01:04:14rajaniemi.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
01:04:14rajaniemi.freenode.net:Users on #bitcoin-wizards: andy-logbot arubi KingCoin Sangheili Aquent2 jgarzik vaxzine moa Dr-G Emcy maclane aburan28 Cory vmatekol_ tromp_ jtimon phedny myeagleflies JohnnyBitcoin mkarrer devsaturn justanotheruser peterlie artifexd Kireji Luke-Jr fenn wallet42 wiretapped dansmith_ MoALTz mortale pen Graftec mmozeiko c0rw1n d4de^^ hashtag Adlai Starsoccer spiftheninja waxwing dansmith_btc drawingthesun nsh_ emsid DoctorBTC [7] altoz phantomcircuit arowser1
01:04:14rajaniemi.freenode.net:Users on #bitcoin-wizards: NikolaiToryzin Starduster bbrittain a5m0 Alanius iddo erizo Max_H3adr00m kinlo poggy sl01 maaku [d__d] Nightw0lf samson_ nuke1989 devrandom jaekwon Fistful_of_coins rfreeman_w LaptopZZ SDCDev OneFixt Grishnakh gnusha HM_ @ChanServ lechuga_ abc56889 throughnothing harrow fluffypony mr_burdell Apocalyptic so ahmed_ Gnosis Keefe pajarillo roasbeef ryan-c otoburb helo [Tristan] TD-Linux catcow danneu coryfields btc_ crescendo amiller Eliel
01:04:14rajaniemi.freenode.net:Users on #bitcoin-wizards: zibbo_ jbenet mappum yoleaux firepacket jrayhawk_ Hunger-- Muis Kretchfoop tromp michagogo @gwillen BlueMatt smooth CodeShark digitalmagus BrainOverfl0w BigBitz petertodd bobke heath kumavis K1773R hguux dgenr8 lnovy _2539 kanzure Taek gmaxwell sipa pigeons [\\\] coryfields_ warren comboy [Derek] Iriez Krellan Dyaheon nsh livegnik berndj wumpus optimator_ LarsLarsen Meeh burcin nanotube HaltingState shesek MRL-Relay gribble wizkid057 EasyAt
01:04:14rajaniemi.freenode.net:Users on #bitcoin-wizards: zenojis tacotime Graet asoltys pi07r CryptOprah epscy espes__ Anduck artilectinc copumpkin hollandais midnightmagic Logicwax go1111111 spinza SomeoneWeird napedia gavinandresen forrestv stonecoldpat weex_ Guest89609
01:04:44Aquent2:Aquent2 is now known as Aquent
01:11:47andytoshi:sigh, 657 lines of missed scrollback ... i was only out for a day :)
01:11:48yoleaux:22 Oct 2014 22:47Z andytoshi: what do you think? https://github.com/kanzure/bitcoin-incentives/issues/4
01:13:52nsh:if it's any consolation, when you missed it, it was just scroll
01:16:39andytoshi::)
01:38:08lechuga_:whats the proper nomenclature for a non-winning chain with a shared root with the most-work chain
01:38:24lechuga_:i used to call them sidechains :/
01:39:04andytoshi:lechuga_: "path from a stale to the main chain" :P
01:39:19kanzure:was that an orphan fork?
01:39:28kanzure:oh, stale. yes.
01:39:48lechuga_:into stalechain
01:40:16sipa:side branches?
01:40:22sipa:stale chains?
01:40:38sipa:they're most often (incorrectly) called orphan blocks/chains
01:40:41lechuga_:side branches might be confusing
01:41:04lechuga_:stale sort of implies they were once fresh
02:09:37zz_lnovy:zz_lnovy is now known as lnovy
02:12:43maaku:maaku is now known as Guest56072
02:16:01zz_lnovy:zz_lnovy is now known as lnovy
02:24:43lechuga_:should a demo federated peg chain be expected shortly
02:29:17Luke-Jr:lechuga_: I think I read on reddit someone saying they had basically the same thing going on for some other project - other than that, it might be a bit; what do you consider "shortly" and what counts as a "demo"? :P
02:29:53lechuga_:lol no rush
02:30:04lechuga_:was just curious if i should expect something in th enext couple weeks
02:30:14lechuga_:given the contracthashtool coming out too
02:30:27BlueMatt:lechuga_: ofc we're working on initial betas, but I think the plan is to build initial, shitty tests which we use to inform our designs when we start working on public implementations
02:30:45lechuga_:makes sense
02:31:09jeremyrubin:Hmm anyone know of any interesting bitcoin related security proposals? Looking for a class project.
