| 00:27:07 | kanzure: | are there as many bittorrent forks and variations as there are bitcoin derivatives? |
| 00:27:20 | kanzure: | protocol-level i mean |
| 00:41:28 | nsh: | not even remotely... |
| 00:41:54 | nsh: | (because bittorrent is more magically associated with wealth from nowhere) |
| 00:41:58 | nsh: | *is not |
| 01:32:28 | linelevel: | linelevel has left #bitcoin-wizards |
| 02:20:58 | bosma_: | bosma_ is now known as bosma |
| 02:51:55 | rusty: | rusty has left #bitcoin-wizards |
| 02:52:44 | maaku: | kanzure: maybe? theres probably more meaningful changes |
| 02:53:07 | kanzure: | hm. |
| 03:13:56 | everettForth: | has anyone looked at altcoins that have implemented zk-snarks? |
| 03:14:53 | nsh: | are there any? |
| 03:19:30 | everettForth: | nsh: I have seen at least one that claims to |
| 03:20:46 | gmaxwell: | I don't believe there is. |
| 03:21:14 | amiller: | everettForth, which? |
| 03:21:18 | everettForth: | gmaxwell: shadowcash claims to |
| 03:21:46 | kanzure: | .g shadowcash |
| 03:21:46 | yoleaux: | http://shadow.cash/ |
| 03:23:23 | nsh: | claims 'traceable' ring signature with no trusted setup |
| 03:23:43 | nsh: | .g ext:pdf shadowcase-anon |
| 03:23:43 | yoleaux: | http://www.atmos.washington.edu/~siler/SilerRoeDurran2013.pdf |
| 03:24:35 | nsh: | http://shadow.cash/downloads/shadowcash-anon.pdf |
| 03:24:54 | everettForth: | nsh: I think this ring structure may be outdated |
| 03:25:10 | everettForth: | they have been making changes and left some old pieces in there |
| 03:25:27 | gmaxwell: | I see no evidence of anything zk-snark in it. (fetched the source) |
| 03:25:55 | nsh: | the, ehm, white paper is a bit dubious. a lot more effort was put into the marketing copy in the bitcointalk thread |
| 03:26:04 | nsh: | which is generally a bad sign |
| 03:27:11 | instagibbs: | 99% sure that paper was posted here before |
| 03:27:38 | gmaxwell: | there is some amusing cryptographic code in it thats quite concerning. |
| 03:27:49 | gmaxwell: | but nothing interesting. |
| 03:30:02 | gmaxwell: | They're also MIT licens violators (no shock) |
| 03:30:27 | nsh: | heh |
| 03:31:11 | everettForth: | ok, so no zk-snarks yet I guess, I must have read something on bitcointalk |
| 03:31:22 | everettForth: | gmaxwell: how are they violating the license? |
| 03:31:59 | gmaxwell: | Stripped out all attribution, which is the only thing the license requires they not do. |
| 03:33:16 | everettForth: | isn't this attribution: https://github.com/SDCDev/shadowcoin/blob/master/COPYING ? |
| 03:34:18 | gmaxwell: | everettForth: they stripped it out of the source files elsewhere (with a search and replace which falsely claims authorship even of files they didn't touch). No on really cares, I just mentioned it in passing. |
| 03:38:13 | gmaxwell: | pretty sophicated BRS implementation in it. |
| 03:39:02 | everettForth: | what's BRS? |
| 03:39:12 | gmaxwell: | the bytecoin thing. |
| 03:40:22 | everettForth: | I wonder how does shadowcash's stealth address work if it's not zk-snarks? |
| 03:40:52 | gmaxwell: | same way stealth addresses work in Bitcoin. |
| 03:42:17 | everettForth: | ah I see, thanks gmaxwell |
| 03:42:40 | greenismypepper: | greenismypepper has left #bitcoin-wizards |
| 03:43:10 | everettForth: | you guys are pretty smart here, this was so much better than trying to read bitcointalk |
| 03:43:17 | sipa: | lol |
| 03:44:22 | instagibbs: | http://bitcoin.stackexchange.com/questions/20701/what-is-a-stealth-address for more info everettForth |
| 03:44:46 | everettForth: | thanks instagibbs I'm reading that now :) |
| 03:44:53 | gmaxwell: | Translation: we're too helpful, to the point that wasting our time is eaiser than a moment of research on your own? :) |
| 03:46:00 | instagibbs: | google is still in beta, pretty sure |
