| 01:22:02 | instagibbs: | ether post seems to be confusing what PoW is, and leaping to what a miner should rationally do to recoup his BTC he feels has been stolen from him by a re-org. Completely separate issues. |
| 01:22:58 | kanzure: | see https://news.ycombinator.com/item?id=9050429 |
| 01:23:11 | instagibbs: | The miner, although behind due to hidden fork, still knows the current state of the ledger just like every other node. |
| 01:23:47 | instagibbs: | yeah the responses are a little underwhelming to say the least |
| 01:23:50 | kanzure: | "PoW does to do with currency, in practice, because participating has a real cost" |
| 01:23:54 | kanzure: | hmm. |
| 01:23:56 | instagibbs: | I want to reply |
| 01:24:15 | instagibbs: | I typed out something like: Mining participation can be done for any reason: currency reward. altruism, to self-publish hashes of data, or because someone out there likes burning electricity for the hell of it. The usage link is strong today, possibly tenuous tomorrow. |
| 01:26:36 | phantomcircuit: | kanzure, i actually think that in general the economic rational behind mining is poorly understood |
| 01:26:45 | instagibbs: | trying to crawl into the head of a miner is impossible. We don't know their motivation |
| 01:26:56 | phantomcircuit: | instagibbs, i kind of do |
| 01:27:19 | instagibbs: | heh, i mean definitionally |
| 01:27:39 | instagibbs: | I have certainly read of people wanting to mine for profit :) |
| 01:28:01 | kanzure: | "Your explanations are, of course, correct. You are just approaching this differently than he." yes correctness sucks huh |
| 01:28:35 | kanzure: | also the voting stuff again :/ |
| 01:29:24 | kanzure: | are there any interesting (pre-blockchain) cryptosystems for voting that make sense and aren't bogus insecure death traps? |
| 01:29:24 | amiller: | instagibbs, are you gibbssampleplatter on reddit btw |
| 01:29:39 | instagibbs: | amiller: my terrible weak cover it blown |
| 01:29:42 | amiller: | kanzure, helios? |
| 01:29:45 | instagibbs: | is* |
| 01:29:50 | kanzure: | alright i will look at helios |
| 01:30:06 | kanzure: | the deus ex ai? |
| 01:30:43 | amiller: | https://www.usenix.org/legacy/events/sec08/tech/full_papers/adida/adida.pdf and https://vote.heliosvoting.org/docs |
| 01:32:40 | kanzure: | ah interesting it's a multi-step protocol where the voter signs the result a second time |
| 01:32:46 | kanzure: | or er... something. |
| 01:33:36 | kanzure: | haha the coerce me button <3 |
| 01:34:35 | kanzure: | amiller: do you see any resemblance between voting and mining? :/ |
| 01:34:54 | amiller: | 1 cpu 1 vote 4 ever |
| 01:35:24 | amiller: | yeah i use the analogy to voting in my (ineffective) little schpiel to sell nonoutsourceable puzzles... |
| 01:35:32 | amiller: | you're legally not-allowed to sell your vote |
| 01:37:19 | instagibbs: | well in that case your "vote" is what to include in blocks, not the act of expending electricity. right? |
| 01:37:28 | amiller: | http://archive.flsenate.gov/Statutes/index.cfm?App_mode=Display_Statute&Search_String=&URL=Ch0104/SEC045.HTM&Title=-%3E2001-%3ECh0104-%3ESection%20045#0104.045 |
| 01:38:23 | instagibbs: | i mean hell, the current mining market makes a sham of the argument: nearly 100% of cloud miners don't give a fig what's included |
| 01:39:09 | amiller: | i think (admittedly biased in favor of promoting my own overcomplicated pet solutions involving weirdcrypto) that the current form is a pretty poor incentive system on the whole, |
| 01:39:28 | amiller: | but the high level idea, that you can improve something "like" voting by creating better-aligned incentives is pretty great |
| 01:39:47 | amiller: | the helios thing for example has some pretty cool features that i think are analogous to nonoutsourceable puzzles even |
