| 00:00:42 | Taek: | I'm not sure that officials always think through that far |
| 00:02:01 | gmaxwell: | depends on who you're talking about; obviously there is a layer of people who just say "but I want in!" without thinking at all. |
| 00:02:03 | zooko: | Yeah, it's not safe to assume internal consistency. |
| 00:02:04 | Taek: | I remember an officer 'shuddering to think' how many people would have gotten away if phone encryption was standard |
| 00:02:17 | Taek: | but these people had video evidence of their crimes *on their own phones* |
| 00:02:39 | zooko: | I think the safest bet is that each person is doing something that they think will improve their own social and/or economic standing. |
| 00:02:46 | zooko: | Beyond that it gets pretty hazy to me. :-) |
| 00:08:50 | Taek: | A lot of regulation seems to crop up from people not understanding how easily it can be avoided |
| 00:09:06 | Taek: | And some of this might come from a taboo upon looking for ways to bypass laws |
| 00:09:27 | Taek: | if the average person was a lot better at knowing how to avoid laws/regualtion, I wonder if our laws wouldn't be more effective as a consequence |
| 00:17:46 | BlueMatt: | zooko: keep in mind most of us are insane, so its hard to tell what people are thinking :p |
| 00:27:39 | zooko: | BlueMatt: :-) |
| 00:29:01 | rusty: | * rusty resists urge to completely rewrite protobuf-c... |
| 00:29:13 | nsh: | is it bad? |
| 00:29:23 | zooko: | Taek: well, that pattern fits in really well with my model, which is that the people proposing the regulation don't *actually* care, in an effective sense about the *consequences*, only about the nominal intent. |
| 00:29:45 | zooko: | If you pass a law banning murder of puppies, you improve your social and/or economic standing. Whether this results in more or fewer puppy murders is irrelevant. |
| 00:29:51 | zooko: | * zooko notices that he isn't in the politics chatroom. |
| 00:29:56 | nsh: | * nsh smiles |
| 00:30:19 | rusty: | nsh: It's... well-meaning. |
| 00:31:01 | nsh: | economic regulation is a little less vulnerable to political incentive issues, as it's usually compartmented such that the people doing the regulating are heavily vested some notional sense of the efficient functionality of the system |
| 00:31:07 | nsh: | as long as it favours their privileged position |
| 00:31:35 | zooko: | An important detail to what I said is "in an effective sense". I mean that those people |
| 00:31:44 | zooko: | may well *feel* strong feelings about saving puppies, and may completely |
| 00:32:02 | zooko: | honestly *believe* that their actions will save puppies, but I think the system |
| 00:32:13 | zooko: | selects for people who convincingly appear that way, including people who |
| 00:32:23 | zooko: | sincerely are that way, not for people that actually reduce the rate of puppy murders. |
| 00:32:25 | zooko: | See what I mean? |
| 00:32:32 | zooko: | I'm not accusing them of dishonesty, but of irrelevance. |
| 00:32:37 | nsh: | right, but the fed reserve board of governors is less concerned with voterfeels than projections, and economic policy, thankfully, is not written by politicians |
| 00:34:41 | nsh: | it's harder to be cynical than bored reading their minutes. one is inclined to believe in grand conspiracies because the real agenda of the most powerful in society is tragically mediocre and predictable for the most part |
| 00:35:20 | zooko: | Everything I wrote above applies to other incentives than voterfeels! |
| 00:35:49 | nsh: | * nsh may have missed some context; just reconnected to bouncer after lappy freeze |
| 00:36:24 | nsh: | * nsh looks at logs |
| 00:36:41 | zooko: | I did use the example of passing a law that voters like. |
| 00:37:15 | zooko: | But the general principle applies to, e.g. defending the honor of your intellectual tradition, getting a juicy consulting job after you retire, etc. |
| 00:37:23 | nsh: | * nsh nods |
| 00:55:51 | nsh: | i thought of a question i couldn't easily answer earlier that some of you will probably know: could you speed up WPA2-PSK cracking significantly by collecting lots of handshakes, rather than just trying to match a single one? |
| 00:59:29 | nsh: | it's a more complex protocol than i'd imagined |
