06:24:26 | Pasha: | Pasha is now known as Cory |

09:05:14 | weber.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |

09:05:14 | weber.freenode.net: | Users on #bitcoin-wizards: andy-logbot rubensayshi hashtag CoinMuncher btcdrak face nuke__ dc17523be3 arubi coinheavy hktud0 moa bedeho Cory tripleslash [7] spinza devrandom Dr-G3 d1ggy_ antgreen PaulCapestany OneFixt zooko Emcy_ dgenr8 prodatalab tromp_ shesek melvster Pan0ram1x bepo jgarzik smooth Logicwax bit2017 fanquake Starduster p15 NikolaiToryzin phantomcircuit ajweiss sdaftuar morcos grandmaster Adlai coryfields Xzibit17 yrashk null_radix artifexd Zouppen kumavis |

09:05:14 | weber.freenode.net: | Users on #bitcoin-wizards: nsh mariorz catcow Krellan michagogo forrestv Muis cfields PFate platinuum sneak weex maaku sipa Oizopower BananaLotus Taek catlasshrugged Keefe JonTitor petertodd kanzure eric pigeons bobke jaekwon waxwing go1111111 espes__ zwischenzug Luke-Jr binaryatrocity amincd cryptowest tromp cluckj c0rw1n mappum jbenet wiz grubles midnightmagic heath gnusha warren berndj gmaxwell GAit copumpkin PRab wizkid057 Adrian_G Iriez lechuga_ [d__d] cornus_ammonis |

09:05:14 | weber.freenode.net: | Users on #bitcoin-wizards: ebfull starsoccer dignork kinlo jessepollak ahmed_ luny Graet ryan-c s1w Eliel veox amiller warptangent indolering huseby K1773R TD-Linux LarsLarsen airbreather iddo leakypat CryptOprah Apocalyptic epscy dasource guruvan Anduck dansmith_btc paperbot fenn harrow Visheate a5m0 SubCreative comboy yoleaux d9b4bef9 nanotube DoctorBTC bliljerk101 mr_burdell NeatBasis Hunger- davout Alanius cursive BlueMatt brand0 @ChanServ throughnothing andytoshi |

09:05:14 | weber.freenode.net: | Users on #bitcoin-wizards: helo btc___ HM2 azariah MRL-Relay gavinandresen Meeh otoburb hguux__ so phedny stonecoldpat roasbeef gwillen isis BrainOverfl0w wumpus sl01 fluffypony dardasaba gribble optimator jcorgan Fistful_of_Coins jaromil bbrittain crescendo livegnik asoltys_ |

11:12:48 | SDCDev: | SDCDev is now known as Rynomster |

14:47:56 | dabura667: | If I place 3 valid signatures from the 3 keys of a 1 of 3 multisig in the scriptSig, will OP_CHECKMULTISIG evaluate false? |

14:48:45 | dabura667: | or will it just pick up one, check it, then pick up the extra bugged value, leaving a 1 on the stack on top of the 3rd sig? |

14:52:13 | kanzure: | dabura667: i'll help you out in #bitcoin |

14:52:31 | dabura667: | kanzure thanks |

14:57:31 | nuke__: | nuke__ is now known as nuke1989 |

15:11:09 | droark: | Question: Using BIP 32, it's possible to create scalar multipliers that you can apply directly to public keys to get a non-hardened child, then apply another scalar multiplier to get the child's child, etc. Is there any way to combine the multipliers such that there's only one multiplier, and you can go straight to the intended child? My understanding of EC math tells me it's not possible. |

15:13:10 | droark: | Guuuuh. Scalar multiplier is applied to the base point, which is then added to the parent key. |

15:26:19 | [nsh]: | droark, so what are the algebraic properties of scalar multiplication over the group in question? |

15:26:58 | kanzure: | "Ultimate physical limits to computation" http://arxiv.org/pdf/quant-ph/9908043v3.pdf |

15:28:36 | [nsh]: | it'd be nice to have some kinda mathematics software notebook that let you see how various ECC cryptographic properties follow from the geometry |

15:29:19 | droark: | If you do nP (n is scalar, P is an EC point), it's P + P + ... + P, obviously. Addition is (x1, y1) + (x2, y2) = (x3, y3) where x3 = (λ^2)−x1−x2, y3 = λ(x1− x3) − y1, and λ = (y2–y1) / (x2–x1). |

15:29:45 | droark: | EC addition, I mean. |

15:29:48 | [nsh]: | * [nsh] nods |

15:30:34 | [nsh]: | http://crypto.stackexchange.com/questions/3907/how-does-one-calculate-the-scalar-multiplication-on-elliptic-curves |

15:31:40 | [nsh]: | wolfram alpha would conceivably tell us how the terms for combine scalar multiplications would simplify |

15:31:53 | [nsh]: | not keen on teasing the syntax out though |

15:32:21 | droark: | Yeah, it's been years since I touched Mathematica or MATLAB. |

15:32:35 | sipa: | what is the question? |

15:34:02 | [nsh]: | can you derive a single-step formula for (BIP-32) combined scalar multiplications to go directly to some [great x N]grandchild key |

15:34:40 | droark: | nsh is far more succinct than me. :) |

15:34:51 | sipa: | you need a hash of the intermediate point |

15:35:30 | droark: | So basically you're saying it's not possible to combine the multipliers? That's what I was thinking. |

15:38:08 | sipa: | the child key is parent + H(parent*G) |

15:38:12 | sipa: | (simplified) |

15:38:25 | droark: | Right. |

15:39:39 | droark: | It's possible to use the left half of the hash as a multiplier against the base point and then add that to the parent. You can create a chain of multipliers that way. Sounds like there's no way to combine the chain into one multiplier applied from the start, thereby hiding the intermediate steps from anybody deriving the child. |

15:39:57 | sipa: | a grandchild would be parent + H(parent*G) + H((parent + H(parent*G))*G) |

20:34:41 | kyletorpey: | kyletorpey has left #bitcoin-wizards |

22:22:17 | arubi_: | arubi_ is now known as arubi |

22:48:57 | epoche_: | epoche_ has left #bitcoin-wizards |