05:26:23xcthulhu:So has anybody else noticed that anywhere between 0% and 33% of the bonded stake in Tendermint doesn’t matter at all?
05:31:32justanotheruser:xcthulhu: want to elaborate
05:32:42xcthulhu:Sure. So the simplest case is you just have 2 guys, a majority shareholder and a minority holder. If the majority holder has 67% of the stake or more, the minority holder doesn’t matter.
05:33:32justanotheruser:If you're assuming a majority holder then yeah.
05:33:38justanotheruser:Same with bitcoin and 50% isn't it?
05:34:02xcthulhu:Well, in bitcoin every last watt contributes
05:34:39justanotheruser:what if there are 5 holders not colluding with 67% evenly distributed?
05:34:58xcthulhu:On the other hand, in Tendermint, you’ll have a distribution of bonded stakes resembling a poorly designed voting system.
05:35:00justanotheruser:in the case that someone has 50%, each watt doesn't contribute
05:35:51xcthulhu:Right, so that’s just the simplest case. To sort of understand a more complex case, it’s worth looking at something like the European union from 1958 to 1973 to see what can go wrong.
05:36:37xcthulhu:In this particular voting system, no party had a majority.
05:37:20xcthulhu:However, if you look at every possible voting configuration, you’d see that Luxembourg’s single vote actually never actually could change the outcome
05:38:03xcthulhu:(assuming a majority vote)
05:40:29xcthulhu:Something roughly analgous in Tendermint would be if you had 3 parties - 2 majority holders of roughly similar size constituting >67% of the bonded stake and a minority holder with the rest
05:41:56justanotheruser:why assume 3 parties?
05:42:23xcthulhu:It’s just a simple concrete example to pump intuition.
05:42:51justanotheruser:but does it work without the assumption that two parties will control 2/3 of stake?
05:43:18xcthulhu:In general, I’d expect a Pareto distribution of wealth corresponding to a Gini coefficient between .95 and .99.
05:43:50justanotheruser:I think there are much stronger arguments against tendermint
05:43:50xcthulhu:Even with a nice Gini coefficient of .8, 20% of the stake just won’t matter
05:45:01xcthulhu:I’m vaguely curious, but the fact that voting power is not linearly proportional to stake is pretty damning.
05:45:58xcthulhu:And that combinatorically a substantial portion of the stake is pointless just makes it decentralization theatre.
05:46:10xcthulhu:What’s a better argument?
05:46:45justanotheruser:the cost of rewriting history
05:47:47xcthulhu:It’s probably easy.
05:49:58xcthulhu:I mean, I know Ethereum is thinking of using Tendermint. I know from insider information that 80% of the stake is wrapped up in just 12 individuals. I’m sure they could fork it whatever way they want if they can coordinate.
05:51:37justanotheruser:12 "individuals" could probably keep "themselves" in power
05:53:15xcthulhu:Well, yes. The other 20% of the stake doesn’t matter from a combinatoric perspective.
05:56:10xcthulhu:It’s not really different than a corporation, just less honest.
05:58:47Taek:modern corporations are bound by jurisdictional national laws
05:59:09Taek:which I would argue offers more protection to the average user
06:00:21xcthulhu:Yup. They have regulations and everything. There’s nothing stopping the majority stakeholders from being absolutely cutthroat.
06:05:50xcthulhu:(in tendermint)
08:05:20barjavel.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:20barjavel.freenode.net:Users on #bitcoin-wizards: andy-logbot bit2017 Mably p15_ p15x shesek luktgf cbeams cornus_ammonis xcthulhu damethos hktud0 moa Crowley2k lclc b_lumenkraft airbreather d1ggy zooko` TheSeven PRab ryanxcharles nessence Cory Dr-G totalanni phaeni PaulCapestany unlord_ satwo jeremyrubin justanotheruser melvster NewLiberty thufir hulkhogan42o Rynomster K1773R cluckj kgk sparetire LeMiner hashtagg tjader kefkius BananaLotus guruvan yuleBOOL warren CoinMuncher jtimon c0rw1n
08:05:20barjavel.freenode.net:Users on #bitcoin-wizards: grandmaster dgenr8 xapp Alanius brand0 Tjopper1 Pan0ram1x poggy ajweiss nuke1989 Zouppen Krellan stonecoldpat phedny so aakselrod Guest4827 s1w lechuga__ devrandom EasyAt_ yorick afdudley fenn mm_0 Taek lnovy [d__d] dc17523be3 arubi cdecker gielbier jmaurice leakypat Tiraspol Starduster Emcy sipa platinuum koshii MoALTz luny isis smooth sneak SubCreative Madars sadoshi tromp_ throughnothing_ amiller harrigan_ sparetire_ rustyn gmaxwell maaku
08:05:21barjavel.freenode.net:Users on #bitcoin-wizards: waxwing Xzibit17 adams_ forrestv Transisto richardus adlai Fistful_of_coins go1111111 prodatalab kanzure spinza maraoz morcos sdaftuar andytoshi helo Iriez copumpkin bedeho face Kwelstr nsh GAit cfields_ wumpus mappum jbenet NeatBasisW dasource btcdrak CodeShark dardasaba ebfull mkarrer_ luigi1111w binaryatrocity bliljerk101 jonasschnelli merlincorey [ace] eric a5m0 nephyrin null_radix crescendo Sqt mikolalysenko sturles GreenIsMyPepper
08:05:21barjavel.freenode.net:Users on #bitcoin-wizards: harrow vonzipper berndj manan19 comboy realcr jaromil catlasshrugged_ Apocalyptic cryptowest_ runeks__ Graet veox indolering Keefe petertodd jcorgan larraboj ryan-c jessepollak gribble tromp mr_burdell gnusha d9b4bef9 starsoccer weex SwedFTP Hunger- lmacken Luke-Jr yrashk artifexd kumavis otoburb huseby midnightmagic BlueMatt TD-Linux mariorz hguux___ wizkid057 Anduck kyuupichan Logicwax phantomcircuit luigi1111 nanotube yoleaux gavinandresen
08:05:21barjavel.freenode.net:Users on #bitcoin-wizards: AdrianG BrainOverfl0w MRL-Relay azariah @ChanServ davout CryptOprah Oizopower epscy nickler gwillen kinlo coryfields_ Muis catcow sl01 null michagogo STRML warptangent pigeons espes__ roasbeef_ heath dansmith_btc cursive Meeh fluffypony optimator livegnik
09:13:04fluffypony:so Bankymoon are presenting, they want to use smart contracts for handling utilities payments, so they're "working closely with Ethereum"
09:13:31bedeho:say what?
09:14:02bedeho:fluffypony@Monero ?
09:14:55Luke-Jr:* Luke-Jr wonders how smart contracts are relevant to utility payments
09:15:03fluffypony:bedeho: I'm at the Bitcoin Africa conference
09:15:41fluffypony:which has mostly been hilarious
09:15:54Luke-Jr:that sounds like a typical bitcoin conference
09:16:09justanotheruser:fluffypony: what country is this in?
