00:33:16nuke_:nuke_ is now known as nuke1989
01:03:44moa:moa has left #bitcoin-wizards
01:16:10Adohgg:Adohgg is now known as Mooltensea
01:22:26Mooltensea:Mooltensea is now known as Adohgg
04:41:03quackgyver:quackgyver has left #bitcoin-wizards
04:56:23coinmeister:has any OT related technology gone mainstream yet?
05:51:52brisque:I've been reading up on the "improved" PoS system ethereum is decided they are using (this week), yet the more I research the worse of an idea it sounds. in a nutshell it's PoS with a 12 second block time, and a system of punishing people that vote on multiple chains as a mechanism of preventing multiple chains at the same height from continuing.
05:52:34brisque:the idea is that peers publish proofs (ie, two votes at the same height) as evidence that somebody is being "bad", meaning you're probably not going to be signing multiple chains if you have any sense. beyond that it's pretty standard PoS.
05:53:49brisque:to me the 12 second expectation doesn't seem to be at all reasonable, inter-node latencies will surely be a great deal higher than the block time, and actually just processing the blocks would likely be a decent portion of it as well. you're not left with much headroom at all before you start getting outrun. just from my Bitcoin peers, some of them are upwards of 2 seconds round trip away.
05:56:59brisque:and the more you think about 12 seconds, the worse of an idea it becomes. 12 second blocks with a number of signatures has got to add up in terms of header size. even if we call it 500 bytes per block, thats a solid 150 KB an hour, or 1.314 GB a year in just header metadata. I bet it's more than that, too.
06:00:05justanotheruser:brisque: ignoring the time, they seem to think they can punish a pseudonymous person who may not have any spendable outputs on the address they created a fork with
06:00:24phantomcircuit:brisque, i've stopped trying to understand what they're doing
06:00:30phantomcircuit:because they just keep changing it
06:00:38justanotheruser:;;calc 80*5*60*60*24*365
06:01:46justanotheruser:we need #bitcoin-consensus-school
06:02:20brisque:justanotheruser: I made the assumption that they would have some sort of minimum output size for you to put aside. however, if I could destroy your funds by making you sign a "bad" block.. could be interesting.
06:03:20Luke-Jr:brisque: how does it fix grindng?
06:03:26brisque:phantomcircuit: yes, it's remarkable how much they haven't been able to decide what to spend their millions of dollars on developing. if anything their ideas are getting progressively worse and worse.
06:05:14brisque:Luke-Jr: I haven't seen it mentioned anywhere, so I doubt it's been considered. it's not mentioned anywhere on their blog, website or forums.
06:07:08phantomcircuit:brisque, not really, once they got millions they didn't have to develop anything
06:14:15brisque:Luke-Jr: actually they do mention stake grinding, it's just not called that. they essentially just aim to use data from 2000 blocks ago rather than data at the head of the chain.
06:15:38brisque:I somehow missed this blog post from a while ago, I'm not even sure if it's still what they're doing or not. https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/
08:05:17tepper.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:17tepper.freenode.net:Users on #bitcoin-wizards: andy-logbot CoinMuncher rfreeman Graftec Starduster Guyver2 go1111111 cbeams gloriusAgain vfor damethos p15_ ericp4 Logicwax Emcy NikolaiToryzin brisque jchp_ x48_ pen tromp__ TheSeven LarsLarsen coinheavy fanquake todaystomorrow mortale eslbaer__ kmels Dr-G2 justanotheruser nuke1989 dgenr8 nanotube tromp emsid bsm117532 ebfull napedia Adlai wizkid057 koshii jgarzik a5m0 epscy tucenaber artifexd tacotime samson_ shesek arowser digitalmagus8
