| 00:02:46 | contrapumpkin: | contrapumpkin is now known as copumpkin |
| 02:43:47 | hashtagg: | hashtagg is now known as hashtag |
| 05:12:40 | evanxbt: | evanxbt has left #bitcoin-wizards |
| 05:13:13 | rusty: | rusty has left #bitcoin-wizards |
| 06:59:47 | embicoin_: | embicoin_ is now known as embicoin |
| 08:03:39 | Taek: | https://news.ycombinator.com/item?id=9055073 - this is an idea that has obsessed me a bit for the past year or so |
| 08:04:35 | Taek: | the idea of an autonomous, self repairing, self reproducing fleet of cars that finances itself by being a taxi service is super attractive. It'll be nearly alive, and it'll pay for all of its own human services |
| 08:06:22 | Taek: | And Bitcoin is a pretty natural choice for currency, as it protects the cars from legal action that might freeze the funding. It won't protect the cars from seizure or force but at least you'll have financial security |
| 08:32:55 | lclc_bnc: | lclc_bnc is now known as lclc |
| 09:05:14 | kornbluth.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 09:05:14 | kornbluth.freenode.net: | Users on #bitcoin-wizards: andy-logbot iddo adam3us paveljanik Mably lechuga_ btcdrak TD-Linux ftrete6egdr hhh98 koeppelmann arubi_ hktud0 jtimon embicoin justanotheruser prodatalab Pan0ram1x TheSeven Dr-G Adlai p15 Starsoccer midnightmagic leakypat copumpkin shesek orik jgarzik maaku nuke1989 devrandom Starduster waxwing mariorz Emcy_ hashtag afk11 airbreather flower_ delll_ antgreen coiner ryanxcharles CryptOprah K1773R sdaftuar_ Apocalyptic tromp_ jaekwon |
| 09:05:14 | kornbluth.freenode.net: | Users on #bitcoin-wizards: coryfields Xzibit17 platinuum artifexd fanquake hashtag_ alawson epscy_ Muis kumavis dasource bosma elevation xabbix__ guruvan c0rw1n cluckj spinza Anduck binaryatrocity bedeho brad__ gmaxwell burcin dansmith_btc paperbot dc17523be3 sipa melvster GAit grandmaster Luke-Jr fenn espes__ dgenr8 PaulCapestany LarsLarsen jbenet use_zfs_yo Oizopower mappum harrow Visheate a5m0 hollandais PRab SubCreative luny Logicwax Zouppen comboy yoleaux |
| 09:05:14 | kornbluth.freenode.net: | Users on #bitcoin-wizards: forrestv MoALTz lnovy deego d9b4bef9 weex_ nanotube nsh DoctorBTC bliljerk101 mr_burdell tripleslash cornus_ammonis NeatBasis [d__d] Hunger- davout wiz tromp Alanius michagogo cursive nick1234abcd__ PFate yrashk BlueMatt brand0 @ChanServ Adrian_G throughnothing Cory andytoshi helo NikolaiToryzin catcow btc___ HM2 berndj azariah Krellan null_radix MRL-Relay morcos cryptowest gavinandresen gnusha_ Meeh qwopqwop huseby lclc indolering kinlo |
| 09:05:14 | kornbluth.freenode.net: | Users on #bitcoin-wizards: otoburb hguux__ ahmed_ wizkid057 so phedny stonecoldpat warptangent roasbeef gwillen isis sneak crescendo Taek eric livegnik asoltys_ pigeons catlasshrugged kanzure heath JonTitor Graet ajweiss ryan-c smooth BananaLotus petertodd bbrittain Keefe s1w Eliel cfields jaromil Fistful_of_Coins jcorgan optimator gribble warren veox dardasaba fluffypony amiller bobke_ earlz sl01 phantomcircuit Iriez nickler wumpus BrainOverfl0w |
| 10:08:18 | airbreather_1: | airbreather_1 is now known as airbreather |
| 10:58:18 | justanotheruser: | justanotheruser is now known as minikiwi |
| 11:44:54 | maaku: | Taek: sure, but the challenges there are unrelated to money protocol |
| 11:50:22 | lclc: | lclc is now known as lclc_bnc |
| 12:59:50 | lclc_bnc: | lclc_bnc is now known as lclc |
| 13:50:15 | elevation: | elevation is now known as Guest54424 |
| 13:58:25 | kanzure: | maaku: perhaps i should push him into the secret channel for secret self-reproducing car stuff |
| 13:59:27 | maaku: | kanzure: yeah Taek's cool |
| 14:09:16 | justanotheruser: | justanotheruser is now known as jaybird |