09:16:13bedeho:Never been to a bitcoin conference, but yes, I can imagine
09:16:14fluffypony:with comments like "Vitalik is one of the smartest people I've ever met" (Micah Winkelspecht) you can't go wrong
09:16:16fluffypony:justanotheruser: Cape Town, South Africa
09:16:18justanotheruser:oh should read more....
09:16:51fluffypony:oh, and BitPesa who are "powered by blockchain technology", which is code for "we use Bitcoin for remittance"
09:16:57justanotheruser:to be fair, vitalik is very smart, he is only 19 or something
09:17:01Luke-Jr:justanotheruser: lol, it wasn't an entirely unfair question - there are multiple countries in Africa :p
09:18:12fluffypony:justanotheruser: sure, but his inability to acknowledge his own weaknesses / failings / misnomers means that people take his word as gospel, and that means he's just smart enough to be dangerous
09:18:41justanotheruser:yep, it's really sad, I don't want investors to lose millions in ethereum, nor do I want him to go to jail, but both seem probable
09:20:14fluffypony:someone asked me yesterday why he doesn't contribute to Bitcoin, and I said it's because his ideas were very kindly rejected initially, and instead of him refining them he decided that the rejection was personal / political
09:20:26bedeho:I have yet to see a single compelling use case which Ethereum enables. If there was, someone would have already built it as a separate chain by now...
09:21:01fluffypony:bedeho: I'm almost tempted to fork BTC, add a loop operator to Bitcoin script, and then call it Bit-thereum
09:21:25bedeho:fluffypony : lol, yeah
09:22:05bedeho:well I think counterparty already has implemented ethereum on top of bitcoin, so not really clear what the point of ethereum is now really, even with the lack of use cases aside
09:23:23fluffypony:oh yes I remember
09:23:40bedeho:I think you also need some concept of storage, so you also have to add some data store operators
09:23:44fluffypony:but bedeho, lolthereum has 8 second blocks, and DPOS!
09:23:58justanotheruser:bedeho: the use case tends to boil down to slightly fancier scripts from what I've seen
09:24:27fluffypony:plus didn't they create a new language called Snake or something?
09:24:35fluffypony:oh - Serpent
09:24:53bedeho:yeah, I think that is what counterparty ported
09:24:56justanotheruser:someone told me that creating multisig with bitcoin was too hard and ethereum was going to make it easy :/
09:25:11fluffypony:* fluffypony twitches
09:25:59bedeho:wow, yeah, well there are some wacky ethereum fans out there. It doenst seem like everyone understands that ethereum actually does not increase the space possible blockchain based apps in any way.
09:27:06fluffypony:if they ever actually launch and gain some usage I can't wait for the first antivirus scanners for Ethereum
09:27:06bedeho:I guess you could say it reduces development cost, which may make development more economically feasible, but in terms of our "production possibilities fronteer", we have not moved.
09:27:43bedeho:why antivirus?
09:28:01fluffypony:for all the dodgy "blockchain apps" people are going to write
09:29:28bedeho:I think they all run in a VM, so in so far as that is secure, I dont htink that will be an issue
09:34:02fluffypony:bedeho: do they have a threat model they've published?
09:34:42bedeho:I dont think there is any formal security analysis of anything in ethereum, but to be fair, neither is there in bitcoin.
09:35:18bedeho:They do have a pretty solid formal description of the system itself though, written by the lead dev Gavin Wood
09:36:23justanotheruser:fluffypony: an antivirus sounds like a consensus breaking tool
09:37:35fluffypony:bedeho: that's true; although Bitcoin has the advantage of 5.5 years of development from people who know how to think adversarially, plus it's survived a number of interesting and brutal attacks
09:38:01fluffypony:lolthereum has to be secure out the gate because of the vested interest in it
09:39:32bedeho:what do you mean?
09:41:23fluffypony:bedeho: I mean that Bitcoin was being hammered when it was relatively worthless and driven entirely by unpaid volunteers, Ethereum raised money and is driven by paid staff, which means it has expectations to go along with it
09:41:56bedeho:I see, yes, it there is a lot of expectation invested, agree
09:41:59fluffypony:when yup
09:42:33fluffypony:so that block 74638 attack (when 1.84 trillion BTC were created) was in mid-2010, afair
09:42:54fluffypony:when there wasn't this hyperfocus on Bitcoin
09:43:32fluffypony:if Ethereum has an attack/bug happen on the same level there will be "investors" up in arms
09:46:45bedeho:but I think they have said they will redo the whole thing for a 2.0 release, then with a new consensus (dagger/slasher/dpos/asic resistant/pos/non-wastefull/block tree chain) system, so I guess they could just hard fork it back to a good state then.
09:47:03bedeho:It was never clear to me how that transition was supposed to happen
09:47:32fluffypony:stake ALL of the chains!
09:49:05Luke-Jr:I prefer steak.
09:52:24fluffypony:Luke-Jr: delegated proof of steak?
09:52:51Luke-Jr:fluffypony: as long as I still get to be the one to eat it
09:53:38sipa:is it hashed steak?
09:54:16fluffypony:sipa: diced
09:55:53Luke-Jr:hm, I think I've only ever tried broiled.
10:00:13fluffypony:Proof of Broil?
10:03:20moa:shish kebobs all around for ethereum guys if it flops out of the gate
10:03:44MRL-Relay:[smooth] steak on a stake?
10:06:28fluffypony:invest in cows now!
10:23:03fluffypony:hah hah
10:23:12fluffypony:so this one guy had a slide on the Byzantine Generals problem
10:23:16fluffypony:and how Bitcoin solves it
10:23:31fluffypony:and how the Byzantine Generals problem is about component failure in a system
10:24:23wallet42:wallet42 is now known as Guest33608
10:24:23wallet421:wallet421 is now known as wallet42
10:24:59fluffypony:so I tweeted that he's confusing the Byzantine Generals problem with BFT, so he said I must come find him so he can explain it to me
12:39:28zooko`:zooko` is now known as zooko
12:41:26Mably_:Mably_ is now known as Mably
13:14:05kanzure:"How to explain zero knowledge protocols to other people's children" http://pages.cs.wisc.edu/~mkowalcz/628.pdf
13:15:02mm_0:mm_0 is now known as mm_1
13:15:15binaryatrocity:yay UW Wisconsin!
13:15:57kanzure:you are leaking identifying information
13:17:46binaryatrocity:* binaryatrocity shrugs.
13:25:16thufir:I am me, come at me. :)
13:47:01bedeho:Has anyone had a chance to look at the lightning network proposal? Does it actually go as far towards solving scalability as it appears?
14:34:07mm_1:mm_1 is now known as mm_0
15:40:05dgenr8:lightning network is a lot of complexity surrounding a simple idea - trusted third party. if traditional 3rd parties start handling BTC, it's unnecessary
15:41:12sipa:well sure, and if we'd just trust a credit card provider we wouldn't need bitcoin :)
15:42:47thufir:you just need a concensus network that is 'good enough', who's state gets stamped by bitcoin every 10 minutes.
