| 00:28:09 | kanzure: | hmm what public/private keys have been baked into asics before? is there a scheme resistant to scanning electron microscopy reading the private key? |
| 00:28:21 | kanzure: | for example: maybe each chip individually has a different private key assigned to it, perhaps a child key from the manufacturer. |
| 00:28:41 | kanzure: | (merely asking because i have spontaneously forgotten these things, and not because i have a project in mind) |
| 00:29:08 | phantomcircuit: | kanzure, you mean in general or with bitcoin asics? |
| 00:29:12 | kanzure: | general |
| 00:29:45 | kanzure: | i've definitely seen some people lifting private keys by looking at transistor layouts, where the private key was the same for all chips apparently. unfortunately i forget where i saw this.. |
| 00:29:51 | phantomcircuit: | a tpm will generally have an rng and generate all of it's keys internally |
| 00:30:20 | phantomcircuit: | if there needs to be attestation or the like the manufacturer signs the public key before the device leaves the factory |
| 00:30:46 | phantomcircuit: | kanzure, sure people do that with things like HDCP |
| 00:30:54 | phantomcircuit: | where the security is fake and the points dont matter |
| 00:50:51 | NewLiberty_: | NewLiberty_ is now known as NewLiberty |
| 02:13:42 | c0rw1n_: | c0rw1n_ is now known as c0rw1n |
| 03:20:39 | Pasha: | Pasha is now known as Cory |
| 04:38:12 | AlexStraunoff: | AlexStraunoff is now known as NikolaiToryzin |
| 08:05:19 | weber.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:19 | weber.freenode.net: | Users on #bitcoin-wizards: andy-logbot terpo eordano NewLiberty hktud0 coiner ryanxcharles Mably moa koshii hashtag Emcy b_lumenkraft dgenr8 gribble yrashk Xzibit17 artifexd kumavis adams_ platinuum pollux-bts RoboTeddy fanquake1 NikolaiToryzin p15_ otoburb TheSeven justanotheruser bsm117532 dc17523be3 c0rw1n a5m0 vonzipper catlasshrugged d1ggy_ jgarzik spinza Madars huseby prodatalab midnightmagic BlueMatt throughnothing kefkius GreenIsMyPepper dasource warren TD-Linux |
| 08:05:19 | weber.freenode.net: | Users on #bitcoin-wizards: c-cex-yuriy mariorz binaryatrocity_ devrando1 hguux___ fenn_ wizkid057 jaekwon arubi rusty Starduster rustyn_ cluckj ebfull ajweiss LeMiner adam3us PaulCapestany waxwing gielbier airbreather_1 helo Dr-G2 maaku thrasher` Tiraspol SubCreative starsoccer HM Adlai sadoshi jaromil Anduck melvster iddo aakselrod MoALTz_ alferz bosma sneak deepcore face Luke-Jr poggy amincd Pan0ram1x PRab shesek go1111111 luny bliljerk101 amiller raizor Chillum wiz nsh |
| 08:05:19 | weber.freenode.net: | Users on #bitcoin-wizards: luigi1111w JonTitor szumen yorick kyuupichan Logicwax d9b4bef9 tromp runeks phantomcircuit EasyAt hashtag_ cgt_ lechuga_ luigi11111 isis nanotube yoleaux gmaxwell andytoshi berndj gavinandresen dignork AdrianG s1w livegnik optimator fluffypony Meeh cursive dansmith_btc morcos guruvan BananaLotus bedeho heath roasbeef_ Fistful_of_Coins dardasaba jonasschnelli comboy_ tromp_ stonecoldpat nuke_ afdudley espes__ pigeons eric jessepollak sipa |
| 08:05:19 | weber.freenode.net: | Users on #bitcoin-wizards: warptangent ryan-c mkarrer_ phedny so nuke1989 STRML harrow` forrestv michagogo null sl01 SwedFTP larraboj lnovy Iriez Apocalyptic jcorgan [d__d] petertodd kanzure catcow Muis cfields Zouppen coryfields_ cryptowest_ kinlo wumpus gwillen nickler Alanius sdaftuar Hunger- null_radix epscy Taek Krellan Oizopower Keefe mappum jbenet gnusha Graet Eliel veox indolering K1773R leakypat CryptOprah mr_burdell NeatBasis davout brand0 @ChanServ btc___ |
| 08:05:19 | weber.freenode.net: | Users on #bitcoin-wizards: azariah MRL-Relay BrainOverfl0w |
