01:15:22MRL-Relay:[smooth] nsh: if they misquoted you then they werent publishing what you said :)
01:16:59nsh:they published some of the things i said, and some of the (ridiculous) things they misheard / misunderstood :)
02:51:11xenog:xenog has left #bitcoin-wizards
02:55:50c0rw1n:c0rw1n is now known as c0rw|sleep
06:59:46fanquake:fanquake has left #bitcoin-wizards
08:05:17verne.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:17verne.freenode.net:Users on #bitcoin-wizards: andy-logbot dgenr8 phiche thrasher` NewLiberty Mably orik cbeams hktud0 moa rusty b_lumenkraft OneFixt Dr-G Guest58652 zooko TheSeven p15x_ nubbins` Burrito gmaxwell d1ggy_ andytoshi DougieBot5000 justanotheruser hashtag_ cluckj prodatalab berndj dc17523be3 grandmaster p15 spinza gavinandresen adam3us dignork waxwing shesek AdrianG sadoshi antgreen realcr aakselrod maraoz_ JonTitor s1w livegnik optimator fluffypony Meeh cursive dansmith_btc
08:05:17verne.freenode.net:Users on #bitcoin-wizards: morcos guruvan BananaLotus maaku bedeho heath roasbeef_ eordano_ devrandom yoleaux amiller_ Fistful_of_Coins dardasaba isis jonasschnelli comboy_ tromp_ gabridome HM Visheate_ crescend1 xerox jgarzik_ zwischenzug Cory jaekwon_ bosma SubCreative stonecoldpat nuke_ DoctorBTC ryanxcharles ebfull Emcy afdudley x98gvyn satwo_ EasyAt binaryatrocity GAit LeMiner kyuupichan ahmed_ betarigs_admin amincd espes__ Pan0ram1x pigeons otoburb_ eric jessepollak
08:05:17verne.freenode.net:Users on #bitcoin-wizards: luigi1111w PaulCapestany sneak airbreather Adlai sipa warptangent c0rw|sleep lmacken face gribble PRab napedia ryan-c mkarrer_ melvster helo phedny so BrainOverfl0w MRL-Relay azariah btc___ throughnothing @ChanServ brand0 davout NeatBasis mr_burdell d9b4bef9 a5m0 Anduck CryptOprah leakypat TD-Linux K1773R indolering veox Eliel Graet lechuga_ warren gnusha wiz jbenet mappum catlasshrugged Keefe Oizopower platinuum Krellan kumavis artifexd smooth
08:05:17verne.freenode.net:Users on #bitcoin-wizards: Taek starsoccer nanotube epscy null_radix runeks Hunger- sdaftuar Alanius nickler tromp fenn dasource @gwillen jaromil BlueMatt phantomcircuit wumpus wizkid057 kinlo cryptowest_ coryfields_ Zouppen cfields Muis catcow kanzure petertodd yorick NikolaiToryzin [d__d] Tiraspol jcorgan Apocalyptic Iriez lnovy midnightmagic larraboj SwedFTP kefkius sl01 null pollux-bts ajweiss deepcore mariorz yrashk michagogo hguux__ Xzibit17 luny forrestv
08:05:17verne.freenode.net:Users on #bitcoin-wizards: GreenIsMyPepper huseby harrow` Logicwax nsh STRML Luke-Jr copumpkin bliljerk101 Transisto adams_ rustyn nuke1989
08:07:36PRab_:PRab_ is now known as PRab
10:37:09c0rw|sleep:c0rw|sleep is now known as c0rw1n
12:49:29instagibbs:Written correspondence is nice in that it's implicitly being recorded at all times. For audio I'd prefer to have all recorded myself when speaking to a reporter
13:39:02adam3us:does someone want to give the neocoin people the feedback about their break to their PoS? they did ask for feedback and evidently spent quite some time writing that paper trying to comprehensively answer the pos critiques.
13:41:55adam3us:oh boy. https://bitcointalk.org/index.php?topic=263595.0 neocoin "relaunching" last time within 24hrs some miners exploited a bug and took 1/2 the coins. hmm
13:44:09andytoshi:this is probably interesting to wizards https://www.allcrypt.com/blog/2015/03/what-happened-and-whats-going-on/
13:46:27nubbins`:"late sunday night our ssl cert expired"
13:46:28andytoshi:adam3us: if they're closed source and since their wp had fundamental "nature of time" confusion i can't deal with that .. i'll look for feedback thread to post some simple questions
13:48:39andytoshi:oh, neucoin (the PoS people) and neocoin (the hacked closed-source people) are different i think
13:50:26andytoshi:the neucoin thread is https://bitcointalk.org/index.php?topic=1003488.0, there is already a comment about me, they can pay me if they want me to audit their shit
13:57:20stonecoldpat:andytoshi: when i see a comment about reddit being a good place for discussion for this type of system it already puts me off
14:03:16stonecoldpat:also that link about allcrypto is quite interesting thank u
14:06:19xerox:xerox has left #bitcoin-wizards
14:07:21justanotheruser:andytoshi: have you taken to reviewing PoS implementations for free again?