15:44:15sipa:if lightning ends up being viable to implement, i think its advantages are huge
15:44:31dgenr8:sipa: it's implicit in LN that bitcoin alone cannot solve some problems. LN is not better than bitcoin, and it's also not better than traditional third parties
15:44:40thufir:interesting. do you have a link? I have not heard of it previously.
15:44:42sipa:no, it's in between
15:45:21sipa:it has more overhead than a fully centralized bookkeeper, but it has much smaller counterparty risk
15:45:35sipa:and it's much more scalable than the bitcoin blockchain
15:45:55thufir:so advocate, give me your best link, so i don't have to read about it on wikipedia or something
15:46:19sipa:that's a url
15:46:30thufir:hehe thanks, i was wondering :)
15:46:36sipa:i do believe there are more readable explanations
15:47:13dgenr8:sipa: counterparty risk hasn't been, and isn't the problem in these use cases
15:47:48dgenr8:sipa: we don't have to debate it. when established third parties support BTC we'll see
15:48:01thufir:(read the abstract so far): absolutely. if maleiabilty were fixed, and it could be if people realized how important that would be as in what possibilities are enabled for it.
15:48:23sipa:dgenr8: large third parties handling other people's money create a systemic risk
15:48:34sipa:dgenr8: you may find that risk tolerable, but you have to be aware of it
15:48:38thufir:i mean, malleability fixed, = multiple simple micro-transaction solutions that are provably viable.
15:49:00sipa:dgenr8: in practice, very few people are or are ware of that problem
15:49:23sipa:dgenr8: until mtgox disappears, or their bank needs government intervention
15:50:32sipa:dgenr8: then suddenly they demand that others fix the mistake they made in the first place by trusting those providers
15:50:39thufir:well, i will have to read this later as I am not able at the moment to read a 22 page paper and give it the attention this paper seems to deserve. by later I mean tomorrow is my #1 task. Thanks!
15:50:51sipa:dgenr8: i'm not saying that trust third parties don't have a place in the world - i think they are inevitable
15:50:56dgenr8:LN tries too hard to look like it removes the third party. the main risk reduction is smaller balances held there
15:51:26sipa:dgenr8: well in LN there is no third party - just counterparty risk, as you're interacting directly with others
15:51:37thufir:exactly, if the cost of attack is greater than the few cents per attack you could get in return, then it is 'good enough'
15:51:42sipa:though there is no real difference in trust - just in systemic risk
15:52:12sipa:(systemic risk is the result of eventually a large number of users trusting the same party, rather than random other parties)
15:52:45thufir:well put
15:53:06sipa:but from a single user's perspective, you're absolutely right: it decreases the amount at risk
15:53:18dgenr8:systemic problems haven't come from payment processors failing, but rather institutions that hold large balances
15:53:44thufir:if there is no system worth attacking.... :)
15:54:09dgenr8:LN doesn't compete with banking, but payment processing
15:54:24sipa:same thing
15:54:32sipa:a party that holds balances for another
15:54:39thufir:...then there is no point, and thus no* risk :) [* = very little, "good enough"]
15:54:44sipa:in order to increase scalability or convenience
15:54:46dgenr8:my cc card company holds no balance from me
15:55:22sipa:your bank does, and your cc company can only work because they trust your bank
15:55:32sipa:not because they trust you
15:55:37dgenr8:LN only works because it trusts the cosigner of the coins
15:55:52dgenr8:the merchant trusts the cosigner
15:56:16sipa:i think you're talking about something else :)
15:57:17dgenr8:wat? if the merchant accepted bitcoin, LN would be unnecessary. LN is all about paying with a special thing that is not just bitcoin
15:57:42sipa:LN allows parties that trust eachother for low amounts to transact directly with eachother, and then settle balances on the blockchain, rather than individual transactions
15:57:43thufir:my uneducated guess: it is a special thing that is not bitcoin but is "BACKED BY BITCOIN"
15:57:52dgenr8:backed by bitpay
15:58:04sipa:i think you are really talking about something else
15:58:16thufir:if it is a valid solution that bitpay nor anyone can control it
15:58:47sipa:(though i'll admit that i have a lot of reading to do still too, so i'll shut up now)
15:59:56dgenr8:by my reading the merchant accepts the payment precisely because it came from a trusted cosigner. greenaddress is the simpler example
15:59:58thufir:well thanks for the pdf. its my mission to achieve the same.
16:00:14sipa:dgenr8: afaik there is no merchant involved; just a sender and a receiver
16:01:27sipa:ok, no cosigner then
16:02:05CoinMuncher2:dgenr8: you need to read it again. There is no trusted third party co-signer: the two parties in the payment channel ARE the co-signers. And you get your coins back after a timeout if the other side disappears.
16:02:07sipa:LN is about being able to combine multiple transactions, and only settle their balance on chain
16:02:34sipa:sort of payment channels, but between more than 2 parties, and bidirectionally
16:02:42thufir:So why isn't everyone who can working on just fixing malliability?
16:03:59CoinMuncher2:It is being worked on. Will be fixed soon.
16:04:18dgenr8:apologies... then I really need to read up on how this can make things instant somehow (which it can't). really i apologize for the confused commentary above which applies to the other bitpay idea
16:04:24mm_0:mm_0 is now known as mm_1
16:04:59thufir:for clarity: this = ?
16:05:42sipa:dgenr8: do you know how payment channels work? (the real ones, described by satoshi and implemented in BitcoinJ; not the thing by bitpay_
16:05:43thufir:i can't read the paper yet but from the abstract and my guess, it is a mater of stringing together unconfirmed transactions, malliability needs to be fixed to enable that
16:06:32thufir:transactions are instant, so that is how they are now instant :)
16:06:47Taek:I don't think malleability affects payment channels
16:07:09sipa:dgenr8: you first put a bunch of funds in escrow, which are returned to you after some time, and wait for that crediting to go on the blockchain
16:07:27thufir:it prevents stringing together unconfirmed transactions which is how many microtransaction / payment channels things would be implemented
16:07:40sipa:dgenr8: now you can renegotiate the transaction which uses those escrowed funds, to not go entirely back to you, but go partially to a receiver
16:07:45dgenr8:sure, the key word being "wait"
16:08:02sipa:right, but that's just setup time
16:08:15sipa:the renegotiation can happen every millisecond
16:08:37dgenr8:i can pay somebody i've never met before instantly with LN?
16:08:52sipa:i can't say - i don't know LN well enough yet
16:08:59sipa:i'm described the simple version - payment channels
16:09:12thufir:simple: the escrowed funds is what allows you to make off chain promises. how ever many separate such ones you have is how many concurrent such promises you can make every 10 minutes. then you can reuse the existing escrows from my theory.