02:31:29BlueMatt:lechuga_: ofc with our already-public stuff (+/-) you can do a meat-based sidechain already :)
02:31:40andytoshi:jeremyrubin: what level of schooling are you talking about? and can you be more precise "security proposal"?
02:31:42BlueMatt:(ie non-automated transfers)
02:31:55lechuga_:lol@meat-based
02:32:24jeremyrubin:Grad level MIT network security class
02:32:30gmaxwell:lechuga_: demo? yes. Hurray for permissionless tech. (thus the public commitment tool)
02:33:00kanzure:amiller: petertodd: maybe instead of talking about a single giant consensus it should be mutually overlapping consensus between all of the connected/networked/interoperating participants. afterall, it's only meaningful within the context of two unrelated third parties or something (like, if you assume everyone is honest, then your entire model can collapse into some centralized non-bitcoin implementation anyway).
02:33:02jeremyrubin:Could also involve some OS level hacking
02:33:32lechuga_:nice
02:33:36andytoshi:jeremyrubin: hmmm...so there is a big open problem about formalizing the security properties of proof-of-work...probabl not a class project
02:33:46andytoshi:jeremyrubin: there are some trustless gambling proposals that i think are implementable
02:34:10andytoshi:jeremyrubin: might wanna poke around http://bitcoin.ninja
02:35:38andytoshi:jeremyrubin: https://download.wpsoftware.net/bitcoin/wizardry/brs-arbitrary-output-sizes.txt is a modification to monero that gmaxwell and i have been thinking about. what's written there is implementable but probably a way bigger task than a class project
02:35:46andytoshi:since the monero codebase is not super accessible i hear
02:36:42andytoshi:i guess, how crypto-heavy do you want to be? if you want to do security but not crypto i should shut up, i don't think about that too much
02:36:43BlueMatt:votes on if https://github.com/Blockstream/contracthashtool qualifies as interesting enough for bitcoin.ninja?
02:36:53andytoshi:ack
02:37:15jeremyrubin:(reading up on bitcoin.ninja)
02:37:15lechuga_:as if it only has 5 stars
02:37:29kanzure:BlueMatt: this isn't a democracy, and you shouldn't judge by start count.
02:37:47lechuga_:guess it wasnt really publicized was it?
02:37:54lechuga_:i only saw the link to the repo here
02:37:55andytoshi:..ah yet it's up to 7 since lechuga_ commented :P
02:38:02lechuga_:nice!
02:38:08BlueMatt:not particularly, I'm more asking independantly of sidechains
02:38:16BlueMatt:its much more general
02:38:16kanzure:BlueMatt: also how about something like https://github.com/unsystem/paypub or https://github.com/zw/PoLtree/ or https://github.com/petertodd/python-merbinnertree
02:38:38BlueMatt:we should have a software section on bitcoin.ninja
02:38:48kanzure:or https://github.com/petertodd/timelock
02:39:20kanzure:i dunno if this is a good implementation or not but it might be worth poking at https://github.com/olalonde/proof-of-liabilities
02:39:39andytoshi:+1 to everything kanzure just suggested (kanzure you should make a pr)
02:40:01kanzure:would a frontend js app to do shamir secret sharing stuff be relevant?
02:40:35andytoshi:i nak mainly to keep the software section from dwarfing the rest :P
02:40:42kanzure:eg http://seedguardian.github.io/
02:40:47kanzure:kk
02:41:07BlueMatt:the only sharmir's implementation I like is my own :p
02:41:07andytoshi:i think olalonde's thing should be there, if it is broken hopefully people will ask here. i think it's being used
02:41:14BlueMatt:but, yea, thats not particularly wizaardly
02:44:22BlueMatt:* BlueMatt is not so sure that python-merbinnertree is that wizardly
02:44:30BlueMatt:its just a datastructure...not very bitcoin-specific?
02:44:54andytoshi:hmm, yeah, the wizardly part of it is petertodd's name
02:45:00BlueMatt:heh
02:45:05andytoshi:so i change to nak :)
02:45:12BlueMatt:well, pt has done other wizardly things...
02:45:25Prints_:Prints_ has left #bitcoin-wizards
02:45:34gmaxwell:sure, the random PT tools, and the contract hash tools sure.