| 01:02:41 | nsh: | i guess the trivial [active] answer is: yes, there are nonces involved and router uptime can be made arbitrarily low. |
| 01:04:22 | nsh: | but i've never seen any talk of using more than one handshake, so perhaps it wouldn't be worth it? not clear to me how to boil down the schematic protocol representation into a complexity analysis in terms of repeated handshakes |
| 01:09:06 | nsh: | * nsh muses about this in ##crypto instead |
| 01:21:17 | nsh: | oh, there is a weakness to the groupwise shared key, but it's somewhat mitigated by the fact that you have to have been associated in the past: http://www.airtightnetworks.com/WPA2-Hole196 |
| 01:21:23 | nsh: | i did suspect there would be an issue there |
| 03:35:39 | jae: | jae is now known as Guest45171 |
| 03:53:47 | maaku: | if nLockTime were compared against something else other than the height/timestamp of the block, what would that be? GetMedianTimePast()? |
| 04:02:45 | fanquake1: | fanquake1 is now known as fanquake |
| 04:09:18 | dgenr8: | maaku: that seems an odd question. what is the goal? |
| 04:10:52 | maaku: | well petertodd mentioned on a pull request the possibility of soft-forking nLockTime to be GetMedianTimePast() instead of the block timestamp |
| 04:11:25 | maaku: | which decreases some timestamp forgery incentives as far as I can tell, maybe has some other benefit too |
| 04:11:32 | maaku: | i'm not aware of the discussion surrounding that |
| 04:12:22 | maaku: | but while switching nLockTime to be based on GetMedianTimePast would be a soft-fork change, doing the same for a hypothetical relative locktime would be a hard-fork change |
| 04:12:29 | maaku: | so, kinda important to get it right... |
| 04:13:20 | dgenr8: | oh he tweeted about exploiting clock-nLocktime to induced propagation inconsistency |
| 04:16:31 | dgenr8: | my thought was why not let it into the mempool a bit early |
| 04:36:34 | fanquake1: | fanquake1 has left #bitcoin-wizards |
| 04:38:02 | afdudley: | is there a good reference for time-lock encryption somewhere? is there a non-bitcoin/trusted third party implementation somewhere? |
| 04:38:40 | maaku: | afdudley: i don't think there is a bitcoin implementation either :P |
| 04:38:47 | afdudley: | indeed :D |
| 04:41:53 | afdudley: | I am reading this: http://eprint.iacr.org/2015/478.pdf it's very interesting but... I think it might be slightly misnamed. |
| 05:17:09 | petertodd: | dgenr8: if you let it into the mempool, you make the problem worse... |
| 05:18:24 | petertodd: | afdudley: I've implemented timelock crypto here: http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg05547.html |
| 05:19:02 | dgenr8: | petertodd: then i must have misunderstood your 140 chars |
| 05:19:46 | petertodd: | dgenr8: the problem is that not all nodes have the exact same clock; when you let the tx into the mempool is irrelevant so long as it's based on the local idea of what time it is |
| 05:20:06 | petertodd: | dgenr8: incidentally, you can doublespend coinbase that way pretty easily |
| 05:22:36 | dgenr8: | petertodd: if you let it in 2 hours before locktime, even nodes with slow clocks should have it when final |
| 05:23:13 | petertodd: | dgenr8: sigh.... again, that changes nothing. go try this yourself |
| 05:24:11 | dgenr8: | petertodd: have you described this somewhere? |
| 05:24:59 | petertodd: | dgenr8: no, why would I? it's pretty obvious how it works once you remember how nLockTime-by-time works |
| 05:25:17 | dgenr8: | petertodd: so we know what "it" is |
| 05:25:43 | petertodd: | dgenr8: meh, I don't get paid to fix zeroconf problems... |
| 05:26:02 | dgenr8: | petertodd: what's your price |
| 05:26:08 | petertodd: | dgenr8: $250/hr |
| 05:26:19 | dgenr8: | petertodd: how many hours will it take |
| 05:26:33 | petertodd: | dgenr8: dunno, it's probably not a fixable problem |
| 05:27:48 | petertodd: | dgenr8: and frankly, given that I'm going to get accused of having bad incentives for this... nah, screw it, I don't want the work |
| 05:27:57 | dgenr8: | petertodd: ... i meant to fix zeroconf completely. |
| 05:28:13 | petertodd: | dgenr8: do you want to still have a decentralized system? because if so, that's impossible |
