| 01:56:50 | justanotheruser: | justanotheruser is now known as TheFakeMaru525 |
| 01:58:06 | TheFakeMaru525: | TheFakeMaru525 is now known as jnyBot |
| 02:00:33 | jnyBot: | jnyBot is now known as justanotheruser |
| 08:05:16 | wolfe.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:16 | wolfe.freenode.net: | Users on #bitcoin-wizards: andy-logbot maaku p15 wiretapped pen RoboTedd_ cbeams Guyver2 Grishnakh x48_ jaekwon1 mortale waxwing tromp_ ericp4 rdponticelli Ress jgarzik coinheavy [7] Dr-G2 shesek warren puszl justanotheruser fanquake atgreen vdo DougieBot5000 irc88___ tacotime rfreeman_w pi07r Adohgg K1773R spinza melvster Graftec_ grandmaster2 todays_tomorrow nuke1989 xmj lnovy Hunger- Sangheili gribble mkarrer Eliel drawingthesun HM gmaxwell amiller_ artifexd |
| 08:05:16 | wolfe.freenode.net: | Users on #bitcoin-wizards: digitalmagus crescendo LarsLarsen cfields btc_ kgk SDCDev livegnik jchp kanzure bobke iddo samson_ MRL-Relay arowser comboy Happzz copumpkin EasyAt wumpus [d__d] StephanYanev emsid dgenr8 coryfields go1111111 michagogo hollandais _2539 altoz zenojis mappum jrayhawk jbenet LaptopZZ optimator_ Meeh poggy_ Luke-Jr Emcy_ UukGoblin danneu catcow TD-Linux Guest50253 helo smooth otoburb gwillen ryan-c nickler_ mmozeiko roasbeef pajarillo sl01 Keefe |
| 08:05:17 | wolfe.freenode.net: | Users on #bitcoin-wizards: Dyaheon rs0_ Gnosis ahmed_ Muis Logicwax nanotube espes__ andytoshi so zibbo dansmith_btc epscy OneFixt Fistful_of_coins BlueMatt tromp wizkid057 a5m0 starsoccer midnightmagic berndj Graet kinlo [Derek] pigeons BrainOverfl0w lianj Apocalyptic Iriez mr_burdell fluffypony bbrittain SomeoneWeird forrestv Anduck Nightwolf Krellan BigBitz [\\\] Taek42 asoltys @ChanServ phedny petertodd burcin lechuga_ abc56889 Alanius Guest47516 throughnothing |
| 08:05:17 | wolfe.freenode.net: | Users on #bitcoin-wizards: CodeShark harrow DoctorBTC phantomcircuit nsh- sipa |
| 08:05:27 | maaku: | maaku is now known as Guest94326 |
| 09:39:03 | StephanYanev: | StephanYanev is now known as MarekTerlecki |
| 10:12:17 | hearn: | fincen is researching ring signatures: http://www.coindesk.com/fincen-director-jennifer-shasky-calvery-full-interview-bitcoin/ |
| 10:12:19 | hearn: | fascinating |
| 10:12:51 | Emcy_: | because it scares them? |
| 10:13:28 | hearn: | i didn't get that impression. more like, because it's a new technology and they have to keep up with developments in the space of money and privacy |
| 10:13:40 | hearn: | things that have little usage can't be all that scary |
| 10:14:10 | Emcy_: | i think the little usage is the important bit |
| 10:14:19 | fluffypony: | ring signatures aren't new :) |
| 10:14:27 | Emcy_: | feds seem pretty rattled about ios8 encryption for ex |
| 10:14:38 | Emcy_: | i just read they want congress to legislate it away |
| 10:15:23 | fluffypony: | they're going to have to accept the reality, that people will eventually generally become au fait with technology that is private by default, transparent optional |
| 10:16:52 | Emcy_: | when have they ever just accepted a situation that isnt going their preferred way |
| 10:17:14 | fluffypony: | true that |
| 10:18:22 | Emcy_: | especially some authority entity that is facing being obsoleted due to a new development......fights back more viciously than a cornered fox |
| 10:18:45 | xmj: | technology being "private by default, transparent optional" seems wishful thinking, sad as it is |
| 10:19:00 | fluffypony: | xmj - see: Monero :-P |
| 10:19:04 | xmj: | especially in a world with centralized, semi-government-approved certificate authorities |
| 10:19:15 | hearn: | heh |
| 10:19:52 | fluffypony: | if only Tox wasn't such a turd at the moment, that's the sort of thing that will tilt the ball |
| 10:20:05 | hearn: | if by "semi government approved" you mean "not shut down" then i guess any group of people with a recognisable name is "government approved" |
| 10:20:48 | xmj: | hearn: i mean 'institutions' like Verisign which exist through, and cooperate a lot with, government interference |
| 10:21:04 | xmj: | not like they've never forged / given away cert keys to teh feds. |
| 10:21:10 | hearn: | do you have evidence for that statement? |
| 10:21:40 | Emcy_: | fluffypony whats wrong with tox |
| 10:21:55 | Emcy_: | except that they seem intensely relaxed about metadata |
| 10:22:13 | fluffypony: | Emcy_: it's temperamental - sometimes a contact shows as offline (when they're on) |
| 10:22:17 | xmj: | hearn: i'm spinning reasonably plausible conspiracy theories |
| 10:22:25 | fluffypony: | and leaving it for a couple of hours doesn't fix that |
| 10:22:25 | xmj: | fluffypony: what's wrong with encrypted XMPP ? |
| 10:22:43 | fluffypony: | xmj: not terribly workable for the layman |
| 10:22:55 | xmj: | hm, jitsi makes that particularly easy |
