00:19:34Pasha:Pasha is now known as Cory
02:53:22[1]zmachine:[1]zmachine is now known as zmachine
03:12:18amiller:i have a new implementation of nonoutsourceable puzzles using libsnark that's 1000x faster than with pinocchio
03:12:33amiller:could stealthily steal a block in under 15 seconds
03:22:23petertodd:amiller: +1
03:30:03Luke-Jr:amiller: do you have a way to use libsnark with externally-provided input/code?
03:30:22Luke-Jr:(non-outsourcable puzzles isn't really useful AFAIK)
03:31:05amiller:i'd accept that with a qualified "yet" i guess :;
03:31:37amiller:Luke-Jr, do you mean, do we have a compiler that uses libsnark from some kind of higher-level input language?
03:32:07Luke-Jr:amiller: bytecode would be fine
03:32:21Luke-Jr:what are non-outsourcable puzzles useful for?
03:32:27amiller:libsnark already has a gadget library so you can kind of build snark routines from an embedded language
03:33:24Luke-Jr:amiller: I want to run SNARKs on systems without a compiler ;)
03:33:46amiller:luke-jr, the system chekcing snark proofs / proving snark proofs doesn't need a copmiler...
03:34:33Luke-Jr:checking isn't the side I'm interested in at the moment
03:34:59Luke-Jr:I'm thinking more like having BFGMiner generate SNARK results with signatures
03:35:15amiller:mm, okay
03:35:30Luke-Jr:ie, proof-of-any-kind-of-work
03:35:56amiller:okay, well, anyway, just en route to our new implementation we made a compiler from pinocchio circuits to libsnark
03:36:27amiller:so, you could use that as a preprocessor given an input circuit and you'd have an exe that just does the proofs you want.
03:36:50Luke-Jr:executing arbitrary x86 code isn't safe
03:36:59amiller:it's not arbitrary x86 code
03:37:03Luke-Jr:an EXE is
03:38:23amiller:look if i give you some source code for a snark system, you either a) have a compiler on your system (which you seemed opposed to) or b) you compile elsewhere and transfer the exe t your machine (which you also opposed)
03:38:39amiller:i think i just misunderstood what you were saying are your requirements
03:39:40amiller:i suddenly think i get it, you want to pass in an arbitrary snark descriptoin file or something but not have a C compiler on your machine
03:39:54Luke-Jr:amiller: or c) an interpretor that produces a result + signature by interpreting some kind of safe bytecode
03:40:23amiller:okay, sure, there's no obstacle to that, on the other hand we definitely haven't bothered with it.
04:16:15amiller:Luke-Jr, even weakly nonoutsourceable puzzles would severely break up mining pools, but people would still flock to hosted mining, now even more so
04:16:42amiller:Luke-Jr, strongly non-outsourceable puzzles are one part of a balanced breakfast that would disincentivize even cloud mining
04:17:10Luke-Jr:amiller: how so?
04:17:23Luke-Jr:non-outsourcable puzzles don't seem to have any possible effect on cloud mining
04:18:14amiller:i need to start with a couple of assumptions
04:19:11Luke-Jr:is one of them "people don't have recourse to a court of law"?
04:19:12amiller:assumption 1: user's don't *inherently* trust cloud providers, if there's a way for them to get away with ripping off the client undetected, then client's are suspicious they'd take it
04:19:20amiller:no, court of law is part of my attack model
04:19:28amiller:but you can only win in court if you have evidence
04:20:00Luke-Jr:assumption 1's second half is flawed: already cloud mining can rip off the client undetected and people use it
04:20:28Luke-Jr:amiller: evidence that can be acquired in part by subpoenas..
04:20:56amiller:i think that there's a way to improve on the scenario here actually
04:21:08amiller:right now because mining is pretty low variance by cloud miner standards,
04:21:21amiller:clouds can basically offer people a fixed rate of return and it would be conspicuous if it underperformed
04:21:45amiller:even then i think it's pretty obvious they could get away with ripping people off and they still don't, so i do get your point.
04:22:38amiller:a) maybe this assumption will make more sense in the (hopefully) near future, or besides that on the other side of the dystopic apocalypse, after which everyone who's trusting like that gets fleeced.