08:05:17tepper.freenode.net:Users on #bitcoin-wizards: HaltingState irc88 prepost atgreen spinza mappum SDCDev Grishnakh grandmaster2 br4n altoz skinnkavaj wiretapped iddo OneFixt drawingthesun starsoccer midnightmagic Adohgg jaekwon Muis berndj-blackout gribble nsh Graet melvster kinlo Transisto zenojis hollandais [Derek] BlueMatt Dyaheon CryptOprah_ jbenet promoJo michagogo zlinn_ btc_ copumpkin pigeons BrainOverfl0w lianj_ UukGoblin optimator wumpus Apocalyptic poggy rs0 jcorgan_ Iriez
08:05:17tepper.freenode.net:Users on #bitcoin-wizards: mr_burdell fluffypony K1773R bbrittain SomeoneWeird mikalv forrestv livegnik mkarrer Anduck amiller Nightwolf Keefe Krellan BigBitz [\\\] dansmith_btc Taek42 jaromil EasyAt sl01 comboy_ Luke-Jr espes__ sipa coryfields [d__d] bobke nsh- pajarillo crescendo HM maaku phantomcircuit zibbo gmaxwell Fistful_of_coins DoctorBTC harrow roasbeef andytoshi mmozeiko Eliel CodeShark throughnothing Guest47516 Alanius nickler_ pi07r ryan-c kanzure gwillen
08:05:17tepper.freenode.net:Users on #bitcoin-wizards: otoburb smooth helo Guest50253 abc56889 lechuga_ TD-Linux catcow danneu LaptopZZ burcin petertodd so phedny @ChanServ waxwing Hunger- asoltys warren
12:37:11samson2:samson2 is now known as samson_
13:06:05instagibbs:brisque: is this what you were reading: https://docs.google.com/document/d/1irOyVlKll6XDKp_oOx1UZGNaqI8ao7ETRgEIepUBh4c/edit#
13:55:08tromp:they lack a strong sense of KISS
14:41:37px_:px_ has left #bitcoin-wizards
16:15:20jedunnigan:jedunnigan is now known as Guest43313
18:24:12wallet42:wallet42 is now known as Guest14854
18:24:12wallet421:wallet421 is now known as wallet42
18:57:08Taek42:brisque what's to stop someone from going back in time and spending votes on multiple chains, invalidating their own votes on the previous winning chain, and thus having some alternate chain become the winner?
19:04:12Taek42:looks like they want to use checkpoints
19:05:00tacotime:proof of checkpoint
19:05:33tacotime:the secure answer to any insecure consensus system
19:05:39Taek42:"To solve the “new nodes” problem, a new node upon startup need only download a recent block hash, and accept it as a “checkpoint”. The node will accept forks starting N blocks behind the checkpoint, but with a factor penalty of 0.99 ^ N"
19:06:11tacotime:wait what
19:06:42tacotime:these are really bizarre security assumptions
19:09:52zooko:zooko has left #bitcoin-wizards
19:13:16tromp:this is almost like "security theatre"
19:17:51andytoshi:o.O ethereum has a "refuse to reorg" rule?
19:18:02andytoshi:and since when do they have pos, wtf
19:18:15sipa:they've had pos for a while, i think
19:18:17Apocalyptic: and since when do they have pos, wtf // PoS ? since the beginning...
19:18:31sipa:i haven't followed the details
19:18:43andytoshi:"the beginning" for me was "we'll be bitcoin but with turing complete script", and i honestly have not checked up on them since..
19:18:46tacotime:they've switched to some slasher-dpos-tpos hybrid thing
19:19:02tacotime:andytoshi: that's probably a good place to stop
19:19:15tacotime:i stopped reviewing pos systems that aren't depending on pow
19:20:20Taek42:ethereum was originally going to use POW, I remember reading that they were going to tap their POW hashes as a source of random numbers
19:20:20gmaxwell:Every concern or criticism has been met by additional complexity; resulting in a design which may have computational security against review.
19:20:53andytoshi:"we show that if an adversary is able to review this cryptosystem, a simulator can be constructed which solves the halting problem"
19:21:32BlueMatt:gmaxwell: literally interrupted conversation loling too hard.....
19:21:37tacotime:Taek42: yeah i use that too in my hybrid pow-pos system, but not so much the block header hashes as the header hashes+header itself --> hash of concatenation of both
19:21:52tacotime:using header hashes is bad because randomness decreases with higher difficulties
19:22:52tacotime:if you assume that the nonce is either in the header or the tx tree somewhere (extra nonce), i think sha256(header hash + header) is a sort of okay source for randomness, but it really depends what you're doing.
