| 00:12:14 | bramc: | kanzure, That's talking about the same concept, but I'm comparing it to setups where minting of a new block requires two different things be put together, which bitcoin doesn't. Those have horrible withholding attacks, which is presumably why bitcoin has the random whole block minting setup. |
| 00:22:26 | kanzure: | meanwhile at the european central bank https://www.youtube.com/watch?v=YNSntgzcu48 |
| 00:32:19 | skittylx: | kanzure: that music is so funny |
| 00:33:14 | moa: | it matches the inanity of the game perfectly |
| 00:35:51 | moa: | http://it.slashdot.org/story/15/03/03/2036241 ... anyone noticed safari rejecting certificates recently? |
| 00:40:34 | skittylx: | export grade lol |
| 00:42:59 | bramc: | moa, https://www.youtube.com/watch?v=_QP5X6fcukM |
| 03:15:46 | gmaxwell: | Those of cryptographic inclination |
| 03:15:46 | gmaxwell: | --may find this hex does vex their expectation. |
| 03:15:47 | gmaxwell: | No system break is demonstrated here, |
| 03:15:47 | gmaxwell: | --but methods used may not be crystal clear. |
| 03:15:47 | gmaxwell: | If on reflection you form useful theories, |
| 03:15:49 | gmaxwell: | --or in confusion wish to fire off queries, |
| 03:15:51 | gmaxwell: | send thoughts, on what you found or you tried doing. |
| 03:15:54 | gmaxwell: | --And if this is a field you like pursuing, |
| 03:15:56 | gmaxwell: | you might consider joining several peers: |
| 03:15:59 | gmaxwell: | --we're hiring now for Blockstream engineers. (burma shave) |
| 03:16:01 | gmaxwell: | http://www.blockstream.com/half-a-puzzle/ |
| 03:16:04 | gmaxwell: | :P |
| 03:17:02 | kanzure: | no spam |
| 03:17:38 | gmaxwell: | radio |
| 03:17:51 | rhadamanthus: | rhadamanthus has left #bitcoin-wizards |
| 03:18:02 | gmaxwell: | (the material is relevant to people's interest here :) ) |
| 03:18:07 | kanzure: | :) |
| 03:18:11 | kanzure: | i'm just giving you a hard time |
| 03:19:25 | zooko: | ☺ |
| 03:20:21 | justanotheruser: | I don't know how to read that |
| 03:20:27 | kanzure: | carefully |
| 03:20:38 | justanotheruser: | oh, I didn't know gmax was a rapper |
| 03:21:30 | kanzure: | yeah it's up on rapgenius already |
| 03:22:57 | gmaxwell: | Yea, okay, I made a good call to not have the rhyme on the page... since you're talking more about that the the boggling signatures. :) |
| 03:24:35 | justanotheruser: | Yes I can explain #3. You have a massive FPGA farm |
| 03:25:26 | moa: | ^^ first thought |
| 03:25:41 | moa: | and some steaks on the bar-b |
| 03:26:11 | gmaxwell: | justanotheruser: Estimate the work for that. |
| 03:28:18 | kanzure: | page 8 "the operation of the gold market is described by the following equations:" http://www.federalreserve.gov/pubs/ifdp/1981/190/ifdp190.pdf |
| 03:28:28 | kanzure: | (well, marked page 7) |
| 03:28:54 | kanzure: | "Equation 2 describes the law of motion for the total stock of gold" what? |
| 03:30:11 | gmaxwell: | Economists, hurrah. Consider a spherical frictionless gold market in simple harmonic motion. |
| 03:30:42 | kanzure: | i was hoping that central banks may have done some actually useful computational modeling of gold that i could look at |
| 03:30:46 | kanzure: | but uh... |
| 03:30:53 | kanzure: | i suppose not? |
| 03:31:13 | justanotheruser: | my best guess is that there's some trick to get a pubkey starting like that in constant time, then you bruteforced ~16^8 keys to find that signature |
| 03:31:51 | justanotheruser: | maybe you did it all in constant time though o_O |
| 03:31:52 | kanzure: | justanotheruser: my guess is that they would not give you a bruteforced public key. it's kinda rude of them to do that, i doubt they are doing that here. |
| 03:32:58 | kanzure: | "rude" as in, it's like asking someone to solve a problem but the solution is "well first you acquire an unreasonably large amount of computational power...." |
