| 00:19:34 | Pasha: | Pasha is now known as Cory |
| 02:53:22 | [1]zmachine: | [1]zmachine is now known as zmachine |
| 03:12:18 | amiller: | i have a new implementation of nonoutsourceable puzzles using libsnark that's 1000x faster than with pinocchio |
| 03:12:33 | amiller: | could stealthily steal a block in under 15 seconds |
| 03:22:23 | petertodd: | amiller: +1 |
| 03:30:03 | Luke-Jr: | amiller: do you have a way to use libsnark with externally-provided input/code? |
| 03:30:22 | Luke-Jr: | (non-outsourcable puzzles isn't really useful AFAIK) |
| 03:30:49 | amiller: | bs |
| 03:31:05 | amiller: | i'd accept that with a qualified "yet" i guess :; |
| 03:31:08 | amiller: | :p |
| 03:31:37 | amiller: | Luke-Jr, do you mean, do we have a compiler that uses libsnark from some kind of higher-level input language? |
| 03:32:07 | Luke-Jr: | amiller: bytecode would be fine |
| 03:32:21 | Luke-Jr: | what are non-outsourcable puzzles useful for? |
| 03:32:27 | amiller: | libsnark already has a gadget library so you can kind of build snark routines from an embedded language |
| 03:33:24 | Luke-Jr: | amiller: I want to run SNARKs on systems without a compiler ;) |
| 03:33:46 | amiller: | luke-jr, the system chekcing snark proofs / proving snark proofs doesn't need a copmiler... |
| 03:34:33 | Luke-Jr: | checking isn't the side I'm interested in at the moment |
| 03:34:59 | Luke-Jr: | I'm thinking more like having BFGMiner generate SNARK results with signatures |
| 03:35:15 | amiller: | mm, okay |
| 03:35:30 | Luke-Jr: | ie, proof-of-any-kind-of-work |
| 03:35:56 | amiller: | okay, well, anyway, just en route to our new implementation we made a compiler from pinocchio circuits to libsnark |
| 03:36:27 | amiller: | so, you could use that as a preprocessor given an input circuit and you'd have an exe that just does the proofs you want. |
| 03:36:50 | Luke-Jr: | executing arbitrary x86 code isn't safe |
| 03:36:59 | amiller: | it's not arbitrary x86 code |
| 03:37:03 | Luke-Jr: | an EXE is |
| 03:38:23 | amiller: | look if i give you some source code for a snark system, you either a) have a compiler on your system (which you seemed opposed to) or b) you compile elsewhere and transfer the exe t your machine (which you also opposed) |
| 03:38:39 | amiller: | i think i just misunderstood what you were saying are your requirements |
| 03:39:40 | amiller: | i suddenly think i get it, you want to pass in an arbitrary snark descriptoin file or something but not have a C compiler on your machine |
| 03:39:54 | Luke-Jr: | amiller: or c) an interpretor that produces a result + signature by interpreting some kind of safe bytecode |
| 03:39:59 | Luke-Jr: | yes |
| 03:40:23 | amiller: | okay, sure, there's no obstacle to that, on the other hand we definitely haven't bothered with it. |
| 04:16:15 | amiller: | Luke-Jr, even weakly nonoutsourceable puzzles would severely break up mining pools, but people would still flock to hosted mining, now even more so |
| 04:16:42 | amiller: | Luke-Jr, strongly non-outsourceable puzzles are one part of a balanced breakfast that would disincentivize even cloud mining |
| 04:17:10 | Luke-Jr: | amiller: how so? |
| 04:17:23 | Luke-Jr: | non-outsourcable puzzles don't seem to have any possible effect on cloud mining |
| 04:18:14 | amiller: | i need to start with a couple of assumptions |
| 04:19:11 | Luke-Jr: | is one of them "people don't have recourse to a court of law"? |
| 04:19:12 | amiller: | assumption 1: user's don't *inherently* trust cloud providers, if there's a way for them to get away with ripping off the client undetected, then client's are suspicious they'd take it |
| 04:19:20 | amiller: | no, court of law is part of my attack model |
| 04:19:28 | amiller: | but you can only win in court if you have evidence |
| 04:20:00 | Luke-Jr: | assumption 1's second half is flawed: already cloud mining can rip off the client undetected and people use it |
| 04:20:28 | Luke-Jr: | amiller: evidence that can be acquired in part by subpoenas.. |
| 04:20:56 | amiller: | i think that there's a way to improve on the scenario here actually |
| 04:21:08 | amiller: | right now because mining is pretty low variance by cloud miner standards, |
| 04:21:21 | amiller: | clouds can basically offer people a fixed rate of return and it would be conspicuous if it underperformed |
| 04:21:45 | amiller: | even then i think it's pretty obvious they could get away with ripping people off and they still don't, so i do get your point. |