| 01:39:57 | instagibbs: | improve the outcomes of voting, or how the voting happens, or? |
| 01:40:05 | amiller: | it's "coercion resistant", which means that you cannot prove after the fact how you vote |
| 01:40:11 | justanotheruser: | kanzure: are you still on the mining isn't voting thing? |
| 01:40:12 | amiller: | even if you wanted to |
| 01:40:41 | kanzure: | justanotheruser: i'm thinking about giving up on that |
| 01:40:42 | amiller: | in other words, while it's "illegal" to sell your vote, the helios evoting thing has a technical countermeasure that makes it difficult to do the thing that's illegal |
| 01:43:00 | phantomcircuit: | amiller, it's sufficient to make it impossible to prove to a third party that your vote was counted |
| 01:44:10 | kanzure: | if you can prove it to yourself then i think you would just be coerced to share that proof with a third party |
| 01:44:34 | phantomcircuit: | kanzure, think EDH |
| 01:45:02 | kanzure: | extra.. dimensional.. hashing? |
| 01:45:37 | phantomcircuit: | iono but im sure there's a construct in which you're sure your vote was counted but you cant prove it to a third party |
| 01:56:32 | justanotheruser: | Could someone give me an update on the discussion of securing the network with an infinite supply of blockspace? The only obvious solution I can think of is a mining cartel forcing a fee. |
| 01:58:39 | phantomcircuit: | justanotheruser, que? |
| 01:59:43 | instagibbs: | http://t.co/VPsgVkdzj9 |
| 02:00:25 | instagibbs: | tl;dr not that we know of? |
| 02:01:10 | justanotheruser: | phantomcircuit: if you have an infinite supply of blockspace, doesn't the fee approach zero? |
| 02:02:13 | phantomcircuit: | justanotheruser, no it only approaches the cost of the orphan risk per byte |
| 02:02:33 | instagibbs: | phantomcircuit: and/or actual cost of processing such a transaction |
| 02:02:36 | phantomcircuit: | which is something that's missing from msot discussion |
| 02:02:44 | phantomcircuit: | instagibbs, that is roughly zero |
| 02:02:51 | instagibbs: | obviously the latter one is tiiiiny |
| 02:03:49 | justanotheruser: | the cost of processing the transactino shouldn't be considered because if it's enough to secure the network then it is enough to create a huge barrier of entry and economy of scale. |
| 02:04:23 | instagibbs: | umm it's considered, it just doesn't help security. I'm answering what the fees will approach |
| 02:05:01 | justanotheruser: | fair enough |
| 02:05:12 | Taek: | a solution that I like is having a second set of 'security fees' that get distributed over the next N blocks |
| 02:05:20 | justanotheruser: | phantomcircuit: Yes, that was how I understood it, but gmaxwell mentioned that that wasn't "fundamental" and I also don't understand that |
| 02:05:23 | instagibbs: | what are propagation orphan risks per KB look like these days |
| 02:05:45 | Taek: | which adds some security to bury your transaction under, but it still suffers from the freeloader problem |
| 02:05:58 | instagibbs: | Taek: once we approach 100% mining fees it may have to go that way or something like it, no? |
| 02:06:27 | phantomcircuit: | justanotheruser, you can remove most of the risk of an orphan through technical means |
| 02:06:55 | justanotheruser: | phantomcircuit: by having all minings near each other? |
| 02:07:12 | Taek: | I'm fairly confident that mining fees as they work today will not be sufficient to secure a blockchain unless they are intentionally made scarce |
| 02:07:17 | phantomcircuit: | justanotheruser, no by having transactions already propogated to everybody |
| 02:10:01 | justanotheruser: | oh right. |
| 02:10:05 | instagibbs: | My gut says no, but do the marginal fees required to overcome orphan risk actually help security? |
| 02:10:21 | instagibbs: | they're overcoming lost PoW it seems |