| 03:46:22 | everettForth: | Well, i tried to research it, but I got stuck, so I appreciate the moment of clarity from this crowd |
| 03:46:47 | everettForth: | there is a lot of noise even with google helping me |
| 04:25:25 | adam3us: | like http://lmgtfy.com/?q=bitcoin+stealth+address |
| 04:26:19 | adam3us: | aka why are you asking, its the first hit on google search! with a fun slow moving cursor and simulated typing of the search term :) |
| 04:26:49 | sipa: | adam3us: one should never post a non-tinyurl'd lmgtfy link |
| 04:27:21 | gmaxwell: | I dunno, makes the most sense to me. |
| 04:57:24 | instagibbs: | adam3us: people can't know my secret |
| 04:57:56 | instagibbs: | stop spoiling |
| 06:00:32 | bramc: | Hey everybody. I'm still digesting from the meeting today. Have some thoughts but want to give them a chance to stabilize a bit more before discussing. |
| 07:20:35 | fluffypony: | [06:26:49] adam3us: one should never post a non-tinyurl'd lmgtfy link <- agreed, you've got to trick them into clicking the link, otherwise your trolling is incomplete |
| 07:49:43 | sipa: | partial troll is worst troll |
| 09:05:14 | leguin.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 09:05:14 | leguin.freenode.net: | Users on #bitcoin-wizards: andy-logbot ielo Logicwax TheSeven lechuga_ [d__d] cornus_ammonis orik CoinMuncher jaekwon irc88 shesek zwischenzug hktud0 null_radix bramc oujh justanotheruser instagibbs GreenIsMyPepper moa coiner adam3us HaltingState Dr-G koshii hashtag bosma antgreen Emcy_ ebfull delll_ waxwing PaulCapestany torsthaldo elevatio1 nubbins` starsoccer GAit grandmaster ryanxcharles grubles binaryatrocity jgarzik dignork afk11 prodatalab p15 Krellan Starduster_ |
| 09:05:14 | leguin.freenode.net: | Users on #bitcoin-wizards: orperelman flower erasmospunk btcdrak kinlo PRab copumpkin Cory fanquake Adlai droark nuke1989 jessepollak ahmed_ Luke-Jr luny Graet ryan-c s1w Eliel veox amiller warptangent indolering huseby tromp K1773R TD-Linux LarsLarsen go1111111 airbreather iddo Pan0ram1x midnightmagic leakypat maaku mariorz CryptOprah sdaftuar_ Apocalyptic tromp_ coryfields Xzibit17 platinuum artifexd epscy_ Muis kumavis dasource guruvan c0rw1n cluckj spinza Anduck |
| 09:05:14 | leguin.freenode.net: | Users on #bitcoin-wizards: bedeho brad__ gmaxwell burcin dansmith_btc paperbot dc17523be3 sipa melvster fenn espes__ dgenr8 jbenet Oizopower mappum harrow Visheate a5m0 hollandais SubCreative Zouppen comboy yoleaux forrestv MoALTz lnovy deego d9b4bef9 weex_ nanotube nsh DoctorBTC bliljerk101 mr_burdell tripleslash NeatBasis Hunger- davout wiz Alanius michagogo cursive PFate yrashk BlueMatt brand0 @ChanServ Adrian_G throughnothing andytoshi helo NikolaiToryzin catcow |
| 09:05:14 | leguin.freenode.net: | Users on #bitcoin-wizards: btc___ HM2 berndj azariah MRL-Relay morcos cryptowest gavinandresen gnusha_ Meeh qwopqwop lclc_bnc otoburb hguux__ wizkid057 so phedny stonecoldpat roasbeef gwillen isis BrainOverfl0w wumpus nickler Iriez phantomcircuit sl01 bobke_ fluffypony dardasaba warren gribble optimator jcorgan Fistful_of_Coins jaromil cfields Keefe bbrittain petertodd BananaLotus smooth ajweiss sneak crescendo Taek eric livegnik asoltys_ pigeons catlasshrugged kanzure |
| 09:05:14 | leguin.freenode.net: | Users on #bitcoin-wizards: heath JonTitor |
| 11:09:47 | lclc_bnc: | lclc_bnc is now known as lclc |
| 11:21:50 | lclc: | lclc is now known as lclc_bnc |
| 12:15:29 | justanotheruser: | justanotheruser is now known as justanot1eruser |
| 12:16:11 | justanot1eruser: | justanot1eruser is now known as lebronxjames |
| 12:16:16 | lebronxjames: | lebronxjames is now known as justanotheruser |
| 12:16:39 | justanotheruser: | justanotheruser is now known as lebronxjames |
| 12:16:40 | lebronxjames: | lebronxjames is now known as Guest8560 |
| 12:16:49 | Guest8560: | Guest8560 is now known as justanotheruser |