16:09:22sipa:payment channels only work for sending many small payments from one specific party to another
16:09:35sipa:and require a slow setup, but are infinitely scalable after that, and instant
16:09:58sipa:the reason is that it's "instant", is that it reduces the counterparty risk to one single micropayment
16:09:58dgenr8:i am familiar with payment channels (though you would rightly question my credibility given the above) and don't see how they enable anything to be instant between random parties
16:10:08sipa:they're not actually instant
16:10:16sipa:they're just extremely low value risk
16:10:43sipa:as you send money in very small increments - which the other party can steal - but they can only steal one increment, not the total
16:10:52sipa:but the incrementing itself is instant
16:11:04thufir:tit for tat math, nice
16:11:12Taek:degenr8: this can be solved with a middleman. If I've never met you, but you have payment channels to sipa and I have payment channels to sipa, then we can tunnel our payments through him and do a transaction
16:11:37thufir:hense lightening "NETWORK" :)
16:11:45sipa:thufir: unfortunately, i belive that design is broken by malleability :)
16:11:50sipa:eh, Taek
16:11:52thufir:EXACTLY!!! FIX IT :)
16:11:56dgenr8:Taek: that is the idea I was originally arguing against. if receiver trusts sipa, they might as well trust Discover
16:12:17sipa:dgenr8: the system is healthier if not everyone needs to trust the same party
16:12:30sipa:which ends up accumulating many funds
16:12:31dgenr8:that doesn't argue for new technology
16:12:41sipa:it does
16:12:56thufir:you must accept the point sipa keeps rasising. you are missing it it seems. the meaning of 'systemic' risk
16:12:56sipa:sorry, need to go now
16:12:59Taek:The middleman can steal at most the 1 payment. If we do 10,000 transactions of 0.1c each, the middleman can't take very much because the first time he does we'll pick a new middleman
16:13:21Taek:that's a bit better than discover
16:13:31thufir:exactly my understanding.
16:13:46thufir:now imagine a simple system of reputation
16:13:57thufir:that middle man, is throwing out his trust worth 1 penny!?!? :)
16:14:08thufir:BOOM solved :)
16:14:11sipa:sipa has left #bitcoin-wizards
16:14:15Taek:but... exit scams!
16:14:33thufir:not familiar with that term..
16:14:56Taek:oh. It was mostly a joke. An exit scam is when someone in a reputation system cashes out their reputation by scamming a bunch of people
16:15:18thufir:LOL, that is funny :)
16:15:21Taek:If you're planning on getting out of the business anyway, you may as well abuse the reputation you've built up
16:15:30thufir:for a penny? :) that is the point
16:15:39thufir:the solution
16:17:07dgenr8:counterparty risk hasn't been and isn't the problem for payments. the problem is you need 1,233 stickers on the door indicating which cosigners you trust
16:17:31thufir:dgenr8: abstracted and automated away by the "network"
16:17:41dgenr8:now you're back to big trusted party
16:18:13thufir:i disagree. there is no big trusted party, unless you mean the open source code
16:19:07thufir:the code does the work of displaying those stickers, paying through those whos stickers are displayed, etc..
16:21:10Taek:dgenr8: it's not the type of thing you would use at a merchant
16:21:20Taek:you can't buy a cup of coffee 1c at a time, you have to buy the whole thing
16:21:34Taek:you'd more use it in a situation like paying for a download
16:22:07dgenr8:Taek: as an incremental improvement on payment channels i have no quarrel with it
16:22:28Taek:also, keeping track of 1200 different middlemen that you trust is easier when it's your phone doing it and you + merchant can compare lists computationally
16:22:54Taek:though most likely you would end up with someone like Coinbase handling most of the txns
16:23:22dgenr8:bitcoin transactions permeate the entire world in 2 seconds, but are confirmed only every 10 minutes, with huge variability. speeding up confidence is an attractive engineering problem in that environment
16:23:25thufir:not coinbase
16:23:27thufir:MORPHIS :)
16:24:14thufir:(ie: distributed code)
16:25:45Taek:was that a joke or is morphis a real thing? I wasn't able to find any information on it
16:26:40thufir:it is real as in 4 months into full time development, and due before september this year
16:27:17Taek:also: I don't understand why malleability would affect payment channels. I don't know enough about LN, but I don't see how malleability would interrupt the more traditional payment channel process
16:27:28Taek:(can you link me to some morphis stuff?)
16:27:45thufir:stringing together unconfirmed transactions is broken by malleability
16:28:11thufir::) a little lacking at the moment
16:29:20thufir:Iriez: if you can put one of those txs in the block chain but with a different id then you broke the string of unconfirmed ones the payee was hoping to put in there
16:29:35thufir:autocomplete fail, delte iriez
16:29:50Taek:thufir: it's not a problem because the first transaction enters the blockchain before the second transaction is created
16:30:14Taek:it's only a problem when you're stringing transactions together before the parent is put into the blockchain
16:30:25thufir:the goal is to never have the string hit the chain (or only in probabililstic circumstances) thus reducing the load on the block chain
16:30:56thufir:ok, maybe you are saying something deeper than i though, i will think on it, thank you for mentioning that as I never saw that before!
16:33:06thufir:well, i don't understand anything that would make what you are saying true. how could not then the second tx reaching the chain with a different id not break it
16:33:31Taek:the first transaction doesn't reference the second transaction in any way
16:34:15thufir:but if i depend on the third being valid, but the second gets made invalid..
16:34:20Taek:The second transaction is going to have some arbitrary value depending on how many micropayments were made
16:34:49Taek:There's only 2 transactions that ever make it into the blockchain
16:35:06Taek:the "third" transaction actually replaces the second entirely, the second is thrown out
16:35:16thufir:so as payer i can invalidate the last one I issued and planned on issuing
16:35:56thufir:ah interesting, so then as payee i can use the previous one to that which is worth a few cents less but not yet invalidated? a race then still?
16:36:17Taek:validation requires both signatures
16:36:31Taek:the merchant will not sign the transaction until they are ready to cash out
16:36:39Taek:so the payee can't do any race stuff
16:36:43thufir:but they are already signed, the payee is just changing one of the signagures with the ECC signature malleability vunerability
16:36:44fluffypony:hah hah
16:36:54fluffypony:I got banned from attending the Bitcoin Africa conference in future
16:37:01yoleaux:Bitcoin Conference auf Twitter: "#BitcoinAfrica15 does not condone any statements made by @fluffyponyza. He will not be allowed attending any of our future events."
16:37:20Taek:what did you do?
16:37:22thufir:well, be more careful
16:37:37thufir:as in plan better, not hold back ;)
16:37:42fluffypony:Taek: I Tweeted when people made idiotic statements
16:38:19Taek:thufir: they are not already signed. Only the payee has signed the transaction, the merchant has the transaction and can complete it whenever, but will not complete it until they are ready to cash out
16:38:34thufir:you don't want to be divisive because people are conditioned to react emotionally and would normally be allies (they are) but you trigger one of their emotions and now they thing you are enemies
16:39:28CoinMuncher2:fluffypony: we need more people like you at conferences and presentations at meetups.
16:39:44thufir:Taek: ooh, i am following, right, the payee can't beat you to it cause he doesn't have your sig yet
16:40:20fluffypony:CoinMuncher2: there would be far fewer slides on how Bitcoin "solves" the Byzantine Generals problem;)
16:40:21thufir:eff'n awesome!