02:46:16gmaxwell:I have a ton of old shit on bct thats just posted for prior art establishment... that I should go dredge up, some is pretty good.
02:47:12kanzure:https://github.com/TheBlueMatt/bitcoinninja/pull/9
02:47:13kanzure:https://github.com/TheBlueMatt/bitcoinninja/pull/8
02:47:23BlueMatt:damn, was already doing that...
02:47:36kanzure:you can't beat me http://www.seanwrona.com/typeracer/profile.php?username=kanzure
02:47:57gmaxwell:(uh by pretty good I mean ideas that are potentially useful)
02:49:26gmaxwell:Someone want to go write up the statistical arguments for http://people.xiph.org/~greg/simple_verifyable_execution.txt ? I'll rain praise down on you for doing that... it's really only meant as an educational tool, not as something secure or usable... but it would be better with some concrete reasoning on the security.
02:49:46andytoshi:kanzure: btw i have your -incentives pr open in my browser, i will try to read over it tomorrow. i am heading out of town for a short while, will probably get to it on the plane. (not sure, i have a bunch of school stuff i need to read in the next week to get back on track after the blockstream wp blitz)
02:49:59kanzure:andytoshi: no rush
02:50:07kanzure:andytoshi: let me know if you need a ride to/from the airport
02:50:33andytoshi:kanzure: thx a ton. but i'm an eight-minute walk from the 100 shuttle route
02:50:40amiller:so i've been thinking.... actually i guess this is zooko's idea.... sidechains might be a lot more useful if you could process *some* of the transaction rules of the side chain
02:50:43amiller:but for performance reasons ideally not all of them
02:50:56andytoshi:kanzure: will bug you in the next couple weeks, we should meet up in any case
02:50:57amiller:this could address that scary problem where the 51% attacker on a sidechain can make a false transaction and take all the pegged bitcoins
02:51:14amiller:even simple limits like not too much taken in one day for example
02:51:24kanzure:andytoshi: okie dokie
02:51:44gmaxwell:amiller: yea sure, first time they were discussed in here I think that was mentioned. Also ... my coinwitness post bascially just takes about the form where you verify all their rules under a snark. Really for the vision of complete freedom in what you can do, you need to give that up (ignoring snark pixie dust).
02:52:21andytoshi:(also any other -wizards in austin should be aware that kanzure and i are, and can often be free to meet people)
02:52:36gmaxwell:one trade of there is that you have to expose a lot more data (Again, assuming no pixie dust) ... which ruins all the succinctness and any application around getting some scalablity gains.
02:52:38amiller:gmaxwell, i don't see how if you can't do all of them that means you shouldn't be able to do any of them
02:53:46gmaxwell:amiller: doing almost any of them immediately breaks succenctness.. so... :meh: plus the engineering to get it right is harder (I'm not opposed, just explaining why we didn't spend any space discussing that subset of designs in the paper... it would probably merit some more exploration)
02:55:04gmaxwell:goodnight... 6am to 8pm the next day.. wee..
02:55:07amiller:this all-or-nothing succinctness seems too hasty to me, seems like there might be a useful spectrum
02:55:24amiller:gmaxwell, i think your thing looks like cut-and-choose malicious-secure yao garbled circuits
03:07:47amiller:http://eprint.iacr.org/2010/284.pdf Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer
03:09:23amiller:oops i didn't mean that one http://link.springer.com/chapter/10.1007/978-3-540-72540-4_4#page-1 An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries
03:09:43kanzure:paperbot: http://link.springer.com/chapter/10.1007/978-3-540-72540-4_4#page-1
03:10:38paperbot:http://diyhpl.us/~bryan/papers2/paperbot/9dac56417e2ec6e8716ed3a3ce945f8d.txt
03:11:51Taek:nifty
03:12:15kanzure:doesn't always work, lacks omnipotence..
03:14:25Taek:my browser isn't rendering the page, just some html. Don't see the abstract either.
03:14:51kanzure:normally paperbot fetches a pdf, but dumps html into text when it fails as a half-way debug log. this means it doesn't have access.
03:15:40amiller:kanzure, deserves an archivist award of some kind.
