| 00:18:17 | woah: | bsm117532 what are the main issues in PoS? |
| 00:18:50 | woah: | PoW seems to be completely unsustainable, a weird ritualistic energy sacrifice almost like the pyramids |
| 00:20:38 | justanot1eruser: | woah: the fact that there it requires no work to make a fork |
| 00:21:10 | woah: | ah yes |
| 00:21:37 | woah: | hmm i guess i should be better informed... are there any post-mortems of past PoS coins that have failed in this way? |
| 00:22:10 | justanot1eruser: | woah: almost every PoScoin is a fork of Peercoin (which is centralized) |
| 00:22:16 | justanot1eruser: | they are almost all centralized in the same way |
| 00:23:31 | woah: | hmm ok, i guess i'll take a look around some of the btc forums |
| 00:23:53 | justanot1eruser: | peercoin had a stake grinding attack done on it |
| 00:25:25 | woah: | huh interesting... will read about this |
| 00:25:49 | woah: | is anyone trying to get around this, or are coins mostly back to PoW at this point? |
| 00:26:48 | justanot1eruser: | woah: there probably isn't away around the nothing-at-stake problem |
| 00:26:59 | justanot1eruser: | *a way |
| 00:27:04 | woah: | yea huh... |
| 00:27:24 | woah: | ironic that 'proof of stake' has the 'nothing at stake' problem |
| 00:28:18 | tromp: | ethereum thinks they can solve the problem by burying it under enough complexity:) |
| 00:28:21 | justanot1eruser: | I think it was the problem was named like that to discredit the consensus mechanisms name intentionally |
| 00:28:33 | justanot1eruser: | tromp: then it is PoW |
| 00:28:49 | woah: | well ethereum is PoW anyway, right? |
| 00:28:49 | justanot1eruser: | where your work is attacking the currency and it is about constant with the developers work |
| 00:28:58 | woah: | PoD |
| 00:29:04 | woah: | Proof of Developer |
| 00:30:18 | tromp: | see https://blog.ethereum.org/2014/07/05/stake/ |
| 00:33:09 | tromp: | and more recently: https://docs.google.com/document/d/1irOyVlKll6XDKp_oOx1UZGNaqI8ao7ETRgEIepUBh4c/edit |
| 00:33:56 | tromp: | no pow, just a lot of complexity, and a sprinkle of centralization |
| 00:34:17 | justanot1eruser: | "so if there is a reward for participating in the voting process (as there arguably must be) the optimal strategy in the event of a fork is to simultaneously vote for all chains." |
| 00:34:20 | justanot1eruser: | oh... |
| 00:34:26 | justanot1eruser: | vote.. with stake? |
| 01:49:11 | mircea_popescu: | mircea_popescu has left #bitcoin-wizards |
| 02:43:15 | jtimon: | * jtimon keeps using the old name ppcoin as it's pronounciated form describes the system much more approapriately |
| 03:03:04 | grubles: | it will always be ppcoin to me |
| 03:03:57 | tacotime: | tromp: transaction weighting blocks for consensus nnnnnnnnnnnn |
| 03:05:12 | tacotime: | that mangles consensus because it exacerbates the "bitcoin and red balloons" problem |
| 03:07:37 | jtimon: | "bitcoin and red balloons" problem? |
| 03:39:19 | tacotime: | jtimon: http://research.microsoft.com/pubs/156072/bitcoin.pdf |
| 03:39:24 | tacotime: | one of the oldest papers on bitcoins |
| 03:40:26 | tacotime: | that basically states that as subsidy approaches 0 there is a significant problem in which nodes are incentivized to hoard transactions for their fees rather than retransmit them |
| 03:40:47 | tacotime: | now if tx carry weight themselves to also generate the blocks |
| 03:40:56 | tacotime: | you end up with twice the problem |
| 03:41:22 | tacotime: | this was always the problem with larimer's tpos which i don't really think he ever bothered addressing |
| 03:45:54 | jtimon: | mhmm, freicoin would arguably be better prepared for this problem since it has perpetual subsidy (from demurrage fees) |
| 06:16:42 | michagogo_: | michagogo_ is now known as Guest37288 |