| 05:29:16 | dgenr8: | petertodd: was sure a highball estimate was coming ;) |
| 05:29:42 | petertodd: | dgenr8: I'm not going to wreck my reputation on something stupid |
| 05:32:19 | dgenr8: | petertodd: question - how long should the tx replacement "feature" be available? did we get lucky and 10+-10 min is just right? or would it be nice to explicitly reneg txes for a longer period? |
| 05:32:40 | petertodd: | dgenr8: huh? |
| 05:33:24 | dgenr8: | petertodd: from your writings, i get the impression that RBF is a really cool feature |
| 05:34:07 | petertodd: | dgenr8: I mean, what does "10+-10" min have to do with it? |
| 05:35:28 | dgenr8: | petertodd: that's how long RBF works, generally. until next block. i use +-10 min as the standard dev. is 10 minutes |
| 05:35:46 | petertodd: | dgenr8: no, RBF works until the tx gets *into* a block |
| 05:35:57 | dgenr8: | petertodd: hence "generally" |
| 05:36:40 | petertodd: | dgenr8: I still don't see your point |
| 05:38:06 | dgenr8: | petertodd: no point, just a question |
| 05:39:29 | petertodd: | dgenr8: block interval is based on latency considerations; shorter block intervals reduce security significantly. Is 10 minutes optimal? Who knows, but like most things in security, arguing about how low we can reduce our security margin and still get away with it is dumb. |
| 05:40:02 | dgenr8: | petertodd: well that answers A question |
| 05:55:52 | Luke-Jr: | I'd argue that once it gets in a block, you don't *need* the replacement feature anymore ;) |
| 08:04:36 | heath: | http://www.jbonneau.com/doc/BFGKN14-bitcoin_bribery.pdf |
| 08:05:16 | sendak.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:16 | sendak.freenode.net: | Users on #bitcoin-wizards: andy-logbot Pan0ram1x b_lumenkraft Logicwax go1111111 hktud0 wallet42 Mably jcorgan ThomasV arubi akrmn frankenmint jeremyrubin zmachine isis GAit dgenr8 TheSeven PRab Dr-G2 nickler Cory roconnor d1ggy_ jmcn_ wonk_unit cryptowest_ gielbier sparetire_ LeMiner hashtag spinza mengine EasyAt Adlai lmatteis Emcy Tiraspol ttttemp sneak thrasher` mkarrer_ HM gill3s prodatalab__ grandmaster dc17523be3 antanst hashtag_ rustyn jrayhawk copumpkin Relos |
| 08:05:16 | sendak.freenode.net: | Users on #bitcoin-wizards: cdecker Starduster bsm117532 Apocalyptic zz_lnovy p15 harrigan andytoshi scoria stonecoldpat gavinandresen brand0 larraboj bedeho2 PaulCape_ OneFixt luny` melvster superobserver kyletorpey hulkhogan_ antgreen gmaxwell vonzipper mappum MoALTz Jouke weex harrow gnusha alferz tromp__ nsh triazo jonasschnelli mountaingoat CryptoGoon wizkid057 Luke-Jr berndj leakypat pollux-bts bosma platinuum Oizopower jbenet dasource waxwing btcdrak tucenaber |
| 08:05:16 | sendak.freenode.net: | Users on #bitcoin-wizards: kyuupichan helo Taek ebfull Madars iddo GreenIsMyPepper amiller epscy adams__ wiz michagogo mikolalysenko artifexd dansmith_btc lmacken c0rw|zZz yrashk cfields Krellan_ stevenroose coryfields Meeh BrainOverfl0w @ChanServ gwillen kinlo sl01 STRML espes AdrianG luigi1111 Anduck BlueMatt midnightmagic otoburb kumavis starsoccer d9b4bef9 gribble jessepollak ryan-c Keefe indolering Graet jaromil sturles [ace] merlincorey Iriez morcos CryptOprah s1w |
| 08:05:16 | sendak.freenode.net: | Users on #bitcoin-wizards: roasbeef eric sdaftuar Xzibit17 warren Muis forrestv nanotube ajweiss guruvan SwedFTP pigeons afdudley phantomcircuit so phedny nephyrin richardus petertodd K1773R livegnik poggy Sqt runeks dignork smooth a5m0_ catcow mariorz xabbix se3000 Jaamg yoleaux Fistful_of_Coins fluffypony elastoma throughnothing_ mr_burdell koshii narwh4l Eliel optimator [d__d] face_ maaku BananaLotus heath binaryatrocity wumpus _whitelogger huseby Zouppen theymos mm_1 |
| 08:05:16 | sendak.freenode.net: | Users on #bitcoin-wizards: veox crescend1 yorick TD-Linux comboy davout sparetire warptangent tromp_ azariah bliljerk_ kanzure null_radix Alanius catlasshrugged |
| 08:18:32 | b_lumenkraft_: | b_lumenkraft_ is now known as b_lumenkraft |
| 08:41:03 | Krellan_: | Krellan_ is now known as Krellan |
| 11:10:25 | c0rw|zZz: | c0rw|zZz is now known as c0rw1n |
| 13:06:34 | frankenmint: | frankenmint has left #bitcoin-wizards |
| 14:03:17 | kanzure: | "Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies" https://eprint.iacr.org/2015/464.pdf abstract-only at https://eprint.iacr.org/2015/464 |
