00:07:49DougieBot5000:DougieBot5000 is now known as Guest93327
00:07:50DougieBot5000_:DougieBot5000_ is now known as DougieBot5000
00:39:39kanzure:andytoshi: request: more than a paragraph to explain (like in asic-faq.pdf section 4.7) why "useful" PoW is a bad idea. "unaligned incentives" is a valid argument, but it's not self-contained. (e.g., maybe something like, "incentives are not additive, because they always force an asymmetry that results in bad behavior because ")
00:44:50justanotheruser:kanzure: I don't think unaligned incentives are nearly as bad as the problem that useful PoW isn't good for security. sha256 is basically progress free, well audited, designed to be difficult (or impossible) to find partial collisions without bruteforce, etc
00:45:27justanotheruser:A useful PoW may be able to solve all of these problems except being progress free I think
00:51:44kanzure:huh, i thought there were other issues, like the monetary value of whatever the other incentive is, and that value opening up a vulnerability of some sort
02:26:34justanotheruser:kanzure: that is a problem, but in a network with the amount of electricity expended bitcoin has, I don't think many problems have add that much to the incentive of destroying bitcoin.
02:33:06kanzure:sure, although i didn't mean destroying. there are a number of other problems it can cause like collusion with other miners etc.
02:37:14gmaxwell:kanzure: Ignoring the problems that the "useful" work is almost never actually a good function for POW (progress free, optimization free, approximation free) it has the merge mining incentive distortion.
02:39:21gmaxwell:Meaning you might have large bases of people who are interested in the useful output and can turn against the chain usage easily. This mostly makes a difference in edges cases, because already the chain's security is the reward (fees/subsidy) and that much isn't changed... Certantly the difficulty in such an enviroment is misleading about security.
03:39:44contrapumpkin:contrapumpkin is now known as copumpkin
04:35:58BillyJim:hi bitcoindddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddthat m
04:36:19BillyJim:thats my name
04:39:57gmaxwell:BillyJim: what is the square root of 2?
04:47:16BillyJim:# lol
04:56:07gmaxwell:gmaxwell has kicked BillyJim from #bitcoin-wizards
04:56:28gmaxwell:I wonder what causes that?
04:59:24kanzure:need to trap them with honeypots
05:00:25gmaxwell:flypaper sounds more fitting. But this one wouldn't even pass a really easy turing test.
05:01:51kanzure:i mean more like, trick them into spending time in a channel full of bots or something.
05:16:03gmaxwell:kanzure: and what makes you think we already haven't?
05:17:41kanzure:not much
06:27:32andytoshi:kanzure: my feeling regarding that para in asic-faq.pdf is similar to justanotheruser ... i think it's already preseented as more serious than it is
06:28:05andytoshi:for a "useful pow" where useful means "direct monetary value" this could be a problem (this is the case for merged mining), but not for science. scientific research is totally divorced from economic reality
06:29:15andytoshi:if i could make it more precise i would do that, but i'm not sure that i can. the last couple weeks i have come to a much clearer understanding of where exactly the economic patches in bitcoin lie but i haven't sorted these ideas out enough to write them down
06:30:39justanotheruser:* justanotheruser starts research on low value produced by hash values :)
06:33:21andytoshi:the rough idea is: proof-of-work is a dynamic membership multiparty signature or dmms (thx adam3us for the name) which is basically a digital signature where the signer set is unfixed and anonymous. the reason that hash-based pow is a dmms is (a) it's a signature of computational power so it's sybil resistant (mentioned in asic-faq.pdf), (b) anyone can participate without setup (this is where
06:33:22andytoshi:amiller's lottery stuff is going i think). i think (b) forces mining to be a poisson process but i'm not sure
06:33:40andytoshi:all this i think is provably true in the random oracle model, no economics
06:34:18andytoshi:where the econ comes in is "why does everyone contribute to the same hashsig instead of breaking apart into many" which i think is a much smaller question to answer than what we've been thinking about so far
06:35:48andytoshi:sorry, "hashsig" means proof of work. and i should be saying "dmms", it happens that proof-of-work is a dmms but this is actually irrelevant to the econ argument
06:38:33andytoshi:so then, if you have a "useful proof of work" that corresponds to a dmms that has value in its own right and this value is independent of whether there is consensus. so now the cost of coordinating, which normally is counteracted by the block rewards, is too great for those making dmms's who don't know/don't care about the rewards. for a non-useful pow there are no such parties
06:48:19amiller:andytoshi, so, i think a way around that is an auction. whoever wants to benefit from the useful proof of work has to pay for it in advance, and the payment goes to the consensus participants who don't need to know anything about why it's useful to someone
06:51:34andytoshi:in the absense of a total police state "useful" means you can't force anyone who wants to benefit to pay in a certain way?