19:24:44instagibbs:I ran into that link after reading discussion here, I really thought they were doing sha3 or something
19:25:14tacotime:you can't justify $20m of ipo superbucks with sha3 i assume
19:25:52tacotime:i think their tx tree etc hashes are keccak though, keccak is what we use too (monero)
19:26:24instagibbs:did you read up on their "use the VM as PoW" writeup, re-running contracts as PoW or somesuch. That was the last I'd read of their attempts at consensus. Wasn't that long ago
19:28:10gmaxwell:Hopefully y'all are spending equal time thinking about things which aren't so amusingly complex... e.g. things which actually benefit (rather than get worse) with more review. :)
19:29:21tacotime:i'm just implementing my pos on top of pow system, i'll abuse it with testing once that's done and pass it to some academics i know to give it a run through because i'm not smart enough to math.
19:29:38tromp:they shld save their non-pow experiments for Eth2 and focus on getting Eth1 working reliably
19:30:47tacotime:tromp also five different implementations could probably be saved until later
19:31:15Taek42:complexity is a very attractive temptress.
19:31:50tacotime:complexity is the root of security evil, eg bitcoin scripting.
19:32:12tacotime:totally innocuous stuff like OP_RETURN initially enabled you to do really fun things like spend other people's money.
19:46:31jtimon:"The purpose of this post is not to say that Ethereum will be using Slasher in place of Dagger as its main mining function. Rather, Slasher is a useful construct to have in our war chest in case proof of stake mining becomes substantially more popular or a compelling reason is provided to switch. " https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/
19:47:21tacotime:yeah that's quite old though
19:47:39tacotime:he was writing a paper about his new dpos-tpos-slasher algorithm that someone posted in here the other day
19:47:39instagibbs:Jan in Eth time is like, a long time, man.
19:55:28instagibbs:instagibbs has left #bitcoin-wizards
20:03:59jtimon:I see
20:06:52jtimon:tacotime but bitcoin scripting makes things very interesting
20:07:30tacotime:imagine how interesting ethereum scripting will be, then :)
20:08:01tacotime:to be fair scripting is very useful, eg p2sh and whatnot
20:08:10tacotime:but scary too.
20:11:15jtimon:I don't see any reason why an "agent based" scripting could be more interesting than a "input/output based" one
20:12:28tacotime:from a security standpoint? :)
20:12:58jtimon:from a functionality standpoint
20:13:20jtimon:from a security standpoint input/output is much easier to analize IMO
20:13:53tacotime:yeah, i think there's tons left to do with p2sh and it'll generally always be safer to use that than a crazy turing complete pythonic language.
20:14:05jtimon:and you don't need to hardcode execution fees
20:14:29tacotime:i think execution fee escape will be interesting
20:15:13jtimon:I'm not sure turing completeness is necessarily a problem, but maybe it's not necessary either
20:16:24jtimon:I'm a great fan of python but I think for this you want strict tipying and make static analysis easy
20:17:08tacotime:right.. i mean it builds to some kind of language that is a bunch of op_codes, and i guess you can statically analyze that.
20:17:15jtimon:so that wallets can withelist or blacklist certain "script types"
20:17:24tacotime:i think the problem is that most users are never going to do that, though.
20:18:12jtimon:ideally the opcode level would be readable by itself, you can always extend it with macros
20:19:06licnep_:licnep_ is now known as licnep
20:19:30tacotime:those are the op codes
20:21:12tacotime:it's a mix of high level and low level things
20:22:32tacotime:I think that's for killing a script after a certain execution state
20:24:17tacotime:that's the LLL (low level language) reference
20:24:24tacotime:although i haven't looked at it closely
21:06:03jtimon:GASPRICE ...isn't this a hardfork-required-to-change constant?
21:07:05jtimon:or consensus critical function? any of them are ugly
21:12:39rdponticelli:rdponticelli has left #bitcoin-wizards
23:17:05justanotheruser:Thoughts on giving miners a constant incentive through demmurage?
23:17:40justanotheruser:Specifically, softforking demmurage in by forcing users to pay a fee relative to how much their outputs value has decayed and allowing miners to redeem coins that don't yet exist on a sidechain
23:29:24justanotheruser:This is a "forbidden" change
23:30:05justanotheruser:but if there is too much variance in block reward when there isn't a subsidy, perhaps it is necessary to have a small demmurage