| 14:10:42 | kanzure: | eh nevermind. not particularly thorough analysis. |
| 14:11:55 | kanzure: | i was expecting more like http://diyhpl.us/~bryan/papers2/bitcoin/Research%20perspectives%20and%20challenges%20for%20Bitcoin%20and%20cryptocurrencies.pdf |
| 14:49:36 | b_lumenkraft_: | b_lumenkraft_ is now known as b_lumenkraft |
| 14:49:40 | nsh: | what was unthorough about it, kanzure? |
| 14:53:46 | kanzure: | nsh: well based on its analysis of proof of stake (and only one reference?) .... |
| 14:54:16 | nsh: | * nsh nods |
| 14:56:28 | zz_lnovy: | zz_lnovy is now known as lnovy |
| 15:05:45 | dEBRUYNE_: | dEBRUYNE_ is now known as dEBRUYNE |
| 16:05:09 | lnovy: | lnovy is now known as zz_lnovy |
| 16:11:08 | zz_lnovy: | zz_lnovy is now known as lnovy |
| 16:15:52 | lnovy: | lnovy is now known as zz_lnovy |
| 16:18:44 | zz_lnovy: | zz_lnovy is now known as lnovy |
| 16:19:40 | lnovy: | lnovy is now known as zz_lnovy |
| 16:40:35 | zz_lnovy: | zz_lnovy is now known as lnovy |
| 16:42:06 | lnovy: | lnovy is now known as zz_lnovy |
| 16:48:00 | zz_lnovy: | zz_lnovy is now known as lnovy |
| 17:02:55 | lnovy: | lnovy is now known as zz_lnovy |
| 19:29:19 | luigi1111: | luigi1111 is now known as Guest95228 |
| 19:42:55 | mrkent: | Why does these two testnet block explorers have different blocks? http://tbtc.blockr.io/block/info/427652 http://explorer.chain.com/blocks/427652 |
| 19:43:35 | Taek: | https://www.reddit.com/r/ethereum/comments/37bnbv/important_fork_update/ |
| 19:44:06 | Taek: | ethereum learns that running implementations of consensus code in multiple languages can lead to hardforks |
| 19:46:52 | hulkhogan_: | i sort of don't understand why they had to reimplement it three or more times just to launch it |
| 19:47:21 | Adlai: | it was lonely without all the python and C++ clients |
| 20:08:58 | Eliel: | maybe they want to avoid getting locked into a single implementation by diversifying early? |
| 20:16:15 | gmaxwell: | Eliel: unavoidable; certantly good to have multiple implementations to help _expose_ issues; but that doesn't itself remove the consensus risk from it. |
| 21:19:20 | zz_lnovy: | zz_lnovy is now known as lnovy |
| 21:40:13 | GGuyZ: | Not really bitcoin but perhaps someone could help :) |
| 21:40:36 | GGuyZ: | I'm trying to prove that a given set of shares cannot reconstruct a valid degree t polynomial. The verifier should at most know a commitment of these shares, but not the shares themselves. Any idea how to solve this? I'm thinking SNARKs but not sure if that's a good fit. |
| 21:42:21 | GGuyZ: | G* |
| 21:42:30 | gmaxwell: | join #btcd |
| 21:42:32 | gmaxwell: | oops |
| 21:53:17 | GGuyZ: | Actually I have a solution |
| 21:54:32 | gmaxwell: | GGuyZ: sorry just saw your question. Your question is insufficently clear to me. |
| 21:54:50 | gmaxwell: | Soemone can always know more shares that they leave out of the proof. |
| 22:22:18 | GGuyZ: | Thanks, |
| 22:25:48 | GGuyZ: | I'll try to be more clear if the line of thinking I'm trying doesn't work out. Tried to keep my question brief but I see why it lacks substance that way. |
| 22:33:08 | gmaxwell: | yea, understood. Sometimes it's just hard to tell what you're trying to accomplish. I'm guessing you want some commitment X and then prove that x,y,z,C(q),C(r) where x,y,z are shares of X and C(q), R(r) are commitments to shares of x. |
| 22:34:07 | gmaxwell: | (where X = C(x)) and some verifier wants to know that the shares agree with C(x). |
| 22:34:37 | gmaxwell: | So long as your commitment scheme is additively homorphic you should just be able to take the shares and the commited shares and interpoate the commitment to x. |
| 22:35:11 | gmaxwell: | and if you have all the shares (in either direct or commited form) then you can just try every interpolation. |
| 22:35:32 | gmaxwell: | (uh, I made some variable name screwups above; so ignoring those...) |
| 23:12:29 | andytoshi: | GGuyZ: ignoring concerns about what your goal is (and if it can be subverted by simply hiding information, say), it's unlikely you can prove anything about polynomial construct |
| 23:12:39 | andytoshi: | constructibility without something as powerful as multilinear maps |