| 14:09:23 | jaybird: | jaybird is now known as justanotheruser |
| 14:20:24 | lclc: | lclc is now known as lclc_bnc |
| 14:48:32 | lclc_bnc: | lclc_bnc is now known as lclc |
| 15:07:14 | kanzure: | http://c2.com/cgi/wiki?ProofsCantProveTheAbsenceOfBugs |
| 15:41:01 | hearn_: | hearn_ is now known as Guest185 |
| 15:41:10 | justanotheruser: | kanzure: aww, I was hoping for a proof that proofs can't prove the absence of bugs |
| 17:05:03 | lclc: | lclc is now known as lclc_bnc |
| 17:08:27 | execut3: | execut3 is now known as shesek |
| 19:03:47 | cfields: | stonecoldpat: assume we're thinking the same way, what pitfalls have you come up with? |
| 19:05:39 | kanzure: | cfields: sender pubkey is clever but you could just do a massive lookup attack i think, since sender pubkeys are knowable |
| 19:05:49 | stonecoldpat: | ^ |
| 19:06:00 | kanzure: | cfields: although the feasibility of that sort of large lookup might be not so feasible, i dunno |
| 19:06:00 | stonecoldpat: | well, there is also a signature available |
| 19:06:06 | stonecoldpat: | so you have a sig + pub key, that bob can now work with |
| 19:06:26 | stonecoldpat: | and that sig may reveal information |
| 19:06:34 | cfields: | kanzure: the pubkey doesn't get you anywhere.... |
| 19:06:47 | cfields: | kanzure: you'd have to also know the receiver's privkey in order to generate the shared secret |
| 19:06:50 | kanzure: | cfields: you can observe the network and see all transactions. so you by definition must have the pubkey. |
| 19:07:36 | kanzure: | or at least a hash of the pubkey.... hm. |
| 19:07:44 | kanzure: | well now i'm unsure. |
| 19:07:48 | cfields: | kanzure: yes, i meant.. if you know the correct pubkey for the _real_ transaction, there's no way to prove it |
| 19:07:50 | stonecoldpat: | if its in the input, theyll have the actual pub key |
| 19:08:19 | kanzure: | cfields: so you're hoping that nobody looks at all of the possible pubkeys, and doesn't try to reconstruct those so-called (possible) stealth transactions? |
| 19:08:46 | cfields: | kanzure: no, i'm saying that it doesn't do you any good to have the real pubkey, if you don't have the sender's priv key to go with it |
| 19:08:54 | cfields: | because you can't regenerate the secret without both |
| 19:09:16 | kanzure: | what was the definition of your secret please |
| 19:09:42 | stonecoldpat: | from what i can tell, he wants to use the pubkey stored in the input of a transaction, as opposed to one sent over https / opreturn |
| 19:09:56 | stonecoldpat: | and then do a diffie with the senders pub key |
| 19:09:58 | cfields: | sender privkey * recv pubkey |
| 19:10:00 | cfields: | correct |
| 19:11:03 | cfields: | the sender tweaks the recv pubkey with that secret to derive a new pubkey, and sends the funds there |
| 19:11:03 | stonecoldpat: | yeah i had an idea to do that last summer, i sent a few e-mails about it privately to some people, it should work fine |
| 19:11:17 | stonecoldpat: | only problem is that a sig is available |
| 19:11:46 | cfields: | stonecoldpat: right. This assumes that the sender can create a compatible transaction |
| 19:12:18 | stonecoldpat: | what do you mean by compatible |
| 19:12:23 | stonecoldpat: | its just a normal transaction? |
| 19:12:48 | cfields: | yea, just nothing crazy |
| 19:12:57 | stonecoldpat: | i look up your previous one, get the pub key, generate your new pub key using my pub key, and send a transaction to that derived pub key |
| 19:13:08 | cfields: | correct |
| 19:13:14 | stonecoldpat: | my pub key is revealed and then you just do stealth that way |
