01:22:02instagibbs:ether post seems to be confusing what PoW is, and leaping to what a miner should rationally do to recoup his BTC he feels has been stolen from him by a re-org. Completely separate issues.
01:22:58kanzure:see https://news.ycombinator.com/item?id=9050429
01:23:11instagibbs:The miner, although behind due to hidden fork, still knows the current state of the ledger just like every other node.
01:23:47instagibbs:yeah the responses are a little underwhelming to say the least
01:23:50kanzure:"PoW does to do with currency, in practice, because participating has a real cost"
01:23:56instagibbs:I want to reply
01:24:15instagibbs:I typed out something like: Mining participation can be done for any reason: currency reward. altruism, to self-publish hashes of data, or because someone out there likes burning electricity for the hell of it. The usage link is strong today, possibly tenuous tomorrow.
01:26:36phantomcircuit:kanzure, i actually think that in general the economic rational behind mining is poorly understood
01:26:45instagibbs:trying to crawl into the head of a miner is impossible. We don't know their motivation
01:26:56phantomcircuit:instagibbs, i kind of do
01:27:19instagibbs:heh, i mean definitionally
01:27:39instagibbs:I have certainly read of people wanting to mine for profit :)
01:28:01kanzure:"Your explanations are, of course, correct. You are just approaching this differently than he." yes correctness sucks huh
01:28:35kanzure:also the voting stuff again :/
01:29:24kanzure:are there any interesting (pre-blockchain) cryptosystems for voting that make sense and aren't bogus insecure death traps?
01:29:24amiller:instagibbs, are you gibbssampleplatter on reddit btw
01:29:39instagibbs:amiller: my terrible weak cover it blown
01:29:42amiller:kanzure, helios?
01:29:50kanzure:alright i will look at helios
01:30:06kanzure:the deus ex ai?
01:30:43amiller:https://www.usenix.org/legacy/events/sec08/tech/full_papers/adida/adida.pdf and https://vote.heliosvoting.org/docs
01:32:40kanzure:ah interesting it's a multi-step protocol where the voter signs the result a second time
01:32:46kanzure:or er... something.
01:33:36kanzure:haha the coerce me button <3
01:34:35kanzure:amiller: do you see any resemblance between voting and mining? :/
01:34:54amiller:1 cpu 1 vote 4 ever
01:35:24amiller:yeah i use the analogy to voting in my (ineffective) little schpiel to sell nonoutsourceable puzzles...
01:35:32amiller:you're legally not-allowed to sell your vote
01:37:19instagibbs:well in that case your "vote" is what to include in blocks, not the act of expending electricity. right?
01:38:23instagibbs:i mean hell, the current mining market makes a sham of the argument: nearly 100% of cloud miners don't give a fig what's included
01:39:09amiller:i think (admittedly biased in favor of promoting my own overcomplicated pet solutions involving weirdcrypto) that the current form is a pretty poor incentive system on the whole,
01:39:28amiller:but the high level idea, that you can improve something "like" voting by creating better-aligned incentives is pretty great
01:39:47amiller:the helios thing for example has some pretty cool features that i think are analogous to nonoutsourceable puzzles even
01:39:57instagibbs:improve the outcomes of voting, or how the voting happens, or?
01:40:05amiller:it's "coercion resistant", which means that you cannot prove after the fact how you vote
01:40:11justanotheruser:kanzure: are you still on the mining isn't voting thing?
01:40:12amiller:even if you wanted to
01:40:41kanzure:justanotheruser: i'm thinking about giving up on that
01:40:42amiller:in other words, while it's "illegal" to sell your vote, the helios evoting thing has a technical countermeasure that makes it difficult to do the thing that's illegal
01:43:00phantomcircuit:amiller, it's sufficient to make it impossible to prove to a third party that your vote was counted
01:44:10kanzure:if you can prove it to yourself then i think you would just be coerced to share that proof with a third party
01:44:34phantomcircuit:kanzure, think EDH
01:45:02kanzure:extra.. dimensional.. hashing?