| 23:15:06 | HostFat: | I've wrote my opinion about the block size debate https://www.reddit.com/r/Bitcoin/comments/37du43/market_of_blocks |
| 23:17:19 | andytoshi: | well, if you are OK with having large proofs, you can prove that a bunch of points G, xG, x^2G, x^3G, etc are constructed honestly with simultaneous schnorr signatures, cf http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.117.5343 which does something similar. then you can prove linear equations in x, x^2, x^3, etc using standard discrete log techniques |
| 23:25:42 | gmaxwell: | HostFat: Your post is uninformed with respect to how block propagation works. |
| 23:26:14 | gmaxwell: | HostFat: most large miners (and anyone who wants) use the block relay protocol for relaying blocks, it transmits blocks with time which is essentially unrelated to the size of the blocks. |
| 23:26:40 | gmaxwell: | (it's technically linear but with a very small constant) |
| 23:27:17 | HostFat: | do you mean transmitting to other miners or to all nodes? |
| 23:27:21 | gmaxwell: | HostFat: To whatever extent the size/time relation is consequential thats a pressure to centeralize in and of itself, since the more centeralized party isn't harmed by those costs. |
| 23:28:01 | gmaxwell: | HostFat: to anyone interested in recieving them efficiently; though transmitting to other nodes isn't time critical in terms of miners incomes or incentives. |
| 23:29:41 | HostFat: | so there is something that I don't know and/or missing. Can a miner release a 100 MB block all the time and still arrive before miners that release blocks of 1 MB? |
| 23:29:54 | gmaxwell: | HostFat: Yes. |
| 23:30:01 | HostFat: | woha! |
| 23:31:00 | gmaxwell: | HostFat: Almost all (or all, if you just avoid adding very new txn to your blocks) the transactions are already communicated and verified; and don't need to be transmitted again. |
| 23:31:56 | gmaxwell: | HostFat: The block relay protocol just sends a list of two byte indexes to previously communicted txids/txn; technically is possible to build protocols even more efficient than that using set reconcilation; but at two bytes per transaction you can specify all the transactions for a block hundreds of megs in size without a round trip; and its already widely deployed. Future protocols that just sen |
| 23:32:02 | gmaxwell: | d the discrepency between the block and an implied mempool would be even more efficient but because of cpu costs aren't likely a win without really gigantic blocks. |
| 23:33:47 | gmaxwell: | But even if we ignore this, and pretend the block relay protocol didn't exist and wasn't widely used-- go with your original knoweldge: lets say it is proportional. In that world miners could immediately make more income by moving to a bigger pool, which can produce bigger blocks for a given amount of orphaning risk; as the pool will not orphan itself. |
| 23:36:23 | HostFat: | hmm, but smaller pools/miners will still able to arrive to more nodes than the bigger pool, and even if there are two bigger pools, they will compete each other to arrive to the majority of nodes (if we still think that tis relay protocol doesn't exist) |
| 23:37:04 | HostFat: | by making smaller blocks |
| 23:38:15 | gmaxwell: | HostFat: if you imagine it doesn't exist, thats true but you can always increase your competitiveness by either increasing centeralization or decreasing blocksize. And if you are more centeralized than someone else you can use a larger block size (more fee income), meaning that if mining is at an equlibrium you might be making 0.1% more (say) and turning a profit, while the less centeralized min |
| 23:38:21 | gmaxwell: | er is losing money. |
| 23:39:07 | gmaxwell: | Block relay protocol was created to try to mitigate some of that centeralization pressure that was pushing the network to only one or two pools last year-ish. |
| 23:40:11 | HostFat: | so the block relay protocol is enabled for all nodes currently, right? |
| 23:42:01 | se3000: | se3000 has left #bitcoin-wizards |