14:08:12andytoshi:justanotheruser: no, but i cleaned up pos.pdf and this was apparently an invitation to
14:09:53fluffypony:Q: Your security sucks!
14:09:53fluffypony:A: I see you running an exchange successfully, I’ll take your advice. Wait, you don’t run an exchange? You’re unemployed? Thanks for the input.
14:10:12fluffypony:they ran an exchange on WordPress ?
14:13:40instagibbs:the exchange had a cold wallet setup that users had to manually use??? o_0
14:16:12instagibbs:I like how that's their big defense that they got 100% cleaned: "You fucked up! You trusted us!"
15:25:30adam3us:oh doe thats neocoin this paper is neucoin… they're running out of 3letter alt codes
15:27:08MRL-Relay:[othe] darkcoin already solved that flaw, they have a 4 letter code
15:30:14fluffypony:DASHers are the anti-vaccination movement of the cryptocurrency world
15:37:48MRL-Relay:[tacotime] this neucoin paper is really looooong. is there anything in particular in it i should pay attention to? it looks like a modified version of ppc without a lot of changes.
15:39:05MRL-Relay:[tacotime] from reading it's doing the usual "i patched the patch of the patch of the patch that makes PoS work."
15:40:27fluffypony:they seem to think they've solved stake grinding, tacotime, so 3.3.3 I think
15:48:58adam3us:page 33 (even 3.3.3 is long)
15:49:50instagibbs:HL3 confirmed
15:50:30MRL-Relay:[tacotime] uh... okay. so the stake modifier means randomness in block header hashes is used to partially select future blocks aside from simply coinage and coin quantity. cool. so it's 64-bits and that's supposed to be calculated over 1.6 days.
15:50:55MRL-Relay:[tacotime] however, that means nothing on the local network of the miner who controls their own clock times.
15:51:47MRL-Relay:[tacotime] are they making the weird and improbable assumption that the local network is bound to the same temporal space as the main network?
15:53:08MRL-Relay:[tacotime] they also make the assumption that you need to get all 64 bits of the stake modifier to overtake the main chain, but the efficiency of the main chain is never going to be 100% either. a lot of potential stake miners will never participate.
15:54:19MRL-Relay:[tacotime] the probability of the length of your fork succeeding is exponential i guess -- but i don't see why it's not possible to outrun the competing network in the short term with grinding.
15:54:26MRL-Relay:[tacotime] maybe i'm missing something?
15:58:39MRL-Relay:[tacotime] these are totally good assumptions about randomness if they're coming from proof of work. :)
15:59:56MRL-Relay:[tacotime] but the pos miner, with enough hash power, can obviously break 64-bits of security without too much effort with some small amount of stake would be my guess.
16:00:05andytoshi:tacotime: that's what i got too; if you read their section on peercoin you will see they have a really wrong understanding of blocktime vs clocktime
16:00:23andytoshi:btw i never noticed those things rhyme, i should really be pushing that as a meme..
16:00:32MRL-Relay:[tacotime] hahaha
16:03:37MRL-Relay:[tacotime] oh there's no coinage either, perfect. now an exchange can doublespend whenever they want to as well.
16:06:06MRL-Relay:[tacotime] i like that figure 8 shows that the amount of hash power needed to succeed in an attack exponentially decays with the number of coins you have.
16:06:24MRL-Relay:[tacotime] (assuming 100% network participation, lol.)
16:08:39dgenr8:tacotime: what do you mean by coinage?
16:09:46MRL-Relay:[tacotime] the age of the coins. in peercoin, i think coins are considered "mature" and stakeable at 30 days, and the likelihood of being able to stake mine increases exponentially until maxing out at 90 days.
16:10:07MRL-Relay:[tacotime] well, not sure if it's exponential, i can't remember. might be linear.
16:10:34MRL-Relay:[tacotime] but in this system it looks like coins mature in one day and then coin age has no influence.
16:10:55MRL-Relay:[tacotime] so the exchange with the most coins in their cold wallet is more or less able to double spend at any time.
16:12:32MRL-Relay:[tacotime] (even in peercoin this was true i suppose, but at least there's a wait time...)