01:45:37phantomcircuit:iono but im sure there's a construct in which you're sure your vote was counted but you cant prove it to a third party
01:56:32justanotheruser:Could someone give me an update on the discussion of securing the network with an infinite supply of blockspace? The only obvious solution I can think of is a mining cartel forcing a fee.
01:58:39phantomcircuit:justanotheruser, que?
02:00:25instagibbs:tl;dr not that we know of?
02:01:10justanotheruser:phantomcircuit: if you have an infinite supply of blockspace, doesn't the fee approach zero?
02:02:13phantomcircuit:justanotheruser, no it only approaches the cost of the orphan risk per byte
02:02:33instagibbs:phantomcircuit: and/or actual cost of processing such a transaction
02:02:36phantomcircuit:which is something that's missing from msot discussion
02:02:44phantomcircuit:instagibbs, that is roughly zero
02:02:51instagibbs:obviously the latter one is tiiiiny
02:03:49justanotheruser:the cost of processing the transactino shouldn't be considered because if it's enough to secure the network then it is enough to create a huge barrier of entry and economy of scale.
02:04:23instagibbs:umm it's considered, it just doesn't help security. I'm answering what the fees will approach
02:05:01justanotheruser:fair enough
02:05:12Taek:a solution that I like is having a second set of 'security fees' that get distributed over the next N blocks
02:05:20justanotheruser:phantomcircuit: Yes, that was how I understood it, but gmaxwell mentioned that that wasn't "fundamental" and I also don't understand that
02:05:23instagibbs:what are propagation orphan risks per KB look like these days
02:05:45Taek:which adds some security to bury your transaction under, but it still suffers from the freeloader problem
02:05:58instagibbs:Taek: once we approach 100% mining fees it may have to go that way or something like it, no?
02:06:27phantomcircuit:justanotheruser, you can remove most of the risk of an orphan through technical means
02:06:55justanotheruser:phantomcircuit: by having all minings near each other?
02:07:12Taek:I'm fairly confident that mining fees as they work today will not be sufficient to secure a blockchain unless they are intentionally made scarce
02:07:17phantomcircuit:justanotheruser, no by having transactions already propogated to everybody
02:10:01justanotheruser:oh right.
02:10:05instagibbs:My gut says no, but do the marginal fees required to overcome orphan risk actually help security?
02:10:21instagibbs:they're overcoming lost PoW it seems
02:10:23justanotheruser:You still have some latecy though
02:11:24justanotheruser:I'm not sure how much of the time is latency and how much is caused by low bandwidth
02:12:05instagibbs:which brings me to the final quandry: how can any bitcoin-like system both predict how large the block needs to be to be both useful and scarce
02:13:48justanotheruser:by having infinite block space and artificial scarcity through a mandatory fee
02:14:07phantomcircuit:justanotheruser, doesn't work because of valuation fluctuations
02:16:22justanotheruser:Do you think market forces wouldn't make the mining cartel optomize for profitability? If the fee is $1/tx, people will make less tx, miners will make less money etc.
02:16:33justanotheruser:I proposed that as a question because I have no idea and the idea may be completely insane.
02:18:44instagibbs:seems very similar to miners cartel-izing and limiting blocksizes to promote fees. Or people voting, or whatever
02:18:58phantomcircuit:justanotheruser, maybe but there's weird stuff about a single rogue participant followed by incentives to build weird block trees
02:19:21instagibbs:blocksize utilization rises and falls due to many forces, minimum required fee same thing
02:20:15instagibbs:didnt mean to say "same reasons", just that there are many factors.
02:20:42justanotheruser:instagibbs: Miners can make way more money with a successful bitcoin than a 1MB blockspace bitcoin
02:22:00instagibbs:agreed. Just am getting more and more troubled with the economics of rational greedy mining :)
02:27:34justanotheruser:I don't think a mining cartel is very scary if mining can be decentralized to the point that 51% is thousands of people
02:28:21justanotheruser:would be interesting to see the citizens of iceland be the money processors for the world
02:28:58instagibbs:one man's cartel is another's soft-fork
02:32:27kanzure:amiller: you banned me from ##ketotic wtf dude
02:32:35amiller:no i didn't
02:34:51kanzure:(actually i find this pretty funny, i'm sorry i didn't remember sooner)
02:38:15amiller:maybe i had a good reason, ill just hope that was the case
02:39:20instagibbs:and look how unrepentant he is. smh
02:41:15kanzure:well he banned someone else but i got caught in the ip address slaughter, whatever
02:43:34kanzure:"I am not aware of such things. I am here because I like to stalk "
02:43:41kanzure:"I am not aware of such things. I am here because I like to stalk zooko."
