| 00:11:32 | lclc: | lclc is now known as lclc_bnc |
| 00:14:50 | rusty: | maaku: you seem like the person to ask about UTXO commitment trees... what topology is best for the trees? |
| 00:17:28 | rusty: | (I want to cover them in my linux.conf.au talk subtitled "What I should have done in pettycoin"...) |
| 02:34:09 | irc.freenode.net: | Disconnected from irc.freenode.net (ERROR :Closing Link: wpsoftware.net (Ping timeout: 264 seconds)) |
| 02:35:22 | tepper.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 02:35:22 | tepper.freenode.net: | Users on #bitcoin-wizards: andy-logbot_1 e1782d11df4c9914 jaromil_ smk_ jbenet_ poggy_ petertod1 Apocalyptic_ Guest62994 Meeh_ harrow` tromp__ soundx hashtagg belcher rusty ebfull Starduster_ koshii NewLiberty hashtagg_ adlai shesek wiz_ todays_tomorrow atgreen prodatalab Guest18195 PaulCapestany Tjopper bit2017 coiner tromp cluckj Emcy adam3us Quanttek fanquake samson_ andy-logbot DougieBot5000_ waxwing helo catlasshrugged copumpkin Aquent Dr-G2 v3Rve tlrobinson |
| 02:35:22 | tepper.freenode.net: | Users on #bitcoin-wizards: OneFixt jgarzik c0rw1n luny midnightmagic spinza devrandom Shiftos espes__ _Iriez fluffypony hollandais ryanxcharles Cory epscy thrasher` HaltingState butters smk nickler Logicwax lnovy ahmed_ sl01_ gavinandresen SubCreative warren Krellan fenn LarsLarsen jchp mkarrer pi07r phantomcircuit mr_burdell Graet optimator kanzure gribble MRL-Relay maaku wizkid057 mortale Luke-Jr Graftec tromp_ bobke rfreeman_w huseby [d__d] BananaLotus amiller |
| 02:35:22 | tepper.freenode.net: | Users on #bitcoin-wizards: harrow artifexd iambernie nuke1989 kumavis Greed Guest2104 nsh coryfields bsm117532 BigBitz coutts BlueMatt cfields Anduck jaromil Eliel nanotube hguux_ AdrianG jbenet digitalmagus gwillen CryptOprah btc__ wumpus stonecoldpat eric dansmith_btc toddf heath go1111111 bbrittain DoctorBTC Apocalyptic EasyAt null_radix starsoccer danneu catcow TD-Linux ryan-c roasbeef smooth mmozeiko Alanius JonTitor asoltys_ K1773R a5m0 @ChanServ Meeh comboy |
| 02:35:22 | tepper.freenode.net: | Users on #bitcoin-wizards: btcdrak eordano Nightwolf gmaxwell pigeons andytoshi lechuga_ warptangent Fistful_of_Coins HM2 Guest38445 iddo kinlo azariah yoleaux s1w sneak harrigan sipa livegnik burcin poggy Taek throughnothing petertodd crescendo so Keefe phedny BrainOverfl0w Baz__ Muis mappum michagogo [\\\] NikolaiToryzin isis lclc_bnc morcos |
| 02:41:26 | Guest62994: | tromp_: http://news.gmane.org/gmane.comp.security.phc |
| 02:42:59 | Guest62994: | Guest62994 is now known as gmaxwell |
| 02:49:20 | Apocalyptic_: | Apocalyptic_ is now known as Apocalyptic |
| 02:51:07 | jbenet_: | jbenet_ is now known as jbenet |
| 02:52:23 | smk_: | smk_ is now known as smk |
| 03:10:24 | omni: | omni is now known as Guest55861 |
| 07:10:17 | maaku: | rusty: any balanced tree would work, but PATRICIA tries have particularly good properties |
| 07:12:59 | maaku: | rusty: see the motivation section of this : https://gist.github.com/maaku/2aed2cb628024800044d |
| 07:16:34 | maaku: | rusty: actually one of the desireable requirements for a UTXO data structure not listed there is that final tree state does not depend on its history |
| 07:17:12 | maaku: | e.g. a red-black tree will always be balanced, but its specific structure depends on the order items were inserted and deleted |
| 07:18:14 | maaku: | i probably don't have to explain why it would be nice that any node can get the same merkle root from just the current UTXO yset, without having to replay the entire block chain histor |
| 08:52:51 | lclc_bnc: | lclc_bnc is now known as lclc |
| 08:55:36 | rusty: | maaku: thanks... |
| 08:55:37 | rusty: | rusty has left #bitcoin-wizards |
