| 00:00:07 | kanzure: | would not be surprised to learn that they are all also adam back |
| 00:00:52 | pampuchy: | sorry i was logged out, adam3us if you are adam back then cool, nice paper |
| 00:00:58 | gmaxwell: | There was someone on reddit who was alleging I was Hal. |
| 00:00:59 | lechuga_: | it really seemed like he chased szabo off the internet |
| 00:01:11 | kanzure: | oh right, he also thought hal finney was perry metzger |
| 00:02:15 | adam3us: | hmm i suppose that could be read as a tentacle/pseudonym shell game, detweiller poor fellow, the pseudonyms and tentacles got to him. |
| 00:03:17 | kanzure: | no really, this guy is an endless source of humor and comedy. he was on to nick szabo long before people started suspecting nick szabo was wei dai was satoshi. |
| 00:03:46 | zooko: | He used to live in this neck of the woods -- Colorado. |
| 00:03:57 | pampuchy: | so who is satoshi? |
| 00:04:07 | andytoshi: | pampuchy: the authors of that paper are adam3us BlueMatt Luke-Jr maaku gmaxwell amiller_ andy-logbot jtimon sipa |
| 00:04:10 | andytoshi: | ugh andytoshi not andy-logbot |
| 00:04:49 | lechuga_: | pampuchy: u must not read newsweek |
| 00:04:51 | zooko: | andy-logbot has been upgraded to have a paper-writing plugin? |
| 00:04:52 | andytoshi: | pampuchy: no satoshi speculation please, most of us here are high-profile enough that any statements could be picked up by the media, who has repeatedly gone and fucked up people's lives based on unfounded speculation |
| 00:05:13 | pampuchy: | oh i am so sorry, i didnt know these things |
| 00:05:16 | moa: | i've always wondered if wei dai is pronounced "why die" or "way day" or variations thereof |
| 00:05:17 | andytoshi: | zooko: yes, i admit it, i was asking the logbot what to write the whole time |
| 00:05:49 | zooko: | lol |
| 00:06:02 | kanzure: | moa: it stands for "great danger" |
| 00:06:08 | pampuchy: | i have an idea but its really dumb so i ffel shy saying it |
| 00:06:19 | andytoshi: | pampuchy: it's ok :) it just unfortunately causes problems way out of proportion to speculate about satoshi |
| 00:06:21 | zooko: | pampuchy: I have a lot of those. |
| 00:06:27 | lechuga_: | lol same |
| 00:06:32 | adam3us: | moa: i always guessed it was "way die" but i do not know what is correct |
| 00:06:34 | kanzure: | moa: http://lesswrong.com/lw/jgz/aalwa_ask_any_lesswronger_anything/ap84 |
| 00:07:04 | gmaxwell: | pampuchy: It's just not really an interesting question; you can find any number of long essays on people as to why it's not interesting. |
| 00:07:19 | pampuchy: | no no i dont mean about satoshi, i mean i have an idea with proof of work used in a artistic context. |
| 00:07:38 | kanzure: | adam3us: http://lesswrong.com/lw/jgz/aalwa_ask_any_lesswronger_anything/aphv |
| 00:07:41 | kanzure: | (pronunciation) |
| 00:07:42 | andytoshi: | pampuchy: it's ok, but if you are suggesting to use art in a PoW context that's not interesting ;) |
| 00:07:59 | andytoshi: | petertodd is our resident artist |
| 00:08:12 | adam3us: | kanzure: wow i had guessed right :) "way dye" |
| 00:08:13 | pampuchy: | i am, drawings, actually |
| 00:08:43 | kanzure: | whoops the name means "grave danger" not "great danger" |
| 00:09:01 | lechuga_: | i thought it meant like 4 diff things depending on which permutation u decide on |
| 00:09:03 | kanzure: | "grave danger" is from http://lesswrong.com/lw/kk5/look_for_the_next_tech_gold_rush/b5dg |
| 00:09:03 | adam3us: | andytoshi: well in some way PoWs have aesthetic value… soo many 0s and exponential difficulty to find one more etc. |
| 00:09:11 | pampuchy: | and a slow blockchain, with days passing between computations |
| 00:09:51 | kanzure: | anyway i assume that "grave danger" comes from his overwhelming sense of anxiety regarding http://lesswrong.com/lw/jgz/aalwa_ask_any_lesswronger_anything/ap84 |
| 00:09:59 | zooko: | pampuchy: that sounds like one of my bad ideas. |
| 00:10:15 | jtimon: | with spanish deterministic pronunciation rules, "wei dai" would sound like "way die" in english. Knowing that's a foreign language, I would say most spaniards would try their luck and say something that sounds like "why day" |
