00:00:07kanzure:would not be surprised to learn that they are all also adam back
00:00:52pampuchy:sorry i was logged out, adam3us if you are adam back then cool, nice paper
00:00:58gmaxwell:There was someone on reddit who was alleging I was Hal.
00:00:59lechuga_:it really seemed like he chased szabo off the internet
00:01:11kanzure:oh right, he also thought hal finney was perry metzger
00:02:15adam3us:hmm i suppose that could be read as a tentacle/pseudonym shell game, detweiller poor fellow, the pseudonyms and tentacles got to him.
00:03:17kanzure:no really, this guy is an endless source of humor and comedy. he was on to nick szabo long before people started suspecting nick szabo was wei dai was satoshi.
00:03:46zooko:He used to live in this neck of the woods -- Colorado.
00:03:57pampuchy:so who is satoshi?
00:04:07andytoshi:pampuchy: the authors of that paper are adam3us BlueMatt Luke-Jr maaku gmaxwell amiller_ andy-logbot jtimon sipa
00:04:10andytoshi:ugh andytoshi not andy-logbot
00:04:49lechuga_:pampuchy: u must not read newsweek
00:04:51zooko:andy-logbot has been upgraded to have a paper-writing plugin?
00:04:52andytoshi:pampuchy: no satoshi speculation please, most of us here are high-profile enough that any statements could be picked up by the media, who has repeatedly gone and fucked up people's lives based on unfounded speculation
00:05:13pampuchy:oh i am so sorry, i didnt know these things
00:05:16moa:i've always wondered if wei dai is pronounced "why die" or "way day" or variations thereof
00:05:17andytoshi:zooko: yes, i admit it, i was asking the logbot what to write the whole time
00:06:02kanzure:moa: it stands for "great danger"
00:06:08pampuchy:i have an idea but its really dumb so i ffel shy saying it
00:06:19andytoshi:pampuchy: it's ok :) it just unfortunately causes problems way out of proportion to speculate about satoshi
00:06:21zooko:pampuchy: I have a lot of those.
00:06:27lechuga_:lol same
00:06:32adam3us:moa: i always guessed it was "way die" but i do not know what is correct
00:06:34kanzure:moa: http://lesswrong.com/lw/jgz/aalwa_ask_any_lesswronger_anything/ap84
00:07:04gmaxwell:pampuchy: It's just not really an interesting question; you can find any number of long essays on people as to why it's not interesting.
00:07:19pampuchy:no no i dont mean about satoshi, i mean i have an idea with proof of work used in a artistic context.
00:07:38kanzure:adam3us: http://lesswrong.com/lw/jgz/aalwa_ask_any_lesswronger_anything/aphv
00:07:42andytoshi:pampuchy: it's ok, but if you are suggesting to use art in a PoW context that's not interesting ;)
00:07:59andytoshi:petertodd is our resident artist
00:08:12adam3us:kanzure: wow i had guessed right :) "way dye"
00:08:13pampuchy:i am, drawings, actually
00:08:43kanzure:whoops the name means "grave danger" not "great danger"
00:09:01lechuga_:i thought it meant like 4 diff things depending on which permutation u decide on
00:09:03kanzure:"grave danger" is from http://lesswrong.com/lw/kk5/look_for_the_next_tech_gold_rush/b5dg
00:09:03adam3us:andytoshi: well in some way PoWs have aesthetic value… soo many 0s and exponential difficulty to find one more etc.
00:09:11pampuchy:and a slow blockchain, with days passing between computations
00:09:51kanzure:anyway i assume that "grave danger" comes from his overwhelming sense of anxiety regarding http://lesswrong.com/lw/jgz/aalwa_ask_any_lesswronger_anything/ap84
00:09:59zooko:pampuchy: that sounds like one of my bad ideas.
00:10:15jtimon:with spanish deterministic pronunciation rules, "wei dai" would sound like "way die" in english. Knowing that's a foreign language, I would say most spaniards would try their luck and say something that sounds like "why day"
00:10:24kanzure:"I do have some early role models. I recall wanting to be a real-life version of the fictional "Sandor Arbitration Intelligence at the Zoo" (from Vernor Vinge's novel A Fire Upon the Deep) who in the story is known for consistently writing the clearest and most insightful posts on the Net. And then there was Hal Finney who probably came closest to an actual real-life version of Sandor at the Zoo, and Tim May who besides inspiring me ...