| 14:13:10 | lclc_bnc: | lclc_bnc is now known as lclc |
| 15:22:22 | Guyver2: | Guyver2 has left #bitcoin-wizards |
| 15:46:12 | fanquake_: | fanquake_ is now known as fanquake |
| 15:47:48 | waxwing__: | waxwing__ is now known as waxwing |
| 16:06:16 | lclc: | lclc is now known as lclc_bnc |
| 17:24:02 | arubi_: | arubi_ is now known as arubi |
| 18:15:48 | mariorz: | why do you think some people are so viscerally against bitcoin? |
| 18:19:38 | mariorz: | they usually rationalize it with pseudo-economic arguments, but even that does not explain such a vehement stand |
| 18:20:18 | kanzure: | wrong channel i think |
| 18:20:51 | mariorz: | oh |
| 18:49:01 | zooko`: | * zooko` joins #bitcoin-politics |
| 18:49:40 | zooko`: | Oh, and I thought I was joking, but there actually is such a channel. |
| 18:49:55 | zooko`: | zooko` is now known as zooko |
| 18:50:15 | stonecoldpat: | lol |
| 20:51:00 | bramc: | Hey everybody |
| 20:52:15 | tromp_: | hi Bram |
| 20:52:39 | bramc: | Some preliminary thoughts from meatspace discussions yesterday: |
| 20:53:38 | bramc: | nonoutsourcability is totally fixable using amiller's construction but doesn't address the main attack. Using strongly single use signatures is probably a really good idea though (I can explain what those are, there's no literature on them) |
| 20:54:48 | amiller: | meatspace where (just curious)? |
| 20:54:55 | amiller: | what do you mean doesn't address the main attac |
| 20:55:19 | tromp_: | aren't ecdsa sigs with fixed k single use? |
| 20:57:00 | bramc: | The problem of pooling incentives can be strongly mitigated by using the nth worst signature for some small n and requiring the others to support it. It's very important that only the nth worst appear on the trunk (new idea as of this morning, before I thought this allowed an attacker to try too many different permutations) and there's a lot of subtle details about how the cooperation works out and it makes everything a |
| 20:57:01 | bramc: | bit weaker against a fast spow server. |
| 20:57:19 | bramc: | tromp_, Could be, I need nonoutsourcability too though |
| 20:58:03 | bramc: | amiller, meatspace in my offices |
| 20:59:14 | amiller: | i havne't clicked in and figured out what you're talking about yet :) |
| 20:59:17 | bramc: | With secure hash based signatures there's a simple trick for making them single use: Signatures require revealing most of the preimages |
| 20:59:22 | tromp_: | by n-th worst you mean n-th closest to the target from spow? |
| 21:00:03 | bramc: | Now I need to figure out how to start approaching this for someone who wasn't at the meeting yesterday |
| 21:00:58 | tromp_: | how many ppl at this meeting? |
| 21:02:30 | bramc: | The short of it is that I'm working on a form of mining where the proof of work doesn't involve any CPU (think I've explained that before) There's an inherent problem with it in that because it doesn't cost anything to mine it doesn't cost anything to mine inferior forks, and your chances of an inferior fork catching up go up as the size of your pool gets bigger. This isn't a large effect, but it's one which it would be |
| 21:02:30 | bramc: | a very good idea to mitigate. |
| 21:02:48 | bramc: | tromp_, six or seven not including me. |
| 21:03:15 | bramc: | gmaxwell, Luke-Jr, sipa, and a few others whose handles I don't remember |
| 21:04:20 | bramc: | Oh that reminds me, I'm now convinced that it's a good idea to not do the halving, and given how slowly the implicit inflation goes down I think it's best to just leave it at that. That also has the advantage of being braindead simple. |
| 21:04:34 | bramc: | This is re: the general discussion of demurrage |
| 21:04:39 | tromp_: | so you want single-use sigs to prevent ppl signing off on multiple forks? |