| 00:10:24 | kanzure: | "I do have some early role models. I recall wanting to be a real-life version of the fictional "Sandor Arbitration Intelligence at the Zoo" (from Vernor Vinge's novel A Fire Upon the Deep) who in the story is known for consistently writing the clearest and most insightful posts on the Net. And then there was Hal Finney who probably came closest to an actual real-life version of Sandor at the Zoo, and Tim May who besides inspiring me ... |
| 00:10:29 | jtimon: | moa^ |
| 00:10:30 | kanzure: | ... with his vision of cryptoanarchy was also a role model for doing early retirement from the tech industry and working on his own interests/causes." |
| 00:10:37 | pampuchy: | yes, highly impractical PoW is what i am saying |
| 00:10:54 | pampuchy: | with "making a one page drawing" constituting PoW |
| 00:10:56 | kanzure: | pampuchy: being practical is the most important property of proof-of-work |
| 00:11:03 | kanzure: | one of the most important properties, at least |
| 00:11:04 | pampuchy: | and the sketchbook used being the "ledger" |
| 00:11:11 | zooko: | Who's the real life Twirlip of the Mists? |
| 00:11:55 | kanzure: | "By the way, Twirlip of the Mists was not a bizarre, insane freak. Twirlip of the Mists was amazingly perceptive, or rather knowledgeable, although alas had nowhere near the eloquence of Sandor at the Zoo. Hint: look carefully at the first description of the Skroderiders. Actually, one thing that bothers me about the Net: who the hell is on it? It often seems that entire races are posters -- Sandor's last posting refers to having been ... |
| 00:12:01 | kanzure: | ... composed of twenty civilizations. So they are all just sending email around to each other? wat" |
| 00:12:10 | pampuchy: | the altcurrency based on these drawings is called brud, with a brud equal to a thousand kurz. |
| 00:12:31 | adam3us: | pampuchy: this is kind of funny a guy who did some proof of work, by hand http://siliconangle.com/blog/2014/10/02/how-long-would-it-take-to-mine-bitcoin-by-hand/ (0.67 hashes/day!) |
| 00:12:33 | kanzure: | pampuchy: i don't think you are reading anything we have given you |
| 00:13:21 | pampuchy: | haha, my point is that after reading the sidepegged article, we can modify brud and kurz in the future to be compatible with any other altcoin |
| 00:13:31 | kanzure: | you cannot force-wait "days" between "computations"... that's not how computation works. |
| 00:14:03 | pampuchy: | adam3us: yes, i saw that. except that it is pretty boring. drawing is more fun. |
| 00:14:21 | kanzure: | zooko: weird, the page i was reading from cites an email from carl feynman (the miniature version of richard feynman that's still running around) http://mindstalk.net/vinge/fire.html |
| 00:14:47 | pampuchy: | oh i dont mean forcing any waits, i mean thats usually how it goes with my sketchbooks - days go by with nothing, then one drawing, then two... |
| 00:15:22 | kanzure: | uh, no |
| 00:15:29 | kanzure: | you very explicitly said so: 17:09 < pampuchy> and a slow blockchain, with days passing between computations |
| 00:15:34 | zooko: | Okay, -wizards, it is time for me to play Dominions 4 with my 10yo. Catch you tomorrow or later tonight! ☺ |
| 00:16:12 | pampuchy: | well kanzure i certainly dont want to force anyone to draw, that would be awful. |
| 00:16:23 | kanzure: | what? |
| 00:16:38 | kanzure: | even if you did want that, i don't see how that would be possible. so you seem to be talking nonsense? |
| 00:19:42 | pampuchy: | i intend to take the ideas behind PoW, of spending a resource, and apply it to drawing. a sketchbook filled with drawings being the blockchain. |
| 00:20:14 | kanzure: | ah, then what are the ideas behind proof-of-work? |
| 00:20:36 | gmaxwell: | man, more sketchy cryptography. |
| 00:21:32 | pampuchy: | yes! totally sketchy |
| 00:22:33 | andytoshi: | hehehe |
| 00:23:31 | moa: | and another altcoin is born |