03:15:52kanzure:anyway here we go http://diyhpl.us/~bryan/papers2/paperbot/An%20Efficient%20Protocol%20for%20Secure%20Two-Party%20Computation%20in%20the%20Presence%20of%20Malicious%20Adversaries.pdf
03:15:55amiller:like msot the time i find a paper on google scholar its a link to his site
03:16:10kanzure:unfortunately gmaxwell yet again has me beat on this subject haha
03:16:19BlueMatt:heh
03:23:52fanquake_:fanquake_ is now known as fanquake
03:28:44wyager:wyager has left #bitcoin-wizards
03:42:30kanzure:amiller: here's the rest of that conference-series-thing (still incoming, give it 20 minutes for the rest) http://diyhpl.us/~bryan/papers2/security/advances-in-cryptology/
03:44:39Luke-Jr:* Luke-Jr wonders if libblkmaker belongs on bitcoin.ninja impl list
04:07:58maclane:q
04:24:56maaku:maaku is now known as Guest6823
04:25:25lechuga_:how does minting work on the federated peg sidechain
04:25:36lechuga_:every1 is aware of the federations public keys and whatever they say goes?
04:27:01sipa:lechuga_: one way is just assigning 21M BTC in the sidechain to the federation (which is a multisig script, composed of the federation's keys)
04:27:25sipa:which then takes the position of all not-transferred bitcoins
04:30:50lechuga_:how will the nonce be provided to the federation
04:31:02sipa:TCP?
04:31:25sipa:or it is just part of the claim transaction you make to unlock the coins on the sidechain
04:31:52lechuga_:and that channel is out of scope?
04:33:23sipa:?
04:35:09lechuga_:i guess im asking what does the claim tx look like
04:37:40sipa:it's a transaction that takes coins from that 'stash' and transfers a part to you
04:37:53sipa:it's a completely normal transaction in case of that 21M preassignment
04:38:58lechuga_:from bitcoin to sidechain is a multisig p2sh tx but the keys have been deterministically adjusted by a nonce
04:39:05lechuga_:right?
04:39:12sipa:it's the same on the other side
04:39:36sipa:on the bitcoin side it's to the federation, on the sidechain it's from the federation
04:45:25lechuga_:and then how do they come back
04:46:20sipa:send to the federation on the sidechain, and take from the federation on the other side
04:47:23lechuga_:"take" means the federtion manually creates a bitcoin tx to your spk?
04:48:00sipa:or you do, and ask the federation to sign it for you
04:52:48lechuga_:but going to the sidechain the federation doesn't need to sign anything do they?
04:56:26btcwizkid:Sidechains: I'm not sure how blockstream etc get past the problems Peter Todd cited...
04:59:18lechuga_:isnt the risk of the federation colluding pretty high
05:00:11kanzure:wasn't there a non-federated proposal somewhere?
05:01:16lechuga_:that's OP_SIDECHAINPROOFVERIFY i think
05:04:03sipa:kanzure: well, our whitepaper...
05:06:03sipa:using a DMMS for securing transfers is what is proposed in the main body; using a federated peg instead is explained in an appendix
05:21:10lechuga_:sorry, had to reread 3.2
05:22:18Luke-Jr:lechuga_: risk of a 15-of-15 in different countries run by different entities would be low
05:22:52Luke-Jr:could go even lower if you split the keys..
05:23:15Luke-Jr:as long as all parties to key-parts are in the room observing the destruction of the PC generating it
05:23:24Luke-Jr:and there's no savant that can memorise it instantly
05:23:35lechuga_:lol
05:25:55sipa:15-of-15 has much higher risk for key loss than theft :p
05:26:19kanzure:Luke-Jr: man now you're going to make me try to memorize that sort of thing instantly
05:28:22Luke-Jr:sipa: beside the point XD
05:29:20sipa:just avoid all false sense of security and use 15-of-14, which is equivalent to 15-of-15 with one lost key
06:07:40zz_lnovy:zz_lnovy is now known as lnovy
06:10:13bbrittain_:bbrittain_ is now known as bbrittain
06:10:34Iriez:sidechain's sure have kicked the hornets nest
06:10:45Iriez:I've not seen dev's this picky at each other in quite some time.
06:10:53Iriez:* Iriez popcorn
06:15:51maaku:maaku is now known as Guest33913
06:17:20kinlo_:kinlo_ is now known as kinlo
06:21:58Guest33913:Guest33913 is now known as maaku
06:38:44BlueMatt:Iriez: huh?