| 02:10:23 | justanotheruser: | You still have some latecy though |
| 02:11:24 | justanotheruser: | I'm not sure how much of the time is latency and how much is caused by low bandwidth |
| 02:12:05 | instagibbs: | which brings me to the final quandry: how can any bitcoin-like system both predict how large the block needs to be to be both useful and scarce |
| 02:13:48 | justanotheruser: | by having infinite block space and artificial scarcity through a mandatory fee |
| 02:14:07 | phantomcircuit: | justanotheruser, doesn't work because of valuation fluctuations |
| 02:16:22 | justanotheruser: | Do you think market forces wouldn't make the mining cartel optomize for profitability? If the fee is $1/tx, people will make less tx, miners will make less money etc. |
| 02:16:33 | justanotheruser: | I proposed that as a question because I have no idea and the idea may be completely insane. |
| 02:18:44 | instagibbs: | seems very similar to miners cartel-izing and limiting blocksizes to promote fees. Or people voting, or whatever |
| 02:18:58 | phantomcircuit: | justanotheruser, maybe but there's weird stuff about a single rogue participant followed by incentives to build weird block trees |
| 02:19:21 | instagibbs: | blocksize utilization rises and falls due to many forces, minimum required fee same thing |
| 02:20:15 | instagibbs: | didnt mean to say "same reasons", just that there are many factors. |
| 02:20:42 | justanotheruser: | instagibbs: Miners can make way more money with a successful bitcoin than a 1MB blockspace bitcoin |
| 02:22:00 | instagibbs: | agreed. Just am getting more and more troubled with the economics of rational greedy mining :) |
| 02:27:34 | justanotheruser: | I don't think a mining cartel is very scary if mining can be decentralized to the point that 51% is thousands of people |
| 02:28:21 | justanotheruser: | would be interesting to see the citizens of iceland be the money processors for the world |
| 02:28:58 | instagibbs: | one man's cartel is another's soft-fork |
| 02:32:27 | kanzure: | amiller: you banned me from ##ketotic wtf dude |
| 02:32:35 | amiller: | no i didn't |
| 02:32:52 | kanzure: | http://gnusha.org/logs/2013-02-26.log |
| 02:34:51 | kanzure: | (actually i find this pretty funny, i'm sorry i didn't remember sooner) |
| 02:38:15 | amiller: | maybe i had a good reason, ill just hope that was the case |
| 02:39:20 | instagibbs: | and look how unrepentant he is. smh |
| 02:41:15 | kanzure: | well he banned someone else but i got caught in the ip address slaughter, whatever |
| 02:43:34 | kanzure: | "I am not aware of such things. I am here because I like to stalk " |
| 02:43:41 | kanzure: | "I am not aware of such things. I am here because I like to stalk zooko." |
| 02:44:06 | kanzure: | pretty funny. okay, back to hacking. |
| 02:47:23 | smooth: | the best i can think of given bitcoin's monetary rules is a mandatory fee burn |
| 02:48:04 | smooth: | (which then gets recycled as subsidy over some horizon) |
| 02:49:06 | smooth: | it still has the free rider problem though |
| 03:18:20 | fanquake_: | fanquake_ is now known as fanquake |
| 03:23:57 | Adlai: | you shouldn't be able to prove it to yourself, in the same way that otr logs are worthless |
| 03:24:47 | phantomcircuit: | Adlai, OTR logs aren't useless to the original recipient |
| 03:24:56 | phantomcircuit: | also OTR logs aren't useless in most cases |
| 03:25:26 | Adlai: | perhaps i misunderstand OTR then; isn't it possible for anybody to construct fake logs after the session is over? |
| 03:27:39 | Adlai: | * Adlai queues https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html for tomorrow, but gets some sleep first |
| 03:29:58 | bramc: | Adlai, yes, but trivially forgeable transcripts get used as evidence in court all the time, and their veracity is rarely questioned, even less often successfully. |