| 00:23:38 | pampuchy: | woohoo! |
| 00:24:24 | pampuchy: | from andrew's treatise: "Your crankery is not cute. You are |
| 00:24:26 | pampuchy: | not a cryptographer, and yet are releasing a homebrew cryptosystem, misrepresenting your |
| 00:24:29 | pampuchy: | own qualifications, and encouraging others to store value in your creation. These actions are |
| 00:24:30 | pampuchy: | incompetent, dishonest and reprehensibly dangerous. |
| 00:24:47 | pampuchy: | " |
| 00:28:13 | phantomcircuit: | gmaxwell, everything i wanted to know about SCP could be found by searching for sybil in the document |
| 00:28:30 | crescendo: | 0 results |
| 00:28:39 | phantomcircuit: | it appears only in the related works section which is nothing but advertising |
| 00:29:12 | phantomcircuit: | and i suspect only appears there for the cite |
| 00:30:44 | gmaxwell: | * gmaxwell larks, I wonder which SCP-wiki SCP best describes stellar. |
| 03:50:28 | kanzure: | i was not aware that the user "contingencies" was from kraken. he was already on my attempt-to-stalk-better list but that never happened. |
| 03:50:43 | kanzure: | anyway here's my attempt at one of the replies https://news.ycombinator.com/item?id=9345623 |
| 03:57:30 | kanzure: | i can't wrap my head around how someone might think "FWIW, here's my take: Bitcoin tries to be too many things to too many people." is a reasonable argument against bitcoin consensus |
| 03:58:02 | bsm117532: | Sounds like it's something better left ignored. |
| 03:59:02 | kanzure: | hardly.. this is a company that has raised $6M in this ecosystem, and is now displaying extremely poor reasoning... alarm bells should be ringing. |
| 03:59:15 | bsm117532: | They wouldn't be the only one. |
| 03:59:48 | kanzure: | are you an optimist |
| 04:00:51 | bsm117532: | I met petertodd in person tonight. He was going on about a certain well-known company contractually requiring zero conf transactions. I'll let him elaborate on that if he wants. But money can be the enemy of reason. |
| 04:01:20 | kanzure: | in new york? |
| 04:01:25 | bsm117532: | Yes |
| 04:01:29 | kanzure: | are you a local? |
| 04:01:32 | bsm117532: | Bitdevs, best bitcoin meetup there is. |
| 04:01:37 | bsm117532: | Yes |
| 04:03:20 | kanzure: | i will be there later this month |
| 04:03:31 | bsm117532: | Sweet. ;-) |
| 04:03:42 | bsm117532: | I've been floored by the bitcoin activity here. |
| 04:05:30 | moa: | bsm117532: paucity or abundance of? |
| 04:05:37 | bsm117532: | abundance |
| 04:06:55 | kanzure: | bitdevs link please? |
| 04:06:58 | bsm117532: | Of course, a lot of it is a big banks and non-software types trying to figure out how to make a privately mined chain...and other nonsense...but I digress... |
| 04:07:10 | bsm117532: | http://www.meetup.com/BitDevsNYC/ |
| 04:07:35 | kanzure: | alright |
| 04:08:00 | bsm117532: | Don't bother with the Bitcoin Center NYC. |
| 04:08:07 | moa: | wonder how many of the "big banks and non-software types" have any kind of bitcoin wallet? |
| 04:08:13 | bsm117532: | none. |
| 04:08:22 | phantomcircuit: | bsm117532, i can do that, the mining part will be un-necessary |
| 04:08:26 | phantomcircuit: | but it will do that |
| 04:08:28 | moa: | seems like a market opportunity |
| 04:08:40 | phantomcircuit: | moa, :P |
| 04:08:47 | moa: | heh |
| 04:09:15 | moa: | something for grnadmas? |
| 07:10:35 | maaku: | maaku is now known as Guest35538 |
| 08:05:15 | orwell.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: andy-logbot phiche1 dEBRUYNE cbeams c-cex-yuriy terpo gielbier skeuomorf Guest35538 hktud0 orik damethos nivah priidu arubi_ fanquake SDCDev rusty jhogan42 b_lumenkraft p15 [ace] eric AndChat|7049 zooko helo unlord_ justanotheruser DrWat|ZZZzzz mkarrer_ [7] HostFat Dr-G a5m0 Cornholi0 nephyrin null_radix binaryatrocity raizor tjader d1ggy crescendo Sqt Tjopper luktgf wumpus Madars hashtagg richardus cornus_ammonis mikolalysenko shesek hashtagg_ |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: LeMiner Starduster_ maraoz grandmaster GAit cdecker waxwing Relos sturles prodatalab