00:02:46contrapumpkin:contrapumpkin is now known as copumpkin
02:43:47hashtagg:hashtagg is now known as hashtag
05:12:40evanxbt:evanxbt has left #bitcoin-wizards
05:13:13rusty:rusty has left #bitcoin-wizards
06:59:47embicoin_:embicoin_ is now known as embicoin
08:03:39Taek:https://news.ycombinator.com/item?id=9055073 - this is an idea that has obsessed me a bit for the past year or so
08:04:35Taek:the idea of an autonomous, self repairing, self reproducing fleet of cars that finances itself by being a taxi service is super attractive. It'll be nearly alive, and it'll pay for all of its own human services
08:06:22Taek:And Bitcoin is a pretty natural choice for currency, as it protects the cars from legal action that might freeze the funding. It won't protect the cars from seizure or force but at least you'll have financial security
08:32:55lclc_bnc:lclc_bnc is now known as lclc
09:05:14kornbluth.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
09:05:14kornbluth.freenode.net:Users on #bitcoin-wizards: andy-logbot iddo adam3us paveljanik Mably lechuga_ btcdrak TD-Linux ftrete6egdr hhh98 koeppelmann arubi_ hktud0 jtimon embicoin justanotheruser prodatalab Pan0ram1x TheSeven Dr-G Adlai p15 Starsoccer midnightmagic leakypat copumpkin shesek orik jgarzik maaku nuke1989 devrandom Starduster waxwing mariorz Emcy_ hashtag afk11 airbreather flower_ delll_ antgreen coiner ryanxcharles CryptOprah K1773R sdaftuar_ Apocalyptic tromp_ jaekwon
09:05:14kornbluth.freenode.net:Users on #bitcoin-wizards: coryfields Xzibit17 platinuum artifexd fanquake hashtag_ alawson epscy_ Muis kumavis dasource bosma elevation xabbix__ guruvan c0rw1n cluckj spinza Anduck binaryatrocity bedeho brad__ gmaxwell burcin dansmith_btc paperbot dc17523be3 sipa melvster GAit grandmaster Luke-Jr fenn espes__ dgenr8 PaulCapestany LarsLarsen jbenet use_zfs_yo Oizopower mappum harrow Visheate a5m0 hollandais PRab SubCreative luny Logicwax Zouppen comboy yoleaux
09:05:14kornbluth.freenode.net:Users on #bitcoin-wizards: forrestv MoALTz lnovy deego d9b4bef9 weex_ nanotube nsh DoctorBTC bliljerk101 mr_burdell tripleslash cornus_ammonis NeatBasis [d__d] Hunger- davout wiz tromp Alanius michagogo cursive nick1234abcd__ PFate yrashk BlueMatt brand0 @ChanServ Adrian_G throughnothing Cory andytoshi helo NikolaiToryzin catcow btc___ HM2 berndj azariah Krellan null_radix MRL-Relay morcos cryptowest gavinandresen gnusha_ Meeh qwopqwop huseby lclc indolering kinlo
09:05:14kornbluth.freenode.net:Users on #bitcoin-wizards: otoburb hguux__ ahmed_ wizkid057 so phedny stonecoldpat warptangent roasbeef gwillen isis sneak crescendo Taek eric livegnik asoltys_ pigeons catlasshrugged kanzure heath JonTitor Graet ajweiss ryan-c smooth BananaLotus petertodd bbrittain Keefe s1w Eliel cfields jaromil Fistful_of_Coins jcorgan optimator gribble warren veox dardasaba fluffypony amiller bobke_ earlz sl01 phantomcircuit Iriez nickler wumpus BrainOverfl0w
10:08:18airbreather_1:airbreather_1 is now known as airbreather
10:58:18justanotheruser:justanotheruser is now known as minikiwi
11:44:54maaku:Taek: sure, but the challenges there are unrelated to money protocol
11:50:22lclc:lclc is now known as lclc_bnc
12:59:50lclc_bnc:lclc_bnc is now known as lclc
13:50:15elevation:elevation is now known as Guest54424
13:58:25kanzure:maaku: perhaps i should push him into the secret channel for secret self-reproducing car stuff
13:59:27maaku:kanzure: yeah Taek's cool
14:09:16justanotheruser:justanotheruser is now known as jaybird
14:09:23jaybird:jaybird is now known as justanotheruser
14:20:24lclc:lclc is now known as lclc_bnc
14:48:32lclc_bnc:lclc_bnc is now known as lclc
15:41:01hearn_:hearn_ is now known as Guest185
15:41:10justanotheruser:kanzure: aww, I was hoping for a proof that proofs can't prove the absence of bugs
17:05:03lclc:lclc is now known as lclc_bnc
17:08:27execut3:execut3 is now known as shesek
19:03:47cfields:stonecoldpat: assume we're thinking the same way, what pitfalls have you come up with?
19:05:39kanzure:cfields: sender pubkey is clever but you could just do a massive lookup attack i think, since sender pubkeys are knowable
19:06:00kanzure:cfields: although the feasibility of that sort of large lookup might be not so feasible, i dunno
19:06:00stonecoldpat:well, there is also a signature available
19:06:06stonecoldpat:so you have a sig + pub key, that bob can now work with
19:06:26stonecoldpat:and that sig may reveal information
19:06:34cfields:kanzure: the pubkey doesn't get you anywhere....