07:10:37lechuga_:trying to understand what the special output is going to look lke
07:10:42lechuga_:like*
07:11:53lechuga_:and what the corresponding input looks like on the sidechain
08:05:15sendak.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:15sendak.freenode.net:Users on #bitcoin-wizards: andy-logbot Adlai paveljanik mmozeiko profreid Max_H3adr00m [7] austinhill1 Sangheili pen kinlo KingCoin erizo Alanius aburan28 a5m0_ iddo_ emsid Meeh sl01_ bbrittain poggy_ lnovy moa mapppum Greed Luke-Jr superobserver RoboTeddy btcwizkid Dr-G zoltron5 spinza fanquake warptangent paperbot c0rw1n_ mortale wiretapped devrandom Graftec phantomcircuit PaulCapestany DougieBot5000 andytoshi jgarzik Emcy Cory vmatekol_ tromp_ phedny myeagleflies
08:05:15sendak.freenode.net:Users on #bitcoin-wizards: JohnnyBitcoin devsaturn justanotheruser artifexd fenn dansmith_ d4de^^ Starsoccer spiftheninja waxwing dansmith_btc drawingthesun altoz arowser1 NikolaiToryzin Starduster [d__d] Nightw0lf samson_ nuke1989 Fistful_of_coins rfreeman_w LaptopZZ SDCDev OneFixt Grishnakh gnusha @ChanServ lechuga_ abc56889 throughnothing harrow fluffypony mr_burdell Apocalyptic so ahmed_ Gnosis Keefe pajarillo roasbeef ryan-c otoburb helo [Tristan] TD-Linux catcow
08:05:15sendak.freenode.net:Users on #bitcoin-wizards: danneu coryfields btc_ crescendo amiller Eliel zibbo_ jbenet mappum yoleaux firepacket jrayhawk_ Hunger-- Muis Kretchfoop tromp michagogo @gwillen BlueMatt smooth CodeShark digitalmagus BrainOverfl0w BigBitz petertodd bobke heath kumavis K1773R hguux dgenr8 _2539 kanzure Taek gmaxwell sipa pigeons [\\\] coryfields_ warren comboy [Derek] Iriez Krellan Dyaheon nsh livegnik berndj wumpus optimator_ LarsLarsen burcin nanotube HaltingState MRL-Relay
08:05:15sendak.freenode.net:Users on #bitcoin-wizards: gribble wizkid057 EasyAt zenojis tacotime Graet asoltys pi07r CryptOprah epscy espes__ Anduck artilectinc copumpkin hollandais midnightmagic Logicwax go1111111 SomeoneWeird napedia gavinandresen forrestv stonecoldpat weex_ Guest89609 HM_
08:09:26maaku:maaku is now known as Guest22397
08:10:43Guest22397:Guest22397 is now known as maaku
09:54:53justanotheruser:justanotheruser is now known as justanot1eruser
09:55:04justanot1eruser:justanot1eruser is now known as justanotheruser
10:24:53nsh:oh, there's an AMA
10:25:05nsh:"Update: Adam Back, Greg Maxwell, Pieter Wuille and the other authors of the sidechain paper will be conducting an AMA on Reddit, October 23, 2014 at 9:00 am PDT. Please join!"
10:25:36nsh:.date
10:25:39nsh:.time
10:25:54nsh:today then
10:27:09gandalf:does it make sense for a small dht to have a blockchain?
10:27:29gandalf:let's say a network has multiple dhts and each dht has a blockchain
10:27:53gandalf:in a case where very node must be kepet fully connected to another node in the dht
10:29:15nsh:gmaxwell had discussed (with cjd of cjdns) a DHT using a blockchain to control entry/membership as a DoS-prevention mechanism
10:29:25nsh:not sure of any other proposed hybrid systems
10:32:00gandalf:can snarks theoretically replace blockchains?
10:33:27gandalf:ethereum people made claims that decentralized autonomous corporations are the first step towards AI
10:34:04gandalf:but with the current speed for confirmations i don't think this will ever be the case.
10:38:08Luke-Jr:ugh, I should have slept
10:38:18Luke-Jr:gotta be up for 6+ more hours…
10:39:56justanotheruser:I don't see how DACs are a step towards AI, let alone the first
10:49:01Luke-Jr:https://gitorious.org/geneticchat <-- first was in 2009? :P jk
10:51:29nsh:heh
11:39:59kanzure:http://arxiv.org/pdf/1410.6079v1.pdf "It turns out that by exploiting a Bitcoin built-in reputation based DoS protection an attacker is able to force specific Bitcoin peers to ban Tor Exit nodes of her choice."