| 07:09:50 | gmaxwell: | andytoshi: so someone kinda trolly seeming is claiming the crypto in monero is broken (well he claims coins can be stolen and it cannot be fixed without breaking the anonymity). Seems suspect, but might be a good reason to do some internal analysis. |
| 07:12:05 | Neko3: | c; |
| 07:13:38 | Neko3: | gmaxwell i rather believe in you than random claims, still i think everything should be verified so its a good move |
| 07:16:02 | gmaxwell: | well the claims are obviously BS in the sense that they're very unlikely to be correlated with any actual weakness, but I bring it up to point out that the users of these systems might be thankful for some more analysis right now. |
| 07:16:46 | Neko3: | ha, you are reading my mind |
| 07:17:21 | Neko3: | agreed |
| 07:17:54 | Neko3: | it looks and feel like bs but i think the community would really appreciate some more analysis on top |
| 07:17:55 | gmaxwell: | (if instead he'd been saying the software was buggy and could be exploited, I'd probably be more likely to believe that... but the person making these claims hast just never demonstrated the slightest cryptographic compentence ...) |
| 07:18:58 | Neko3: | the way he said monero had to give up the anonymity was the strangest |
| 07:21:27 | Neko3: | this will just catalyse improvment and auditing, no doubts code maybe has bugs |
| 07:21:30 | wumpus: | the cloak and dagger games around bytecoin and derivatives keep scaring me away from them |
| 07:21:48 | Neko3: | wumpus no one knows satoshi too c; |
| 07:22:00 | wumpus: | well at least he properly disappeared :-) |
| 07:22:32 | Neko3: | wumpus yeah its like he went to the moon |
| 07:26:09 | Neko3: | wumpus only time will tell if cryptonote will really stick around |
| 07:29:03 | wumpus: | sure... if the underlying cryptosystem proves feasible, one could always do a cleanroom reimplementation, just to get rid of hidden surprises |
| 07:29:50 | Neko3: | wumpus c: the system works, the reimplementation in c+ is being done by monero team, these things take time |
| 07:38:12 | gmaxwell: | wumpus: andytoshi suggested to me earlier tonight that he was thinking of just rederriving it from first principles and prior RS work, rather than analyizing the bcn whitepaper stuff or the code (which might be intentionally misleading). |
| 07:46:06 | wumpus: | gmaxwell: would indeed have to re-derive from first principles, to make sure that the reason for everything is known, as any earlier earlier design choice could be deceiving |
| 07:47:18 | wumpus: | agree with Neko3 that it would take a lot of time |
| 07:50:13 | fluffypony: | the most frustrating thing is the lack of comments |
| 07:50:17 | fluffypony: | design decisions aren't inherent |
| 07:51:02 | wumpus: | hey - at least that also means no deceiving comments :-) |
| 07:51:08 | fluffypony: | hah hah |
| 07:51:25 | fluffypony: | we're literally having to do incremental code documentation / mapping / refactoring |
| 07:56:32 | Neko3: | fluffypony the alias system is something else, very nice job c: |
| 07:56:38 | fluffypony: | tks |
| 08:05:15 | wolfe.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:15 | wolfe.freenode.net: | Users on #bitcoin-wizards: andy-logbot grubles wallet42 HaltingState Guyver2 MoALTz Graftec Muis CryptOprah_ jbenet licnep_ promoJo Guest37288 zlinn_ mappum btc_ Guest2024 cym todays_tomorrow x48 copumpkin ericp4 TheSeven DougieBot5000 qualiabyte atgreen dgenr8 at0mat digitalmagus8 Sangheili Quanttek emsid jaekwon torsthaldo br4n_ pigeons napedia Aquent arowser BrainOverfl0w lianj_ UukGoblin optimator gribble wumpus Apocalyptic gernika poggy_ kinlo rs0 jcorgan_ oujh |
| 08:05:15 | wolfe.freenode.net: | Users on #bitcoin-wizards: nanotube Iriez mr_burdell skinnkavaj justanot1eruser fluffypony epscy_ nuke1989 bsm117532 K1773R koshii_ OneFixt_ samson_ a5m0 SDCDev go1111111 GAit bbrittain nsh roconnor_ SomeoneWeird CoinMuncher mikalv mortale tacotime forrestv shesek fanquake livegnik jchp_ mkarrer wiretapped Anduck amiller Nightwolf altoz spinza rfreeman Keefe Krellan BigBitz Starduster [\\\] dansmith_btc berndj-blackout Taek42 jaromil BlueMatt warren asoltys Hunger- |