04:23:14Luke-Jr:also, if you're not careful, you break peoples' ability to be reimbursed part of their expenses for mining
04:23:39amiller:b) i'm focusing on getting done what i can based on this assumption because it gives a foothold but it's nontrivial how to make use of it, otherwise i don't see any other lever to use
04:23:50Luke-Jr:which means only those who can buy a large enough % to reduce variance would buy it at all
04:23:53amiller:not giving up looking for other levers, asic resistant puzzles are a different lever i guess
04:24:17amiller:Luke-Jr, part of my solution is how to reduce payout variance without requiring a high %
04:24:19Luke-Jr:ASIC resistant puzzles are theoretically impossible
04:24:34amiller:Luke-Jr, link to impossibility theorem pls
04:24:48Luke-Jr:amiller: it's basically by definition
04:24:48amiller:Luke-Jr, anyway i don't wnt to talk about asic resistant puzzles tonight regardless
04:24:59amiller:Luke-Jr, all theorems are by definition
04:25:24tromp_:have you read my Cuckoo Cycle paper, Luke-Jr?
04:26:00amiller:Luke-Jr, anyway are you cool with assumption 1: for the sake of discussion..
04:26:17Luke-Jr:ok, go on
04:27:13Luke-Jr:(actually, with assumption 1 I think it becomes more or less obvious it's useful/doable - the problem is assumption 1 :p)
04:27:32amiller:Luke-Jr, well no i don't think it's obvious at all
04:27:45kyletorpey:kyletorpey has left #bitcoin-wizards
04:27:59amiller:if you think so, lets swap and you can starting telling me how to solve it and i'll tell you why every lesser solution without snarks is flawed in some way :p
04:28:36Luke-Jr:lol, ok, better if you just continue since you've obviously given this more thought
04:28:57amiller:essentially, even though i want to assume there's no inherent trust, there is almost always (unless we engineer against it) some way that the server can make some arrangement where it gets caught if it tries to cheat.
04:30:19amiller:okay well, my solution relies on a couple further assumptions.
04:31:01amiller:assumption 2: people are in some cases (in sufficiently many cases which ill be more specific about later if this doesn't go off the rails immediately) willing to put money on negative-EV bets
04:31:38amiller:there's tons of empirical evidence that people do this, such as the market for state lotteries which generate billions of dollars in income annual
04:32:21amiller:it's clear that miners in many cases *end up* with a -EV proposition although it's more complicated because there's usually a temporal / prediction kind of thing
04:34:02amiller:one component of my solution is exploiting this by having a more complicated payout function with consolation prizes
04:34:25amiller:if you look at the lottery games that perform the best in the market, they have a variety of prize levels.
04:34:55amiller:you scratch off one ticket, and have a small chance of winning a large jackpot but also a much greater chance of winning some number of consolation prizes worth a lot less
04:38:25amiller:so, i think there may be *some* set of plausible assumptions about how "the market" (the same market that is seduced into buying lottery tickets) responds to payoff functions, where you can have a good outcome by making the block reward have a few components, including a) a low-variance, high chance of winning, low value consolation prize, that's found very frequently like p2pool shares, and b) a very unlikely, high-value, high var
04:38:26amiller:iance, jackpot prize
04:38:38amiller:the overall EV of mining in this case would be skewed by the jackpot prize.
04:39:42amiller:the low-variance component would be set well enough that a large market of people would play this game (i.e., participate in mining) even though even though *overall* the reward is negative EV.
04:40:35amiller:the high variance component would be set high enough that 1) big mining companies would not be able just to promise people that they'd absorb all the risk from it
04:44:09amiller:therefore any 2) any mining service provider would have to pass on *some* of the uncertainty to its clients or else it would go broke, in which case 3) there would be credible suspicion that if the service provider got lucky, it would take the reward for itself and its members would only see the unlucky option.
