00:00:09amiller:ill be there tomorrow night
00:01:16tromp__:are you attending the workshop only, or register for FC as well?
00:53:31sipa:the workshop is at the end, right?
00:54:51gavinandresen:sipa: yup. Schedule is online at http://fc15.ifca.ai/schedule
01:06:10zooko:andytoshi: looking forward to meeting you IRL!
01:06:18zooko:amiller: looking forward to seeing you. ☺
01:15:21nsh:.py import random; print "Cryptogeddon? %.2f%% https://mjos.fi/doc/gavekort_kale.pdf" % ( 100 * random.random() )
01:15:21yoleaux:Cryptogeddon? 22.96% https://mjos.fi/doc/gavekort_kale.pdf
01:17:35op_mul:nsh: does that bot execute whatever python you give to it? ._.
01:18:33nsh:google app engine executes a subset of python :)
01:19:10gmaxwell:zomg sipa is an agent of The Catholic Church!
01:20:00zooko:Will do.
01:20:02nsh:who isn't these days...
01:20:06op_mul:.py import time; print "Goodnight!"; time.sleep(1800);
01:20:39yoleaux:op_mul: Sorry, that command (.py) took too long to process.
01:21:02zooko:wrong chan
01:23:38gmaxwell:nsh: this paper is awesome!
01:24:14gmaxwell:Courtois has competition.
01:24:41sipa:He's mentioned.
01:25:00sipa:That probably means he was an anonymous reviewer, who pointed out some related work.
01:26:53nsh:* nsh nods
01:29:36gmaxwell:sipa: I have discovered a novel weakness in AES! It uses numbers! as you may know, all past digital cryptosystems which have been compromised also used numbers.
01:31:57sipa:Also, the paper that introduced Rijndael, the name of the system that got promoted to AES, in its physical form depended on a DHMO-extraction process for construction.
01:32:26gmaxwell:sipa: I suspect he also did the paper's illustrations, (see also: http://www.cryptosystem.net/aes/ )
01:35:36nsh:"The rest of the confusion stems from not being sure the attack actually works." -- https://www.schneier.com/crypto-gram/archives/2002/0915.html#1
02:16:22bbrittain_:bbrittain_ is now known as bbrittain
02:16:51mr_burdell:mr_burdell is now known as Guest97527
02:18:19Pasha:Pasha is now known as Cory
02:19:23s1w:s1w is now known as Guest40337
02:35:18_Iriez:_Iriez is now known as Iriez
02:40:57phantomcircuit:.py import hashlib; print hashlib.sha256(hashlib.sha256("A"*80).digest()).hexdigest()
02:41:09phantomcircuit:i think we all know where this is going
02:41:25op_mul:phantomcircuit: there's a timeout though :(
02:41:41phantomcircuit:.py import time;time.sleep(600)
02:41:45phantomcircuit:lets see what it is
02:42:11yoleaux:phantomcircuit: Sorry, that command (.py) took too long to process.