| 10:23:09 | fluffypony: | xmj: you underestimate how incapable the layman is ;) |
| 10:23:17 | Emcy_: | fluffypony thats to be expected with p2p + onion routing the DHT table.....skype was like that before MS took over and started running it thru their datacenter to please the nsa |
| 10:23:40 | hearn: | xmj: there are enough problems that have evidence to worry about problems that don't, imo. |
| 10:24:01 | fluffypony: | Emcy_: yeah, which is why I said it's a turd at the moment, but it'll get there (hopefully) ;) |
| 10:24:45 | Emcy_: | well i hope they nut up about the metadata......they make out atm that just providing payload encryption is some revolutionary thing theyre doing |
| 10:25:24 | fluffypony: | wasn't there some dude with a couple of commits that threw a tantrum about that and stormed off, and then they basically said "errthingz ok, all his stuff was theoretical, and we'll fix it one day (tm)" |
| 10:25:29 | Emcy_: | they seemed to think that onion routing at the very least IMs wasnt feasible, which seems patently not true |
| 10:26:24 | Emcy_: | dunno there was some drama which is understandable seeing as it started on 4chan |
| 10:26:55 | fluffypony: | lol |
| 10:27:04 | fluffypony: | kids nowadayz |
| 10:27:54 | xmj: | fluffypony: commits...guy...what? |
| 10:28:12 | fluffypony: | xmj: no clue, I read about it briefly somewhere and then got bored and moved on with my life |
| 10:31:47 | xmj: | ok |
| 10:32:17 | xmj: | http://www.pcworld.com/article/239497/hackers_forge_certificates_to_break_into_spy_agencies.html |
| 10:32:57 | Emcy_: | gosh almighty i cant stand long quotations/interviews of people given verbatim........if you write exactly like how most people talk everyone sounds like a glib moron |
| 10:33:04 | Emcy_: | even this fincen guy |
| 10:33:21 | xmj: | that's because most people talk like the morons they are |
| 10:33:23 | xmj: | ahum. |
| 10:33:35 | hearn: | um, the head of fincen is a woman |
| 10:33:54 | xmj: | you're not disproving my point by bringing in their gender |
| 10:33:58 | xmj: | s/gender/sex/ |
| 10:34:12 | hearn: | xmj: re: certs, that's not what you asserted, that's "company gets hacked" which is very different. |
| 10:34:13 | nsh: | (the gendered or otherwise usage of 'guy' is probably off-topic here) |
| 10:34:46 | xmj: | yeah |
| 10:35:17 | xmj: | hearn: if i had the snowden dox on my computer and a competent fulltextsearch tool and/or minion, i'm sure i could find what i was looking for :-) |
| 10:36:02 | nsh: | shortage in the competent fulltextsearch minion market atm :/ |
| 10:36:10 | hearn: | well i assumed that too when the docs first leaked last year. i kept waiting for the slide shows about the compromised CA's. |
| 10:36:24 | hearn: | apparently either they don't exist or the journalists who were able to report on so much else somehow missed it |
| 10:36:56 | hearn: | it's rather surprising and counter-intuitive but it appears that (for now) the system is working as designed. or if there are compromises, they're so rare that they aren't worthy of mention in the NSA docs. |
| 10:36:58 | nsh: | it's not reasonable to assume snowden gained access to a representative sample of capabilities-implying documents, despite the breadth evinced |
| 10:37:15 | Emcy_: | the snowden stories are still ongoing |
| 10:37:17 | nsh: | a lot of what we now know is the result of fortuitious compartmentalization failures |
| 10:37:21 | hearn: | in the end it's not really surprising though. breaking SSL at the CA level is risky and noisy. hacking an endpoint is much better, and QUANTUM lets them do exactly that |
| 10:37:30 | nsh: | * nsh nods |
| 10:37:33 | xmj: | hearn: ok, i'll give you that |
| 10:37:36 | hearn: | the path of least resistance is browser exploits, not CA exploits. |
| 10:37:58 | hearn: | this may change in future if chrome continues to get harder to exploit, which seems likely. but it's hard to say. |
| 10:38:41 | Emcy_: | thats for targetted ops though |
| 10:38:51 | Emcy_: | doesnt help them break on mass |
| 10:39:01 | Emcy_: | en |
| 10:39:16 | hearn: | no, but neither would a CA breach. people would notice widespread use of forged certs almost immediately and at that point it's basically the same as saying "SSL is illegal" |
| 10:39:18 | fluffypony: | I think it's masse as well? |
| 10:39:30 | fluffypony: | yes - "en masse" |
| 10:40:06 | Emcy_: | fucking frenchy loan words.... |
| 10:40:10 | hearn: | besides it wouldn't make much sense to break SSL that way, given how their infrastructure works. if they don't care about getting caught it'd be much better to just legally mandate back doored RNGs or similar. |
| 10:42:18 | fluffypony: | meh, plus it bleeds into "Bitcoin is vulnerable to quantum computing!" territory |
| 10:42:41 | Emcy_: | but they can just compell valid certs out of any CA within the Us aegis |