16:17:54dgenr8:tacotime: can you connect the last dot ... how does a big wallet enable double-spend?
16:18:34MRL-Relay:[tacotime] dgenr8: because probability of getting blocks is proportional to the value of your outputs.
16:19:13MRL-Relay:[tacotime] in peercoin-style PoS systems.
16:19:56dgenr8:tacotime: ok so with "more or less" I get it. Thx.
16:23:02dgenr8:my takeway here is that with pow, you need approx. more compute power than the rest of the network to attack on that basis. compute-power-based attacks are a major potential weakness of anything else
16:25:05MRL-Relay:[tacotime] dgenr8: the problem with pos systems is that they often make the weird assumption that if you pull some randomness from elsewhere in the chain, no one will be able to do computational attacks.
16:25:54MRL-Relay:[tacotime] dgenr8: this is fine if your chain has pow, but never true with pure pos.
16:27:01dgenr8:circular reasoning, since the chain is what you're building
16:27:09MRL-Relay:[tacotime] yeah, exactly.
16:38:19andytoshi:i'm not sure why these pos-coins don't use bitcoin's chain as a randomness oracle; this totally evades pos.pdf and i suspect you can actually make a consensus system from it
16:39:05andytoshi:all you need are the headers from bitcoin, which are super-small (80 bytes times 350kblocks is 27mb) and very easy to verify
16:39:49tromp:but what if you use an orphaned bitcoin block, andytoshi?
16:40:36tromp:or one that becomes orphaned a few hour later?
16:40:51instagibbs:extracting extra randomness from the PoW could also lead to wonky effects if the "lottery" is differently structured"
16:40:55andytoshi:tromp: i guess, bitcoin reorgs would translate into poscoin reorgs; you could mitigate this by only using blocks 100 behind the tip or something
16:42:03andytoshi:instagibbs: sure, bitcoin miners can skew the stake distribution, but this is expensive and you can't use it to takeover stake distribution unless you have many times as much computing power as the rest of bitcoin
16:42:40tromp:i guess the pos advocates would see it as moral defeat if they still need to rely on good old pow even indirectly
16:42:55instagibbs:It's not a huge worry, but I was more thinking in the extreme
16:44:01instagibbs:as long as the parasitic system doesn't become very large
16:44:22andytoshi:tromp: that may be so. but the last time gavin posted pos.pdf on reddit people were calling it a "strawman" since "nobody uses pure pos anymore". that is, they're mixing in their own pow (in broken or insufficient ways) ... so maybe morally they've already ceded this position and are ready to just use an existing strong pow system
16:44:25instagibbs:(but I guess in that case congrats to altcoin?)
16:45:04andytoshi:instagibbs: yeah, that's true, you are using bitcoin's security without contributing fees; if bitcoin fees are devalued because the alt is all anyone cares about this is a failure mode
16:45:25andytoshi:but presumably one that'd be long forseen
16:46:10andytoshi:this is also something we think about with sidechains; with sidechains there are more solutions available since you've got a peg mechanism in front of you with which to pay bitcoin miners from the sidechain
16:46:15instagibbs:re: PoS/W hybridI don't think that's a very popular stance these days. Mostly it's the Ethereum "software is social; phone a friend" defense.
16:46:21tromp:andytoshi: i thought the Ethereum ppl still have pure pos in mind for the future
16:46:24MRL-Relay:[tacotime] andytoshi: all my pos systems are pow overlays. and i think pos overlay systems aren't necessarily a bad thing.
16:47:03MRL-Relay:[tacotime] but there'll be more about that soon i guess, and we can tear it apart.
16:47:39andytoshi:tacotime: i'm not convinced that the incentives are aligned, but i'm also not willing to be convinced (not enough spare cycles and this is too economic for my tastes) so i won't argue it :)
16:48:00andytoshi:like, if i'm a stakeholder do i want to censor? do i want to withhold votes under any circumstances? etc
16:48:16MRL-Relay:[tacotime] andytoshi: i'll be the first to admit it's totally experimental and a potential recipe for drama.
16:50:08MRL-Relay:[tacotime] it's not like incentives aren't a constant issue for pure pow, so we'll see. :)
16:51:02instagibbs:I like one possibly mis-aligned incentive over 2 ;P
17:36:48otoburb_:otoburb_ is now known as otoburb
17:46:28dgenr8:pow is simply not wasteful when you remember that billions of (USD EUR JPY etc) could be transferred into the care of the bitcoin network on any given afternoon
18:25:45waxwing__:waxwing__ is now known as waxwing
20:45:11crescend1:crescend1 is now known as crescendo
21:29:43kanzure:"Fast inverse square-root hack with magic constant 0x5f3759df" http://h14s.p5r.org/2012/09/0x5f3759df.html
21:33:34andytoshi:hey nice, i've never seen an explanation of that one
23:12:20smooth:andytoshi: i suspect you can actually make a consensus system from it <= er, bitcoin?