| 21:05:38 | bramc: | tromp_, Uh... basically yes, I'm not exactly sure attacks I'd like to guard against because they depend on the subtle details of how cooperation between the n best sigs works but something like that. |
| 21:06:44 | tromp_: | your not-halving comment is about the reward as function of time? |
| 21:07:04 | bramc: | tromp_, Yes, mining rewards are fixed |
| 21:09:42 | kanzure: | meatspace as in "don't stream it or else kanzure might type it" |
| 21:09:44 | zooko: | * zooko reads with interest |
| 21:10:32 | tromp_: | so if the coin-loss rate is 2%, it takes over 50 years to reach the soft-cap of 50*yearly reward |
| 21:11:08 | bramc: | kanzure, Oh sorry, I didn't think to stream it, now that you mention it, I think you asked for that and I forgot |
| 21:11:41 | bramc: | my bad |
| 21:11:41 | kanzure: | that's okay, the version that happened in my head is probably accurate |
| 21:12:01 | zooko: | *lol* |
| 21:12:35 | bramc: | There wasn't much tomato flinging, I'd worked out answers to the problems which had been pointed out in earlier discussions. In some cases not super great answers, but at least answers. |
| 21:12:58 | kanzure: | nah i don't mean food fighting. i think i know a few of you well enough to predict various arguments. |
| 21:13:31 | bramc: | tromp_, I'm thinking no coin-loss rate, so *eventually* the rate is 'too low', and it happens as inflation instead of direct loss, but, you know, close enough. |
| 21:17:37 | bramc: | There was a bunch of general bitcoin discussion as well, including things like discussing transaction fees at the rate limit and shitting on zeroconf |
| 21:18:02 | zooko: | zeroconf? |
| 21:18:07 | fluffypony: | zeroconf ALL of the things! |
| 21:18:11 | fluffypony: | zooko: zero confirmation transactions |
| 21:18:15 | zooko: | Oh. |
| 21:18:20 | kanzure: | "speed of light constraints don't exist, proof of work is wasteful, and bitcoin devs are evil" |
| 21:18:34 | fluffypony: | because you should be using Bitcoin to buy your coffee in the morning, amirite? |
| 21:18:45 | bramc: | As in, zero blocks have been minted including the transaction yet |
| 21:19:10 | kanzure: | i think that you will find that the vast majority of all devs aren't actually evil |
| 21:19:36 | kanzure: | also, i don't know what sort of complaints you have about zero confirmation transactions, but technically all transactions begin with zero confirmations, so i don't see the problem |
| 21:20:06 | bramc: | fluffypony, That's the goal, although of course zeroconf proper isn't a good solution. Some things came up which I need to read up on, including micropayment channels |
| 21:20:41 | fluffypony: | bramc: except that I'm not sure the main Bitcoin blockchain is the best place to have millions upon millions of coffee purchases...a |
| 21:20:42 | bramc: | So I'm going to hold off on giving an opinion on the best way to do a zeroconf-like thing until I've read through micropayment channels stuff |
| 21:21:06 | kanzure: | bramc: http://sourceforge.net/p/bitcoin/mailman/message/33405247/ |
| 21:21:10 | bramc: | fluffypony, Yes that's another problem. |
| 21:22:08 | bramc: | kanzure, The whole meeting felt very positive and a lot of fun, nobody was accusing anybody else of being evil |
| 21:22:25 | kanzure: | i was taking some creative license, hehe |
| 21:22:36 | kanzure: | i don't actually think that you think everyone is evil, you know |
| 21:22:48 | bramc: | There also seems to be a general belief that... how to put this... bitcoin zealotry is not actually helpful for the technology |
| 21:23:01 | fluffypony: | except kanzure, he's pretty evil with his dodgy anti-captcha libraries and stuff |
| 21:23:03 | fluffypony: | :-P |
| 21:23:24 | kanzure: | fluffypony: honestly you're the first person that has brought that up to me, which is a little weird-- everyone else seems to be sleeping on the job |