| 03:32:46 | Adlai: | has otr even made it into court yet? (in the way PGP has) |
| 03:33:02 | amiller: | bramc, that's not relevant in the context of this discussion, which is whether or not coercion resistant evoting schemes make any sense |
| 03:33:03 | Adlai: | a bit of googling, which is the extent of my legal history skillset, turns up nothing |
| 03:34:15 | bramc: | amiller, Just trying to clarify the point which I think phantomcircuit was making |
| 03:34:58 | bramc: | Adlai, They'd be presented in court like any other kind of logs, with slightly less strong evidence of their accuracy than there would be if otr hadn't been used |
| 03:35:25 | phantomcircuit: | Adlai, ulbricht had OTR logs which were admitted into evidence and obviously accepted as accurate |
| 03:35:28 | amiller: | the helios link i gave is actually explicitly not coercion resistant |
| 03:35:33 | phantomcircuit: | but also |
| 03:35:45 | phantomcircuit: | the original recipient can count on the logs being accurate |
| 03:35:47 | phantomcircuit: | and authentic |
| 03:35:48 | amiller: | still coercion resistant evoting schemes have a bunch of academic papers on them i dont know if any in application |
| 03:35:51 | amiller: | http://e-collection.library.ethz.ch/eserv/eth:3046/eth-3046-01.pdf e.g. |
| 03:36:48 | Adlai: | ok, and the tallying process can count on votes being authentic - without individual voters being able to later prove where they sent their ballot |
| 03:41:25 | Adlai: | * Adlai likes the name for it in this paper: 'receipt-freeness'. carbon-neutral voting! |
| 08:43:39 | lclc_bnc: | lclc_bnc is now known as lclc |
| 09:05:16 | orwell.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 09:05:16 | orwell.freenode.net: | Users on #bitcoin-wizards: andy-logbot jaekwon ielo paveljanik Mably woah d1ggy justanotheruser hktud0 DougieBot5000 coryfields linelevel Xzibit17 aburan28 platinuum ryanxcharles TheSeven koeppelmann flower artifexd Dr-G fanquake p15_ copumpkin hashtag_ Adlai alawson jgarzik epscy_ CryptOprah Muis kumavis dasource bosma nuke1989 elevation btcdrak prodatalab_ hashtag shesek xabbix__ guruvan c0rw1n cluckj spinza Anduck binaryatrocity bedeho brad__ gmaxwell burcin |
| 09:05:16 | orwell.freenode.net: | Users on #bitcoin-wizards: dansmith_btc Pan0ram1x Starduster maaku paperbot dc17523be3 sipa melvster GAit Emcy grandmaster Luke-Jr fenn espes__ devrandom dgenr8 PaulCapestany LarsLarsen jbenet use_zfs_yo Oizopower mappum harrow Visheate a5m0 hollandais PRab SubCreative luny Logicwax Zouppen comboy yoleaux forrestv MoALTz lnovy deego d9b4bef9 weex_ nanotube nsh DoctorBTC bliljerk101 mr_burdell tripleslash waxwing cornus_ammonis NeatBasis [d__d] Hunger- davout wiz tromp |
| 09:05:16 | orwell.freenode.net: | Users on #bitcoin-wizards: Alanius michagogo cursive nick1234abcd__ PFate yrashk BlueMatt brand0 @ChanServ Adrian_G throughnothing Cory andytoshi helo NikolaiToryzin catcow btc___ K1773R HM2 TD-Linux berndj azariah Krellan null_radix midnightmagic MRL-Relay morcos cryptowest Apocalyptic gavinandresen gnusha_ Meeh tromp__ qwopqwop huseby lclc indolering kinlo otoburb hguux__ ahmed_ wizkid057 so phedny sneak crescendo Taek eric livegnik asoltys_ pigeons catlasshrugged |
| 09:05:16 | orwell.freenode.net: | Users on #bitcoin-wizards: kanzure heath JonTitor Graet lechuga_ ajweiss ryan-c smooth BananaLotus petertodd bbrittain Keefe s1w Eliel cfields jaromil Fistful_of_Coins jcorgan optimator gribble warren veox dardasaba fluffypony amiller bobke_ earlz sl01 phantomcircuit Iriez nickler wumpus sdaftuar BrainOverfl0w isis gwillen roasbeef warptangent stonecoldpat |
| 09:31:42 | K1773R_: | K1773R_ is now known as K1773R |
| 09:31:42 | Apocalyptic_: | Apocalyptic_ is now known as Apocalyptic |