| 19:14:12 | stonecoldpat: | some worries ive had, bob knows it in advance and may force you into some number group that makes your new pub key vulnerable, but i dont have any evidence to show thats the case |
| 19:14:52 | adam3us: | adam3us has left #bitcoin-wizards |
| 19:14:53 | cfields: | stonecoldpat: that's part of my reason for suggesting to hash the secret before using it |
| 19:14:54 | stonecoldpat: | he also has a singature, that may reveal some information about your pub key (as ecdsa in the form for bitcoin is not a zero knowledge proof, although theres a paper that hints that it could be if re-arranged) |
| 19:15:50 | stonecoldpat: | it would have to be hashed yeah (thats whats done during a stealth) |
| 19:16:01 | stonecoldpat: | your just using a difference source of a pub key, everything else is the same |
| 19:17:51 | cfields: | stonecoldpat: for that matter, the sender's pubkey could also be tweaked before use in creating the secret, in order to further obfuscate it |
| 19:18:13 | stonecoldpat: | you cant trust the sender |
| 19:18:18 | stonecoldpat: | he wants to steal your bitcoins if he can |
| 19:18:24 | cfields: | no, that'd be for the sender's benefit |
| 19:18:57 | stonecoldpat: | why would it benefit him? he sends the coins (using an ad-hoc address), he no longer has any use fori t |
| 19:19:16 | stonecoldpat: | he may not even care for the privacy, its the receiver who cares (and requests that this technique is used) |
| 19:19:57 | arubi_: | arubi_ is now known as arubi |
| 19:24:34 | cfields: | stonecoldpat: ok sorry, i got that backwards. the receiver's pubkey could be tweaked on the sender's side by some deterministic (but random) value, to be reversed by the receiver. in order to possibly help hide info that could be gleaned from the sig. |
| 19:27:20 | linelevel: | I just saw Gavin at DevCore Boston less than a week ago, and he said he thought it would be 6 months before 0.10 was released. Guess he overestimated a bit. :) |
| 19:27:48 | cfields: | linelevel: eh? he said 6 months for adoption |
| 19:27:53 | stonecoldpat: | cfields: ive thought of that for something related, i dont think that would help as it creates extra-work for the receiver (unless random is sent via another channel) and i dont think that would really help with the sig problem |
| 19:28:15 | kanzure: | cfields: btw i have a partial transcript from the livestream http://diyhpl.us/wiki/transcripts/bitcoin-devcore-2015/research-and-development-goals/ |
| 19:28:16 | stonecoldpat: | then that defeats the purpose of doing it that way to begin with (to avoid out-of-band communication) |
| 19:28:21 | linelevel: | cfields: Ah, okay. I guess I misunderstood. |
| 19:29:22 | cfields: | stonecoldpat: random could be something as simple as the hash of the pubkey. |
| 19:29:43 | cfields: | er, haha, nm |
| 19:29:55 | stonecoldpat: | lol |
| 19:30:17 | stonecoldpat: | theres lots of tweaks you can do, but i dont think they are necessary |
| 19:30:28 | cfields: | this is all still fresh in my brain, i keep having to remind myself which parts are secret :) |
| 19:31:21 | stonecoldpat: | if it helps, i do think its reasonably safe, a while ago i searched through the logs to find out why they didnt do it that way to begin with to no avail, but its certainly better to use an ad-hoc nonce each time for safety |
| 19:33:20 | cfields: | stonecoldpat: well, it's a trade-off with adding an additional layer of communication. |
| 19:33:49 | cfields: | stonecoldpat: but yes, this has helped greatly. Thanks for talking though it with me. I'll throw something together for a more in-depth discussion. |
| 22:09:38 | Guest54424: | Guest54424 is now known as elevation |
| 22:39:12 | lclc_bnc: | lclc_bnc is now known as lclc |
| 23:22:40 | lclc: | lclc is now known as lclc_bnc |