11:41:24kanzure:"a totally virtual Bitcoin reality" well that's one way of saying it
11:44:25kanzure:http://rjlipton.wordpress.com/2014/10/18/a-new-provable-factoring-algorithm/
11:44:25justanotheruser:interesting
11:44:40justanotheruser:re: blocking exit nodes
11:45:27justanotheruser:seems DoSing tor would be more expensive than blocking enough exit nodes from every client to partition the network
11:46:00justanotheruser:s/more/less
11:46:11kanzure:i suspect the more lucrative tor-related shennanigans will be inside the tor network itself, like correlating bitcoin traffic with tor traffic
12:20:58a5m0_:a5m0_ is now known as a5m0
15:04:11Nightw0lf:Nightw0lf is now known as Nightwolf
16:49:28mortale_:mortale_ is now known as mortale
16:50:18werxh2:werxh2 has left #bitcoin-wizards
17:37:47lechuga_:can any1 explain to me what the special output will look like?
17:38:05lechuga_:i feel like im being obtuse
17:39:06lechuga_:sidechains.pdf remins me of reading bitcoin.pdf prior to seeing any code
17:39:12lechuga_:reminds*
17:39:28zooko:Heh.
17:48:57helo:might it be ~optimal to have one main sidechain off of bitcoin directly that is designed to have sidechains branched off of it?
17:50:27helo:(in reference to adam's AMA post, "It needs a recursive sidechain because there are more constraining requirements to return peg to bitcoin main. By having a side-chain to return to it can have features to facilitate more advanced things.")
17:50:31Luke-Jr:helo: that's the plan at the moment
17:51:42helo:is blockstream geographically centralized?
18:26:16maaku:no
18:26:47maaku:lechuga_: there are many options for what the output would look like, which is why we didn't go into details
18:27:35kanzure:is there a way to preserve the current distribution of bitcoin in the blockchain on a sidechain, such that bitcoin would be locked on the sidechain from inception?
18:27:41lechuga_:maaku: thx. it would've helped my little brain to see one option maybe at the level of the appendix A detail
18:27:41kanzure:s/bitcoin/assets
18:27:46maaku:helo: we have people in five countries on two contenents
18:27:54kanzure:erm, i meant s/bitcoin would be locked/assets would be locked
18:27:57lechuga_:but i can appreciate this is maybe obvious for the intended audience of the whitepaper
18:28:54maaku:lechuga_: we had that in an earlier draft but were worried that people would latch onto it as our proposed structure, when it really was a just a toy example
18:29:07maaku:there's a lot of in-the-weeds details to be worked out for an actual output structure
18:29:15lechuga_:i live in weeds :)
18:29:22lechuga_:that's fair
18:29:30lechuga_:would've loved to see that toy example tho
18:31:01helo:kanzure: you mean a coinbase transaction to a sidechain?
18:31:07maaku:i think iirc it involved OP_SPV_PROOF_VERIFY, but one of the things to be worked out was the exact details of its parameters
18:31:27lechuga_:that's where i get hungup
18:31:47lechuga_:and because of that i feel like the paper describes roughly half of a design (which probably isn't fair to say)
18:32:44kanzure:helo: no. i mean something like "some way to import all bitcoin, but disable them, such that if the main chain loses hashpower over time, that people who were not awake during the transition to the sidechain, can safely recover their bitcoin later"
18:33:25kanzure:by which i mean, if the sidechain does not merge changes upstream into bitcoin itself
18:34:16Taek:maaku: if you had included an example in the whitepaper, I probably would have latched into it in a way that you didn't intend. So it's probably good that you left things vague.
18:34:38kanzure:hmm, my question is not specific enough
18:35:25helo:kanzure: i think that's possible
18:36:13helo:for example, a sidechain that used some form of lamport signature scheme would be a nice place to stash long-term bitcoin if you were afraid of quantum computing
18:36:25kanzure:that's not what i mean
18:37:14kanzure:specifically i mean to enumerate the scenarios where there might be a temporal proof lockout time, that may not have been originally intended, but that otherwise might happen, as a result of someone not waking up on the bitcoin blockchain and forming a proof to transfer into the sidechain.
18:38:51kanzure:i am still being vague i think.
18:39:21amiller:i received a comment from gun sirer (the cornell selfish mining professor) that "the paper is lovely but makes the quintessential mistake of saying: first david chaum invented ecash, then there was bitcoin" and nothing in between.