| 11:07:33 | petertodd: | trying to come up with good terminology for the idea of a cryptographic one-time key and signature for anti-replay protection. Basically the same thing the bitcoin blockchain does in practice - making it possible to do something exactly once - generalized. |
| 11:08:32 | petertodd: | Best idea right now is to call them one time seals, and proof that a specific one time seal has been applied to a given hash would be called a one time seal witness. Seems reasonable? |
| 11:08:50 | petertodd: | I couldn't find any great examples of this in literature, although my google-foo is weak... |
| 11:10:54 | Taek: | 'one-time' might not be good words to use, don't want people to get confused about stuff like 'one time pad', which is a completely different concept |
| 11:11:19 | petertodd: | Taek: hmm... irrovocable seal? |
| 11:12:57 | fluffypony: | what about using the term "one way" to convey the sense? |
| 11:13:32 | lclc: | lclc is now known as lclc_bnc |
| 11:13:35 | Taek: | isn't work naturally implied by something like this? Signatures by default can't be reused, pow just makes it difficult to sign in the first place. You want to limit it to 'difficult to sign' type concepts? |
| 11:15:36 | petertodd: | Taek: basically the idea is similar to the physical concept of those numbered tamper-evident zip ties used to secure stuff in shipping: each seal has a unique number, it can be applied exactly once to a given object/hash, and you can verify the object/hash that has been sealed |
| 11:16:06 | petertodd: | equally, in Bitcoin when you spend a txout - a globally unique thing - you irrovocably commit it to something else - the txid of the transaction spending it |
| 11:16:26 | Taek: | oh, different from what I was thinking |
| 11:17:55 | Taek: | 'one way seal' doesn't seem so bad |
| 11:18:41 | Taek: | though it doesn't really seem great either |
| 11:19:00 | petertodd: | Irrovocable Seal gives the right impression better I think |
| 11:19:25 | petertodd: | or One Use Seal maybe? |
| 11:19:41 | petertodd: | Single Use Seal? |
| 11:21:45 | Taek: | if I correctly understand what you want, irrovocable seal seems pretty good |
| 11:22:02 | Taek: | because the idea is that you can't give a utxo to me and then fluffy |
| 11:22:15 | Taek: | you seal it and then you lose the ability to re-seal it |
| 11:22:44 | petertodd: | yeah |
| 11:23:18 | petertodd: | otoh, with single use seal you get the natural-sounding terminology "(un)used single use seal" |
| 11:23:54 | petertodd: | "unused irrovocable seal" is a bit more mysterious |
| 11:26:47 | Taek: | but wouldn't an unused seal be refering to the object? So you'd have irrovocable seals and unsealed objects |
| 11:27:30 | petertodd: | Taek: no, because multiple different seals can be applied to the same object |
| 11:27:41 | petertodd: | Taek: the seal itself is what is used or unused |
| 11:28:02 | Taek: | can you apply this to Bitcoin? I don't follow |
| 11:28:43 | petertodd: | Taek: you can implement this with bitcoin: txout -> single use seal, proof that txout was spent -> witness that a single use seal was used |
| 11:30:58 | Taek: | so the seal is the proof that the txout was spent? Or the actual signatures that spend the txout? |
| 11:31:51 | petertodd: | signatures are irrelevant - they're just proof someone *could* spent the tx. The proof that a txout single use seal was used is the tx spending it |
| 11:33:16 | Taek: | ah got it |
| 11:34:07 | Taek: | the seal is (more or less) the block, with the stipulation that it needs to be a part of the longest blockchain |
| 11:34:52 | petertodd: | yeah, at a lower layer of abstraction you could say that :) at a higher layer you could say the proof "is bitcoin" |