02:42:39phantomcircuit:30 seconds
02:42:44phantomcircuit:.py import time;time.sleep(29);print "done"
02:44:45grubles_:grubles_ is now known as Guest84717
02:49:31K1773R_:K1773R_ is now known as K1773R
02:49:33forrestv_:forrestv_ is now known as forrestv
02:49:39TD--Linux:TD--Linux is now known as TD-Linux
03:06:27jcorgan_:jcorgan_ is now known as jcorgan
03:31:26luke-jr_:luke-jr_ is now known as Luke-Jr
03:33:07mr_burdell_:mr_burdell_ is now known as mr_burdell
03:33:12therealnanotube:therealnanotube is now known as nanotube
03:33:58mr_burdell:mr_burdell is now known as Guest29794
03:45:12coryfields:coryfields is now known as cfields
03:49:58Guest84717:Guest84717 is now known as grubles
03:55:32le_killer-:le_killer- is now known as le_killer
04:12:40nuke_:nuke_ is now known as nuke1989
04:18:05mr_burdell_:mr_burdell_ is now known as mr_burdell
04:18:54mr_burdell:mr_burdell is now known as Guest48054
04:48:05Guest40337:Guest40337 is now known as s1w
06:50:00Keefe_:Keefe_ is now known as Keefe
08:38:26lclc_bnc:lclc_bnc is now known as lclc
09:05:15hitchcock.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
09:05:15hitchcock.freenode.net:Users on #bitcoin-wizards: andy-logbot siraj moa Mably Guyver2 p15__ kobud jb55 nuke1989 koshii ryanxcharles TheSeven nubbins` CodeShark e1782d11df4c9914 contrapumpkin GAit epscy_ Aesthetic EasyAt_ jaromil Tjopper1 GibsonA bit2017 Guest48054 platinuum Oizopower jbenet_ mappum dasource brand0 davout NikolaiToryzin nsh jcorgan forrestv amiller_ TD-Linux K1773R midnightmagic_ cfields Dyaheon sdaftuar_ bobke__ o3u Anduck_ espes___ Eliel_ grubles Luke-Jr PFate_ Emcy luny`
09:05:15hitchcock.freenode.net:Users on #bitcoin-wizards: d1ggy__ MoALTz_ morcos le_killer Dr-G3 so phedny veox nanotube Iriez HM2 s1w [d__d] stonecoldpat Keefe gavinand1esen Meeh_ sl01_ Cory bbrittain xabbix_ tacotime__ petertod1 RoboTeddy PaulCapestany Guest1850 justanotheruser hashtag op_mul nullbyte CryptOprah artifexd bsm117532 dgenr8 Guest99326 Muis mortale grandmaster devrandom Starduster Adlai HaltingState DougieBot5000 delll go1111111 mkarrer binaryatrocity cryptowest paveljanik kumavis
09:05:15hitchcock.freenode.net:Users on #bitcoin-wizards: [\\\] fanquake bosma PRab_ v3Rve spinza Hunger- jgarzik Graftec BananaLotus gmaxwell tromp__ qwopqwop_ roasbeef_ DoctorBTC jaekwon catcow nick1234abcd__ btc___ sipa bepo smooth starsoccer huseby iddo @ChanServ Xzibit17 Alanius null_radix ryan-c ajweiss wizkid057 hollandais warren otoburb ahmed_ phantomcircuit gribble lechuga_ Apocalyptic michagogo kinlo andytoshi gwillen gnusha burcin a5m0 btcdrak sneak wumpus BrainOverfl0w hguux_ yoleaux
09:05:15hitchcock.freenode.net:Users on #bitcoin-wizards: lnovy tromp_ SubCreative deego warptangent d9b4bef9 berndj crescend1 Taek azariah eric BlueMatt livegnik isis asoltys_ LarsLarsen Krellan pigeons catlasshrugged fluffypony kanzure heath poggy lclc dansmith_btc JonTitor yrashk fenn Adrian_G nickler_ throughnothing helo Graet brad___ harrow` coryfields_ wiz earlz optimator_ MRL-Relay comboy_
09:15:52lclc:lclc is now known as lclc_bnc
09:51:38lclc_bnc:lclc_bnc is now known as lclc
10:25:51lclc:lclc is now known as lclc_bnc
10:47:00op_mul:coincidentally something I've been working on as well, though I was a lot behind what Nicholas was up to. the general gist is that you can recover private keys from a Bitcoin Trezor using just power analysis during signing.
10:48:06op_mul:and, thanks to the way the trezor is set up, a hardware intercept can capture the BIP32 master public key, recover a private key, and then compromise the master private key as well.
10:51:11fluffypony:glitching ftw
10:51:31fluffypony:Ledger seem to be on the ball with that, from a design perspective
10:51:43op_mul:well. the timing attack is more interesting to me.
10:53:56op_mul:the attack I was hopeful about was using the sound card of the computer the trezor was connected to to capture the CPU noise from the trezor. sadly USB seems to be isolated enough on all the boxes I tried that this doesn't work. if you hardwire your USB port to your sound card it's all good, but that's a bit of a stretch.
10:55:15fluffypony:could've been a fun attack
10:55:19op_mul:(if you're curious, it sounds like this when you wire a trezor to your sound card and sign 3 transactions with it http://a.pomf.se/ztwqbw.wav )
10:55:50fluffypony:this is that wav that has the high pitched sound that causes dogs to go into rabid attack mode, right?