thrasher` Emcy adams_ GreenIsMyPepper harrow melvster vonzipper berndj ebfull jaekwon_ Zouppen andytoshi JonTitor Xzibit17 cfields PaulCapestany manan19 comboy sneak spinza cluckj luigi1111w realcr gmaxwell airbreather rustyn jaromil catlasshrugged_ Apocalyptic harrigan bosma Pan0ram1x PRab dasource nullbyte Cory forrestv cryptowest_ amiller_ runeks__ kanzure |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: kefkius throughnothing Graet Eliel veox indolering K1773R Keefe petertodd jcorgan larraboj ryan-c jessepollak MoALTz_ gribble tromp mr_burdell gnusha Iriez tromp_ d9b4bef9 wiz bliljerk101 aakselrod starsoccer dgenr8 jonasschnelli copumpkin sadoshi btcdrak go1111111 yorick weex SwedFTP Hunger- lmacken dc17523be3 face HM Luke-Jr luny yrashk artifexd kumavis platinuum otoburb huseby midnightmagic BlueMatt warren TD-Linux mariorz hguux___ fenn |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: wizkid057 ajweiss Tiraspol SubCreative Adlai Anduck iddo poggy nsh kyuupichan Logicwax phantomcircuit EasyAt lechuga_ luigi1111 isis nanotube yoleaux gavinandresen dignork AdrianG s1w livegnik optimator fluffypony Meeh cursive dansmith_btc morcos guruvan BananaLotus bedeho heath roasbeef_ Fistful_of_Coins stonecoldpat afdudley espes__ pigeons sipa warptangent phedny so BrainOverfl0w MRL-Relay azariah btc___ @ChanServ brand0 davout NeatBasis |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: CryptOprah leakypat jbenet mappum Oizopower Krellan Taek epscy sdaftuar Alanius nickler gwillen kinlo coryfields_ Muis catcow [d__d] lnovy sl01 null michagogo STRML |
| 16:21:08 | zooko`: | zooko` is now known as zooko |
| 17:27:28 | tdryja: | (OT) greg: just wanted to say that post on HN about the cheeseburger and the hand and the door ... that was awesome. I rofled. |
| 17:42:26 | kanzure: | hmmm "In SCP the topology is public and conveyed with each consensus packet. So people will be able to tell when the graph is vulnerable." |
| 17:51:06 | helo: | tdryja: lol, thanks for mentioning that |
| 17:54:26 | gmaxwell: | tdryja: unrelated, you've seen http://research.microsoft.com/en-us/people/mickens/thesaddestmoment.pdf I hope? "Gmaxwell's hand is faulty." |
| 17:54:47 | tdryja: | oh the don't want to go to lunch one? yeah that's a great one too |
| 17:54:58 | tdryja: | required reading for anyone working on distributed consensus |
| 18:10:58 | fluffypony: | "His extensive home collection of “Thundercats” cartoons will not watch itself. Ted is needed, and Ted will heed the call of duty." |
| 18:11:01 | fluffypony: | lol |
| 18:12:27 | Taek: | Are there zkp's that are not probabilistic? |
| 18:13:28 | gmaxwell: | succinctness is incompatible with soundness, (and so is strong (e.g. statistical instead of computational) zero knoweldge). |
| 18:14:02 | gmaxwell: | ), so any compact one is only going to have computational security. |
| 18:14:33 | Taek: | I just mean in a purely theoretical sense, not in any practical sense |
| 18:15:08 | Taek: | it also doesn't have to be general |
| 18:17:00 | phantomcircuit: | gmaxwell, the graphics in that paper are very good |
| 18:17:03 | gmaxwell: | It's not theoretically possible for a compact ZKP for NP to exists where false proofs are not at least theoretically possible. (there is a counting-like argument for this). Oh well if you don't mean for NP. a schnorr signature is sound, though its secrecy has only computational security. |
| 18:17:11 | phantomcircuit: | they get the point across much better than words can |
| 18:21:24 | andytoshi: | Taek: so a schnorr signature can be made deterministic but not unique ... but BLS signatures are both |
| 18:22:58 | andytoshi: | it's not clear to me that it is a ZKP for anything since its security reduces to CDH, not discrete log |
| 18:37:03 | AllieSenbub: | rusty should do one about schnorr sig |
| 18:47:39 | andytoshi: | AllieSenbub: there's a fairly straightforward intuition ... the map x -> xG is linear (more concretely, a field homomorpism) but hard to invert. if you know secret values x and k, you can publish (a, b, ax + bk) without fear, since you have given 3 equations in 4 unknowns (or 1 equation in 2 unknowns; let's pretend a and b are public known constants) |