| 08:05:15 | wolfe.freenode.net: | Users on #bitcoin-wizards: LarsLarsen waxwing [Derek] Emcy tromp_ EasyAt tucenaber Logicwax Transisto iddo tromp Grishnakh @ChanServ phedny so petertodd burcin LaptopZZ_ danneu catcow TD-Linux lechuga_ abc56889 weex Guest50253 helo smooth otoburb gwillen kanzure ryan-c pi07r Starsoccer nickler_ Alanius Guest47516 throughnothing CodeShark Eliel mmozeiko andytoshi roasbeef Dyaheon harrow DoctorBTC Fistful_of_coins gmaxwell zibbo azariah4 phantomcircuit maaku HM jgarzik |
| 08:05:15 | wolfe.freenode.net: | Users on #bitcoin-wizards: crescendo pajarillo zenojis Adohgg nsh- postpre bobke midnightmagic [d__d] coryfields sipa espes__ Graet Luke-Jr comboy_ sl01 |
| 08:08:58 | fluffypony: | "This wouldn't be the first time I had an insight that gmaxell didn't although he has returned the favor of me a few times too." |
| 08:09:01 | fluffypony: | this thread is laughable. |
| 08:09:17 | fluffypony: | "it might be possible using multiple intersecting rings to use a system of simultaneous equations to find the 'x' private keys that are supposed to be hidden by the non-interactive Zero Knowledge Proof. However, I didn't work through the math to see if my hunch is true." |
| 08:22:09 | gmaxwell: | I'm not claiming to have a insight or not, haven't even evaluated anything there seriously. But a jibbering claim can look like bullshit on its own merits, regardless of what I think. |
| 08:23:29 | gmaxwell: | These people in that thread are mostly idiots though, falling all over themselves to make whatever point they're trying to make. I didn't intend to say much there just a bit of "Bullshit" calling and a suggestion to put up or shutup. |
| 08:33:47 | fluffypony: | well we have testnet up and operational, so if he wants to do a "blockchain demonstration" he's welcome to |
| 08:34:03 | fluffypony: | he can even get a CVE ID for his trouble |
| 13:21:22 | andytoshi: | gmaxwell: :/ i've got a pretty busy weekend, hopefully i can take a look at something but i'm unwilling to touch any public discussion about it without doing the analysis |
| 13:25:42 | gmaxwell: | andytoshi: ::nods:: figured I'd point it out, since clearly you don't sleep. :) |
| 13:28:36 | andytoshi: | :P i almost always sleep 12-6 |
| 13:29:13 | andytoshi: | i certainly haven't ever posted anything here at 3AM ;) |
| 13:31:20 | fluffypony: | I'm in the 2am - 7am asleep cycle, works quite well |
| 13:31:40 | fluffypony: | thanks to coffee + provigil (modafinil) |
| 14:10:31 | SDC: | SDC is now known as SDCDev |
| 14:13:44 | woah: | fluffypony i take provigil sometimes too |
| 14:13:53 | woah: | doesn't make me any less tired if im tired tho |
| 14:16:03 | fluffypony: | yeah I know, it's more in the afternoon when I would otherwise have taken an afternoon nap |
| 14:16:05 | fluffypony: | keeps me going through that and then I get a second wind |
| 14:41:09 | woah: | yea i generally take a small amount in the morning if i am going to code |
| 14:41:32 | woah: | helps on bitcoin stuff |
| 16:28:58 | fanquake_: | fanquake_ is now known as fanquake |
| 18:23:47 | wallet421: | wallet421 is now known as wallet42 |
| 21:06:31 | Guyver2: | Guyver2 has left #bitcoin-wizards |
| 21:32:14 | fluffypony: | gmaxwell, andytoshi - well we'll find out in 72 hours |
| 21:32:29 | fluffypony: | BCX says he's going to perform an attack then unless we release a patch before that time |
| 21:32:32 | fluffypony: | still no details |
| 21:35:51 | Eliel: | speaking of which, does someone have a link to an easy to follow explanation for how the ring signature algorithm in CryptoNote works? |
| 21:36:41 | fluffypony: | the CN whitepaper is reasonably simple |
| 21:36:56 | fluffypony: | or try our annotated one, if you can get past the academic snark :-P |