02:44:06kanzure:pretty funny. okay, back to hacking.
02:47:23smooth:the best i can think of given bitcoin's monetary rules is a mandatory fee burn
02:48:04smooth:(which then gets recycled as subsidy over some horizon)
02:49:06smooth:it still has the free rider problem though
03:18:20fanquake_:fanquake_ is now known as fanquake
03:23:57Adlai:you shouldn't be able to prove it to yourself, in the same way that otr logs are worthless
03:24:47phantomcircuit:Adlai, OTR logs aren't useless to the original recipient
03:24:56phantomcircuit:also OTR logs aren't useless in most cases
03:25:26Adlai:perhaps i misunderstand OTR then; isn't it possible for anybody to construct fake logs after the session is over?
03:27:39Adlai:* Adlai queues https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html for tomorrow, but gets some sleep first
03:29:58bramc:Adlai, yes, but trivially forgeable transcripts get used as evidence in court all the time, and their veracity is rarely questioned, even less often successfully.
03:32:46Adlai:has otr even made it into court yet? (in the way PGP has)
03:33:02amiller:bramc, that's not relevant in the context of this discussion, which is whether or not coercion resistant evoting schemes make any sense
03:33:03Adlai:a bit of googling, which is the extent of my legal history skillset, turns up nothing
03:34:15bramc:amiller, Just trying to clarify the point which I think phantomcircuit was making
03:34:58bramc:Adlai, They'd be presented in court like any other kind of logs, with slightly less strong evidence of their accuracy than there would be if otr hadn't been used
03:35:25phantomcircuit:Adlai, ulbricht had OTR logs which were admitted into evidence and obviously accepted as accurate
03:35:28amiller:the helios link i gave is actually explicitly not coercion resistant
03:35:33phantomcircuit:but also
03:35:45phantomcircuit:the original recipient can count on the logs being accurate
03:35:47phantomcircuit:and authentic
03:35:48amiller:still coercion resistant evoting schemes have a bunch of academic papers on them i dont know if any in application
03:35:51amiller:http://e-collection.library.ethz.ch/eserv/eth:3046/eth-3046-01.pdf e.g.
03:36:48Adlai:ok, and the tallying process can count on votes being authentic - without individual voters being able to later prove where they sent their ballot
03:41:25Adlai:* Adlai likes the name for it in this paper: 'receipt-freeness'. carbon-neutral voting!