| 04:22:38 | amiller: | a) maybe this assumption will make more sense in the (hopefully) near future, or besides that on the other side of the dystopic apocalypse, after which everyone who's trusting like that gets fleeced. |
| 04:23:14 | Luke-Jr: | also, if you're not careful, you break peoples' ability to be reimbursed part of their expenses for mining |
| 04:23:39 | amiller: | b) i'm focusing on getting done what i can based on this assumption because it gives a foothold but it's nontrivial how to make use of it, otherwise i don't see any other lever to use |
| 04:23:50 | Luke-Jr: | which means only those who can buy a large enough % to reduce variance would buy it at all |
| 04:23:53 | amiller: | not giving up looking for other levers, asic resistant puzzles are a different lever i guess |
| 04:24:17 | amiller: | Luke-Jr, part of my solution is how to reduce payout variance without requiring a high % |
| 04:24:19 | Luke-Jr: | ASIC resistant puzzles are theoretically impossible |
| 04:24:34 | amiller: | Luke-Jr, link to impossibility theorem pls |
| 04:24:48 | Luke-Jr: | amiller: it's basically by definition |
| 04:24:48 | amiller: | Luke-Jr, anyway i don't wnt to talk about asic resistant puzzles tonight regardless |
| 04:24:59 | amiller: | Luke-Jr, all theorems are by definition |
| 04:25:24 | tromp_: | have you read my Cuckoo Cycle paper, Luke-Jr? |
| 04:26:00 | amiller: | Luke-Jr, anyway are you cool with assumption 1: for the sake of discussion.. |
| 04:26:17 | Luke-Jr: | ok, go on |
| 04:27:13 | Luke-Jr: | (actually, with assumption 1 I think it becomes more or less obvious it's useful/doable - the problem is assumption 1 :p) |
| 04:27:32 | amiller: | Luke-Jr, well no i don't think it's obvious at all |
| 04:27:45 | kyletorpey: | kyletorpey has left #bitcoin-wizards |
| 04:27:59 | amiller: | if you think so, lets swap and you can starting telling me how to solve it and i'll tell you why every lesser solution without snarks is flawed in some way :p |
| 04:28:36 | Luke-Jr: | lol, ok, better if you just continue since you've obviously given this more thought |
| 04:28:57 | amiller: | essentially, even though i want to assume there's no inherent trust, there is almost always (unless we engineer against it) some way that the server can make some arrangement where it gets caught if it tries to cheat. |
| 04:30:19 | amiller: | okay well, my solution relies on a couple further assumptions. |
| 04:31:01 | amiller: | assumption 2: people are in some cases (in sufficiently many cases which ill be more specific about later if this doesn't go off the rails immediately) willing to put money on negative-EV bets |
| 04:31:38 | amiller: | there's tons of empirical evidence that people do this, such as the market for state lotteries which generate billions of dollars in income annual |
| 04:32:21 | amiller: | it's clear that miners in many cases *end up* with a -EV proposition although it's more complicated because there's usually a temporal / prediction kind of thing |
| 04:34:02 | amiller: | one component of my solution is exploiting this by having a more complicated payout function with consolation prizes |
| 04:34:25 | amiller: | if you look at the lottery games that perform the best in the market, they have a variety of prize levels. |
| 04:34:55 | amiller: | you scratch off one ticket, and have a small chance of winning a large jackpot but also a much greater chance of winning some number of consolation prizes worth a lot less |
| 04:36:29 | Luke-Jr: | right |
| 04:38:25 | amiller: | so, i think there may be *some* set of plausible assumptions about how "the market" (the same market that is seduced into buying lottery tickets) responds to payoff functions, where you can have a good outcome by making the block reward have a few components, including a) a low-variance, high chance of winning, low value consolation prize, that's found very frequently like p2pool shares, and b) a very unlikely, high-value, high var |
| 04:38:26 | amiller: | iance, jackpot prize |
| 04:38:38 | amiller: | the overall EV of mining in this case would be skewed by the jackpot prize. |
| 04:39:42 | amiller: | the low-variance component would be set well enough that a large market of people would play this game (i.e., participate in mining) even though even though *overall* the reward is negative EV. |
| 04:40:35 | amiller: | the high variance component would be set high enough that 1) big mining companies would not be able just to promise people that they'd absorb all the risk from it |