| 23:42:21 | gmaxwell: | HostFat: it's something you download seperately. I think all major miners use it (they'd be foolish not to!) but there is no way to tell for sure. In any case, since anyone can trivially install it and we know that most of the hashpower uses it, it more or less moots your argument about some kind of market force there. (since the thing you'd do isn't decrease your blocksize, you'd install the blo |
| 23:42:27 | gmaxwell: | ck relay network client) |
| 23:42:32 | HostFat: | ok |
| 23:42:56 | phantomcircuit: | HostFat, it's almost important to note that larger miners can afford significantly more bandwidth than smaller decentralized miners |
| 23:43:13 | phantomcircuit: | to give you an idea i had a 10gbps line pushing blocks out in addition to the relay network |
| 23:43:44 | phantomcircuit: | (even the 10gbps line wasn't enough, to get really good propagation i was proposing 10x that) |
| 23:44:24 | HostFat: | that its true, but I don't see this as a problem, if it spread in a good way to all the nodes, than it's ok. |
| 23:44:41 | gmaxwell: | HostFat: There is another bit to consider there. Technically as a miner your income is optimized if only half the hashrate (including yourself) hears your block quickly; it's preferable that the rest takes a while to hear it (as it increases their orphaning rate). |
| 23:45:16 | HostFat: | the example of the 56k is good explain this I think |
| 23:45:38 | gmaxwell: | I don't believe anyone substantive is acting so strategically now; but if you want to terms about income maximizing behavior and market forces, it's something to consider; esp since the system self adapts towards zero profits. Meaning that it's possible that anyone who doesn't engage in that behavior may end up operating at a loss. |
| 23:47:48 | HostFat: | "it's something you download seperately. I think all major miners use it" so the majority of nodes aren't using it |
| 23:48:06 | gmaxwell: | (and the selfish mining paper argues that the above also means that if a pool mines selfishly they only want it to be heard by a third (themselves included), and if so additional participants will make more if they join their pool vs some other one... e.g. arguing the marginal return on centeralizating instead of the direct effect shifts the threshold to 1/3rd instead of 1/2.) |
| 23:49:25 | gmaxwell: | HostFat: They're not-- but it doesn't matter to miners what non-miners are using for that. (presumably they'll someday use it: it _halves_ the amount of bandwidth staying in sync with the blockchain takes; it just hasn't been a priority to formalize the protocol for use in Bitcoin Core) |
| 23:50:54 | HostFat: | so if there will be the block relay protocol on all the nodes, than it will be more likely a CPU problem than a bandwitch problem, right? |
| 23:52:07 | gmaxwell: | HostFat: accepting a block is neglible CPU, because again, the transactions are almots all (or all if miners delay accepting txn into blocks) already verified and relayed. They don't get verified a second time. |
| 23:53:07 | gmaxwell: | So the only cpu thats technically needed at accept time is verifying the hash agreement. And a boring desktop cpu can do on the order of 24 million sha256() compression calls in a second. |
| 23:54:12 | gmaxwell: | Before all the caching and such some miners had taken to just disabling validation on their nodes. :( (we recently had a problem with a miner with 1-2%-ish of the hashrate running with all signature validation disabled; causing them to mine transactions that were non-standard and had some risk of forking the network) |
| 23:55:04 | HostFat: | so now in this future case (block relay protocol on all the nodes), I'm missing the problem for bigger blocks ... |
| 23:55:33 | gmaxwell: | Presumably because you misunderstood the problem in the first place? :) |
| 23:55:42 | HostFat: | probably :) |
| 23:55:59 | HostFat: | I thought that it was a bandwitch problem |
| 23:56:26 | gmaxwell: | None of this reduces the cost of verifying the network (except by constant factors), it only takes it out of the critical path of accepting a block. |
| 23:56:32 | HostFat: | and by what I'm understanding about the block relay protocol, it seems fixing it |
| 23:56:43 | HostFat: | hmm |
| 23:57:23 | gmaxwell: | It's a one time halving of bandwidth costs, but you still must recive, verify, and potentially store the transactoin data. |