18:39:51kanzure:in terms of cypherpunk memory i think that's how people legitimately remember it :)
18:40:29amiller:i'm not really even sure what i'd prioritize adding to cover more ground in a short review.
18:40:32lechuga_:reading the paper and having that be your key-takeway seems odd
18:40:52kanzure:did he offer some references?
18:41:41amiller:let me see what sort of stuff he cites in selfish mining paper
18:43:11amiller:from majroity is not enough selfish mining paper "Decentralized digital currencies have been proposed before Bitcoin, starting with [11 chaum ecash] and followed by peer-to-peer currencies, e.g. [12 karma (gun sirers paper) ,13 PPay micrpyaments for p2p systems], and see [14 Zerocoin,4 Bitter to Better FC '12] for short surveys.
18:43:41kanzure:amiller: i should make a tool to expand silly "First Name, Last Name, Journal" citations into full citations with abstracts. because i've spent way too much time looking at a reference, only to later find out that i had read the paper before but only remembered the name. :(
18:43:49amiller:so... karma, ppay, i can imagine other examples might be like peppercoin and a few other things that basically never were proposed, may have had a startup around them, but never really took off.
18:44:07amiller:kanzure, indeed
18:44:12kanzure:ppay's architecture didn't seem very interesting to me. i only saw a few sentence review though.
18:44:30kanzure:ppay http://ilpubs.stanford.edu:8090/592/1/2003-31.pdf
18:45:41kanzure:"A broker is required ... [for] double spending protection" well why bother
19:07:24gmaxwell:funny wrt chaum, many of the people who reviewed and worked on the paper worked on earlier digital currency systems. We weren't trying to suggest they didn't exist... it was mostly showing the start and then the lack of success to point out that the decenteralization was an essential part.
19:25:17c0rw1n_:c0rw1n_ is now known as c0rw1n
19:35:10woah:So is the desire for sidechains primarily driven by people's existing Bitcoin monetary investments?
19:40:31kanzure:no, there are many security benefits to understanding why hashpower and scarcity tend to be concentrated on a single chain
19:42:16sipa:woah: the reasoning is that there is no need for multiple digital currencies with free-floating exchange between eachother, as sidechain allow us to have different technologies running the same currency
19:42:35woah:but what's wrong with a free-floating exchange rate?
19:42:49woah:i mean, you can get the mining benefits with aux-pow or merged mining
19:43:14woah:without messing with the exchange rates. seems people just want to lock in their btc investments
19:44:13sipa:how is having two currencies, which are technically completely identical, better than having one?
19:44:46poggy_:poggy_ is now known as poggy
19:44:50gavinandresen:(sarcasm on) : more money! Means we’re all richer! (sarcasm off)
19:44:54woah:currency is somewhat of an analog for power
19:45:10kanzure:woah: do you know why multiple pow chains doesn't work?
19:45:23kanzure:multiple non-merge-mined pow chains
19:45:29woah:why not?
19:46:03kanzure:assume that it doesn't for a moment. wouldn't you agree that's an example of a motivation not driven by bitcoin monetary investments?
19:46:43woah:yes, but the concept of PoW itself has huge problems
19:47:04woah:anyway, sorry, not trying to troll
19:47:08woah:i'll give it a rest
19:48:03amiller:i am starting to like thinking of other analogies for a sidechain, such as the treasury account of a corporation... the sidechain is the (digital autonomous etc) corporation and the bitcoins pegged into it are its funds
19:48:34amiller:the currency on the sidechain could be like the stocks of the corporation or like other instruments like the flyer miles etc
19:49:02amiller:the bitcoin reserve fund of the sidechain could be used to pay out dividends to the share holders at arbitrary times, it could be given out in a raffle, etc.
19:49:58amiller:there's no technical need to have some kind of units on the sidechain that represent transferable units of the reserve currency
19:50:19amiller:also: you could easily have a sidechain with multiple parents
19:50:27woah:hmm cool
19:50:44kanzure:yes clearly bitcoin is too simple and what we really need is a blockgraph
19:50:48woah:but the parents must be pegged to each other right?