| 10:44:47 | Emcy_: | so it doesnt necessarily have to be noticed |
| 10:44:57 | hearn: | yes, but only at high risk and cost. if the cert was discovered, the CA would be forced to provide an explanation by the browser makers, the intelligence target would find out, and if the CA couldn't give a good explanation a revocation plan would be put in place, ultimately ending that business. |
| 10:45:10 | Emcy_: | shit even cloudflare is in the sanctioned ssl MITM game now..... |
| 10:45:12 | hearn: | cert transparency is all about increasing the chance of discovering the certs |
| 10:45:52 | Emcy_: | youre right its high stakes |
| 10:46:23 | Emcy_: | and that swedish CA played the game and lost and died..... |
| 10:46:37 | fluffypony: | same as the crowd that moaned about Apple including .mil certs in iOS 8 |
| 10:46:54 | fluffypony: | "they'll use it to MITM!" (like nobody would notice...) |
| 10:47:29 | hearn: | well that's the fun thing about decentralisation. if you're serious about it, you don't get to pick who takes part. i always find it entertaining that people simultaneously argue the PKI is centralised, yet there are too many CAs. |
| 10:47:38 | Emcy_: | also hearn whats to stop them sending red letters to the browser makers? |
| 10:47:49 | hearn: | "we need a decentralised system to stop the US government from issuing certs!", hmm that's not how decentralisation works :) |
| 10:48:03 | hearn: | ultimately nothing stops the USG and other governments simply banning strong crypto and they nearly did that in the 90s. |
| 10:48:26 | hearn: | but the chances of that happening can be significantly reduced by ensuring that the benefits to society strongly outweigh the costs, and by winning those arguments |
| 10:48:37 | hearn: | (at least in democracies, in theory, lots of handwaving etc) |
| 10:48:39 | Emcy_: | yes, they didnt but not because they realised it would be wrong to do so, they just changed tact |
| 10:49:06 | hearn: | well they realised that for all the hype strong crypto was not widely used and wasn't going to be anytime soon, so yes, the path of least resistance stopped being legislative change. |
| 10:49:17 | Emcy_: | yes |
| 10:49:43 | hearn: | in some star trek future where everyone is using bitcoin and tor and pgp for everything all the time, that balance would tip again of course and things like the clipper chip would come up again |
| 10:50:13 | Emcy_: | and now the kerfuffle about ios8.........played the paedo card almost immediately. Mumblings about congress taking care of it........ |
| 10:50:48 | Emcy_: | if good crypto becomes the norm and the path of least resistance goes back to just banning the lot...... |
| 10:50:57 | hearn: | it's a tightrope walk isn't it |
| 10:51:17 | Emcy_: | freedom usually is |
| 10:52:04 | hearn: | this is why i am interested in exploring these issues and the related tradeoffs. e.g. do we really want bitcoin to be as anonymous and private as possible? many say yes, but don't think through the potential consequences of that. sometimes there are interesting middle paths worth exploring too. |
| 10:53:27 | Emcy_: | do they really have the capability to ban bitcoin |
| 10:53:30 | Emcy_: | what would that look like |
| 10:53:58 | hearn: | look at china |
| 10:55:45 | Emcy_: | its funny because im reading a book right now that deals with the consequences of a ridiculosuly disruptive technology being released into the public domain (schematics for a personal unit that allows access to alternate realities of the many-worlds interpretation type), and how the US tries to maintain control in face of that. |
| 10:56:54 | cbeams: | Emcy_: what's the book? |
| 10:56:57 | Emcy_: | tldr they make a rule saying every chunk of land analagous to the borders of the US on every alternate earth out to infinity belongs to them |
| 10:57:03 | Emcy_: | its hilariously believable |
| 10:57:39 | hearn: | there's another fascinating book written by ( i think? ) arthur c clarke, about a world in which someone invents a machine that can do wide-area jamming of guns |
| 10:57:55 | Emcy_: | cbeams the long war, baxter and pratchett collab. Its good |
| 10:58:22 | hearn: | it's set in the USA and it's about the impact that has on american society, how the people who develop the tech end up being put in danger by the gun rights wing who try to kill them. sort of a sci-fi thriller. |
| 10:58:28 | hearn: | at least i think that's the summary :) i read it years ago |
| 10:59:16 | Emcy_: | i love how clarkes stuff doesnt really seem all that scifi anymore lol |
| 10:59:40 | Emcy_: | well some of it |
| 10:59:40 | hearn: | ah, "the trigger" |
| 10:59:42 | nsh-: | i prefer 'speculative-fiction' for clarke's. it was very good speculation :) |