00:10:30kanzure:... with his vision of cryptoanarchy was also a role model for doing early retirement from the tech industry and working on his own interests/causes."
00:10:37pampuchy:yes, highly impractical PoW is what i am saying
00:10:54pampuchy:with "making a one page drawing" constituting PoW
00:10:56kanzure:pampuchy: being practical is the most important property of proof-of-work
00:11:03kanzure:one of the most important properties, at least
00:11:04pampuchy:and the sketchbook used being the "ledger"
00:11:11zooko:Who's the real life Twirlip of the Mists?
00:11:55kanzure:"By the way, Twirlip of the Mists was not a bizarre, insane freak. Twirlip of the Mists was amazingly perceptive, or rather knowledgeable, although alas had nowhere near the eloquence of Sandor at the Zoo. Hint: look carefully at the first description of the Skroderiders. Actually, one thing that bothers me about the Net: who the hell is on it? It often seems that entire races are posters -- Sandor's last posting refers to having been ...
00:12:01kanzure:... composed of twenty civilizations. So they are all just sending email around to each other? wat"
00:12:10pampuchy:the altcurrency based on these drawings is called brud, with a brud equal to a thousand kurz.
00:12:31adam3us:pampuchy: this is kind of funny a guy who did some proof of work, by hand http://siliconangle.com/blog/2014/10/02/how-long-would-it-take-to-mine-bitcoin-by-hand/ (0.67 hashes/day!)
00:12:33kanzure:pampuchy: i don't think you are reading anything we have given you
00:13:21pampuchy:haha, my point is that after reading the sidepegged article, we can modify brud and kurz in the future to be compatible with any other altcoin
00:13:31kanzure:you cannot force-wait "days" between "computations"... that's not how computation works.
00:14:03pampuchy:adam3us: yes, i saw that. except that it is pretty boring. drawing is more fun.
00:14:21kanzure:zooko: weird, the page i was reading from cites an email from carl feynman (the miniature version of richard feynman that's still running around) http://mindstalk.net/vinge/fire.html
00:14:47pampuchy:oh i dont mean forcing any waits, i mean thats usually how it goes with my sketchbooks - days go by with nothing, then one drawing, then two...
00:15:22kanzure:uh, no
00:15:29kanzure:you very explicitly said so: 17:09 < pampuchy> and a slow blockchain, with days passing between computations
00:15:34zooko:Okay, -wizards, it is time for me to play Dominions 4 with my 10yo. Catch you tomorrow or later tonight! ☺
00:16:12pampuchy:well kanzure i certainly dont want to force anyone to draw, that would be awful.
00:16:38kanzure:even if you did want that, i don't see how that would be possible. so you seem to be talking nonsense?
00:19:42pampuchy:i intend to take the ideas behind PoW, of spending a resource, and apply it to drawing. a sketchbook filled with drawings being the blockchain.
00:20:14kanzure:ah, then what are the ideas behind proof-of-work?
00:20:36gmaxwell:man, more sketchy cryptography.
00:21:32pampuchy:yes! totally sketchy
00:23:31moa:and another altcoin is born
00:24:24pampuchy:from andrew's treatise: "Your crankery is not cute. You are
00:24:26pampuchy:not a cryptographer, and yet are releasing a homebrew cryptosystem, misrepresenting your
00:24:29pampuchy:own qualifications, and encouraging others to store value in your creation. These actions are
00:24:30pampuchy:incompetent, dishonest and reprehensibly dangerous.
00:28:13phantomcircuit:gmaxwell, everything i wanted to know about SCP could be found by searching for sybil in the document
00:28:30crescendo:0 results
00:28:39phantomcircuit:it appears only in the related works section which is nothing but advertising
00:29:12phantomcircuit:and i suspect only appears there for the cite
00:30:44gmaxwell:* gmaxwell larks, I wonder which SCP-wiki SCP best describes stellar.
03:50:28kanzure:i was not aware that the user "contingencies" was from kraken. he was already on my attempt-to-stalk-better list but that never happened.
03:50:43kanzure:anyway here's my attempt at one of the replies https://news.ycombinator.com/item?id=9345623
03:57:30kanzure:i can't wrap my head around how someone might think "FWIW, here's my take: Bitcoin tries to be too many things to too many people." is a reasonable argument against bitcoin consensus
03:58:02bsm117532:Sounds like it's something better left ignored.
03:59:02kanzure:hardly.. this is a company that has raised $6M in this ecosystem, and is now displaying extremely poor reasoning... alarm bells should be ringing.