06:52:00andytoshi:but i like the idea
06:52:31andytoshi:for certain definitions of "useful" e.g. merged mining maybe you can structure the problem this way
06:59:11amiller:well that's why i said auction
06:59:41amiller:if someone else is willing to pay a higher price to have miners work on their useful work, then they can
08:05:18tepper.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:18tepper.freenode.net:Users on #bitcoin-wizards: andy-logbot austinhill drawingthesun justanotheruser nuke1989 todays_tomorrow aburan28 MRL-Relay c0rw1n [7] artilectinc shesek Dr-G3 d4de^ epscy rfreeman_w RoboTeddy wiretapped spinza altoz koshii tacotime NewLiberty irc88 Luke-Jr devrandom HaltingState rdponticelli Aquent MoALTz Emcy atgreen Adlai zwischenzug2 hollandais mortale tromp_ dansmith_btc2 super3 Graftec Guest29578 nanotube Starduster go1111111 burcin SDCDev Meeh LarsLarsen samson_
08:05:18tepper.freenode.net:Users on #bitcoin-wizards: pi07r optimator_ stonecoldpat wumpus Grishnakh mmozeiko jgarzik wizkid057 Nightwolf grubles berndj forrestv asoltys [d__d] livegnik reick nsh Dyaheon DoctorBTC Sangheili lianj Fistful_of_coins myeagleflies SomeoneWeird Krellan CryptOprah Max_H3adr00m emsid Iriez [Derek] comboy gsdgdfs NikolaiToryzin Anduck HM arowser warren Logicwax coryfields_ [\\\] pigeons xenogis sipa gmaxwell Taek kanzure iddo_ _2539 LaptopZZ_ lnovy dgenr8 hguux Alanius
08:05:18tepper.freenode.net:Users on #bitcoin-wizards: K1773R phantomcircuit kumavis heath a5m0 andytoshi bobke petertodd BigBitz waxwing espes__ BrainOverfl0w digitalmagus CodeShark smooth BlueMatt Graet @gwillen sl01 artifexd michagogo tromp bbrittain weex gribble Kretchfoop Muis Hunger-- jrayhawk_ firepacket yoleaux mappum jbenet zibbo_ Eliel amiller crescendo btc_ kgk coryfields poggy UukGoblin danneu catcow TD-Linux [Tristan] helo otoburb ryan-c roasbeef pajarillo Keefe Gnosis ahmed_ so
08:05:18tepper.freenode.net:Users on #bitcoin-wizards: starsoccer midnightmagic kinlo Apocalyptic mr_burdell fluffypony harrow throughnothing abc56889 lechuga_ phedny @ChanServ
16:19:48vfor:whats the state of SIDEchains?
16:21:07justanotheruser:vfor: I think the current state is "being discussed"
16:23:15vfor1:no implementation?
16:23:24vfor1:no code, just talk?
16:24:49justanotheruser:vfor: no idea if theres code. It isn't very public if at ...
16:25:03justanotheruser:so impatient
17:29:37andytoshi:o.O there is talk somewhere?
17:30:12justanotheruser:* justanotheruser puts on pseudointellectual cap
17:46:35Luke-Jr:andytoshi: Adam did a Let's Talk Bitcoin some months ago
19:27:29Aquent:Aquent is now known as suckdickalldayto
19:27:48suckdickalldayto:suckdickalldayto is now known as suckdicktoshi
19:33:31suckdicktoshi:suckdicktoshi is now known as Aquent
20:03:39skyraider7:skyraider7 has left #bitcoin-wizards
22:48:34kanzure:"Towards reliable storage of 56-bit secrets in human memory" (using spaced repetition) https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-bonneau.pdf
22:54:32sipa:I know 30 decimals of Pi; that's almost 100 bits :)
22:55:30kanzure:seems like it would be cheaper to memorize how to correctly compute pi, instead
23:08:43gmaxwell:kanzure: 30 decimals out is not something you can quickly compute mentally, AFAIK. (esp not in base-10 :) )
23:10:12maaku:easy in base pi ;P
23:57:54gmaxwell:gmaxwell is now known as gmaxwell_
23:58:12gmaxwell_:gmaxwell_ is now known as gmaxwell