| 11:00:27 | hearn: | ah yes. i forgot a key detail. the trigger doesn't jam guns, it makes them explode :) |
| 11:00:50 | Emcy_: | a book about glocks? |
| 11:03:22 | Emcy_: | hearn re: finding a balance for bitcoin to avoid getting ganked by the govt |
| 11:04:11 | Emcy_: | the flipside of that is avoiding implementing disruptive stuff in order to try nd avoid some fuzzy line int he sand with them |
| 11:04:20 | Emcy_: | a form of self-censorship |
| 11:04:25 | Emcy_: | not ideal either |
| 11:04:30 | nsh-: | (it's quite hard to draw non-fuzzy lines in the sand) |
| 11:04:47 | nsh-: | (unless you use some kind of welding apparatus) |
| 11:05:45 | hearn: | Emcy_: well these things are ultimately explorations. nobody knows the future or what the exact tradeoffs will be for any new technology. nuclear power / manhatten project was a good example of that. |
| 11:06:14 | hearn: | different societies reached different conclusions about nuclear power. but it's good to know how to do it, even if ultimately some people decide not to allow it/use it |
| 11:06:42 | hearn: | i don't think we should avoid researching ways to make bitcoin's privacy better, far from it. we should always push forward the boundaries of knowledge. |
| 11:07:11 | hearn: | but that doesn't mean such things should always be deployed just because they exist. the tradeoffs have to be considered. they'll be different in different places. |
| 11:07:15 | Emcy_: | nuke power is a good example of a technology that never reached anywhere close to its breathtaking potential due to vague threats of certain doom and often outright fud |
| 11:07:59 | hearn: | well, different countries took different paths there. e.g. France has lots of nuclear power plants. germany *did* and then merkel panicked and shut them down. |
| 11:08:13 | Emcy_: | it might still reach it yet, but centuries behind schedule due to people being dumb, what a shame.........and what a shame for bitcoin if the same happens |
| 11:08:18 | hearn: | the UK did its usual middling sort of noncommital thing and now buys lots of power from the french :) |
| 11:08:56 | Emcy_: | yes |
| 11:09:10 | nsh-: | and lets the French build new power stations which the French (government) will profit from |
| 11:09:18 | Emcy_: | france is doing pretty well out of it right, and not swimming in nuclear doom. |
| 11:09:22 | hearn: | i don't think you can write off all anti-nuclear positions as just dumbness. i happen to support nuclear power too but it's unarguable that there are commercial downsides, e.g. often not feasible without government subsidies, sometimes plants have to shut down in summer because there's not enough cold water, all kinds of things. |
| 11:09:35 | hearn: | cleanup is a big fat question mark, still |
| 11:10:10 | hearn: | anyway that's kind of OT for here. suffice it to say, lots of places considered these tradeoffs and struck the balance in different places. it'll be the same for bitcoin and cryptocurrencies in general |
| 11:10:25 | hearn: | some countries have more tolerance for financial privacy than others, e.g. compare switzerland vs usa |
| 11:10:49 | hearn: | or usa vs china :) |
| 11:10:54 | Emcy_: | not directly comparable since bitcoin is a singular global instance of the technology |
| 11:11:28 | Emcy_: | so yes refusing bitcoin would look a lot like how china refuses lots of internet services |
| 11:13:02 | Emcy_: | theres also the aspect that if bitcoin wont do certain things pehaps it gets supplanted by coins that will |
| 11:13:21 | hearn: | bitcoin has a lot of momentum at this point, but in the long run, maybe yes |
| 11:14:40 | hearn: | again i suspect it'll be somewhat regional. it's sort of unfashionable to say that because we like to think the internet makes everything global, but different parts of the world still manage to differ in how they use technology |
| 11:14:53 | Emcy_: | dunno about momentum to that extent......i dont think 2014 has been the breakout year everyone thought it would be... |
| 11:14:58 | hearn: | so maybe some alt coins are better adapted to local needs and take over from bitcoin there, in other places, bitcoin would stick around |
| 11:15:22 | hearn: | no well bitcoin is likely to end up in a "year of the linux desktop" type loop unless we find ways to make it dramatically more compelling for people |
| 11:15:31 | Emcy_: | haha yes |
| 11:19:30 | xmj: | hrm |
| 11:19:40 | xmj: | what's a good place to get actual bitcoin/USD rates? |
| 11:19:44 | xmj: | (these days) |
| 11:27:29 | nsh-: | they stream in #bitcoin-market from several exchanges |
| 11:28:49 | Emcy_: | ey probably stupid question......but assuming there are lots of programming sitting on your ass for long periods types in here, are there any recommendations for good ergonomic computer chairs |