16:40:35thufir:de facto!
16:41:26mm_1:mm_1 is now known as mm_0
16:41:46thufir:we can use it as a viable solution, until we win. you can do that without being dependent on it.
16:43:23mm_0:mm_0 is now known as mm_1
16:43:41CoinMuncher2:fluffypony: Well I guess it's not progress if that space gets filled up with trustless Ripple plugs and PoS incarnations...
16:48:38nsh:any references at all for this Lightning Network malarkey?
16:48:50fluffypony:nsh: you mean the whitepaper?
16:48:56nsh:yeah sure
16:48:58fluffypony:thufir got there ahead of me
16:49:04thufir:heh, its my life :)
16:49:23nsh:ty, ty
16:53:29Taek:The incentives for miners sharing transactions aren't perfect
16:53:46Taek:for example, if a miner gets a high-fee transaction, there's incentive for the miner to hoard that transaction for themselves
16:53:55thufir:ah yes
16:54:16CoinMuncher2:that's why we have full nodes as well.
16:54:25CoinMuncher2:or even non-full nodes actually.
16:54:55Taek:What if miners had a bounty program for transactions?
16:55:16thufir:who here realizes the property that is bitcoin which is that the "solution" it provides is not what is coded... what is coded is a timestamping mechanism and some coins or whatever (necessary for incentive etc)... but the result is an emergent property of that code
16:55:16Taek:The value of a transaction to a miner can be determined by some equation
16:55:46helo:if someone is paying a high fee, presumably they really want their tx to be mined, and will make sure it makes it to a lot of miners
16:55:52Taek:(fee * liklihood of finding a block - opportunity cost)
16:55:59thufir:when you combine bitcoin with the next piece, you get an emergent property which is bitcoin 2.0
16:56:10Taek:helo: right but that requires that person to be well connected
16:56:26thufir:Taek: that is the next peice!
16:56:33Taek:instead you might be able to give your transaction to a few well connected bounty-hunters who will give your transaction to all the miners
16:56:41Taek:and you don't have to worry about knowing who the miners are
16:57:38thufir:yes. imagine that bounty hunters was an automated network
16:57:56helo:the network as a whole is supposed to basically do that
16:58:06helo:it is easy to be well connected, i think
16:58:14thufir:perhaps the two will merge, it will be more elegant that way, but perhaps it wont. it doesn't have to
16:58:18helo:and if you are, then multiple miners are highly likely to see your tx
16:58:58Taek:helo: it does seem to work pretty well as-is. If the cost of being a node rises substantially things might change.
16:59:32helo:i guess there are some targeted attack scenarios where someone may not know they aren't well connected... but a greedy miner that benefits isn't likely to be attempting isolation attacks to get all the fees
16:59:43thufir:helo: (physical) mesh net is coming. connectivity won't be an issue for perpetuality
17:02:41thufir:did anyone else see the paper about the RF solution using constructive/deconstructive interfearance to enable near infinite nodes in a limited space (can be separated by just inches with existing tech) to each use the FULL bandwidth as if it were only them and their peer talking?
17:03:10helo:i am pretty likely to be well connected because i use tor + ipv4
17:03:24helo:it would be quite a task to control both, i think
17:03:25thufir:please link for me, i lost it in my pile, but regardless, think on what i just said. that is revolutionary
17:03:43thufir:yes, so imagine that the future trends towards even more connectivity
17:04:10helo:tor + ipv4 + satellite + localmesh
17:04:22thufir:bingo :)
17:24:21thufir:tech I was talking about, for those interested.. it is revolutionary and meshnet is coming: http://spectrum.ieee.org/tech-talk/telecom/wireless/5g-service-on-your-4g-phone
17:25:23thufir:Each pocket could use the full bandwidth of spectrum available to the network, making the capacity of the system “effectively unlimited,”
17:28:22thufir:(sorry, I will stop here :)...: That’s where things get interesting. Say, for example, you play a YouTube video. The pCell data center would request the video from Google’s servers, and then stream it to your phone through those 10 antennas. But here’s the key innovation: No one antenna would send the complete stream or even part of the stream. Instead, the data center would use the positions of the antennas and the channel characteristi
17:28:22thufir:the system, such as multipath and fading, to calculate 10 unique waveforms, each transmitted by a different antenna. Although illegible when they leave the antennas, these waveforms would add up to the desired signal at your phone, exploiting interference rather than trying to avoid it.
17:32:53thufir:as that shows, and satoshi showed, physics/math is on our side :)
17:42:30instagibbs:I think talk about pcell might be off-topic, but just wanted to point out that all the antennae have to be collaborating with the full original data. This is done somewhere with back-end servers. Not quite a mesh network. That said it's pretty clear we have quite some ceiling left with wireless tech. Now back to more bitcoin-wizardry.
17:47:05thufir::) agreed, and agreed. :)
17:47:23thufir:(not about the off topic thing though ;)
17:55:41mm_1:mm_1 is now known as mm_0
18:17:22mm_0:mm_0 is now known as mm_1
18:21:57mm_1:mm_1 is now known as mm_0
20:26:59mm_0:mm_0 is now known as mm_1
20:35:22btcdrak:btcdrak has left #bitcoin-wizards
21:36:06belcher_:belcher_ is now known as belcher
21:52:15totalanni:totalanni is now known as total123
21:52:19total123:total123 is now known as totalanni
21:56:15totalanni:totalanni has left #bitcoin-wizards
21:59:37mm_1:mm_1 is now known as mm_0
22:08:37mm_0:mm_0 is now known as mm_1
22:31:02rustyn_:rustyn_ is now known as rustyn
22:33:37jcorgan:thufir: i'm familiar with the tech in that article. it's pretty hyped up; the comments do a good job of stripping it down to size. the fundamental theory underlying it is sound but it has enormous practical difficulties with scaling up to a useful size.
22:35:57gmaxwell:dgenr8: you're completely incorrect about lightning; It is not a simple "trusted third party". The other parties in lightning cannot steal or seize your funds, they can't perpetually hold them. That is a stark difference; your comparison to traditional third parties is very far off the mark.
22:36:52gmaxwell:(ah, catching up, I see other people corrected this already; don't mind me)
22:37:21thufir:jcorgan: cool, I was interested mostly for why instagibbs mentioned: it just shows that wireless tech likely can go way beyond what people thought was the limit.
22:38:21thufir:i was mentioning it to show that mesh net is coming, the physics are there to allow unlimited bandwith likely.. in time of course :()
22:38:49jcorgan:that tech is not mesh, however
22:39:28thufir:right, but it shows that physics of RF is going to allow orders of magnitude all the way to possibly infinity more than what we can do now, thus, mesh net will be more than doable beyond what most people imagine
22:41:33jcorgan:i'm, sorry, i think you have a misunderstanding of what the article was discussing. the "orders of magnitude and possibly infinity" were part of the hype, not the tech
22:41:49thufir:i never read that article until today. i orignally read the paper
22:41:53ajweiss:yeah when i saw infinite scaling i was bothered
22:42:10thufir:potentially infinite
22:42:55thufir:think blackhole. clearly you can fit a lot of information in a small space. :) potentially ^near infinite
22:43:22thufir:thus my original point being that the future is trending towards more connectivity capability
22:43:32ajweiss:ok fine. even exponential scaling sounds ridiculous.