| 03:33:04 | justanotheruser: | kanzure: The trick is getting the key to have a really low value, I guess they would just leave the pubkey as is to impress us though |
| 03:33:04 | moa: | spheres are good first approximation to most things (except tori) |
| 03:35:41 | kanzure: | gmaxwell: i'm trying to figure out hte thing they should have studied about gold but didn't. for example, various physical limits to monetary policy involving gold buying/selling. |
| 03:36:38 | kanzure: | actualy i suppose some of this might be useful. still looking. |
| 03:43:51 | justanotheruser: | gmaxwell: out of curiousity, is this something most of the coredevs would know? |
| 03:45:50 | gmaxwell: | Well there are several things you might try to explain there, lots of people could just explain most of it out of hand. The rest, other than people I've /told/ I'm not sure if I should actually expect anyone else to say much. |
| 07:13:43 | wumpus: | gmaxwell: maybe a stupid question, but what is the signature format on http://www.blockstream.com/half-a-puzzle/ ? it's not DER, and there are three numbers, I assume R and S and ? |
| 07:15:22 | gmaxwell: | wumpus: yes, this is actually the (old) armory format, and it's R and S directly seralized. the hash is HASH256() with a 'Bitcoin Signed Message' prefix. (double checking the prefix) |
| 07:17:01 | gmaxwell: | my sage code in verifying it: hashlib.sha256(hashlib.sha256('Bitcoin Signed Message:\n'+'Nor this, given a bit of algebra.').digest()).hexdigest() |
| 07:17:34 | wumpus: | but the signature is *three* lines, what's there besides R and S? |
| 07:18:00 | gmaxwell: | it's just randomly wrapped (count the bytes) |
| 07:18:31 | wumpus: | ok |
| 07:18:33 | gmaxwell: | for some reason it's wrapped at a particular width, which ends up being partway trhough the numbers. |
| 07:18:53 | wumpus: | unless figuring that out is part of the puzzle, may make sense to add some description :) |
| 07:19:38 | gmaxwell: | yea, I was thinking of adding a sage notebook that verifies them. |
| 07:19:55 | brisque: | cute. brainwallet.org produces that signature format but it can't verify it. |
| 07:20:39 | wumpus: | yes, makes sense |
| 07:21:00 | gmaxwell: | Thing I learned; that armory signature format was the work of the same person who did the 'encryption' used in the prior electrum release that was busted. The armory signing code was also busted. |
| 07:21:54 | gmaxwell: | (used a non-cryptographic prng; though that isn't the case for my examples.) |
| 07:22:22 | brisque: | * brisque facepalms |
| 09:05:15 | verne.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 09:05:15 | verne.freenode.net: | Users on #bitcoin-wizards: andy-logbot GAit Dr-G flower CoinMuncher arubi_ p15 fanquake delll_ Mably vmatekole NewLiberty OneFixt_ mm_ paveljanik zooko` amiller hktud0 coiner guruvan BananaLotus dc17523be3 koshii_ oujh melvster ryanxcharles go1111111 jgarzik antgreen` PRab nuke1989 d1ggy_ alferz ebfull espes__ cluckj shesek cryptowest justanotheruser luny adam3us c0rw1n waxwing brisque cfields sdaftuar mkarrer Starduster Logicwax veorq gribble coryfields dgenr8 devrandom |
| 09:05:15 | verne.freenode.net: | Users on #bitcoin-wizards: Pan0ram1x helo bosma PaulCapestany Hunger- xabbix burcin runeks weex_ adlai kyletorpey null_radix bedeho copumpkin Cory gmaxwell Emcy hashtag_ huseby jaekwon_ GreenIsMyPepper sneak SwedFTP bepo MoALTz_ LarsLarsen epscy nanotube gavinandresen tromp binaryatrocity spinza andytoshi bliljerk101 tromp__ wizkid057 starsoccer comboy nsh Taek iddo EasyAt maaku btcdrak NikolaiToryzin s1w Visheate crescendo livegnik asoltys_ optimator fluffypony Meeh |
| 09:05:16 | verne.freenode.net: | Users on #bitcoin-wizards: cursive yoleaux dansmith_btc [d__d] berndj Luke-Jr morcos nickler Fistful_of_Coins dardasaba sl01 isis gwillen BlueMatt face airbreather dasource smooth phantomcircuit ajweiss Xzibit17 yrashk artifexd Zouppen kumavis mariorz catcow Krellan michagogo forrestv Muis platinuum Oizopower Keefe catlasshrugged JonTitor petertodd kanzure eric mappum jbenet wiz midnightmagic heath gnusha warren Adrian_G Iriez lechuga_ dignork kinlo jessepollak ahmed_ |