| 11:29:31 | Emcy_: | especially if there exists s type with a long cutout for the spine, so that there is zero pressure on your spine whatsoever (pressure on my spine seems to cause migraine) |
| 11:30:02 | Emcy_: | sort of like the captains chair in STTNG |
| 11:44:44 | Dr-G2: | Dr-G2 is now known as Dr-G |
| 12:03:01 | sl01: | hearn: i remember a talk where moxie said a middle eastern state essentially admitted to him they could forge certs |
| 12:06:15 | hearn: | could be! i'm not saying "no government has ever court ordered a CA to provide a cert", that'd be surprising if true. just that snowden provided no evidence that this behaviour is widespread inside the NSA or GCHQ. for other governments all bets are off. |
| 12:06:34 | hearn: | e.g. the French government CA was name constrained to .fr by Chrome due to some rule violations by it, i think |
| 12:07:01 | hearn: | cert transparency will probably be interesting for flushing this stuff out, but it will take years |
| 12:07:28 | Emcy_: | what exactly is that |
| 12:07:31 | Emcy_: | is it pinning |
| 12:07:43 | hearn: | no. it's a google initiative to force CA's to publish all certs they issue. |
| 12:07:57 | hearn: | has a neat blockchain-like technology at its core. certificates have to come with a short proof that they were entered into a log. |
| 12:08:07 | Emcy_: | o rly |
| 12:08:13 | hearn: | eventually the plan is that browsers (chrome at least) will start refusing or ignoring certs that don't contain such a proof. |
| 12:08:29 | hearn: | then the logs can be monitored or mined to detect mis-issuance |
| 12:08:58 | hearn: | e.g. if we see a cert for bitcoin.org appear issued by a CA is Saudi Arabia, some automated scripts can go "bzz warning, check this out" and an investigation can take place. |
| 12:09:06 | hearn: | CA *in* Saudi Arabia. |
| 12:09:15 | hearn: | it can also be used to detect certs issued for phishing sites. |
| 12:09:29 | Emcy_: | sounds a bit like pinning but better |
| 12:09:44 | hearn: | it's not pinning. you can still switch CA's at will. |
| 12:09:57 | Emcy_: | in terms of outcome i mean |
| 12:10:00 | hearn: | it's basically a way to improve the auditing of CA's to ensure they're following the rules. |
| 12:10:10 | hearn: | well sure, the outcome should be a better, more trustworthy ecosystem |
| 12:10:12 | Emcy_: | is there further reading for the "blockchain like" bit |
| 12:11:55 | hearn: | http://www.certificate-transparency.org/ |
| 12:11:59 | hearn: | ironically, does not support SSL |
| 12:12:15 | hearn: | (the website i mean. obviously ct does) |
| 12:13:48 | Emcy_: | google coming out with things like this throws a spanner in my view of their intentions |
| 12:14:05 | Emcy_: | and that end to end thing (if it works) |
| 13:29:29 | lenovo: | hi |
| 13:40:52 | lenovo: | hi |
| 13:53:02 | lenovo: | lenovo has left #bitcoin-wizards |
| 13:56:05 | x48_: | x48_ is now known as x48 |
| 14:11:34 | tromp: | in ECC it's assumed to be infeasible to compute scalar d given points G and P where P=dG |
| 14:11:44 | tromp: | is it also infeasible to compute G given d and P? |
| 14:12:25 | tromp: | i.e. taking d-th roots |
| 14:16:48 | Happzz: | what is this channel about? |
| 14:20:26 | tromp: | bitcoin related crypto research |
| 14:21:09 | MRL-Relay: | [sarang] Are you assuming that G is no longer public? |
| 14:21:19 | MRL-Relay: | [sarang] In existing currencies, G is fixed and public |
| 14:23:13 | zooko: | Hi, tromp. |
| 14:23:30 | tromp: | hi zooko |
| 14:24:09 | tromp: | in my question G is obviously not public |
| 14:27:03 | justanotheruser: | justanotheruser is now known as bakaseki |
| 14:27:13 | bakaseki: | bakaseki is now known as justanotheruser |
| 14:30:11 | MRL-Relay: | [sarang] To my knowledge, that has not been well-studied for crypto purposes |
| 14:30:56 | MRL-Relay: | [shen] tromp, you compute the inverse of d in the finite field |
| 14:31:13 | MRL-Relay: | [shen] multiply times dG |
| 14:31:16 | MRL-Relay: | [shen] get G |
| 14:31:32 | MRL-Relay: | [shen] but yeah as sarang said, not really crypto purposes |
| 14:33:20 | tromp: | ah yes; thanks, MRL-Relay |
| 14:34:25 | MRL-Relay: | [sarang] should maybe be added that the inverse computation is not only possible, it's _trivial_ |
| 14:48:50 | Taek42: | what's with the [different names]? Is MRL a team of people? A tulpamancer? |
| 14:51:05 | andytoshi: | MRL is "monero labs" |
| 14:51:53 | fluffypony: | Taek42: Monero Research Lab - on a separate network, hence the relay, so the [name] after the relay is the person who's actually talking on that side |
| 14:52:00 | ielo: | ielo has left #bitcoin-wizards |
| 14:52:17 | Taek42: | oh that's pretty cool |
| 14:52:21 | Taek42: | thanks |
| 14:54:29 | MRL-Relay: | andytoshi joined. |
| 15:25:19 | amiller_: | ok thinking out loud again |