19:06:47cfields:kanzure: you'd have to also know the receiver's privkey in order to generate the shared secret
19:06:50kanzure:cfields: you can observe the network and see all transactions. so you by definition must have the pubkey.
19:07:36kanzure:or at least a hash of the pubkey.... hm.
19:07:44kanzure:well now i'm unsure.
19:07:48cfields:kanzure: yes, i meant.. if you know the correct pubkey for the _real_ transaction, there's no way to prove it
19:07:50stonecoldpat:if its in the input, theyll have the actual pub key
19:08:19kanzure:cfields: so you're hoping that nobody looks at all of the possible pubkeys, and doesn't try to reconstruct those so-called (possible) stealth transactions?
19:08:46cfields:kanzure: no, i'm saying that it doesn't do you any good to have the real pubkey, if you don't have the sender's priv key to go with it
19:08:54cfields:because you can't regenerate the secret without both
19:09:16kanzure:what was the definition of your secret please
19:09:42stonecoldpat:from what i can tell, he wants to use the pubkey stored in the input of a transaction, as opposed to one sent over https / opreturn
19:09:56stonecoldpat:and then do a diffie with the senders pub key
19:09:58cfields:sender privkey * recv pubkey
19:11:03cfields:the sender tweaks the recv pubkey with that secret to derive a new pubkey, and sends the funds there
19:11:03stonecoldpat:yeah i had an idea to do that last summer, i sent a few e-mails about it privately to some people, it should work fine
19:11:17stonecoldpat:only problem is that a sig is available
19:11:46cfields:stonecoldpat: right. This assumes that the sender can create a compatible transaction
19:12:18stonecoldpat:what do you mean by compatible
19:12:23stonecoldpat:its just a normal transaction?
19:12:48cfields:yea, just nothing crazy
19:12:57stonecoldpat:i look up your previous one, get the pub key, generate your new pub key using my pub key, and send a transaction to that derived pub key
19:13:14stonecoldpat:my pub key is revealed and then you just do stealth that way
19:14:12stonecoldpat:some worries ive had, bob knows it in advance and may force you into some number group that makes your new pub key vulnerable, but i dont have any evidence to show thats the case
19:14:52adam3us:adam3us has left #bitcoin-wizards
19:14:53cfields:stonecoldpat: that's part of my reason for suggesting to hash the secret before using it
19:14:54stonecoldpat:he also has a singature, that may reveal some information about your pub key (as ecdsa in the form for bitcoin is not a zero knowledge proof, although theres a paper that hints that it could be if re-arranged)
19:15:50stonecoldpat:it would have to be hashed yeah (thats whats done during a stealth)
19:16:01stonecoldpat:your just using a difference source of a pub key, everything else is the same
19:17:51cfields:stonecoldpat: for that matter, the sender's pubkey could also be tweaked before use in creating the secret, in order to further obfuscate it
19:18:13stonecoldpat:you cant trust the sender
19:18:18stonecoldpat:he wants to steal your bitcoins if he can
19:18:24cfields:no, that'd be for the sender's benefit
19:18:57stonecoldpat:why would it benefit him? he sends the coins (using an ad-hoc address), he no longer has any use fori t
19:19:16stonecoldpat:he may not even care for the privacy, its the receiver who cares (and requests that this technique is used)
19:19:57arubi_:arubi_ is now known as arubi
19:24:34cfields:stonecoldpat: ok sorry, i got that backwards. the receiver's pubkey could be tweaked on the sender's side by some deterministic (but random) value, to be reversed by the receiver. in order to possibly help hide info that could be gleaned from the sig.
19:27:20linelevel:I just saw Gavin at DevCore Boston less than a week ago, and he said he thought it would be 6 months before 0.10 was released. Guess he overestimated a bit. :)
19:27:48cfields:linelevel: eh? he said 6 months for adoption
19:27:53stonecoldpat:cfields: ive thought of that for something related, i dont think that would help as it creates extra-work for the receiver (unless random is sent via another channel) and i dont think that would really help with the sig problem
19:28:15kanzure:cfields: btw i have a partial transcript from the livestream http://diyhpl.us/wiki/transcripts/bitcoin-devcore-2015/research-and-development-goals/
19:28:16stonecoldpat:then that defeats the purpose of doing it that way to begin with (to avoid out-of-band communication)
19:28:21linelevel:cfields: Ah, okay. I guess I misunderstood.
19:29:22cfields:stonecoldpat: random could be something as simple as the hash of the pubkey.
19:29:43cfields:er, haha, nm
19:30:17stonecoldpat:theres lots of tweaks you can do, but i dont think they are necessary
19:30:28cfields:this is all still fresh in my brain, i keep having to remind myself which parts are secret :)
19:31:21stonecoldpat:if it helps, i do think its reasonably safe, a while ago i searched through the logs to find out why they didnt do it that way to begin with to no avail, but its certainly better to use an ad-hoc nonce each time for safety
19:33:20cfields:stonecoldpat: well, it's a trade-off with adding an additional layer of communication.
19:33:49cfields:stonecoldpat: but yes, this has helped greatly. Thanks for talking though it with me. I'll throw something together for a more in-depth discussion.
22:09:38Guest54424:Guest54424 is now known as elevation
22:39:12lclc_bnc:lclc_bnc is now known as lclc
23:22:40lclc:lclc is now known as lclc_bnc