03:59:15bsm117532:They wouldn't be the only one.
03:59:48kanzure:are you an optimist
04:00:51bsm117532:I met petertodd in person tonight. He was going on about a certain well-known company contractually requiring zero conf transactions. I'll let him elaborate on that if he wants. But money can be the enemy of reason.
04:01:20kanzure:in new york?
04:01:29kanzure:are you a local?
04:01:32bsm117532:Bitdevs, best bitcoin meetup there is.
04:03:20kanzure:i will be there later this month
04:03:31bsm117532:Sweet. ;-)
04:03:42bsm117532:I've been floored by the bitcoin activity here.
04:05:30moa:bsm117532: paucity or abundance of?
04:06:55kanzure:bitdevs link please?
04:06:58bsm117532:Of course, a lot of it is a big banks and non-software types trying to figure out how to make a privately mined chain...and other nonsense...but I digress...
04:08:00bsm117532:Don't bother with the Bitcoin Center NYC.
04:08:07moa:wonder how many of the "big banks and non-software types" have any kind of bitcoin wallet?
04:08:22phantomcircuit:bsm117532, i can do that, the mining part will be un-necessary
04:08:26phantomcircuit:but it will do that
04:08:28moa:seems like a market opportunity
04:08:40phantomcircuit:moa, :P
04:09:15moa:something for grnadmas?
07:10:35maaku:maaku is now known as Guest35538
08:05:15orwell.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: andy-logbot phiche1 dEBRUYNE cbeams c-cex-yuriy terpo gielbier skeuomorf Guest35538 hktud0 orik damethos nivah priidu arubi_ fanquake SDCDev rusty jhogan42 b_lumenkraft p15 [ace] eric AndChat|7049 zooko helo unlord_ justanotheruser DrWat|ZZZzzz mkarrer_ [7] HostFat Dr-G a5m0 Cornholi0 nephyrin null_radix binaryatrocity raizor tjader d1ggy crescendo Sqt Tjopper luktgf wumpus Madars hashtagg richardus cornus_ammonis mikolalysenko shesek hashtagg_
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: LeMiner Starduster_ maraoz grandmaster GAit cdecker waxwing Relos sturles prodatalab thrasher` Emcy adams_ GreenIsMyPepper harrow melvster vonzipper berndj ebfull jaekwon_ Zouppen andytoshi JonTitor Xzibit17 cfields PaulCapestany manan19 comboy sneak spinza cluckj luigi1111w realcr gmaxwell airbreather rustyn jaromil catlasshrugged_ Apocalyptic harrigan bosma Pan0ram1x PRab dasource nullbyte Cory forrestv cryptowest_ amiller_ runeks__ kanzure
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: kefkius throughnothing Graet Eliel veox indolering K1773R Keefe petertodd jcorgan larraboj ryan-c jessepollak MoALTz_ gribble tromp mr_burdell gnusha Iriez tromp_ d9b4bef9 wiz bliljerk101 aakselrod starsoccer dgenr8 jonasschnelli copumpkin sadoshi btcdrak go1111111 yorick weex SwedFTP Hunger- lmacken dc17523be3 face HM Luke-Jr luny yrashk artifexd kumavis platinuum otoburb huseby midnightmagic BlueMatt warren TD-Linux mariorz hguux___ fenn
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: wizkid057 ajweiss Tiraspol SubCreative Adlai Anduck iddo poggy nsh kyuupichan Logicwax phantomcircuit EasyAt lechuga_ luigi1111 isis nanotube yoleaux gavinandresen dignork AdrianG s1w livegnik optimator fluffypony Meeh cursive dansmith_btc morcos guruvan BananaLotus bedeho heath roasbeef_ Fistful_of_Coins stonecoldpat afdudley espes__ pigeons sipa warptangent phedny so BrainOverfl0w MRL-Relay azariah btc___ @ChanServ brand0 davout NeatBasis
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: CryptOprah leakypat jbenet mappum Oizopower Krellan Taek epscy sdaftuar Alanius nickler gwillen kinlo coryfields_ Muis catcow [d__d] lnovy sl01 null michagogo STRML
16:21:08zooko`:zooko` is now known as zooko
17:27:28tdryja:(OT) greg: just wanted to say that post on HN about the cheeseburger and the hand and the door ... that was awesome. I rofled.
17:42:26kanzure:hmmm "In SCP the topology is public and conveyed with each consensus packet. So people will be able to tell when the graph is vulnerable."