| 15:25:51 | amiller_: | privacy is an ecological concern, it's unfortunately the case that individual users don't feel much motivation to do the things that safeguard their own privacy |
| 15:26:10 | amiller_: | and that makes it harder for anyone who *does* want their privacy to do so |
| 15:27:00 | amiller_: | techniques like zerocoin and coinshuffle etc don't actually do any good if everyone just lets coinbase hold all their coins |
| 15:28:26 | amiller_: | so i'm motivated to find ways to actually *disincentivize* users from handing their keys to other (centralized) parties (or in general failing to obscure their transactions) |
| 15:29:28 | amiller_: | my approach is going to be similar to the kind of reasoning that leads to the nonoutsourceable puzzle design. |
| 15:29:52 | andytoshi: | hard to disincentivize past "coinbase has your keys and can physically take your money at any time and you have no ability to prevent this" |
| 15:30:12 | amiller_: | andytoshi, no not at all |
| 15:31:17 | andytoshi: | oh? |
| 15:31:21 | amiller_: | okay well yeah it's a little complicated because i don't think coinbase provides nearly as much as they *could* in the way of assurance |
| 15:32:06 | amiller_: | if coinbase just said your account was 1btc lower one day, it would be hard to prove you *didn't* make a valid request to change it |
| 15:32:12 | amiller_: | but, if you're paying attention, you'd know |
| 15:32:25 | tacotime: | amiller_: making privacy your default network protocol is usually a good way to go. |
| 15:32:38 | amiller_: | tacotime, agreed, but i'm hoping i can do better than that |
| 15:33:02 | amiller_: | andytoshi, i maintain it's possible to achieve something better..... namely that you wouldn't even *know* if coinbase took the money from you |
| 15:33:14 | andytoshi: | ooh ok |
| 15:33:15 | zooko: | amiller_: what if the units of the world are not humans, many of whom are delegating their powers to coinbase, but are entities like coinbase, circle, blockchain.info, etc. |
| 15:33:24 | tacotime: | one big problem with bitcoin too is that it's probably going to get pricy to maintain privacy with fees becoming more competitive. transacting on btc mainnet is getting a little costly. |
| 15:33:27 | zooko: | Let there be a world in which there are no humans, only a number of such companies/orgs/websites. |
| 15:33:45 | jgarzik_: | http://www.coindesk.com/fincen-director-villainize-bitcoin/ |
| 15:33:46 | zooko: | Then, I argue that zerocoin makes privacy+fungibility for transactions between those entities. |
| 15:33:47 | jgarzik_: | "Calvery indicated that FinCEN is currently researching ring signatures, a cryptographic signature in which an action is attributed only to a group, and tumblers, a type of mixing service meant to hide where transactions originate." |
| 15:33:47 | zooko: | :-) |
| 15:34:06 | jgarzik_: | Interesting that FinCEN is looking at ring signatures (== possibly evil) |
| 15:34:09 | tacotime: | jgarzik: yeah, i saw that this morning and groaned. |
| 15:34:14 | amiller_: | zooko, what's the difference between calling them humans vs companies, is your point that there are fewer of them, or that they're intrinsically different? |
| 15:35:02 | fluffypony: | tacotime: ring sign ALL of the things! |
| 15:35:04 | tacotime: | monero/the rest of cryptonote coins have fairly weak privacy right now, i'd hate to have to jump ship because of gov't whoevers declaring it evil because it's too much like cash. |
| 15:35:23 | tacotime: | it's only in the infancy of its development. |
| 15:35:43 | zooko: | amiller_: *tries to explain the point* |
| 15:36:20 | amiller_: | anyway my hope was that the motivation i laid out was at clear, regardless of whether everyone agrees with it.... i wanted to talk about my technical approach next, just to be clear the goal is to *incentivize* people to store their coins themselves and not use coinbase |
| 15:36:40 | zooko: | My point is this: |
| 15:37:23 | zooko: | 1. There's a world of little circles. Each little circle is a human. This is World 1. Zooko says "We're going to make zerocoin so that the currency flowing between the circles has privacy and fungibility. |
| 15:37:27 | amiller_: | if someone has your keys, they can spend your coins, but if you know the public key, you can tell *when* it's spent and in many cases have an easy time proving it. |
| 15:37:39 | amiller_: | so whati'd like instead is if there's a way that someone who knows your key can *take* your coins without you even knowing |
| 15:37:48 | tacotime: | anyway, it's still possible to backport ring signatures onto bitcoin with some new op_codes too, and i don't think that in the future there's going to be any way to prevent people from adding privacy to bitcoin. it'll be a battle of pgp all over again, with the gov't eventually stubbornly realizing that their laws are second to the laws of mathematics. |