| 09:07:15 | fenn_: | fenn_ is now known as fenn |
| 10:24:35 | gmaxwell: | [somehow I feel this is related] http://www.smbc-comics.com/index.php?id=3692 |
| 10:27:00 | fluffypony: | hah hah |
| 10:29:04 | fluffypony: | Boss: "but what if instead of using a database we used a blockchain?" |
| 10:29:05 | fluffypony: | Developer: "why not just use a database?" |
| 10:29:05 | fluffypony: | Boss: "because if it's in a blockchain then everyone can have a copy of it!" |
| 10:29:05 | fluffypony: | Developer: "...so we use a distributed database? or rsync? or any form of mirroring / syncing / clustering?" |
| 10:29:05 | fluffypony: | Boss: "BLOCKCHAIN." |
| 10:39:28 | adam3us: | fluffypony: the blockchain hammer. groan. |
| 10:40:27 | fluffypony: | well at least they're moving on from Cloud and IAAS/SAAS/PAAS |
| 10:40:33 | fluffypony: | although maybe the next step will be BAAS...Blockchain As A Service |
| 10:49:31 | gmaxwell: | it comic would have been better if he'd mentioned the loss of fuel efficiency on land and perhaps safty/sea-worthness as a boat. :P |
| 13:08:29 | leakypat: | fluffypony: lol |
| 13:08:48 | leakypat: | Sometimes I think i should setup a blockchain consultancy |
| 13:09:09 | fluffypony: | "LeakyPat's Blockchain Consultancy - Blockchaining All The Things Since 2011" |
| 13:09:18 | leakypat: | I like it |
| 13:09:35 | leakypat: | So what's your blockchain strategy? |
| 13:09:42 | leakypat: | Haha |
| 13:09:45 | fluffypony: | hah hah |
| 13:14:51 | jgarzik: | I think a couple companies are in fact doing Blockchain-As-A-Service ;p |
| 13:15:11 | bsm117532: | Which ones? |
| 13:15:29 | bsm117532: | Like, they make an altcoin for you? |
| 13:15:31 | fluffypony: | fine, then we go straight to Sidechains As A Service |
| 13:27:50 | rustyn_: | rustyn_ is now known as rustyn |
| 13:44:12 | jgarzik: | bluematt made a joke - coingen.io - which generated an altcoin for you, for 0.5 BTC or somesuch. Thousands were created ;p |
| 13:44:47 | bsm117532: | I've had a lot of discussions with clueless bankers and one thing that ALWAYS comes up is making their own blockchain, you know, so they can control it. |
| 13:48:05 | gmaxwell: | much like 'cow clicker'[1] -- people seemed to not get the satire, which seems to continually irritate bluematt; much as it did the creator of cowclicker. [1] http://en.wikipedia.org/wiki/Cow_Clicker |
| 13:48:45 | fluffypony: | TIL |
| 13:49:12 | nsh: | * nsh smiles |
| 13:52:23 | koshii: | win 35 |
| 13:54:40 | fluffypony: | 'when addressing a complaint by a fan who felt the game was no longer fun after the cow rapture, Bogost responded that "it wasn't very fun before."' |
| 13:54:54 | fluffypony: | * fluffypony can't wait for the altcoinpocalypse and the impending dev rapture |
| 13:58:00 | gmaxwell: | Nor can I, this morning's fun-- someone arguing earnestly on the PHC mailing list that one second POW verification times are acceptable for cryptocurrency: http://article.gmane.org/gmane.comp.security.phc/2707 (I responded) |
| 13:58:43 | fluffypony: | oh I saw andytoshi reply to a post about that on BTCT, not sure if it was the same guy |
| 14:01:44 | gmaxwell: | oh yea? |
| 14:01:57 | fluffypony: | lemme find it |
| 14:02:40 | fluffypony: | https://bitcointalk.org/index.php?topic=1009710.0 |
| 14:08:46 | kanzure: | i wonder if bankers have just not been talking with software people, ever. |
| 14:08:54 | kanzure: | because i don't remember them asking "can i make my own database?" |
| 14:08:54 | nsh: | is the 70k ver/s @ 3.2Ghz for secp256k1 for a single physical core, or whatever is average for a desktop CPU these days? |