17:51:06helo:tdryja: lol, thanks for mentioning that
17:54:26gmaxwell:tdryja: unrelated, you've seen http://research.microsoft.com/en-us/people/mickens/thesaddestmoment.pdf I hope? "Gmaxwell's hand is faulty."
17:54:47tdryja:oh the don't want to go to lunch one? yeah that's a great one too
17:54:58tdryja:required reading for anyone working on distributed consensus
18:10:58fluffypony:"His extensive home collection of “Thundercats” cartoons will not watch itself. Ted is needed, and Ted will heed the call of duty."
18:12:27Taek:Are there zkp's that are not probabilistic?
18:13:28gmaxwell:succinctness is incompatible with soundness, (and so is strong (e.g. statistical instead of computational) zero knoweldge).
18:14:02gmaxwell:), so any compact one is only going to have computational security.
18:14:33Taek:I just mean in a purely theoretical sense, not in any practical sense
18:15:08Taek:it also doesn't have to be general
18:17:00phantomcircuit:gmaxwell, the graphics in that paper are very good
18:17:03gmaxwell:It's not theoretically possible for a compact ZKP for NP to exists where false proofs are not at least theoretically possible. (there is a counting-like argument for this). Oh well if you don't mean for NP. a schnorr signature is sound, though its secrecy has only computational security.
18:17:11phantomcircuit:they get the point across much better than words can
18:21:24andytoshi:Taek: so a schnorr signature can be made deterministic but not unique ... but BLS signatures are both
18:22:58andytoshi:it's not clear to me that it is a ZKP for anything since its security reduces to CDH, not discrete log
18:37:03AllieSenbub:rusty should do one about schnorr sig
18:47:39andytoshi:AllieSenbub: there's a fairly straightforward intuition ... the map x -> xG is linear (more concretely, a field homomorpism) but hard to invert. if you know secret values x and k, you can publish (a, b, ax + bk) without fear, since you have given 3 equations in 4 unknowns (or 1 equation in 2 unknowns; let's pretend a and b are public known constants)
18:48:29andytoshi:AllieSenbub: but using this map x -> xG, you can also publish xG and kG without fear, since it's noninvertible. then the linearity property says that people can check a(xG) + b(kG) = sG
18:48:55andytoshi:so now people can check that ax + bk actually was computed correctly, even though they still can't learn anything about x and k
18:50:48andytoshi:AllieSenbub: now, a schnorr signature is exactly this: x is your secret key, k is chosen randomly for each message, a is the hash of the message and kG (this is actually important for security since it prevents a forger from choosing the message or kG after-the-fact to make the verification equation work; he has to choose both before doing anything else)
18:50:49andytoshi:and b = 1
18:51:08andytoshi:ok, actually, i guess that's worth expanding into a blog post :P
18:52:59unlord_:unlord_ is now known as unlord
18:57:42zooko:andytoshi: yes please!
19:01:32gmaxwell:andytoshi: yea, "oh the signature is simply just a trivial system of linear equations. encrypted in such a way that you can still check it holds" was such a revelation for me (and left me pissed off at everyone else who'd obfscuated it with technical minutia).
19:03:37andytoshi:gmaxwell: yes, iirc i first heard it from you :)
19:04:41andytoshi:in fact i just got to explain this to one of my crypto students today, he was going through course slides on a simple discrete-log CRHF and it was filled with these kinds of details
19:04:52andytoshi:(well, "it's just linearity
19:04:59gmaxwell:Yea, I dunno if I've ever actually seen it written down that way; though who knows, my memory sucks.
19:05:30andytoshi:(well, "it's just linearity" i got from you .. i think the "uninvertible homomorphism" i came to myself...tho no doubt it was still indirectly you :P)
19:06:15gmaxwell:yea, my 'encrypted' there is vague. you don't need encryption, you need a one way computable map that retains the linearity.
19:06:36gmaxwell:encryption normally suggests decryption is (efficiently) possible.
19:06:54andytoshi:it's "encryption" to the media, cf every single article about "encrypted passwords" :)
19:09:54zooko:I've learned that it is best to tell investors that SNARKs are "encrypting the transaction information in such a way that…".
19:10:12zooko:Maybe we should just start using "magicking" instead of "encrypting".