| 18:48:29 | andytoshi: | AllieSenbub: but using this map x -> xG, you can also publish xG and kG without fear, since it's noninvertible. then the linearity property says that people can check a(xG) + b(kG) = sG |
| 18:48:55 | andytoshi: | so now people can check that ax + bk actually was computed correctly, even though they still can't learn anything about x and k |
| 18:50:48 | andytoshi: | AllieSenbub: now, a schnorr signature is exactly this: x is your secret key, k is chosen randomly for each message, a is the hash of the message and kG (this is actually important for security since it prevents a forger from choosing the message or kG after-the-fact to make the verification equation work; he has to choose both before doing anything else) |
| 18:50:49 | andytoshi: | and b = 1 |
| 18:51:08 | andytoshi: | ok, actually, i guess that's worth expanding into a blog post :P |
| 18:52:59 | unlord_: | unlord_ is now known as unlord |
| 18:57:42 | zooko: | andytoshi: yes please! |
| 19:01:32 | gmaxwell: | andytoshi: yea, "oh the signature is simply just a trivial system of linear equations. encrypted in such a way that you can still check it holds" was such a revelation for me (and left me pissed off at everyone else who'd obfscuated it with technical minutia). |
| 19:03:37 | andytoshi: | gmaxwell: yes, iirc i first heard it from you :) |
| 19:04:41 | andytoshi: | in fact i just got to explain this to one of my crypto students today, he was going through course slides on a simple discrete-log CRHF and it was filled with these kinds of details |
| 19:04:52 | andytoshi: | (well, "it's just linearity |
| 19:04:59 | gmaxwell: | Yea, I dunno if I've ever actually seen it written down that way; though who knows, my memory sucks. |
| 19:05:30 | andytoshi: | (well, "it's just linearity" i got from you .. i think the "uninvertible homomorphism" i came to myself...tho no doubt it was still indirectly you :P) |
| 19:06:15 | gmaxwell: | yea, my 'encrypted' there is vague. you don't need encryption, you need a one way computable map that retains the linearity. |
| 19:06:36 | gmaxwell: | encryption normally suggests decryption is (efficiently) possible. |
| 19:06:54 | andytoshi: | it's "encryption" to the media, cf every single article about "encrypted passwords" :) |
| 19:09:54 | zooko: | I've learned that it is best to tell investors that SNARKs are "encrypting the transaction information in such a way that…". |
| 19:10:12 | zooko: | Maybe we should just start using "magicking" instead of "encrypting". |
| 19:11:02 | gmaxwell: | zooko: it's not always the best to do that, including that encryption is subject to export regulation in a manner distinct from authentication schemes (and at the blockchain level these are all authentication schemes) |
| 19:11:58 | zooko: | Hm. |
| 19:12:53 | gmaxwell: | (not that export regs matter for free software; but commercial products bump into them) |
| 19:12:59 | binaryFate: | binaryFate has left #bitcoin-wizards |
| 19:13:48 | gmaxwell: | http://johoe.mooo.com/trezor-power-analysis/ |
| 19:15:02 | zooko: | NEat. |
| 19:19:12 | gmaxwell: | http://www.reddit.com/r/Bitcoin/comments/3213nc/all_trezor_users_should_update_their_firmware_for/cq6v5mv |
| 19:21:41 | andytoshi: | thanks for that gmaxwell :) |
| 19:25:24 | sipa: | gmaxwell: hmm so the goal was resistance to power analysis rater than timing |
| 19:26:43 | gmaxwell: | sipa: can't have power analysis resistance without timing resistance. |
| 19:27:04 | sipa: | uh, sure they are related |
| 19:27:43 | sipa: | but the attack it specifically aims to make harder is a power analysis one |
| 19:28:52 | gmaxwell: | Right. |
| 19:31:09 | phantomcircuit: | gmaxwell, technically you could just dump a bunch of power to ground to avoid power analysis |
| 19:31:33 | phantomcircuit: | without actually significantly mitigating timing analysis |