| 09:05:16 | verne.freenode.net: | Users on #bitcoin-wizards: Graet ryan-c Eliel veox warptangent indolering K1773R TD-Linux leakypat CryptOprah Apocalyptic Anduck fenn harrow a5m0 d9b4bef9 DoctorBTC mr_burdell NeatBasis davout Alanius brand0 @ChanServ throughnothing btc___ HM2 azariah MRL-Relay otoburb hguux__ so phedny bbrittain jaromil jcorgan wumpus BrainOverfl0w roasbeef |
| 14:43:39 | OneFixt_: | OneFixt_ is now known as OneFixt |
| 14:44:26 | kanzure: | "Devaluation expectations and speculative attacks on the currency" http://www.suomenpankki.fi/pdf/SP_RP_1987_05.pdf |
| 15:08:25 | instagibbs: | I want to know the solution to the puzzle once this "contest" is over; I'm way too amateur to figure it out, but trying to learn. |
| 15:17:44 | fluffypony: | kanzure: that was such a fun read - someone should take modern whitepapers / research papers that are released and process them through an old-school typewriter font + fax machine paper |
| 15:18:32 | fluffypony: | (being serious about it being fun, not sarcastic) |
| 15:18:36 | jcorgan: | there's a latex add-on to add coffee stains |
| 15:18:49 | fluffypony: | lol |
| 15:18:54 | nubbins`: | fluffypony i published a 200-page novel in 2013 with a typewriter font |
| 15:19:06 | nubbins`: | people seem to either enjoy it or REALLY REALLY HATE IT |
| 15:19:11 | jcorgan: | http://hanno-rein.de/archives/349 |
| 15:19:13 | fluffypony: | lol |
| 15:36:52 | kanzure: | "In this paper we relaxed the assumption that investors have perfect information" |
| 16:16:32 | wumpus: | "in this paper we relaxed the assumption that cows are spherical" |
| 16:17:21 | justanotheruser: | hehe |
| 18:17:13 | bramc: | Okay, so collaborative mining is a bust, but it might be that having two proofs of storage in a row works better than one. |
| 18:18:56 | bramc: | Or maybe even three. Four is definitely overkill though. |
| 18:20:26 | Eliel: | bramc: the buster is the block withholding attack? |
| 18:22:20 | bramc: | Eliel, Yeah, using multiple responses to a single challenge to form a block is busted by withholding, but making it so that the second one has a different challenge based on the results of the first one has less withholding problems because you can't guess how good others's supplements to the first one are likely to be. |
| 18:22:25 | tromp: | bram; you sound a bit like that holy handgrenade scene from Monty Python:) |
| 18:23:26 | zooko: | ☺ |
| 18:23:53 | fluffypony: | nobody expects the Spanish inquisition |
| 18:23:54 | fluffypony: | nobody. |
| 18:24:29 | Eliel: | bramc: I think you can at best reduce it to being about as vulnerable to block witholding as bitcoin's mining mechanism is. |
| 18:24:49 | bramc: | I'll explain things more clearly when I have something which works notably better than my last iteration |
| 18:25:22 | bramc: | Eliel, not really, there are inherent problems when there's no extra cost to mining a fork |
| 18:31:29 | bramc: | At the moment I *think* that doing three proofs of storage followed by a proof of time can basically nuke the pooling advantage from mining forks, but it gives a bonus to withholdings, so I need to work this all out. |
| 18:33:17 | bramc: | The whole thing smacks into miner's dilemma as well |
| 18:39:55 | zz_lnovy: | zz_lnovy is now known as lnovy |
| 18:59:54 | bramc: | On the plus side, whatever withholding attacks there are on the back-to-back pos system, they don't result in infinite forks systemic meltdown |
| 19:01:35 | brisque: | avoiding systemic meltdown is always a good goal. |
| 19:02:58 | bramc: | So I may just run numbers, decide that triple-pos makes the chances of systemic meltdown very small, and say fuck it about the withholding attacks. |
| 19:57:40 | lechuga_: | lol@wumpus |