10:56:26op_mul:er, the high pitched sound in that isn't that high, and it's just the linear regulator.
10:56:59fluffypony:I kid
10:58:39op_mul:the fun with the trezor goes further than that, too. with a software radio you can record transactions being signed on a trezor from several meters away.
11:04:48Anduck_:Anduck_ is now known as Anduck
11:28:50op_mul:for that last one I couldn't really see the ultilty in exploring it further, especially as to use it in any sort of realistic circumstance. for the power stuff I intend to test libsecp256k using the same hardware setup and see how it goes.
11:30:10op_mul:.. realistic circumstance you would need a second vector of attack.
11:30:14op_mul:I can't english.
13:02:59luny`:luny` is now known as luny
14:36:58gmaxwell:op_mul: well I'm very interested; right now I have no way to tell if efforts like https://github.com/bitcoin/secp256k1/pull/190 help against power analysis (libsecp256k1 is constant time on normal hardware but almost certantly not constant power); it might even hurt, but its unlikely.
14:38:49gmaxwell:it's basically free to do, so 'why not'; though there are other enhancements that are less free (e.g. point blinding prevents keeping the static tables in rom, since they get fully randomized) ... so it would be really useful to know if they help.
16:00:06PFate_:PFate_ is now known as PFate
16:25:22midnightmagic_:midnightmagic_ is now known as midnightmagic
16:31:16d1ggy__:d1ggy__ is now known as d1ggy
17:00:17o3u:o3u is now known as Fistful_of_Coins
17:15:26K1773R_:K1773R_ is now known as K1773R
17:15:50brand0-:brand0- is now known as brand0
17:16:38stqism_:stqism_ is now known as NikolaiToryzin
18:43:57lclc_bnc:lclc_bnc is now known as lclc
18:47:52amiller_:amiller_ is now known as amiller
19:15:53anapumpkin:anapumpkin is now known as copumpkin
19:20:43contrapumpkin:contrapumpkin is now known as copumpkin
19:32:31o3u:o3u is now known as Fistful_of_Coins
19:32:47xabbix_:xabbix_ is now known as xabbix
19:38:49sipa:people attending fc15: when are you getting here?
19:39:11sipa:ping andytoshi, gavinand1esen, tromp__, ..
19:39:18kanzure:just be sure to drop notes for us irc dwellers
19:39:36andytoshi:sipa: i land 11:03PM. i'm not an american so i think i have to go through customs (but that should be quick, i'm not working and i'm not carrying anything funny)
19:39:46sipa:amiller: ^
19:39:55gmaxwell:andytoshi: are you flying from the US?
19:40:12andytoshi:gmaxwell: yes, from austin. but according to dhs (forget the link sorry) i still have to pass customs
19:40:13amiller:sipa, i'm here, you all still at the other hotel?
19:40:24sipa:amiller: maybe customs, but not immigration
19:40:29sipa:or is that the same?
19:40:34gmaxwell:andytoshi: I don't know how thats physically possible. :)
19:40:35sipa:amiller: we're at the airport hotel
19:40:35andytoshi:sipa: i think it's the same
19:41:00andytoshi:gmaxwell: hmm :) ok, i bet they give me the declaration slip on the plane and just collect it as i'm leaving, no actual interview
19:41:01amiller:hm, not carrying anything suspicious? that's suspcious
19:41:17kanzure:amiller: more specifically, knowing what is and is not suspicious, is itself suspicious
19:41:19sipa:andytoshi: pretty sure it's a domestic flight, and you never left the US
19:41:34andytoshi:sipa: when flying between canada and US, at the customs gate they ask me why i'm travelling etc and demand my school papers..
19:41:42kanzure:that i not domestic
19:41:49andytoshi:sipa: ...that's correct, but PR is a US territory not a state, so non-US citizens still need to pass through customs
19:41:51sipa:andytoshi: that's because you're entering the US
19:41:51amiller:well im gonna swim and then hopefully see some of you at the reception :)
19:42:11sipa:andytoshi: it definitely was a domestic flight for us, with 0 security after leaving the plane
19:42:23gmaxwell:andytoshi: well what you're saying is incompatible with our expirence (as well as mine coming here last time)
19:42:23sipa:amiller: you're also at the airport hotel?