22:44:12thufir:hehe, just remember. satoshi showed us that ridiculuous is possible with math/physics.. it is rediculous because we didn't discover it yet.
22:44:23jcorgan:i actually helped design and write their first proof of concept implementation. even in theory it does not accomplish what you think it accomplishes.
22:44:36thufir:bitcoin? or pCell?
22:45:05gmaxwell:thufir: uh. So usually when something 'infinte' or 'exponential' is going on, it's only possible with some relatively strong assumption. If you don't know what that assumption is, you're missing some of the most important parts of the story.
22:45:18thufir:well i am a ex-physicist (programming was more interesting as it is more what is needed to change the world), and the theory, as you said, is sound
22:45:56gmaxwell:thufir: This holds for Bitcoin-- Bitcoin works only under certian assumptions, users running nodes (assumes the cost of doing so falls below a threshold where we suffer commons failure), that the majority of hashpower is honest, that the participants aren't partitioned.. etc.
22:46:38thufir:not following you at all. so yes, the tech will only work with a xyz, bbn and whatever. luckilly those are what it was designed for as that is where we are.
22:47:20thufir:it is really quite simple concept, the constructive interference.
22:48:29zooko:zooko has left #bitcoin-wizards
22:48:30gmaxwell:yes, but it is not magic. (MIMO is relatively well understood; I've written a MI-reciever myself; making it pratical is hard) It's also not "infinite" anything.
22:49:09gmaxwell:The seperate paths are not linearly independant, so there is crosstalk; and the channel estimation is limited by SNR, and of course the channel is constantly changing so you can't integrate your estimation forever.
22:49:21thufir:is it orders of magnitude more than what would otherwise be possible (with existing tech)? yes. then by how much? well, irrelivent to my original point.
22:49:31jcorgan:^^^ and more
22:49:52gmaxwell:Then once you have all this one hop bandwidth; you still need to transport it someplace, and building networks with high bisection bandwidth is not magically cheap. :)
22:50:37thufir:transport it to next hop with separate antenna array
22:51:34thufir:things get cheaper :) eventually it will be commoditized and avaiilble from hong kong for less price than the shipping seems possible.
22:52:09ajweiss:it'd be fun to try and build an auditory installation where you walk around a bunch of low volume speakers in a room
22:53:03jcorgan:ajweiss: it relies on a continuous stream of channel state information being sent back to a central processor
22:53:15gmaxwell:Sensitivity to clock stability gums things up... narrow band or near end QRP overwhelming your reciever leaving the desired signal burried in intermod... lots of very real and significant differences. Sure yea, it's magic compared to non-cohearent approaches where more antennas is limited to a sqrt(n) gain or whatever. But in practice its just some number of dB.. yea "order of magnitude" sure,
22:53:21gmaxwell:but you can also gain a couple orders of magnitude just with a good antenna. "This tech lets a crappy, poorly placed antenna-array work almost as good as a well placed antenna" is also true but much less exciting.
22:53:27gmaxwell:ajweiss: google term: wave field synthesis.
22:54:41thufir:not sure why you are so negative. the theory is sound and more than what you say. it is a window into what is to come, which will certainly be more interesting that pCell 1.0
22:54:46jcorgan:it also requires as many transmit antennas as their are user receivers
22:55:36thufir:so you need one array for each peer you peer with. a mesh net does not need many, really just 3 (peers) per site.
22:56:23Eliel:* Eliel suspects gmaxwell has seen at least one tragedy that occurred due to someone thinking a tech is better than it actually was.
22:57:10thufir:sure, if you put all your eggs in one basket, etc. but what i have been saying is this is an example of what is to come. pCell inc. isn't what i'm talking about.
22:57:35gmaxwell:lots of excellent technology gets ignored or abandoned because some hyped thing managed to move its limitations into a form that laymen or suits (or even the engineers) don't (yet) understand; I think it causes a lot of cumulative harm to mankind.
22:57:54mm_1:mm_1 is now known as mm_0
22:58:23dgenr8:gmaxwell: the "lightning" part of LN is described in Appendix A, which itself states plainly "Low latency clearing is possible when having a trusted 3rd party service."
22:58:24thufir:well when it comes to physics I am the inverse of those.
23:05:08thufir:it also allows properly placed antenna-array to do what with a well placed antenna is impossible. impossible to possible is certainly interesting to me :)
23:07:31GreenIsMyPepper:dgenr8: The paper describes trustless payment networks. Appendix A refers to a trusted version of it, only Appendix A has custodial trust.
23:11:30dgenr8:gmaxwell: to claim LN is was merely a ttp would be completely incorrect. i claim only that it achieves no improvement whatsoever in clearing speed of arbitrary trustless payments, and that the speed achieved by involving a ttp is very comparable to a traditional ttp like Discover
23:11:32GreenIsMyPepper:dgenr8: Trustless payments are instant and in nearly every instance funds are transferred instantly. In trustless network failures, the *timeouts* are not instant.
23:12:33GreenIsMyPepper:Settlement is instant if the clearing is sucessful. It is only with clearing failures that may have some timeout period if the obligation is not rerouted.
23:13:14dgenr8:GreenIsMyPepper: are you the author?
23:16:30GreenIsMyPepper:Yes (still need to change my nick). It's being rewritten to clear up these kinds of miscommunication...
23:18:12GreenIsMyPepper:if you have other questions/concerns I'd be happy to field them (heading out in 15 minutes, but I'll reply to /msgs)
23:18:23thufir:GreenIsMyPepper: oh awesome. i read your abstract, reading with high attention is my #1 task for tomorrow.
23:18:23kanzure:is this the most recent http://lightning.network/lightning-network-paper-DRAFT-0.5.pdf
23:18:48thufir:i am 4 months full time dev into coding an implementation
23:19:02GreenIsMyPepper:kanzure, thufir: i'll have a newer version up next week
23:19:24dgenr8:in the best case, how quickly can LN enable a payee to trust a payment that I transmit at time t=0?
23:19:40GreenIsMyPepper:using relative confirmations (relative checklocktimeverify) as a default example too
23:20:05GreenIsMyPepper:dgenr8: best case is it is fully committed in milliseconds if all parties are geographically close
23:20:26dgenr8:the tx I sent is not confirmed. why does payee trust it?
23:20:30GreenIsMyPepper:dgenr8: worst case for sender is n days pre-defined with the timeout
23:20:44thufir:nice! based upon the abstract i read and the discussion in this channel, your theory is on the right path! seems to exactly (theory, don't know details until i read your paper) my thinking of the best way.