| 21:39:43 | fluffypony: | Eliel: https://monero.cc/downloads/whitepaper_annotated.pdf |
| 21:49:25 | tacotime: | #neveradullmomentinaltcoins |
| 21:49:48 | fluffypony: | lol |
| 22:04:42 | gmaxwell: | how are you going to 'release a patch' when he's given no details? |
| 22:04:56 | fluffypony: | well exactly |
| 22:05:26 | fluffypony: | meh - I invite the "attack", if it flushes out some niggly issue hidden deep in the code then great |
| 22:05:37 | gmaxwell: | is he still implying that it's a BRS vulnerability? |
| 22:05:41 | fluffypony: | and if it's all FUD and market manipulation we won't budge and rush out a patch for something that doesn't exist |
| 22:06:08 | fluffypony: | last I gathered his implication is that there's an issue with the "factorization" in the implementation |
| 22:06:22 | gmaxwell: | lol |
| 22:06:36 | gmaxwell: | what the heck does he mean there? |
| 22:06:58 | fluffypony: | no clue |
| 22:07:15 | gmaxwell: | I could certantly see there being a goofy bug that bypasses something sadly. |
| 22:07:58 | fluffypony: | absolutely |
| 22:08:25 | fluffypony: | I suspect the block 202612 attack was done by someone intimately familiar with the codebase |
| 22:08:42 | fluffypony: | as spotting that mistake would have been insanely hard |
| 22:08:58 | fluffypony: | and knowing how to exploit it (beyond creating a block with more than 512 tx's) doubly so |
| 22:09:26 | fluffypony: | if that unnamed individual hasn't spotted this "exploit" then I don't know |
| 22:10:43 | phantomcircuit: | the merkle root was miscalculated such that you could swap transactions would effecting the root? |
| 22:10:45 | phantomcircuit: | wat |
| 22:12:17 | fluffypony: | phantomcircuit: http://lab.monero.cc/pubs/MRL-0002.pdf |
| 22:13:06 | fluffypony: | there's the research bulletin on what was exploited and how |
| 22:16:01 | phantomcircuit: | that's a lot of tricky bit shifting for something as simple as calculating a merkle tree |
| 22:16:15 | fluffypony: | I know right |
| 22:26:21 | woah: | why did they do that? |
| 22:26:42 | woah: | i mean damn i could write that in js using normal math in about the same number of lines |
| 22:26:57 | tacotime: | woah: obfuscation |
| 22:27:04 | woah: | idiots |
| 22:27:08 | Guest37288: | Guest37288 is now known as michaggo |
| 22:27:10 | tacotime: | their code base is heavily obfuscated |
| 22:27:12 | michaggo: | michaggo is now known as michagogo |
| 22:27:26 | woah: | lotta good it did them |
| 22:27:56 | tacotime: | woah: well, they used it to attack our fork, not their's... |
| 22:30:11 | woah: | hm |
| 23:32:15 | justanot1eruser: | justanot1eruser is now known as justanotheruser |
| 23:55:14 | Taek42: | I was thinking |
| 23:55:30 | Taek42: | having 'useful' work, like generalized computation might be worse for the 'dark mining' problem |
| 23:55:55 | Taek42: | with useless work, dark mining is a loss, you can't use an ASIC to make money for anything besides Bitcoin mining |
| 23:56:11 | Taek42: | and so having a stockpile of dark mining tools is expensive |
| 23:56:30 | Taek42: | but if you just had generalized computation, there are potentially sources of profit outside of the coin network |
| 23:56:55 | Taek42: | and so you could have a bunch of 'dark' generalized computers IE EC2 that could be fired up in a moments notice to reverse a handful of transactions |
| 23:57:22 | Taek42: | And it's -especially- a problem if using the generalized resource on the Bitcoin network isn't always the most efficient use of those resources |
| 23:57:57 | Taek42: | IE doing decentralized generalized work incurs some cryptographic cost that could be avoided by using a centralized model |
| 23:59:21 | Taek42: | And so a huge dark network could establish itself by being a largely trustworthy and entirely cheaper option for performing generalized computation |