19:50:49kanzure:(/sarc)
19:50:56amiller:the parents don't need to be pegged to each other at all no
19:51:53amiller:my dissenting opinion w.r.t. the whitepaper is conflating the mechanism (using spv-ish proofs to have one blockchain control funds on another blockchain) with one of many possible applications "2 way peg"
19:52:12sipa:amiller: sidechains vs pegged sidechains :)
19:52:22sipa:though admittedly we do not mention any other use cases
19:52:43amiller:sure... but the "technique" in the paper is referred to as "pegging" which i think is just slightly misleading
19:53:17amiller:sipa, the freicoin is a reasonable example but still basically involves "exchange rates" so i think it gets readers to assuming there's some kind of restriction that isn't actually technically there
19:54:35Dizzle__:Dizzle__ is now known as Dizzle
20:46:34anirgu:anirgu has left #bitcoin-wizards
20:54:49sl01_:is there a simple way to cryptograpically prove you control a certain # of bitcoins outputs at a block # w/o disclosing the addresses/outputs? is this the same thing or related to the proof of reserve stuff that some exchanges use?
20:55:46nsh:number or value?
20:55:48gwillen:sl01_: the proof of reserve stuff I've seen involves the exchange proving ownership of specific outputs (the thing that it doesn't reveal is the balances of the individual users)
20:56:03sl01_:nsh: number of (total) bitcoins
20:56:14nsh:* nsh nods
20:57:02sl01_:effectively proving to someone you hold a certain amt of value w/o people being able to start stalking/investigating/doxxing you
20:57:17gwillen:this is basically what zerocoin did (I'm not following what those folks are doing now)
20:57:20moa:sl01_: i think the exchanges are signing messages with the keys associated with addresses containing bitcoins ...
20:57:34nsh:* nsh thinks
20:57:36gwillen:you would lock some coins in exchange for a proof that you own a certian number of coins, without having to reveal which ones went in
20:59:16nsh:you could do through coinswaps
20:59:35nsh:but you'd need people to do it with, which decreases the utility
21:02:27nsh:*coinjoins
21:04:20sl01_:yea i mean if you have a way to mix that you can trust you can just sign w the actual outputs and then go mix them afterwards, effectively accomplishing the same goal, but i was wondering if there was an offline way to do it
21:05:18nsh:* nsh nods
21:05:31nsh:i don't think so but could be stupid
21:05:54nsh:well
21:06:33sl01_:i wonder what practical things could be accomplished with that other than anonymous bragging...
21:08:25nsh:even if you could, you'd only be demonstrating the ability to spend all the outputs at one point in time (which you can timestamp) but that's no guarantee some weren't spent immediately after
21:08:36sl01_:yea
21:08:50sl01_:that still says something
21:08:54nsh:right
21:13:53eyegore:eyegore has left #bitcoin-wizards
22:13:49petahash:hello
22:17:25amiller:'lo
22:22:14petahash:whats doing
22:37:28petahash:apparently something is happening tomorow with the SEC rumours?
22:50:20sl01_:petahash: tomorrow something is happening with the SEC, or with the SEC rumors (are they being modified)?
22:51:20petahash:these are rumours and stupid rumours if not true
22:51:49gmaxwell:petahash: probably the wrong channel for your questions.
22:52:06Taek:is there a blockstream related channel?
22:52:07gmaxwell:(but I have no clue what you're talking about but highly doubt they're related to this channel)
22:52:19petahash:thank you, i will change the topic
22:52:22gmaxwell:Taek: not currently.
22:59:41amiller:gmaxwell, did you look at that cut & choose yao garbled circuits paper that i think is the same as your simple secure computation thing
23:36:05IHB:I hope all is well guys. Is there a channel specifically related to the decentralized vs centralized debate in regards to bitcoin mining?
23:41:20nsh:IHB, probably here if it's theoretical
23:42:44nsh:there is #bitcoin-mining too, but i'd guess it's more practically orientated and perhaps a bit noisy
23:44:08IHB:yes it is. i am still fleshing out some thoughts. i have been reading lots of info and wanted to see if i could connect with someone who knows more than me on this topic. in no way am i a newbie to mining or how it works, i consulted at cointerra for a bit to actually get an insider look at how the sausage is made. i have a very strong opinion now and wanted reallt test my theory with someone. look for an expert on this topic wh
23:44:42kanzure:you are suffering from irc message length cutoff and should fix your client
23:47:56lechuga_:or fix your CR frequency
23:49:12IHB:i would rather keep them short. but of course will look into how to fix it if i really find the need to type more
23:59:16jgarzik:IHB, Just say your theory out loud :)