| 14:08:58 | nsh: | ( gmaxwell ) |
| 14:13:20 | BlueMatt: | gmaxwell: yup, pretty muc |
| 14:13:20 | BlueMatt: | h |
| 14:14:56 | gmaxwell: | kanzure: doesn't matter if they have; to the extent that have anyone competent is likely to have said "we don't know" a lot; whereas anyone clueless was absolutely certian. Unable to judge the relative qualifications, who would you listen to? (uh okay, maybe you still wouldn't-- but think typical banker here) |
| 14:17:08 | gmaxwell: | nsh: thats a quad-core number. |
| 14:19:30 | gmaxwell: | hm. it's also a bit high. I am wondering where I got it from. benching 45k/sec here right now. |
| 14:19:51 | gmaxwell: | I'm probably tained by sipa's batch verification speeds. |
| 14:20:30 | nsh: | * nsh nods |
| 14:21:38 | gmaxwell: | 58k now, when actually compiled with all the wizbangs. |
| 14:22:19 | gmaxwell: | meh, should have checked the number before posting though it's not technical incorrect if including the batch schnorr stuff. |
| 14:30:13 | nsh: | doesn't really affect the illustrative purpose of the figure for the post |
| 14:31:19 | gmaxwell: | nah, I feel bad though. it's also not wrong enough that its worth correcting. |
| 14:32:00 | nsh: | * nsh nods |
| 14:32:38 | nsh: | is there any theoretical understanding of how the quality of approximation-freeness results from the construction of a hash function? |
| 14:33:26 | bsm117532: | @kanzure bankers have not been talking with software people, ever. Software people are second or third class employees in India who make websites on command. |
| 14:34:02 | gmaxwell: | not really, it hasn't been a strong objective elsewhere, we're somewhat lucky. If the hash-function has strong diffusion in every round then that probably helps a lot; but I could certantly imagine an otherwise reasonable hashfunction existing that only had strong diffusion at the first and last round. |
| 14:34:29 | nsh: | * nsh nods |
| 14:37:13 | nsh: | but i think diffusion itself could be amenable to a more nuanced (relative) definition and treatment. the diffusion of data relative under some transformation of a space relative to a particular structure may actually be more or less static or even convergent relative to some other structure that may have a nontrivial but useful relationship to the first structure |
| 14:37:28 | nsh: | s/data relative under/data under/ |
| 14:38:54 | nsh: | (e.g. XLS attacks on AES exploit (but not very well) the fact that the diffusion of the round does not affect the over-determination when expressed as a system of simultaneous linear or low-order polynomial equations) |
| 14:40:05 | nsh: | ( http://www.isg.rhul.ac.uk/~sean/crypto.pdf ) |
| 14:41:37 | nsh: | and it may be more problematic in the context of hashing than block ciphers |
| 15:06:57 | kanzure: | hmm https://github.com/Z3Prover/z3/blob/29606b5179f76783ffb0c2ca0ed9d614847064b3/examples/c/test_capi.c#L678 |
| 16:30:22 | wallet421: | wallet421 is now known as wallet42 |
| 18:59:49 | binaryatrocity_: | binaryatrocity_ is now known as binaryatrocity |
| 19:08:07 | AlexStraunoff: | AlexStraunoff is now known as sqt |
| 19:40:09 | mpenick: | mpenick has left #bitcoin-wizards |
| 21:14:01 | kanzure: | .tw https://twitter.com/hashbreaker/status/584000738860339200 |
| 21:14:02 | yoleaux: | At NIST PQ workshop, NSA crypto team gives talk "improving" DH: (1) Make it fragile against any reuse of keys. (2) Send Bob your RNG output. (@hashbreaker) |
| 21:22:44 | gmaxwell: | I'd like to know the snark-reduced version of that, like ... wtf were they suggesting that made it key reuse vulnerable?! |
| 21:23:00 | gmaxwell: | PQ I assume means "post quantum" |