| 04:44:09 | amiller: | therefore any 2) any mining service provider would have to pass on *some* of the uncertainty to its clients or else it would go broke, in which case 3) there would be credible suspicion that if the service provider got lucky, it would take the reward for itself and its members would only see the unlucky option. |
| 04:47:24 | Luke-Jr: | so the very-high-variance reward would need to be sufficiently low-variance that it's credible to believe the hoster could possibly find it in the first place |
| 04:56:34 | amiller: | Luke-Jr, yeah |
| 06:51:52 | spiftheninja: | new channel with a dogebot, msg me if you wanna idle :D will tip, cheers |
| 07:06:52 | Luke-Jr: | Luke-Jr has kicked spiftheninja from #bitcoin-wizards |
| 08:35:05 | MRL-Relay: | [smooth] wom1 |
| 09:05:17 | kornbluth.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 09:05:17 | kornbluth.freenode.net: | Users on #bitcoin-wizards: andy-logbot cbeams diametric jaekwon llllllllll damethos go1111111 Hunger- coiner TheSeven justanotheruser Grishnakh altoz adlai Transisto a5m0 Dr-G3 ryanxcharles copumpkin SDCDev asciilifeform mortale Cory prodatalab @ChanServ bitname fanquake hashtag_ coinheavy btcdrak grandmaster2 Aquent jgarzik epscy digitalmagus GAit nuke1989 PaulCapestany postpre shesek snorkl mkarrer burcin todaystomorrow Shiftos coutts Greed Qfwfq samson_ wizkid057 |
| 09:05:17 | kornbluth.freenode.net: | Users on #bitcoin-wizards: phantomcircuit OneFixt bosma kgk maaku tacotime arowser spinza Nightwolf HaltingState c0rw1n PRab paperbot Dyaheon bbrittain iambernie dansmith_btc zwischenzug luny NikolaiToryzin rasengan forrestv null_radix Luke-Jr Myagui nickler bobke_ warptangent mr_burdell Logicwax zibbo Meeh kanzure tromp_ ebfull SomeoneWeird Krellan tromp__ poggy pi07r_ sipa comboy_ mmozeiko lnovy Taek optimator_ [\\\] waxwing Guest39111 Apocalyptic throughnothing |
| 09:05:17 | kornbluth.freenode.net: | Users on #bitcoin-wizards: Pan0ram1x yoleaux petertodd crescendo CryptOprah Flyer33 AdrianG cfields kumavis sl01_ Fistful_of_Coins gmaxwell kinlo ahmed_ BlueMatt Starduster Emcy_ Baz__ doc321R K1773R so weex Anduck livegnik Graftec Alanius lclc_bnc GnarSith sneak [d__d] gnusha_ espes___ hguux_ btc_ jbenet michagogo BigBitz DoctorBTC SubCreative otoburb wumpus artifexd EasyAt starsoccer HM hollandais fluffypony fenn heath LarsLarsen jaromil helo Keefe Iriez Eliel |
| 09:05:17 | kornbluth.freenode.net: | Users on #bitcoin-wizards: jrayhawk iddo huseby phedny MRL-Relay berndj midnightmagic nsh Muis coryfields mappum andytoshi BrainOverfl0w fds4345 gazab warren gavinandresen pigeons nanotube asoltys gribble LaptopZZ Graet smooth @gwillen amiller danneu catcow TD-Linux [Tristan] ryan-c roasbeef Gnosis harrow abc56889 lechuga_ |
| 09:39:34 | lclc_bnc: | lclc_bnc is now known as lclc |
| 10:05:52 | bitname: | bitname is now known as BitName |
| 10:08:12 | BitName: | BitName is now known as bitname |
| 10:59:32 | SubCreative: | SubCreative is now known as Sub|zzz |
| 12:08:17 | HM: | Kinda sad when you're sat pondering the best capitalization of SECp256k1 |
| 12:08:54 | HM: | I guess all lowercase is used in the document itself, so i'll go with that |
| 12:14:19 | sipa: | that's what i use as well |
| 12:32:13 | HM: | hmm |
| 12:40:05 | HM: | blast |
| 15:27:34 | hashtagg_: | hashtagg_ is now known as hashtag |
| 15:34:22 | fenn: | hello skyraider |
| 15:35:00 | skyraider: | hi |
| 15:52:18 | andytoshi: | tp |
| 16:06:36 | spiftheninjaa: | spiftheninjaa is now known as spiftheninja |
| 16:31:05 | brand0: | brand0 has left #bitcoin-wizards |
| 17:28:32 | lclc: | lclc is now known as lclc_bnc |
| 17:34:20 | asciilifeform: | asciilifeform has left #bitcoin-wizards |
| 18:34:01 | kanzure: | http://diyhpl.us/~bryan/papers2/The%20physics%20of%20information%20processing%20superobjects%20-%20Anders%20Sandberg%20-%201999.pdf |
| 18:46:19 | grandmaster2: | grandmaster2 is now known as dansmith_btc2 |
| 18:51:13 | Taek: | gavinandresen: can you explain more about exponential subjective scoring? Isn't that dangerous to consensus, because newcomers will have a different scoring metric than existing nodes? |
| 18:53:36 | gavinandresen: | Taek: can’t get into it right now, busy with other things… ping me in a few days |
| 18:53:46 | Taek: | sure |
| 19:33:25 | orw: | orw is now known as xabbix |
| 20:03:07 | Sub|zzz: | Sub|zzz is now known as SubCreative |
| 20:05:42 | nsh: | context is: https://blog.ethereum.org/2014/10/03/slasher-ghost-developments-proof-stake/ ? |