23:20:59thufir:exactly ^match
23:21:00GreenIsMyPepper:payee trusts it because they are capable of redeeming it by broadcasting to the blockchain at any time (they have the preimage to the hash)
23:21:18dgenr8:how did they get the preimage?
23:21:46GreenIsMyPepper:the recipient generates it (as an example in the paper, there may be other configurations)
23:21:58thufir:GreenIsMyPepper: what changes to bitcoin protocol does your proposal neccesitate? just the timelock thing?
23:22:11kanzure:malleability bip62 things
23:22:21gmaxwell:dgenr8: thats not so, it (and micropayment channels in general) actually do allow fast payments without non-trivial funds loss risk!
23:22:30thufir:hehe, as i said: FIX IT! :) so many provable viable solutions depend on just that!
23:22:39gmaxwell:ugh ignorance.
23:22:46kanzure:thufir: huh? i was answerying your question.
23:22:51dgenr8:gmaxwell: you ignored the word "arbitrary"
23:22:52GreenIsMyPepper:the biggest impediment is resolving malleability in a specific way, you need to be able to generate a spend on a transaction BEFORE the transaction can be broadcast-able on the blockchain
23:22:55thufir:kanzure: yes, thanks, was just being ffunny
23:23:23GreenIsMyPepper:(still not sure whether dgenr8 is concern trolling, but I'm giving him the beneifit of the doubt because that draft is unnecssarily complicated)
23:23:24kanzure:GreenIsMyPepper: "simple! just enumerate and sign all possible transaction variants. duh."
23:23:28gmaxwell:The lightning stuff has multiple layers with different requirements, the full vision requires supporting a special kind of safe malleability that needs a new checksig operator.
23:23:50gmaxwell:The lighter versions are not really aided by BIP62.
23:24:14thufir:well in 4 years i'll be a math major so to fix malleiability, but maybe you guys can do it before that.
23:24:23dgenr8:GreenIsMyPepper: what stops me from double-spending my payment?
23:24:27kanzure:haivng a major doesn't mean things are fixed
23:24:42thufir:right, but it means i am a cryptographer and working on solving it
23:24:48gmaxwell:Malleability is an intentional _feature_ of bitcoin, not a bug that can just be 'fixed', -- unwanted malleability is a limitation, or malleability having consequences like invalidating respends is a limitation; both of which are interesting to improve.
23:24:53kanzure:thufir: that's an argument from authority
23:24:58GreenIsMyPepper:right now, bitcoin can't spend off exisiting transactions without making it broadcast-able on the blockchain. it's sort of if you wanted to create a contract and put funds into escrow, it's impossible to draft a contract before cutting a check to some unknown contract (weird!)
23:25:56thufir:if rsa sigs were used instead of ecc (yes then keys would be gigantic, and cracked soon as prime number patterns are found, etc), but that is not point.. if it were not ecc but rsa then it would be only one possible sig and no problem right?
23:26:19GreenIsMyPepper:dgenr8: the system is reliant upon double-spending, actually. older versions are "invalidated" by creating penalties. if an old one is broadcast, the other party gets (effectively) ALL the money in the channel
23:26:50thufir:or, what is the feature that the malleability intended to give us that we have now?
23:26:55dgenr8:GreenIsMyPepper: when I asked how recipient (aka payee) gets the preimage, you said "recipient generates it." was that right? because you lost me there
23:27:21gmaxwell:thufir: intentional malleability is what makes things like lighthouse possible.
23:27:40GreenIsMyPepper:thufir: you need to SPEND a transaction before it it signed, that is not possible today, even if you changed crypto algorithms, because a component of the txid being spent is the signature
23:28:50GreenIsMyPepper:which is why it's sort of like being unable to draft a contract before funding the escrow
23:28:51gmaxwell:thufir: "as prime number patterns are found" is technojibberish. What you're referring to is a unique signature; RSA can give you a unique signature if you choose the right padding scheme.. there are other ways to get a unique signature (e.g. hash signatures are usually unique, BLS is unique). But a unique signature is not necessary or sufficient to prevent unwanted malleability.
23:29:20thufir:not jibberish.. it is what makes rsa weaker with such discoveries
23:29:57thufir:but i am vagly understanding what you are saying about the signing including the spend, thus the algo is not the problem
23:30:28dgenr8:GreenIsMyPepper: the system may rely on double-spending in some way. but i'm asking specifically about the funding transaction itself, where I actually pull money out of my wallet. why can't I double-spend that?
23:31:00Apocalyptic: not jibberish.. it is what makes rsa weaker with such discoveries // even assuming you mean we have a quick way to enumerate prime numbers, it doesn't yield a reasonable factoring algorithm
23:31:36GreenIsMyPepper:thufir: If we both agree to both fund transaction F, and create a 2-of-2 output refund tx R, we cannot make R before F. in order to make R one or both of us will be able to broadcast F on the blockchain without creating R. in that case money can be locked up forever with hostile counterparties.
23:31:44thufir:Apocalyptic: do you not see that such discoveries have been made and continue to be made and each one decreases the amount of work needed to factor thus meaning a larger key is needed for the same strength for that point in time?
23:31:48gmaxwell:thufir: There is no 'prime number patterns' to factoring advances. (Also, factoring and discrete log are very closely related problems; it's incorrect to regard their security as completely independant of each other... state of the art discrete log solvers for some EC groups look _very_ much like the number field sieve.)
23:31:52GreenIsMyPepper:that is the case because to make R, we must get the txid of F (which contains the signatures!)
23:32:37thufir:gmaxwell: yes, not saying ecc is immune to such patterns as well. i would assume they are going to be found just as with primes and we will have to find the next tech when ecc keys become unwieildly as well
23:32:49GreenIsMyPepper:dgenr8: You can double spend that until it enters into the blockchain. The funding transaction is actually committed to the bitcoin blockchain. Once it does, the channel is open and you can begin to do instant transactions.
23:33:06Tiraspol:Tiraspol is now known as bloodz
23:33:09dgenr8:GreenIsMyPepper: fine, I rest my case
23:33:10Apocalyptic:I still don't get what you mean by "prime number patterns", can you be more explicit and formal ?
23:33:34GreenIsMyPepper:dgenr8: therefore, you shouldn't tust the funding transaction (and thereby the payment channel) as open UNTIL the funding transaction enters into the blockchain.
23:33:50GreenIsMyPepper:dgenr8: if the funding transaction is double-spent, no one has lost money because the payment channel has never opened in the first place.
23:34:01thufir:patterns in math are found. then no longer do you have to calculate as blindly to the more optimal algorithms. use the pattern to simply essentially.
23:34:31bloodz:bloodz is now known as Tiraspol
23:34:56gmaxwell:thufir: FWIW, it's been on the order of ~20 years since the last non-trivial algorithimic improvement to the asymtopic complexity in factoring; the need to increase key sizes has mostly been driven by basic engineering improvements (faster algorithims; proposed hardware designs) in that time. There has been a lot more recent progress on ECDLP (though only in special groups).