08:43:39lclc_bnc:lclc_bnc is now known as lclc
09:05:16orwell.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
09:05:16orwell.freenode.net:Users on #bitcoin-wizards: andy-logbot jaekwon ielo paveljanik Mably woah d1ggy justanotheruser hktud0 DougieBot5000 coryfields linelevel Xzibit17 aburan28 platinuum ryanxcharles TheSeven koeppelmann flower artifexd Dr-G fanquake p15_ copumpkin hashtag_ Adlai alawson jgarzik epscy_ CryptOprah Muis kumavis dasource bosma nuke1989 elevation btcdrak prodatalab_ hashtag shesek xabbix__ guruvan c0rw1n cluckj spinza Anduck binaryatrocity bedeho brad__ gmaxwell burcin
09:05:16orwell.freenode.net:Users on #bitcoin-wizards: dansmith_btc Pan0ram1x Starduster maaku paperbot dc17523be3 sipa melvster GAit Emcy grandmaster Luke-Jr fenn espes__ devrandom dgenr8 PaulCapestany LarsLarsen jbenet use_zfs_yo Oizopower mappum harrow Visheate a5m0 hollandais PRab SubCreative luny Logicwax Zouppen comboy yoleaux forrestv MoALTz lnovy deego d9b4bef9 weex_ nanotube nsh DoctorBTC bliljerk101 mr_burdell tripleslash waxwing cornus_ammonis NeatBasis [d__d] Hunger- davout wiz tromp
09:05:16orwell.freenode.net:Users on #bitcoin-wizards: Alanius michagogo cursive nick1234abcd__ PFate yrashk BlueMatt brand0 @ChanServ Adrian_G throughnothing Cory andytoshi helo NikolaiToryzin catcow btc___ K1773R HM2 TD-Linux berndj azariah Krellan null_radix midnightmagic MRL-Relay morcos cryptowest Apocalyptic gavinandresen gnusha_ Meeh tromp__ qwopqwop huseby lclc indolering kinlo otoburb hguux__ ahmed_ wizkid057 so phedny sneak crescendo Taek eric livegnik asoltys_ pigeons catlasshrugged
09:05:16orwell.freenode.net:Users on #bitcoin-wizards: kanzure heath JonTitor Graet lechuga_ ajweiss ryan-c smooth BananaLotus petertodd bbrittain Keefe s1w Eliel cfields jaromil Fistful_of_Coins jcorgan optimator gribble warren veox dardasaba fluffypony amiller bobke_ earlz sl01 phantomcircuit Iriez nickler wumpus sdaftuar BrainOverfl0w isis gwillen roasbeef warptangent stonecoldpat
09:31:42K1773R_:K1773R_ is now known as K1773R
09:31:42Apocalyptic_:Apocalyptic_ is now known as Apocalyptic
11:07:33petertodd:trying to come up with good terminology for the idea of a cryptographic one-time key and signature for anti-replay protection. Basically the same thing the bitcoin blockchain does in practice - making it possible to do something exactly once - generalized.
11:08:32petertodd:Best idea right now is to call them one time seals, and proof that a specific one time seal has been applied to a given hash would be called a one time seal witness. Seems reasonable?
11:08:50petertodd:I couldn't find any great examples of this in literature, although my google-foo is weak...
11:10:54Taek:'one-time' might not be good words to use, don't want people to get confused about stuff like 'one time pad', which is a completely different concept
11:11:19petertodd:Taek: hmm... irrovocable seal?
11:12:57fluffypony:what about using the term "one way" to convey the sense?
11:13:32lclc:lclc is now known as lclc_bnc
11:13:35Taek:isn't work naturally implied by something like this? Signatures by default can't be reused, pow just makes it difficult to sign in the first place. You want to limit it to 'difficult to sign' type concepts?
11:15:36petertodd:Taek: basically the idea is similar to the physical concept of those numbered tamper-evident zip ties used to secure stuff in shipping: each seal has a unique number, it can be applied exactly once to a given object/hash, and you can verify the object/hash that has been sealed
11:16:06petertodd:equally, in Bitcoin when you spend a txout - a globally unique thing - you irrovocably commit it to something else - the txid of the transaction spending it
11:16:26Taek:oh, different from what I was thinking
11:17:55Taek:'one way seal' doesn't seem so bad
11:18:41Taek:though it doesn't really seem great either
11:19:00petertodd:Irrovocable Seal gives the right impression better I think
11:19:25petertodd:or One Use Seal maybe?
11:19:41petertodd:Single Use Seal?
11:21:45Taek:if I correctly understand what you want, irrovocable seal seems pretty good
11:22:02Taek:because the idea is that you can't give a utxo to me and then fluffy
11:22:15Taek:you seal it and then you lose the ability to re-seal it
11:23:18petertodd:otoh, with single use seal you get the natural-sounding terminology "(un)used single use seal"
11:23:54petertodd:"unused irrovocable seal" is a bit more mysterious
11:26:47Taek:but wouldn't an unused seal be refering to the object? So you'd have irrovocable seals and unsealed objects
11:27:30petertodd:Taek: no, because multiple different seals can be applied to the same object
11:27:41petertodd:Taek: the seal itself is what is used or unused
11:28:02Taek:can you apply this to Bitcoin? I don't follow
11:28:43petertodd:Taek: you can implement this with bitcoin: txout -> single use seal, proof that txout was spent -> witness that a single use seal was used
11:30:58Taek:so the seal is the proof that the txout was spent? Or the actual signatures that spend the txout?