23:16:08sipa:smooth: bitcoin is not proof-of-stake :)
23:19:13smooth:sipa: it kind of relates to the pos+pow thing. if you are going to say the security comes from the pow part then the pos part is irrelevant
23:20:20phantomcircuit:smooth, you can build a pos consensus system (if you ignore speed of light issues) but you cant build one that is useful since history can be rewritten arbitrarily
23:20:30phantomcircuit:effectively getting you something like paypalcoin
23:20:37phantomcircuit:except worse than paypal
23:20:46smooth:hmm i would say that means you can't build one :)
23:21:40phantomcircuit:well technically speaking you have a consensus (again ignoring speed of light issues)
23:21:44phantomcircuit:it's just entirely useless
23:22:13smooth:maybe there is a need to be clear on reversibility then?
23:28:40luigi1111w:luigi1111w is now known as luigiafk
23:30:43phantomcircuit:smooth, the ignoring speed of light thing is a joke btw
23:31:30smooth:oh thought you just meant that it wont work on say interstellar scales
23:32:23smooth:of couse we could do 1000 year block times :)
23:32:39sipa:the block time is irrelevant
23:32:47sipa:it's about propagation
23:33:06smooth:propagation has to be << block time right?
23:33:39gmaxwell:yes, if you want the system to converge.
23:34:15smooth:thats why i proposed 1000 year block times for a (locally) interstallar system, anyway this is silly i think
23:37:43gmaxwell:smooth: it's unclear to me how socially workable consensus-fiat when there is non-trivial social and economic partioning in the participants. E.g. if solar system A has 75% of the population/hashpower/whatever what exactly would prevent them from all conspiring against solar system B to take their funds? After all, they're otherwise only very loosely connected and mostly spared the other side's
23:38:35GAit:that's easy, foundation one doesn't know about foundation two
23:38:47GAit:you just have to hope in no mule
23:39:19gmaxwell:(you could make this argument on earth, e.g. china vs the US; ... but the level of isolation there is still far less than probably the minimally achivable isolation for peoples seperated by multiple lightyears. )
23:43:02Eliel:gmaxwell: It's not really possible to negate the funds. At best both sides will just move to using their own forks. Although, the weaker party will have to use some kind of Proof of Stake system to prevent the other side from taking their new fork over too.
23:43:58phantomcircuit:gmaxwell, i think at the solar system level we can assume independent financial systems :P
23:44:51smooth:phantomcircuit: i dont know there should still be trade, there seems to be a gain from having consensus money
23:46:42gmaxwell:Eliel: sure you can negate the funds, if you reorg deeply enough you replace any non-reorg safe coins (e.g. generated coins) directly. Plus any soft-forked out coins effectively do not exist anymore, if they stay forked out forever, equivilently increasing the share of the supply for everone else. And you can do things like softfork a 10% haircut (e.g. by having some portion of the coins be forc
23:46:49gmaxwell:ed to burn 10% when moving them; or be forced to pay to fees 10% of them, which are forced to be redistributed).
23:47:41gmaxwell:At the end of the day a consensus system is just that, it can do whatever its users will it to do. We try to structure them to maxmize the right kinds of gridlocks to improve stability in the face of political whim, but there is only so much that can be done since the value of the asset is purely derrived from people's willingness to accept it.
23:48:43Eliel:gmaxwell: I don't think you got my point... My point is that in such a case the people from the minority faction would simply reject the majority chain and use their own, possible bootstrapping it with the old balances that were negated.
23:50:03gmaxwell:Eliel: yea, sure? and? you can always do that, but you no longer have a shared system. As I said, 'unclear to me how socially workable consensus-fiat when there is non-trivial social and economic partioning' ... whatever partitioning exists, the system can't make it go away.
23:50:33gmaxwell:I do not know if its socially possible for sufficiently disconnected seperate interests to share a common fiat money.
23:52:08Eliel:probably not
23:53:46Eliel:unless it's technically impossible to tell which coin belongs to which faction.
23:57:17smooth:gmaxwell: im not sure what defintion of fiat money you are using. how would you distinguish it from the monetary premium of gold
23:57:19Eliel:although, even then, if they really wanted to be partitioned, they'd just not use that system.
23:57:59gmaxwell:smooth: on reflection I'd batch the monetary premium of gold in that too.
23:59:00smooth:gmaxwell: but then we have a historical precendent where highly dissconnected societies have shared money