fluffypony:and knowing how to exploit it (beyond creating a block with more than 512 tx's) doubly so
22:09:26fluffypony:if that unnamed individual hasn't spotted this "exploit" then I don't know
22:10:43phantomcircuit:the merkle root was miscalculated such that you could swap transactions would effecting the root?
22:12:17fluffypony:phantomcircuit: http://lab.monero.cc/pubs/MRL-0002.pdf
22:13:06fluffypony:there's the research bulletin on what was exploited and how
22:16:01phantomcircuit:that's a lot of tricky bit shifting for something as simple as calculating a merkle tree
22:16:15fluffypony:I know right
22:26:21woah:why did they do that?
22:26:42woah:i mean damn i could write that in js using normal math in about the same number of lines
22:26:57tacotime:woah: obfuscation
22:27:08Guest37288:Guest37288 is now known as michaggo
22:27:10tacotime:their code base is heavily obfuscated
22:27:12michaggo:michaggo is now known as michagogo
22:27:26woah:lotta good it did them
22:27:56tacotime:woah: well, they used it to attack our fork, not their's...
23:32:15justanot1eruser:justanot1eruser is now known as justanotheruser
23:55:14Taek42:I was thinking
23:55:30Taek42:having 'useful' work, like generalized computation might be worse for the 'dark mining' problem
23:55:55Taek42:with useless work, dark mining is a loss, you can't use an ASIC to make money for anything besides Bitcoin mining
23:56:11Taek42:and so having a stockpile of dark mining tools is expensive
23:56:30Taek42:but if you just had generalized computation, there are potentially sources of profit outside of the coin network
23:56:55Taek42:and so you could have a bunch of 'dark' generalized computers IE EC2 that could be fired up in a moments notice to reverse a handful of transactions
23:57:22Taek42:And it's -especially- a problem if using the generalized resource on the Bitcoin network isn't always the most efficient use of those resources
23:57:57Taek42:IE doing decentralized generalized work incurs some cryptographic cost that could be avoided by using a centralized model
23:59:21Taek42:And so a huge dark network could establish itself by being a largely trustworthy and entirely cheaper option for performing generalized computation