| 21:23:55 | fluffypony: | you should complain to management |
| 21:24:59 | bramc: | Obviously I'm not arguing against speed of light limitations: I'm probably the world's leading expert in that having spent several years banging my head against live streaming. The argument about whether it's possible to get rid of mining wastage is a real one though, and the whole point of what I'm doing. |
| 21:25:26 | kanzure: | have you read pos.pdf yet |
| 21:25:30 | kanzure: | or alts.pdf for that matter |
| 21:26:23 | bramc: | kanzure, I'm doing proof of storage, not proof of stake. Trying to keep the very central concept in bitcoin that all you need to validate the best blockchain is a cpu and a clock |
| 21:26:49 | kanzure: | hopefully i have never accused you of doing proof of stake, but the reasons why proof of stake doesn't quite work are quite interesting and worth studying |
| 21:27:10 | bramc: | Fair enough, I'll put it on my reading list, which apparently is a bit long again |
| 21:27:17 | kanzure: | also, supose you have a civilization on earth within a light sphere of say uh.. a few minutes at most.. that had a few trillion transactions per second. i don't think it's reasonable to store all of those transactions in a blockchain that gets synced around to everyone. |
| 21:27:36 | kanzure: | bramc: https://download.wpsoftware.net/bitcoin/alts.pdf |
| 21:27:40 | moa: | ".... the vast majority of all devs aren't actually evil" ... can't be evil |
| 21:27:41 | kanzure: | bramc: https://download.wpsoftware.net/bitcoin/pos.pdf |
| 21:28:02 | bramc: | kanzure, Absolutely, I don't have a good answer to scaling though, so I'm not pretending to work on it |
| 21:28:05 | kanzure: | moa: developers (including myself) can make poor implementation decisions |
| 21:28:27 | bramc: | kanzure, thanks for the links, but I'd already found them :-) |
| 21:28:45 | kanzure: | bramc: btw i've been meaning to ask you, why are there not so many forks of bittorrent? obv. there's no crazy financial incentive, but uh.. still.. i'd expect at least more than i've seen. which is not many. |
| 21:29:28 | kanzure: | bramc: one idea ih ave is that the reason may be that there's no single bittorrent client that performs all of the necessary functions, so forking and protocol-derivatives are more costly. |
| 21:29:30 | bramc: | kanzure, Basically nobody's come up with a compelling feature for a new alternative. And there's tremendous networking effects with a literal installed base. |
| 21:29:43 | moa: | bramc : (micro)payment channels material links https://github.com/utxo/wheels/wiki |
| 21:29:48 | bramc: | Yes getting installs on client machines is a massive hurdle. |
| 21:30:16 | kanzure: | right right, typical adoption problems, but i assume also infrastructure problems (server, client, trackers, whatever the protocol changes call for) |
| 21:30:26 | kanzure: | whoops s/server/tracker |
| 21:30:44 | bramc: | Yeah there's a lot of momentum on the DHT. Less for individual trackers though |
| 21:31:20 | kanzure: | i think that bitcoinj's micropayment channel documentation is the most practically-approachable and had minimal moon math |
| 21:31:30 | kanzure: | https://bitcoinj.github.io/working-with-micropayments |
| 21:35:05 | hashtagg_: | hashtagg_ is now known as hashtag |
| 21:36:08 | bramc: | Doing everything based on proofs of storage appears to not work but I'm trying to do the very subtle engineering necessary to make it happen. One of the first times I came in this channel I got into an argument with gmaxwell about the entry in the bitcoin ninja faq talking about that. This argument is of course still ongoing. There's a not-so-slippery slope in what I've come up with, which raises the question of how not |
| 21:36:08 | bramc: | -slippery it can be made and whether that works in practice. |
