00:28:09kanzure:hmm what public/private keys have been baked into asics before? is there a scheme resistant to scanning electron microscopy reading the private key?
00:28:21kanzure:for example: maybe each chip individually has a different private key assigned to it, perhaps a child key from the manufacturer.
00:28:41kanzure:(merely asking because i have spontaneously forgotten these things, and not because i have a project in mind)
00:29:08phantomcircuit:kanzure, you mean in general or with bitcoin asics?
00:29:12kanzure:general
00:29:45kanzure:i've definitely seen some people lifting private keys by looking at transistor layouts, where the private key was the same for all chips apparently. unfortunately i forget where i saw this..
00:29:51phantomcircuit:a tpm will generally have an rng and generate all of it's keys internally
00:30:20phantomcircuit:if there needs to be attestation or the like the manufacturer signs the public key before the device leaves the factory
00:30:46phantomcircuit:kanzure, sure people do that with things like HDCP
00:30:54phantomcircuit:where the security is fake and the points dont matter
00:50:51NewLiberty_:NewLiberty_ is now known as NewLiberty
02:13:42c0rw1n_:c0rw1n_ is now known as c0rw1n
03:20:39Pasha:Pasha is now known as Cory
04:38:12AlexStraunoff:AlexStraunoff is now known as NikolaiToryzin
08:05:19weber.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:19weber.freenode.net:Users on #bitcoin-wizards: andy-logbot terpo eordano NewLiberty hktud0 coiner ryanxcharles Mably moa koshii hashtag Emcy b_lumenkraft dgenr8 gribble yrashk Xzibit17 artifexd kumavis adams_ platinuum pollux-bts RoboTeddy fanquake1 NikolaiToryzin p15_ otoburb TheSeven justanotheruser bsm117532 dc17523be3 c0rw1n a5m0 vonzipper catlasshrugged d1ggy_ jgarzik spinza Madars huseby prodatalab midnightmagic BlueMatt throughnothing kefkius GreenIsMyPepper dasource warren TD-Linux
08:05:19weber.freenode.net:Users on #bitcoin-wizards: c-cex-yuriy mariorz binaryatrocity_ devrando1 hguux___ fenn_ wizkid057 jaekwon arubi rusty Starduster rustyn_ cluckj ebfull ajweiss LeMiner adam3us PaulCapestany waxwing gielbier airbreather_1 helo Dr-G2 maaku thrasher` Tiraspol SubCreative starsoccer HM Adlai sadoshi jaromil Anduck melvster iddo aakselrod MoALTz_ alferz bosma sneak deepcore face Luke-Jr poggy amincd Pan0ram1x PRab shesek go1111111 luny bliljerk101 amiller raizor Chillum wiz nsh
08:05:19weber.freenode.net:Users on #bitcoin-wizards: luigi1111w JonTitor szumen yorick kyuupichan Logicwax d9b4bef9 tromp runeks phantomcircuit EasyAt hashtag_ cgt_ lechuga_ luigi11111 isis nanotube yoleaux gmaxwell andytoshi berndj gavinandresen dignork AdrianG s1w livegnik optimator fluffypony Meeh cursive dansmith_btc morcos guruvan BananaLotus bedeho heath roasbeef_ Fistful_of_Coins dardasaba jonasschnelli comboy_ tromp_ stonecoldpat nuke_ afdudley espes__ pigeons eric jessepollak sipa
08:05:19weber.freenode.net:Users on #bitcoin-wizards: warptangent ryan-c mkarrer_ phedny so nuke1989 STRML harrow` forrestv michagogo null sl01 SwedFTP larraboj lnovy Iriez Apocalyptic jcorgan [d__d] petertodd kanzure catcow Muis cfields Zouppen coryfields_ cryptowest_ kinlo wumpus gwillen nickler Alanius sdaftuar Hunger- null_radix epscy Taek Krellan Oizopower Keefe mappum jbenet gnusha Graet Eliel veox indolering K1773R leakypat CryptOprah mr_burdell NeatBasis davout brand0 @ChanServ btc___
08:05:19weber.freenode.net:Users on #bitcoin-wizards: azariah MRL-Relay BrainOverfl0w
09:07:15fenn_:fenn_ is now known as fenn
10:24:35gmaxwell:[somehow I feel this is related] http://www.smbc-comics.com/index.php?id=3692
10:27:00fluffypony:hah hah
10:29:04fluffypony:Boss: "but what if instead of using a database we used a blockchain?"
10:29:05fluffypony:Developer: "why not just use a database?"
10:29:05fluffypony:Boss: "because if it's in a blockchain then everyone can have a copy of it!"
10:29:05fluffypony:Developer: "...so we use a distributed database? or rsync? or any form of mirroring / syncing / clustering?"
10:29:05fluffypony:Boss: "BLOCKCHAIN."
10:39:28adam3us:fluffypony: the blockchain hammer. groan.
10:40:27fluffypony:well at least they're moving on from Cloud and IAAS/SAAS/PAAS
10:40:33fluffypony:although maybe the next step will be BAAS...Blockchain As A Service
10:49:31gmaxwell:it comic would have been better if he'd mentioned the loss of fuel efficiency on land and perhaps safty/sea-worthness as a boat. :P
13:08:29leakypat:fluffypony: lol
13:08:48leakypat:Sometimes I think i should setup a blockchain consultancy
13:09:09fluffypony:"LeakyPat's Blockchain Consultancy - Blockchaining All The Things Since 2011"
13:09:18leakypat:I like it
13:09:35leakypat:So what's your blockchain strategy?