| 09:05:14 | rajaniemi.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 09:05:14 | rajaniemi.freenode.net: | Users on #bitcoin-wizards: andy-logbot NewLiberty cbeams bit2017 coiner paveljanik Transisto koshii fanquake e1782d11df4c9914 Aquent tacotime catlasshrugged nuke1989 Guest55861 jaromil_ smk jbenet poggy_ petertod1 Apocalyptic gmaxwell Meeh_ harrow` tromp__ hashtagg Starduster_ hashtagg_ adlai shesek wiz_ atgreen prodatalab Guest18195 PaulCapestany Tjopper tromp cluckj Emcy adam3us samson_ DougieBot5000_ waxwing helo copumpkin v3Rve tlrobinson OneFixt jgarzik c0rw1n |
| 09:05:14 | rajaniemi.freenode.net: | Users on #bitcoin-wizards: luny midnightmagic spinza devrandom Shiftos espes__ _Iriez fluffypony hollandais ryanxcharles Cory epscy thrasher` HaltingState butters nickler Logicwax lnovy ahmed_ sl01_ gavinandresen SubCreative warren Krellan fenn LarsLarsen jchp mkarrer pi07r phantomcircuit mr_burdell Graet optimator morcos lclc isis NikolaiToryzin [\\\] michagogo mappum Muis Baz__ kanzure gribble MRL-Relay maaku wizkid057 mortale Luke-Jr Graftec bobke rfreeman_w huseby |
| 09:05:14 | rajaniemi.freenode.net: | Users on #bitcoin-wizards: [d__d] BananaLotus amiller artifexd iambernie kumavis Greed Guest2104 nsh coryfields bsm117532 BigBitz coutts BlueMatt Eliel nanotube hguux_ cfields Anduck AdrianG digitalmagus gwillen CryptOprah btc__ wumpus stonecoldpat eric dansmith_btc toddf heath go1111111 bbrittain DoctorBTC EasyAt null_radix starsoccer danneu catcow TD-Linux ryan-c roasbeef smooth mmozeiko Alanius JonTitor asoltys_ K1773R a5m0 @ChanServ comboy btcdrak eordano |
| 09:05:14 | rajaniemi.freenode.net: | Users on #bitcoin-wizards: Nightwolf pigeons andytoshi lechuga_ warptangent Fistful_of_Coins HM2 Guest38445 iddo kinlo azariah yoleaux s1w sneak harrigan sipa livegnik burcin Taek throughnothing crescendo so Keefe phedny BrainOverfl0w |
| 09:20:12 | lclc: | lclc is now known as lclc_bnc |
| 09:23:39 | gmaxwell: | FKING@#*($*(@# INTERNET CRYPTOGRAPHY |
| 09:24:39 | gmaxwell: | (sorry for the outburst, I was using a found on the internet implementation of PIR ... and had spent some time creating a high performance version of it when I completely broke the cryptosystem.) |
| 09:42:59 | lclc_bnc: | lclc_bnc is now known as lclc |
| 10:01:57 | op_corn: | gmaxwell: sounds dangerous to have you around the office. "god damn it, greg slipped and factored all the primes I left in the tea room". |
| 10:53:47 | Profreid_: | Profreid_ is now known as Profreid |
| 10:55:36 | _Iriez: | _Iriez is now known as Iriez |
| 11:08:15 | lclc: | lclc is now known as lclc_bnc |
| 11:27:51 | nsh: | * nsh chuckles |
| 11:28:06 | nsh: | gmaxwell, how did you break it, out of curiosity? |
| 11:49:26 | lclc_bnc: | lclc_bnc is now known as lclc |
| 12:04:17 | lclc: | lclc is now known as lclc_bnc |
| 13:13:56 | Guyver2: | Guyver2 has left #bitcoin-wizards |
| 14:21:47 | fanquake: | fanquake has left #bitcoin-wizards |
| 14:23:33 | jgarzik: | atgreen, Glad to see moxie getting some attention :) |
| 14:23:36 | jgarzik: | merged |
| 14:57:59 | atgreen`: | jgarzik: I'm going to make one backwards incompatible change soon: shorten load/store offsets to 16 bits. 32-bits is just a waste. I'll submit patches to the tools, cores and moxiebox simultaneously. |
| 14:58:08 | atgreen`: | atgreen` is now known as atgreen |
| 14:58:36 | jgarzik: | atgreen, sure. backwards incompat changes are fine for moxiebox at this stage. I'm all for it. |
| 15:09:22 | gmaxwell: | nsh: By taking a shower? (usual method of breaking cryptosystems) |
| 15:09:52 | gmaxwell: | I've fixed it, I think. Though I also found a second less serious flaw that I haven't fixed yet. |
| 15:11:43 | wiz_: | wiz_ is now known as wiz |
| 15:24:24 | atgreen: | jgarzik: one more PR for you |
| 15:27:26 | gmaxwell: | atgreen: spiffy! |
| 15:29:54 | wallet42: | wallet42 is now known as Guest82061 |
| 15:29:54 | wallet421: | wallet421 is now known as wallet42 |
| 15:30:34 | jgarzik: | atgreen, Does that require a toolchain update? |
| 15:30:41 | jgarzik: | locally, for me, I mean. |
| 15:31:05 | jgarzik: | On deck for the new year is crypto instructions for moxiebox. |