| 19:32:00 | phantomcircuit: | but i suspect that would be harder to get right than fixing the timing analysis issues |
| 19:32:02 | gmaxwell: | phantomcircuit: that generally doesn't solve DPA; I think, but this is getting too analog for my expertise. |
| 19:32:16 | gmaxwell: | * gmaxwell flies |
| 19:32:48 | phantomcircuit: | gmaxwell, with enough capacitance and dynamic power throwing away i think it could be made to "work" |
| 19:32:55 | phantomcircuit: | for lame definitions of work |
| 19:40:28 | andytoshi: | gmaxwell: i piled onto your comment, so hopefully you aren't the sole bad guy.. |
| 19:41:29 | wallet42: | wallet42 is now known as Guest47264 |
| 19:41:29 | wallet421: | wallet421 is now known as wallet42 |
| 19:53:08 | andytoshi: | lol, i got in trouble for that one.. |
| 19:58:40 | sipa: | link? |
| 20:01:11 | Mably_: | Mably_ is now known as Mably |
| 20:02:05 | amiller_: | sipa, http://www.reddit.com/r/Bitcoin/comments/3213nc/all_trezor_users_should_update_their_firmware_for/cq6w2t6 /me popcorn |
| 20:05:17 | kanzure: | andytoshi: "To be clear, I was doing any sort of code audit here" is not clear, i think you mean "not" |
| 20:08:42 | sipa: | gmaxwell: so thy claim their wnaf is constant time... |
| 20:09:08 | sipa: | there is a simpler windowed algorithm that is constant time, but it is not wnaf |
| 20:10:45 | zooko: | https://twitter.com/martinralbrecht/status/586242276244004867 HT Dcoder |
| 20:12:38 | kanzure: | .tw |
| 20:12:39 | yoleaux: | Looks like GGH multilinear maps are broken http://buff.ly/1cdVNmK (@martinralbrecht) |
| 20:30:50 | Taek: | Is anyone in the Boston area that would be interested in doing weekly/bi-weekly mentoring of university students interested in learning cryptocurrency stuff and doing bitcoin/crypto development? |
| 20:31:00 | Taek: | Most of the students would probably MIT |
| 20:31:54 | kanzure: | if they are willing to show up on irc, then yes |
| 20:34:56 | Taek: | I'm sure we'll be on IRC, it'd be nice to have a meatspace mentor too. We can probably post slide decks, etc. if anything of that sort happens |
| 20:36:54 | andytoshi: | Taek: no, but i will mentor uni students in austin if somebody else does the organizational work |
| 21:05:37 | fluffypony: | I love Bitcointalk some days |
| 21:05:38 | fluffypony: | https://bitcointalk.org/index.php?topic=1016517.0 |
| 21:05:49 | fluffypony: | "This is trying to get away from doing meaningless calculations like the current 'proof of work' system that btc uses" |
| 21:07:08 | tromp: | that's a very convoluted way to do proof of stake |
| 21:29:14 | benten_: | benten_ is now known as benten |
| 21:31:31 | helo: | helo is now known as beatysee |
| 21:31:46 | beatysee: | beatysee is now known as helo |
| 21:40:29 | Taek: | schnorr question: looking at the wikipedia page, x can be 128bits, H() can have 256bit output, k can be 128 bits, s (k - xe) will be 256 bits, and e will be 256 bits? So the signature will be 512 bits? |
| 21:41:37 | Taek: | and s is likely going to be a negative number? |
| 21:41:40 | sipa: | indeed |
| 21:41:56 | sipa: | negative number do not exist |
| 21:42:08 | sipa: | this is in a modular field |
| 21:42:15 | Taek: | ah |
| 21:42:46 | sipa: | unsure about the 128-bit k |
| 21:43:40 | Taek: | is q=2^128 secure? |
| 22:04:21 | ryan-c: | anyone know how to calculate the odds of finding N blocks in a row given X% of the networks hash power? |
| 22:05:53 | belcher: | is it not just X^N ? |
| 22:07:07 | ryan-c: | * ryan-c facepalm |
| 22:07:07 | ozanyurt_: | ozanyurt_ is now known as ozanyurt |
| 22:07:12 | ryan-c: | I think that's right. |
| 22:12:26 | sipa: | assuming no latency, yes |
| 22:12:57 | sipa: | or collusion of selfish mining attacks |
| 22:13:03 | sipa: | *or |
| 22:15:03 | ryan-c: | I'm trying to figure out how to come up with some numbers on feasibility of running attacks against a client that only has block headers with UTXO commitments |
| 22:21:22 | DrWat|ZZZzzz: | DrWat|ZZZzzz is now known as DrWat |
| 23:25:09 | moa: | ryan-c: double-spend attempts? network isolation? what did you have in mind ... |