| 15:38:10 | zooko: | 2. amiller_ says "No, almost all the little circles are delegating all of their secrets, vulnerability, etc. to a small number of orgs, so zerocoin won't have that effect." |
| 15:38:17 | amiller_: | there's a sort of inherent "what you don't know can't hurt you" problem, where if you are actually losing your coins, then either you have no idea how many coins you have generally (which would suck for a payment system) or it didn't affect you |
| 15:38:36 | amiller_: | so i think the solution i'm working towards is a lottery |
| 15:39:15 | zooko: | 3. zooko says, okay, zoom out and draw a big circle around every set of little circles who've delegated their secrets to the same org as each other. Now there's World 2, where there are a smaller number of circles (now they are big circles, named coinbase, circle (aha!), blockchain.info, etc.), but my argument from step 1 applies to world 2 -- that zerocoin will make for privacy and fungibility of transactions between the circles. |
| 15:39:20 | zooko: | Am I making sense yet? |
| 15:39:24 | amiller_: | think of this as the proof-of-stake equivalent to the nonoutsourceable proof-of-work puzzle.... this doesn't have anything to do necessarily with using proof-of-stake to vote on block chains, but it does involve having a lottery whereby everyone with a coin is automatically entered into a lotter yand they might win a reward just for being there |
| 15:40:44 | amiller_: | so, every so often there would be a lottery drawing, and one unit of 'coin' would win.... and only if you *know* the private key associated with that coin would you even be able to *tell* which coin wins |
| 15:42:03 | andytoshi: | tacotime: if we get sidechains, there will be a sidechain that supports ringsigs (and output blinding a la me and gmaxwell's idea) |
| 15:42:22 | andytoshi: | amiller_: is this lottery creating coins or is it some kind of mix? |
| 15:42:37 | tacotime: | andytoshi: ah, okay, neat. we're trying to backport 2-way peg into monero too. |
| 15:42:38 | amiller_: | andytoshi, it's not a mix, so lets just say it's creating coins |
| 15:43:01 | amiller_: | the idea is that if you are delegating your coins to someone else and you don't know the key |
| 15:43:22 | amiller_: | then you might win the lottery and not even be able to tell, but the person you're delegating the key to would be able to tell and could take the lottery winning for themselves |
| 15:44:03 | Taek42: | zooko I follow |
| 15:44:28 | andytoshi: | amiller_: ok, understood...how do normal transactions work? |
| 15:44:50 | amiller_: | andytoshi, normal transactions would presumably work same as in zerocoin |
| 15:44:59 | andytoshi: | ah, gotcha |
| 15:45:15 | Taek42: | zooko the problem is that the little circles don't know if the big circles are actually participating in full anonymity, and it's healthier for the little circles to have anonymity |
| 15:45:38 | Taek42: | but the little circles are lazy so they just accept a reduced overall health |
| 15:45:44 | zooko: | Yeah, the little circles are definitely giving up their privacy to the big circle of their choice. |
| 15:46:15 | amiller_: | zooko, i don't think we have a clear definition of fungibility here though, i think what you're saying is similar to letting people who use any large bank get 3% off when they use their rewards card, but everyone with cash has to pay a cash penalty |
| 15:46:33 | amiller_: | so it's fungible as long as you are a member of one of the big circles, but everyone who wishes to be outside a circle is punished |
| 15:46:51 | amiller_: | so i wouldn't call that fungibility |
| 15:46:57 | zooko: | You don't seem to be embracing my redefinition of the world to world 2 in which there are no humans. |
| 15:47:23 | amiller_: | hm, maybe not |
| 15:47:29 | zooko: | I'm arguing that fungibility does exist between the big circles in world 2, if that world uses zerocoin. |
| 15:47:31 | Happzz: | what is this channel about? |
| 15:47:32 | amiller_: | a human is just a tiny corporation though |
| 15:47:44 | zooko: | And I'm agreeing that it doesn't exist between the small circles in world 2, even if that world uses zerocoin. |
| 15:47:59 | amiller_: | zooko, are you assuming that all of the big circles use the protocol correctly and don't share information between themselves |
| 15:48:08 | amiller_: | like 4 of the 5 circles don't bully the 5th? |
| 15:48:09 | amiller_: | brb |
| 15:48:15 | zooko: | amiller_: yeah! There are a few of those small circles who choose to go it alone and connect straight to the zerocoin backbone instead of delegating to coinbase. |
| 15:48:32 | Taek42: | amiller_ what motivation would my grandma have for using a coin that she must take care of? Why wouldn't she just prefer to use Bitcoin+Coinbase, which is easier? |