| 15:31:28 | jgarzik: | I haven't figured out a good cost metric for that yet. Version 1 will probably just do something dumb like "cycles += 100000". |
| 15:31:36 | gmaxwell: | "accelerators" |
| 15:32:01 | jgarzik: | indeed |
| 15:32:26 | gmaxwell: | I'd assume the cyclecount would part of the function prototype? |
| 15:32:53 | sipa: | a virtual machine with EC points and scalars as special registers would be nice :) |
| 15:33:04 | gmaxwell: | hah |
| 15:33:05 | jgarzik: | gmaxwell, It can be, sure. The main thing is getting the proportions correct |
| 15:33:30 | jgarzik: | the calling convention is easy |
| 15:35:06 | sipa: | gmaxwell: if they're special registers, they can have implicit jacobian coordinates etc |
| 15:35:39 | atgreen: | jgarzik: yes, you'll need to update the tools. |
| 15:35:49 | jgarzik: | atgreen, OK. |
| 15:35:57 | gmaxwell: | one thing I've noticed is how much gain you can get from having lower level access. E.g. the PIR thing that I'm working on is massively sped up by being able to do the polynominal interpolation as a multi-exp. |
| 15:36:00 | atgreen: | I should host some pre-built toolchains. jgarzik , gmaxwell : you are both ubuntu users, right? |
| 15:36:44 | gmaxwell: | atgreen: no, gentoo+fedora. |
| 15:36:53 | jgarzik: | atgreen, Former Fedora user, who would love to return to Fedora if I didn't have to suffer so much for license purity. |
| 15:36:58 | jgarzik: | atgreen, tl;dr yes Ubuntu :) |
| 15:37:07 | atgreen: | ok, so everything :( |
| 15:37:34 | atgreen: | we can hack the moxiebox configury to test for the right tools versions. |
| 15:37:42 | atgreen: | stepping away from keyboard for a while... |
| 15:37:53 | gmaxwell: | atgreen: well don't go making prebuilt tools for _my_ sake. most other people are ubuntu. I'm perfectly capable of building my own tools (and run GCC svn pretty frequently) |
| 15:38:23 | atgreen: | not just for you. Iwas going to do it for regular moxie-rtems anyway. |
| 15:38:48 | jgarzik: | atgreen, Bitcoin users seem to prefer Ubuntu, based on anecdotal observation |
| 15:39:02 | jgarzik: | as it includes ECDSA libs that others such as Fedora exclude |
| 15:39:28 | sipa: | not much longer shall such a requirement exist! |
| 15:41:55 | lclc_bnc: | lclc_bnc is now known as lclc |
| 15:42:00 | gmaxwell: | sipa: shadow jacobian can be done without registers. You make it so accelerators can allocate memory in special accelerator only 'segments'. Then you can point=secp256k1_new_point(); And it's just an opaque pointer. |
| 15:42:44 | sipa: | right, sure |
| 15:42:59 | sipa: | it's more about having special data type, and operators and extract and construct |
| 15:43:30 | sipa: | separate registers is useful as can hide implementation details better, and might be better fit in term of memory allocation for them etc |
| 15:44:40 | gmaxwell: | sipa: even if you want it to be like registers it can be point=secp256k1_new_point(int special_point_register_idx); and just have the range defined by the accelerator api. |
| 15:59:14 | lclc: | lclc is now known as lclc_bnc |
| 16:38:41 | gmaxwell: | atgreen: As a random aside, have you seen tinyram? http://www.scipr-lab.org/doc/TinyRAM-spec-0.991.pdf it's a very simple risc designed to have a maximally small arithemetic circuit to verify that a transcript of execution was correct. Because the proof enviroments its targeted for are so slow they did care a fair bit about program size, and one of their papers has benchmarks vs x86/arm/avr |
| 16:38:47 | gmaxwell: | https://eprint.iacr.org/2013/507.pdf (page 12) |
| 17:43:27 | atgreen: | gmaxwell: thanks! I'll read it. |
| 18:26:17 | Guyver2: | Guyver2 has left #bitcoin-wizards |
| 22:11:48 | NewLiberty: | NewLiberty is now known as NewLiberty-afk |
| 22:24:48 | lclc_bnc: | lclc_bnc is now known as lclc |
| 23:11:09 | lclc: | lclc is now known as lclc_bnc |
| 23:46:01 | luny`: | luny` is now known as luny |