11:31:51petertodd:signatures are irrelevant - they're just proof someone *could* spent the tx. The proof that a txout single use seal was used is the tx spending it
11:33:16Taek:ah got it
11:34:07Taek:the seal is (more or less) the block, with the stipulation that it needs to be a part of the longest blockchain
11:34:52petertodd:yeah, at a lower layer of abstraction you could say that :) at a higher layer you could say the proof "is bitcoin"
11:35:19petertodd:equally, you can imagine a non-bitcoin trust-based scheme where the seal is just some pubkey, and the proof the seal was used is a valid signature on that pubkey
12:04:20lclc_bnc:lclc_bnc is now known as lclc
12:14:27lclc:lclc is now known as lclc_bnc
12:14:52Adlai:petertodd: what about "provably disposable"? ie, once the thing has been disposed, it is possible to prove that it's no longer fresh
12:15:33Adlai:* Adlai looked for a positive rephrasing of 'unused'
13:54:05jgarzik_:jgarzik_ is now known as jgarzik
16:04:42lclc_bnc:lclc_bnc is now known as lclc
16:15:46lclc:lclc is now known as lclc_bnc
17:30:39lclc_bnc:lclc_bnc is now known as lclc
17:57:48lclc:lclc is now known as lclc_bnc
19:38:44gmaxwell:maaku: https://bitcointalk.org/index.php?topic=956442.0
19:41:35maaku:someone needs to point him here
19:46:51maaku:gmaxwell: are you writing a response?
19:48:49belcher_:belcher_ is now known as belcher
19:53:42maaku:maaku is now known as Guest17625
19:54:17Guest17625:Guest17625 is now known as maaku
20:02:16yoleaux:Individual Block Difficulty Based on Block Size
22:01:48kanzure:"URLs of others' efforts are dropped and constantly mocked. Vitalik Buterin seems to be a fun target."
22:01:55kanzure:"guys please don't produce criticism it is not fair to others"
22:02:04kanzure:"also breaking other people's cryptosystems is bad"
22:07:16Luke-Jr:is it our fault people spout bad ideas without even trying to learn what has been done before?
22:07:58kanzure:nope. bram was given some links, he ignored it, that's his own fault. and then he has been engaged quite often. i think it's a friendly relationship.
22:08:10kanzure:also, maybe that guy was just upset that bram's messages didn't receive instant replies, but i can only type so fast.
22:08:55kanzure:and petertodd's willingness to call me out is like his most endearing and lovable quality
22:10:35marcell_:marcell_ has left #bitcoin-wizards
22:11:16Luke-Jr:I was referring to most scamcoiners and Vitalik.
22:11:58Luke-Jr:not bramc - at least he seems to be taking things seriously (although I've not been following everything)
22:12:21kanzure:ah, well the post was talking about bramc, but since i didn't actually link it i wouldn't expect anyone to know heh
22:12:48kanzure:"gee whiz, i'm so sorry that i haven't dropped everything to implement spow"
22:20:07ortutay:ortutay has left #bitcoin-wizards
22:23:03sipa:kanzure: where do you read that?
22:25:44gmaxwell:sipa: some reddit post which has since been deleted.
22:26:26kanzure:gmaxwell: another thing that may not be obvious to others is that cryptography in particular is a field where the vast majority of all proposals should naturally be broken. that should not be surprising to anyone who thinks about why. of course, to those who are more familiar with literally almost everything else other than cryptosystems, it may seem absurd.
23:38:00midnightmagic:mm. Wouldn't the users build the market for achieving price per transaction? People who want to move money more, pay slightly more to push their tx to the top of the tx list for the currently-considered block?
23:39:48midnightmagic:externalizing costs of mining completely would just increase profit and make it a tx-side market where room is consumed wholly by highest-bid..?
23:42:17midnightmagic:neat idea otherwise though