| 15:48:40 | zooko: | Sorry, I have to go. :-( Hope to do this again with you soon. |
| 15:52:04 | Taek42: | I think that fundamentally, people would much rather store their own coins than give their coins to a bank, all else equal. But the bank gives you interest, gives you insurance, and overall the bank knows how to handle money better than you do. |
| 15:52:12 | Taek42: | So people choose the bank. |
| 15:53:08 | Taek42: | I don't think any sort of coin is going to stand a chance with the general public unless it's easier to use and more rewarding to use and less risky to use than the current situation |
| 15:53:45 | Taek42: | lol. The "null" monetary system. |
| 16:01:45 | amiller_: | zooko, right so in this world you described, my concern is that the big circles will deviate from the zerocoin protocol, and for all of their transactions they will *deanonymize* themselves to prove that their transactions have stayed only between themselves |
| 16:02:30 | amiller_: | that 5th circle who uses the zerocoin backbone directly will be unable to participate in that deanonymization scheme, and it (or its users/members/constituents) will suffer a penalty |
| 16:13:15 | Taek42: | amiller_ what penalty do they suffer from by being apart from the deanonymization scheme? |
| 16:36:30 | berndj-blackout: | berndj-blackout is now known as berndj |
| 17:20:27 | EasyAt_: | EasyAt_ is now known as EasyAt |
| 17:30:17 | Eliel: | Taek42: whatever penalty the others choose to impose I'd guess. |
| 17:31:29 | zooko: | zooko has left #bitcoin-wizards |
| 19:42:32 | Starduster_: | Starduster_ is now known as Starduster |
| 20:02:36 | fluffypony: | t |
| 20:33:29 | rdponticelli: | *Qué |
| 22:08:35 | dgenr8: | amiller_: for your lottery would you just select unspent scriptpubkeys randomly and pay to them? proportional to utxo value? |
| 22:09:13 | amiller_: | dgenr8, yes i think so |
| 22:09:24 | dgenr8: | amiller_: i had the lottery idea while trying to think of a way for investors to incent others to allocate wealth to bitcoin. |
| 22:09:29 | dgenr8: | amiller_: it didn't occur to me that it would also incent them to hold the keys themselves. |
| 22:09:44 | dgenr8: | amiller_: are you actually doing it? becuase this is one of those eminently doable ideas. the worst that could happen is nobody pitches in any funds. |
| 22:10:00 | amiller_: | well that on its own wouldn't solve the problem at all |
| 22:10:08 | amiller_: | this is simlar to the whole nonoutsourceable reasonning |
| 22:10:25 | amiller_: | because someone who holds your coins for you like coinbase can still just promise to give you the reward if you win |
| 22:11:30 | amiller_: | and if it's clear which pubkey receives the reward, then it would be really easy for BitcoinBank to prove that you'd be able to sue them if the coins they're claiming to hold ofr you win and they took them |
| 22:12:15 | dgenr8: | amiller: the bigger it got, the more you would start to expect a given dividend level and think something was amiss if you didn't |
| 22:12:39 | amiller_: | dgenr8, right well that's assumng the lottery is pretty frequent |
| 22:12:51 | amiller_: | dgenr8, if the lottery were very high variance |
| 22:13:21 | amiller_: | if BitcoinBank passes on the risk to its customers, then it wouldn't be albe to prove it isn't skimming off the top and getting lucky |
| 22:13:37 | amiller_: | on the other hand if it promises to absorb all the risk, then if it has a dry spell it could be really ulucky |
| 22:16:18 | dgenr8: | amiller_: i don't follow why it would be easy for me to know BitcoinBank's winnings |
| 22:17:56 | amiller_: | you deposit 10 btc in BitcoinBank. BitcoinBank signs a message saying that it is holding your 10btc in an addres with public key K1. |
| 22:18:02 | amiller_: | if public key K1 wins, then that winning is yours |
| 22:18:31 | dgenr8: | amiller_: ok, that's not what you wrote. you meant something more like a wall st firm "promising" to have a chinese wall between analysts and advisors |
| 22:18:34 | amiller_: | they have the key, they can spend it, but they won't do so unless they have like, password logs or whatever else i dunno they can use to cover-their-ass if you try to complain that they spent it unauthorized |
| 22:19:32 | amiller_: | part of what makes "promises" like that credible is that there would be a lot of paper trail if they tried to *actually* steal the winnings, so my design goal is to make it so that there would be no paper trail and they'd have an easier time getting away with it |
| 22:20:53 | dgenr8: | there's a lot of effort going into that kind of thing and i'm not encouraged by ETFs etc. propensity to prove reserves. so that works in your favor |
| 22:28:22 | kanzure_: | kanzure_ is now known as kanzure |