| 11:35:19 | petertodd: | equally, you can imagine a non-bitcoin trust-based scheme where the seal is just some pubkey, and the proof the seal was used is a valid signature on that pubkey |
| 12:04:20 | lclc_bnc: | lclc_bnc is now known as lclc |
| 12:14:27 | lclc: | lclc is now known as lclc_bnc |
| 12:14:52 | Adlai: | petertodd: what about "provably disposable"? ie, once the thing has been disposed, it is possible to prove that it's no longer fresh |
| 12:15:33 | Adlai: | * Adlai looked for a positive rephrasing of 'unused' |
| 13:54:05 | jgarzik_: | jgarzik_ is now known as jgarzik |
| 16:04:42 | lclc_bnc: | lclc_bnc is now known as lclc |
| 16:15:46 | lclc: | lclc is now known as lclc_bnc |
| 17:30:39 | lclc_bnc: | lclc_bnc is now known as lclc |
| 17:57:48 | lclc: | lclc is now known as lclc_bnc |
| 19:38:44 | gmaxwell: | maaku: https://bitcointalk.org/index.php?topic=956442.0 |
| 19:41:35 | maaku: | someone needs to point him here |
| 19:46:51 | maaku: | gmaxwell: are you writing a response? |
| 19:48:49 | belcher_: | belcher_ is now known as belcher |
| 19:53:42 | maaku: | maaku is now known as Guest17625 |
| 19:54:17 | Guest17625: | Guest17625 is now known as maaku |
| 20:02:16 | kanzure: | .title |
| 20:02:16 | yoleaux: | Individual Block Difficulty Based on Block Size |
| 22:01:48 | kanzure: | "URLs of others' efforts are dropped and constantly mocked. Vitalik Buterin seems to be a fun target." |
| 22:01:55 | kanzure: | "guys please don't produce criticism it is not fair to others" |
| 22:02:04 | kanzure: | "also breaking other people's cryptosystems is bad" |
| 22:05:59 | Luke-Jr: | … |
| 22:07:16 | Luke-Jr: | is it our fault people spout bad ideas without even trying to learn what has been done before? |
| 22:07:58 | kanzure: | nope. bram was given some links, he ignored it, that's his own fault. and then he has been engaged quite often. i think it's a friendly relationship. |
| 22:08:10 | kanzure: | also, maybe that guy was just upset that bram's messages didn't receive instant replies, but i can only type so fast. |
| 22:08:55 | kanzure: | and petertodd's willingness to call me out is like his most endearing and lovable quality |
| 22:10:35 | marcell_: | marcell_ has left #bitcoin-wizards |
| 22:11:16 | Luke-Jr: | I was referring to most scamcoiners and Vitalik. |
| 22:11:58 | Luke-Jr: | not bramc - at least he seems to be taking things seriously (although I've not been following everything) |
| 22:12:21 | kanzure: | ah, well the post was talking about bramc, but since i didn't actually link it i wouldn't expect anyone to know heh |
| 22:12:48 | kanzure: | "gee whiz, i'm so sorry that i haven't dropped everything to implement spow" |
| 22:20:07 | ortutay: | ortutay has left #bitcoin-wizards |
| 22:23:03 | sipa: | kanzure: where do you read that? |
| 22:25:44 | gmaxwell: | sipa: some reddit post which has since been deleted. |
| 22:26:26 | kanzure: | gmaxwell: another thing that may not be obvious to others is that cryptography in particular is a field where the vast majority of all proposals should naturally be broken. that should not be surprising to anyone who thinks about why. of course, to those who are more familiar with literally almost everything else other than cryptosystems, it may seem absurd. |
| 23:15:20 | kanzure: | https://blog.torproject.org/blog/tor-design-proposals-how-we-make-changes-our-protocol |
| 23:38:00 | midnightmagic: | mm. Wouldn't the users build the market for achieving price per transaction? People who want to move money more, pay slightly more to push their tx to the top of the tx list for the currently-considered block? |
| 23:39:48 | midnightmagic: | externalizing costs of mining completely would just increase profit and make it a tx-side market where room is consumed wholly by highest-bid..? |
| 23:42:17 | midnightmagic: | neat idea otherwise though |