23:35:23dgenr8:GreenIsMyPepper: neither has an arbitrary payment been made at "lightning" speed
23:35:25thufir:first part not true at all. your second part is true/
23:35:27Apocalyptic:so much for formality I guess
23:35:58GreenIsMyPepper:dgenr8: it's lightning AFTER the funding transaction is committed (enters into the blockchain). it's like saying "Credit cards aren't instant because it takes 5 days for the bank company to mail you the credit card"
23:36:05thufir:it is the patterns that will make it no work at all. the enginnering is only small improvements compared to new math.
23:36:33thufir:anyways, back to LN :)
23:36:39Apocalyptic:gmaxwell, I suspect he hasn't a clue about what he's talking about
23:36:44gmaxwell:Apocalyptic: correct.
23:36:56thufir:well you have both proved yourselves ignorant then
23:37:13dgenr8:GreenIsMyPepper: yes, it's very much like that
23:38:05thufir:GreenIsMyPepper: when you said the 2-of-2 output example. you are saying this is current bitcoin. What does your paper purpose to do instead?
23:38:18GreenIsMyPepper:thufir: not sign the input txids
23:38:49thufir:ah.. what changes then are needed for that?
23:38:54GreenIsMyPepper:thufir: that way you can generate spends from a hypothetical funding transaction before signing that funding transaction, so long as the output of the funding transaction uses unique output addresses
23:39:06thufir:ah.. nice
23:39:46GreenIsMyPepper:I'm in favor of a scary name, like SIGHASH_DANGEROUSLYPROMISCUOUS :^)
23:40:21thufir:Would peter todd's midstate proposal work for that?
23:40:34GreenIsMyPepper:mistate proposal? is there a link?
23:40:50gmaxwell:thufir: Your antagonism is really misplaced here, and not really welcome-- You're arm waving. The last asymtopic advance in factoring for RSA number is the general number field sieve which is decades old.
23:40:51thufir:umm. not yet, afaik :(
23:41:26thufir:gmaxwell: you are obsessed with attacking something that i mentioned as a way to describe the actual question i was asking. not sure why the negativity from you or obsession with fighting me on a point that was not the topic
23:41:37kanzure:that's not negativity
23:41:55kanzure:correcting someone who is wrong is not negativity
23:42:00gmaxwell:(I mean,... I have 512 bit RSA numbers I factored almost a decade ago using GNFS...)
23:42:17thufir:it is an open question. many mathematicians would agree and also disagree with you. lets stay on topic
23:42:30gmaxwell:thufir: it's not a big deal, but if you're going to tell me that I'm wrong and insult me, it helps to actually be correct, and you certantly should expect a correction on it.
23:42:33kanzure:prime numbers are on-topic
23:42:50gmaxwell:Or in general the security of cryptographic constructs is on-topic.
23:43:01thufir:i am sorry for responding to Apocalyptics insult with the word ignorance that included you then, my appology
23:43:17kanzure:wasn't there a recent prime number sieve on arxiv
23:43:26kanzure:.g site:arxiv.org prime number field sieve
23:43:44thufir:if you are going to tell me I am wrong then the same. it is an open problem, neighter of us are confirmed correct, and it is not what we were talkinga bout which is LN
23:43:45kanzure:hmm not that one
23:43:57kanzure:wasn't your question a matter of historical fact
23:44:18gmaxwell:It was a matter of historical fact, AFAICT. About why people are driving for larger RSA key sizes.
23:44:22thufir:no, i was asking: is it ECC SIG algo that is the issue, ie, RSA would not have the problem.. that question has been answered
23:45:33Apocalyptic:thufir, you made a claim, was corrected by gmaxwell but keep on insisting that you're correct, failing to mention any reference whatsoever or define your terms
23:45:34gmaxwell:My understanding is that thufir proposed that RSA was 'weak' and people were driving for larger key sizes because of more 'patterns in prime numbers' being found; None of the relevant algorithims for factoring RSA numbers can fairly be described as 'patterns in prime numbers', and new algorithims have not been driving industrial practice to the best of my ability to determine.
23:46:02gmaxwell:thufir: I did also point out that unique signatures were not a necessary or sufficient criteria for any kind of malleability concern.
23:46:08dgenr8:GreenIsMyPepper: regarding capacity, good luck with TBLN. so far i'm in the "build out as much core capacity as safely possible, and let the fee market sort the rest out". but only so far ;)
23:46:09thufir:in your opinion, which is wrong in mine and many mathematicians. it is an open problem. give it a rest, my ...
23:46:23thufir:gmaxwell: thanks, that is more constructive response
23:47:00gmaxwell:thufir: It's not a matter of opinion, feel free to go point to the supposed advances you're referring to. I've also been directly involved in pushing for larger minimum key sizes (e.g. when I was at mozilla), and I think I understand my own motivations!
23:48:02thufir:great, open problem, i'm no longer listening to your non-constructive input. it is irrelivent. obviously you are a fanboy of rsa or something and i have hit a nerve, my appologies, nothing against rsa okay?
23:48:49gmaxwell:thufir: No, I'm not a fan of RSA. I'm a fan of informed statements though; and a non-fan of techwunder armwaving.
23:49:01thufir:so then you are disqualified. thanks
23:49:49thufir:GreenIsMyPepper: were you at all saying that the intended malleability feature is actually needed for your proposal?
23:50:00gmaxwell:Your comments have repeadly been of the form "strong opinion BECAUSE MAGIC" and you've responded adversarily to attempts to decide or demystify the magic. It's your own perogative if you want to behave that way, but this is the wrong venue for that.
23:50:15thufir:that didnt' contribute. ignored
23:50:30kanzure:"anything that makes me question something is wrong"?
23:50:56gmaxwell:thufir: Whats your goal in here? I'm having trouble constructing a rational mental model for your antagonizing me, you realize what result this is going to have-- right?
23:51:08kanzure:but yeah i'd have to agree, this is not a good place to make handwaving statements (except in jest or humor)
23:51:30gmaxwell:well you can make them, but be prepared to see them dissected ruthlessly. :)
23:51:34kanzure:(or unless clearly bounded)
23:51:37thufir:not sure what value you are if this is the way you act, so no loss to ignore you. you included kanzure. although you had almost redeemed yourself since we last spoke
23:52:05gmaxwell:gmaxwell has kicked thufir from #bitcoin-wizards
23:52:15kanzure:very strange conversation
23:52:22gmaxwell:sorry for the drama there.
23:52:22kanzure:* kanzure goes off to flip some bits
23:52:23copumpkin:* copumpkin puts popcorn back
23:52:33ajweiss:what was he even trying to argue?
23:52:57kanzure:poor thinking and reasoning
23:53:05copumpkin:* copumpkin gets ready for joinfloods and the usual crap that comes with banning someone in this community
23:53:12kanzure:arguments to authority
23:53:37gmaxwell:better to just move on, if anyone is unhappy about that; feel free to yell at me in private (I will not think badily of you for it)
23:53:46copumpkin:seems good
23:53:57copumpkin:* copumpkin crawls back into his ready hole
23:54:07copumpkin:err, that sounds bad
23:54:28copumpkin:that's what I intended