| 21:36:33 | bramc: | gmaxwell also made the interesting and ironic point that attacking my thing is a lot more fun than attacking something which is truly busted |
| 21:37:00 | moa: | a worthy adversary |
| 21:37:53 | bramc: | moa, Yeah that's the problem |
| 21:38:45 | kanzure: | i think you should consider working from the opposite direction (why does decentralized consensus seem to work at all, and then what properties of it can you change without totally breaking it) |
| 21:38:52 | kanzure: | ((rather than building from the opposite direction)) |
| 21:38:57 | moa: | interesting comment about keeping it simple to proving you have a cpu and a clock |
| 21:39:01 | moa: | proof of clock? |
| 21:40:05 | moa: | what is work done but the increase in entropy |
| 21:40:18 | bramc: | moa, There's a lot of proof of time in thing, aka sequential proof of work or spow |
| 21:41:16 | bramc: | kanzure, Well I sort of am in that I'm working based fairly directly off of bitcoin, there's a clear notion of having blocks and probabilistic minting of them |
| 21:42:59 | zooko: | * zooko reads with interest. |
| 21:43:34 | kanzure: | right.. but blocks aren't why it works. |
| 21:43:38 | kanzure: | or seems to work |
| 21:43:42 | stonecoldpat: | * stonecoldpat reads with interest as well. |
| 21:44:07 | bramc: | moa, There's a basic but very obfuscated point in bitcoin that when you're deciding whether to accept a chain you look at the clock and only accept the chain if the amount of mining rewards it claims are within what should have been awarded by the current time. That's heavily obfuscated for technical reasons, but it's the essence of what's going on. |
| 21:46:12 | moa: | the time warp attack ... hardly call it obfuscated |
| 21:46:16 | bramc: | kanzure, It's based a little bit more fundamentally on proofs of work, but the noisiness seems very fundamental to achieving convergence, at least nobody's suggested anything else which seems to work for that. |
| 21:46:35 | bramc: | moa, the time warp attack is much less effective if you don't have that damn bug. |
| 21:50:05 | moa: | well the distributed (consensus) timestamp server is the key discovery behind the much ballyhooed "blockchain techology" |
| 21:50:12 | moa: | and it appears to work, thus far |
| 21:54:04 | bramc: | There are a number of things in bitcoin which just barely work and are heavily interdependent, as this loophole in the limits of k-agreement. I assume the thing on proofs of stake goes into much more technical detail on this, but I haven't read it yet. |
| 21:55:34 | bramc: | Is there a good link for p2sh squared? |
| 21:56:24 | kanzure: | there are good links for p2sh things, but what is squared about p2sh squared? |
| 21:57:53 | bramc: | kanzure, It's double hashed so there's a need to demonstrate that things in the block chain are actual hashes. People were talking about it yesterday. |
| 21:58:23 | bramc: | Also, is there a good explanation of what 'scorched earth' is in reference to? I can find it being used but nothing which explains what's meant by it. |
| 21:59:43 | bramc: | Also came up in discussion: There's a very important use case for having dependent transactions get included in the same block, in having the receiver pay transaction fees. |
| 22:06:26 | moa: | proof of clock ==> proof of entropy increase (arrow of time) http://en.wikipedia.org/wiki/Entropy_%28arrow_of_time%29 |
| 22:09:23 | bramc: | moa, there's a difference between something which demonstrates a parallelizable vs. non-parallelizable operation. |
| 22:11:10 | bramc: | lamport signatures are of course all single use, but they aren't strongly single use, in that maybe you can get away with signing, like, two things. I'd like to fix that down so that if you sign two things you are well and truly screwed. |
| 22:11:19 | moa: | are all h/ware clocks crystal oscillators? |