19:43:44andytoshi:cool sipa, gmaxwell, i'm just going by some webpage my dad found ... i'm sure you guys are correct. (maybe returning will be a different story? i've had them single me out even on domestic flights for passport checks etc since i'm foreign)
19:44:05sipa:there are still security checks for entering the plane
19:44:11sipa:that's orthogonal to customs
19:44:46andytoshi:yes, understood. i fly both domestic and intl routinely...but for territories i thought there was something different
19:46:42sipa:andytoshi: anyway, just be very adamant to security in pointing out that you are absolutely not carrying anything funny
19:48:49andytoshi:i'm already through security :)
19:49:08gmaxwell:might want to go back and tell them.
19:49:22sipa:or at least elaborate on this when leaving the plane
19:49:24gmaxwell:"excuse me! I can assure you that my underware are absolutely not explosive!"
19:49:37gwillen:"wait, come back! I want to tell you about all the bombs I'm not carrying!!"
19:49:46sipa:underware, is that like shareware?
19:50:17gmaxwell:We refer to it as Free Pantaloons.
19:51:27andytoshi:so, i can walk from the plane to the airport hotel correct?
19:51:41sipa:you do not even have to go outside
19:51:47sipa:the hotel is literally inside terminal d
19:52:01andytoshi:sipa: do you know what room i should be in (i am with BlueMatt)
19:52:19sipa:BlueMatt is only getting in tomorrow, due to a delayed flight
19:52:36gmaxwell:nah, desk should have the reservation. You can call me when you get in.
19:52:38sipa:"Lest there be any doubt about this, I'd like to point out that I have never been *convicted* for terrorist activities..."
19:53:04andytoshi:cool. i've got the reservation #, should have no trouble
19:53:20sipa:gmaxwell: how about lunch? 4pm seems like a good time.
19:53:30sipa:afterwards we can go find amiller
19:55:28andytoshi:i'm going afk, i take off in 30, should find my gate. see you guys late tonight
20:01:13stonecoldpat:andytoshi: there are no checks in puerto rico itself you just get baggage and then leave (i was hoping to get a stamp at rico, disappointed!)
20:07:46luny`:luny` is now known as luny
21:09:53sipa:amiller: ping, where are you? ;)
21:40:49op_mul:gmaxwell: not sure it matters too much unless your device is a trezor. for anything else like a computer I doubt anybody within non-academic real world limitations would be able to get any useful information with that sidechannel.
21:41:37op_mul:gmaxwell: maybe there's a cause for these things to have batteries or super capacitors in them. you don't remove the effect entirely by doing that, but you make it much much more difficult than a USB powered device.
22:10:38adam3us:so on bitcoin-dev list there was some discussion of soft-fork ways to make the value signed.
22:11:23adam3us:what about instead making an optional explicit fee output.. that should get the same effect. maybe u could do that via a special address (eg that everyone knows the private key of)
22:11:52adam3us:old miners would just view it as a tx that got mined with 0 fees
22:32:50op_mul:I don't see how that would be a soft fork
22:34:31justanotheruser:op_mul: how wouldn't it be?
22:35:23op_mul:never mind. I missed the bit about everybody knows the private key. that sounds like an awful hack.
23:00:22lclc:lclc is now known as lclc_bnc
23:13:48copumpkin:copumpkin is now known as copumpkin_
23:14:08copumpkin_:copumpkin_ is now known as copumpkin
23:54:10Luke-Jr:like 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy ?
23:55:21op_mul:my god
23:55:26op_mul:why do people keep paying that
23:55:37Luke-Jr:they do? why am I not getting them? :x
23:55:58op_mul:0.15 BTC got sent there last week.
23:57:42justanotheruser:op_mul: supporting miners?
23:58:34op_mul:supporting whoever can win the spend race
23:58:43justanotheruser:which is miners
23:58:58op_mul:I doubt they bother.
23:59:00justanotheruser:if their software is optomized that way