19:11:02gmaxwell:zooko: it's not always the best to do that, including that encryption is subject to export regulation in a manner distinct from authentication schemes (and at the blockchain level these are all authentication schemes)
19:12:53gmaxwell:(not that export regs matter for free software; but commercial products bump into them)
19:12:59binaryFate:binaryFate has left #bitcoin-wizards
19:21:41andytoshi:thanks for that gmaxwell :)
19:25:24sipa:gmaxwell: hmm so the goal was resistance to power analysis rater than timing
19:26:43gmaxwell:sipa: can't have power analysis resistance without timing resistance.
19:27:04sipa:uh, sure they are related
19:27:43sipa:but the attack it specifically aims to make harder is a power analysis one
19:31:09phantomcircuit:gmaxwell, technically you could just dump a bunch of power to ground to avoid power analysis
19:31:33phantomcircuit:without actually significantly mitigating timing analysis
19:32:00phantomcircuit:but i suspect that would be harder to get right than fixing the timing analysis issues
19:32:02gmaxwell:phantomcircuit: that generally doesn't solve DPA; I think, but this is getting too analog for my expertise.
19:32:16gmaxwell:* gmaxwell flies
19:32:48phantomcircuit:gmaxwell, with enough capacitance and dynamic power throwing away i think it could be made to "work"
19:32:55phantomcircuit:for lame definitions of work
19:40:28andytoshi:gmaxwell: i piled onto your comment, so hopefully you aren't the sole bad guy..
19:41:29wallet42:wallet42 is now known as Guest47264
19:41:29wallet421:wallet421 is now known as wallet42
19:53:08andytoshi:lol, i got in trouble for that one..
20:01:11Mably_:Mably_ is now known as Mably
20:02:05amiller_:sipa, http://www.reddit.com/r/Bitcoin/comments/3213nc/all_trezor_users_should_update_their_firmware_for/cq6w2t6 /me popcorn
20:05:17kanzure:andytoshi: "To be clear, I was doing any sort of code audit here" is not clear, i think you mean "not"
20:08:42sipa:gmaxwell: so thy claim their wnaf is constant time...
20:09:08sipa:there is a simpler windowed algorithm that is constant time, but it is not wnaf
20:10:45zooko:https://twitter.com/martinralbrecht/status/586242276244004867 HT Dcoder
20:12:39yoleaux:Looks like GGH multilinear maps are broken http://buff.ly/1cdVNmK (@martinralbrecht)
20:30:50Taek:Is anyone in the Boston area that would be interested in doing weekly/bi-weekly mentoring of university students interested in learning cryptocurrency stuff and doing bitcoin/crypto development?
20:31:00Taek:Most of the students would probably MIT
20:31:54kanzure:if they are willing to show up on irc, then yes
20:34:56Taek:I'm sure we'll be on IRC, it'd be nice to have a meatspace mentor too. We can probably post slide decks, etc. if anything of that sort happens
20:36:54andytoshi:Taek: no, but i will mentor uni students in austin if somebody else does the organizational work
21:05:37fluffypony:I love Bitcointalk some days
21:05:49fluffypony:"This is trying to get away from doing meaningless calculations like the current 'proof of work' system that btc uses"
21:07:08tromp:that's a very convoluted way to do proof of stake
21:29:14benten_:benten_ is now known as benten
21:31:31helo:helo is now known as beatysee
21:31:46beatysee:beatysee is now known as helo
21:40:29Taek:schnorr question: looking at the wikipedia page, x can be 128bits, H() can have 256bit output, k can be 128 bits, s (k - xe) will be 256 bits, and e will be 256 bits? So the signature will be 512 bits?
21:41:37Taek:and s is likely going to be a negative number?
21:41:56sipa:negative number do not exist
21:42:08sipa:this is in a modular field
21:42:46sipa:unsure about the 128-bit k
21:43:40Taek:is q=2^128 secure?
22:04:21ryan-c:anyone know how to calculate the odds of finding N blocks in a row given X% of the networks hash power?
22:05:53belcher:is it not just X^N ?
22:07:07ryan-c:* ryan-c facepalm
22:07:07ozanyurt_:ozanyurt_ is now known as ozanyurt
22:07:12ryan-c:I think that's right.
22:12:26sipa:assuming no latency, yes
22:12:57sipa:or collusion of selfish mining attacks
22:15:03ryan-c:I'm trying to figure out how to come up with some numbers on feasibility of running attacks against a client that only has block headers with UTXO commitments
22:21:22DrWat|ZZZzzz:DrWat|ZZZzzz is now known as DrWat
23:25:09moa:ryan-c: double-spend attempts? network isolation? what did you have in mind ...