04:47:24Luke-Jr:so the very-high-variance reward would need to be sufficiently low-variance that it's credible to believe the hoster could possibly find it in the first place
04:56:34amiller:Luke-Jr, yeah
06:51:52spiftheninja:new channel with a dogebot, msg me if you wanna idle :D will tip, cheers
07:06:52Luke-Jr:Luke-Jr has kicked spiftheninja from #bitcoin-wizards
08:35:05MRL-Relay:[smooth] wom1
09:05:17kornbluth.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
09:05:17kornbluth.freenode.net:Users on #bitcoin-wizards: andy-logbot cbeams diametric jaekwon llllllllll damethos go1111111 Hunger- coiner TheSeven justanotheruser Grishnakh altoz adlai Transisto a5m0 Dr-G3 ryanxcharles copumpkin SDCDev asciilifeform mortale Cory prodatalab @ChanServ bitname fanquake hashtag_ coinheavy btcdrak grandmaster2 Aquent jgarzik epscy digitalmagus GAit nuke1989 PaulCapestany postpre shesek snorkl mkarrer burcin todaystomorrow Shiftos coutts Greed Qfwfq samson_ wizkid057
09:05:17kornbluth.freenode.net:Users on #bitcoin-wizards: phantomcircuit OneFixt bosma kgk maaku tacotime arowser spinza Nightwolf HaltingState c0rw1n PRab paperbot Dyaheon bbrittain iambernie dansmith_btc zwischenzug luny NikolaiToryzin rasengan forrestv null_radix Luke-Jr Myagui nickler bobke_ warptangent mr_burdell Logicwax zibbo Meeh kanzure tromp_ ebfull SomeoneWeird Krellan tromp__ poggy pi07r_ sipa comboy_ mmozeiko lnovy Taek optimator_ [\\\] waxwing Guest39111 Apocalyptic throughnothing
09:05:17kornbluth.freenode.net:Users on #bitcoin-wizards: Pan0ram1x yoleaux petertodd crescendo CryptOprah Flyer33 AdrianG cfields kumavis sl01_ Fistful_of_Coins gmaxwell kinlo ahmed_ BlueMatt Starduster Emcy_ Baz__ doc321R K1773R so weex Anduck livegnik Graftec Alanius lclc_bnc GnarSith sneak [d__d] gnusha_ espes___ hguux_ btc_ jbenet michagogo BigBitz DoctorBTC SubCreative otoburb wumpus artifexd EasyAt starsoccer HM hollandais fluffypony fenn heath LarsLarsen jaromil helo Keefe Iriez Eliel
09:05:17kornbluth.freenode.net:Users on #bitcoin-wizards: jrayhawk iddo huseby phedny MRL-Relay berndj midnightmagic nsh Muis coryfields mappum andytoshi BrainOverfl0w fds4345 gazab warren gavinandresen pigeons nanotube asoltys gribble LaptopZZ Graet smooth @gwillen amiller danneu catcow TD-Linux [Tristan] ryan-c roasbeef Gnosis harrow abc56889 lechuga_
09:39:34lclc_bnc:lclc_bnc is now known as lclc
10:05:52bitname:bitname is now known as BitName
10:08:12BitName:BitName is now known as bitname
10:59:32SubCreative:SubCreative is now known as Sub|zzz
12:08:17HM:Kinda sad when you're sat pondering the best capitalization of SECp256k1
12:08:54HM:I guess all lowercase is used in the document itself, so i'll go with that
12:14:19sipa:that's what i use as well
15:27:34hashtagg_:hashtagg_ is now known as hashtag
15:34:22fenn:hello skyraider
16:06:36spiftheninjaa:spiftheninjaa is now known as spiftheninja
16:31:05brand0:brand0 has left #bitcoin-wizards
17:28:32lclc:lclc is now known as lclc_bnc
17:34:20asciilifeform:asciilifeform has left #bitcoin-wizards
18:46:19grandmaster2:grandmaster2 is now known as dansmith_btc2
18:51:13Taek:gavinandresen: can you explain more about exponential subjective scoring? Isn't that dangerous to consensus, because newcomers will have a different scoring metric than existing nodes?
18:53:36gavinandresen:Taek: can’t get into it right now, busy with other things… ping me in a few days
19:33:25orw:orw is now known as xabbix
20:03:07Sub|zzz:Sub|zzz is now known as SubCreative
20:05:42nsh:context is: https://blog.ethereum.org/2014/10/03/slasher-ghost-developments-proof-stake/ ?