| 22:12:01 | bramc: | Regardless of exactly how the underlying hardware works, there are some operations which just can't be parallelized effectively for cryptographic reasons. |
| 22:14:24 | bramc: | I keep forgetting that I installed a plug-in to improve the web and wondering why pages are talking about the 'douchiness committee' and the like (it's auto-substituting from 'leadership') |
| 22:17:22 | moa: | that's abstracting the double-spend problem out to the smaller set of parallelizable processes solutions |
| 22:18:28 | moa: | an incorruptible timestamp is the wider solution set |
| 22:20:46 | bramc: | moa, With a carefully designed block chain there can be a mix of proofs of time and proofs of storage which don't allow for an attacker to try an unlimited number of alternatives in parallel. |
| 22:21:08 | bramc: | Emphasis on the 'carefully designed' |
| 22:21:39 | smooth: | bramc: http://sourceforge.net/p/bitcoin/mailman/message/30705609/ |
| 22:22:20 | bramc: | smooth, thanks! |
| 22:25:10 | moa: | oh I thought you were investigating ASIC-resistant approaches |
| 22:32:11 | bramc: | moa, This goes beyond asic resistance into asics being completely irrelevant. Well, not for the proof of time part, but there's no direct incentive for that bit and only a few of them run at once. |
| 22:37:30 | nsh: | * nsh muses |
| 22:48:53 | tromp_: | bramc: if we could demonstrate practical limits on th parallellizability of cuckoo cycle, then that could make a simple posw |
| 22:49:33 | tromp_: | (i prefer the term proof of seq work over seq proof of work) |
| 22:50:56 | bramc: | tromp_, I need the proofs of storage to be fast and use no power at all, so I'm using the much more expedient trick of having the proof of storage be a public key whose hash is numerically as close as possible to the hash of the last spow |
| 22:51:23 | bramc: | I'm indifferent about the vernacular. People here seem to like saying spow, I don't know if that's a term of art or something gmaxwell made up. |
| 22:51:39 | tromp_: | it's the work that is sequential, not the proof |
| 22:51:40 | instagibbs: | I look forward to some form of write-up. I'm a little hazy on some of the acronyms you're throwing around |
| 22:52:58 | tromp_: | anyway, you seem to misinterpret my comment; i was talking about the proof -of-time phas |
| 22:58:40 | bramc: | tromp_, Oh the proof of time part needs to be absolutely canonical and nailed down. I'm doing it by it being a braindead repeated hashing operation with intermediary values given so that it can be spot checked and checked in parallel. |
| 23:02:18 | tromp_: | i agree that's much simpler. but for k iterations you need k*32 bytes of proof |
| 23:03:34 | tromp_: | and you wanted k in the thousands? |
| 23:04:19 | bramc: | Yeah they're a bit big unfortunately but still well under the transaction size limits |
| 23:04:48 | tromp_: | cuckoo is orders of magnitude shorter |
| 23:05:06 | tromp_: | and instantly checkable |
| 23:05:11 | bramc: | It's 64 bits per k, on the assumption that nobody can have 2^64 parallel processors |
| 23:05:24 | bramc: | cuckoo can't be verified to be canonical. That's a very important property. |
| 23:07:44 | bramc: | As in, necessary for the security of my system |
| 23:07:59 | tromp_: | ok, then we can forget about cuckoo.... |
| 23:08:30 | bramc: | Yeah that requirement makes things very difficult |
| 23:44:25 | zooko: | Hm, can't it be verified as canonical? |
| 23:44:46 | zooko: | It might require more work than the verification of (possibly non-canonical) work. |
| 23:44:52 | zooko: | Oh, bramc disappeared. |
| 23:45:10 | zooko: | Good, because I instantly regretted contributing a thought without first inquiring if he was patenting his ideas. ;-) |
| 23:49:46 | moa: | irc logs, the original creative commons |