13:09:42leakypat:Haha
13:09:45fluffypony:hah hah
13:14:51jgarzik:I think a couple companies are in fact doing Blockchain-As-A-Service ;p
13:15:11bsm117532:Which ones?
13:15:29bsm117532:Like, they make an altcoin for you?
13:15:31fluffypony:fine, then we go straight to Sidechains As A Service
13:27:50rustyn_:rustyn_ is now known as rustyn
13:44:12jgarzik:bluematt made a joke - coingen.io - which generated an altcoin for you, for 0.5 BTC or somesuch. Thousands were created ;p
13:44:47bsm117532:I've had a lot of discussions with clueless bankers and one thing that ALWAYS comes up is making their own blockchain, you know, so they can control it.
13:48:05gmaxwell:much like 'cow clicker'[1] -- people seemed to not get the satire, which seems to continually irritate bluematt; much as it did the creator of cowclicker. [1] http://en.wikipedia.org/wiki/Cow_Clicker
13:48:45fluffypony:TIL
13:49:12nsh:* nsh smiles
13:52:23koshii:win 35
13:54:40fluffypony:'when addressing a complaint by a fan who felt the game was no longer fun after the cow rapture, Bogost responded that "it wasn't very fun before."'
13:54:54fluffypony:* fluffypony can't wait for the altcoinpocalypse and the impending dev rapture
13:58:00gmaxwell:Nor can I, this morning's fun-- someone arguing earnestly on the PHC mailing list that one second POW verification times are acceptable for cryptocurrency: http://article.gmane.org/gmane.comp.security.phc/2707 (I responded)
13:58:43fluffypony:oh I saw andytoshi reply to a post about that on BTCT, not sure if it was the same guy
14:01:44gmaxwell:oh yea?
14:01:57fluffypony:lemme find it
14:02:40fluffypony:https://bitcointalk.org/index.php?topic=1009710.0
14:08:46kanzure:i wonder if bankers have just not been talking with software people, ever.
14:08:54kanzure:because i don't remember them asking "can i make my own database?"
14:08:54nsh:is the 70k ver/s @ 3.2Ghz for secp256k1 for a single physical core, or whatever is average for a desktop CPU these days?
14:08:58nsh:( gmaxwell )
14:13:20BlueMatt:gmaxwell: yup, pretty muc
14:13:20BlueMatt:h
14:14:56gmaxwell:kanzure: doesn't matter if they have; to the extent that have anyone competent is likely to have said "we don't know" a lot; whereas anyone clueless was absolutely certian. Unable to judge the relative qualifications, who would you listen to? (uh okay, maybe you still wouldn't-- but think typical banker here)
14:17:08gmaxwell:nsh: thats a quad-core number.
14:19:30gmaxwell:hm. it's also a bit high. I am wondering where I got it from. benching 45k/sec here right now.
14:19:51gmaxwell:I'm probably tained by sipa's batch verification speeds.
14:20:30nsh:* nsh nods
14:21:38gmaxwell:58k now, when actually compiled with all the wizbangs.
14:22:19gmaxwell:meh, should have checked the number before posting though it's not technical incorrect if including the batch schnorr stuff.
14:30:13nsh:doesn't really affect the illustrative purpose of the figure for the post
14:31:19gmaxwell:nah, I feel bad though. it's also not wrong enough that its worth correcting.
14:32:00nsh:* nsh nods
14:32:38nsh:is there any theoretical understanding of how the quality of approximation-freeness results from the construction of a hash function?
14:33:26bsm117532:@kanzure bankers have not been talking with software people, ever. Software people are second or third class employees in India who make websites on command.
14:34:02gmaxwell:not really, it hasn't been a strong objective elsewhere, we're somewhat lucky. If the hash-function has strong diffusion in every round then that probably helps a lot; but I could certantly imagine an otherwise reasonable hashfunction existing that only had strong diffusion at the first and last round.
14:34:29nsh:* nsh nods
14:37:13nsh:but i think diffusion itself could be amenable to a more nuanced (relative) definition and treatment. the diffusion of data relative under some transformation of a space relative to a particular structure may actually be more or less static or even convergent relative to some other structure that may have a nontrivial but useful relationship to the first structure
14:37:28nsh:s/data relative under/data under/
14:38:54nsh:(e.g. XLS attacks on AES exploit (but not very well) the fact that the diffusion of the round does not affect the over-determination when expressed as a system of simultaneous linear or low-order polynomial equations)
14:40:05nsh:( http://www.isg.rhul.ac.uk/~sean/crypto.pdf )
14:41:37nsh:and it may be more problematic in the context of hashing than block ciphers
15:06:57kanzure:hmm https://github.com/Z3Prover/z3/blob/29606b5179f76783ffb0c2ca0ed9d614847064b3/examples/c/test_capi.c#L678
16:30:22wallet421:wallet421 is now known as wallet42
18:59:49binaryatrocity_:binaryatrocity_ is now known as binaryatrocity
19:08:07AlexStraunoff:AlexStraunoff is now known as sqt
19:40:09mpenick:mpenick has left #bitcoin-wizards
21:14:01kanzure:.tw https://twitter.com/hashbreaker/status/584000738860339200
21:14:02yoleaux:At NIST PQ workshop, NSA crypto team gives talk "improving" DH: (1) Make it fragile against any reuse of keys. (2) Send Bob your RNG output. (@hashbreaker)
21:22:44gmaxwell:I'd like to know the snark-reduced version of that, like ... wtf were they suggesting that made it key reuse vulnerable?!
21:23:00gmaxwell:PQ I assume means "post quantum"