00:54:23jae:jae is now known as Guest61148
02:43:18c0rw1n:c0rw1n is now known as c0rw|zZz
02:54:38Bosnia:Bosnia is now known as bosma
03:01:53robogoat:Anybody aware of a requester-pays s3 bucket containing the blockchain data files?
03:04:03robogoat:Or just publically accessible?
04:12:30GGuyZ_:GGuyZ_ is now known as GGuyZ
08:05:15orwell.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: andy-logbot rubensayshi Sub|afk blackwraith Adlai` antanst NewLiberty_ paveljanik CoinMuncher nemild jrayhawk Relos Mably b_lumenkraft ThomasV hktud0 K1773R lclc_ justanotheruser arubi bosma Quanttek frankenm_ Guest95228 adam3us daira1 luny Emcy TheSeven tcrypt Dr-G2 wonk_unit Guest61148 d1ggy_ Iriez shesek melvster gill3s moa tromp_ DrWatto akrmn prodatalab Luke-Jr dc17523be3 stonecoldpat spinza thrasher` afk11 theymos stevenroose waxwing
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: Apocalyptic p15_ hulkhogan_ LeMiner Logicwax go1111111 copumpkin ebfull prosodyContext ggreer tromp PRab rustyn jmcn Hunger- PaulCapestany ttttemp_ c0rw|zZz Pan0ram1x jcorgan zmachine isis dgenr8 nickler Cory cryptowest_ gielbier mengine EasyAt lmatteis sneak mkarrer_ HM grandmaster Starduster bsm117532 zz_lnovy harrigan andytoshi scoria gavinandresen brand0 larraboj bedeho2 OneFixt superobserver kyletorpey gmaxwell vonzipper mappum MoALTz
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: Jouke weex harrow gnusha nsh triazo jonasschnelli mountaingoat CryptoGoon wizkid057 berndj leakypat pollux-bts platinuum Oizopower jbenet dasource btcdrak tucenaber kyuupichan helo Taek Madars iddo GreenIsMyPepper amiller epscy adams__ wiz michagogo mikolalysenko artifexd dansmith_btc lmacken yrashk cfields Krellan coryfields Meeh catlasshrugged Alanius null_radix kanzure bliljerk_ azariah warptangent sparetire davout comboy TD-Linux yorick
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: crescend1 veox mm_1 Zouppen huseby _whitelogger wumpus binaryatrocity heath BananaLotus maaku face_ [d__d] optimator Eliel narwh4l koshii mr_burdell throughnothing_ elastoma fluffypony Fistful_of_Coins yoleaux Jaamg xabbix mariorz catcow a5m0_ smooth dignork runeks Sqt poggy livegnik petertodd richardus nephyrin phedny so BrainOverfl0w @ChanServ gwillen kinlo sl01 STRML espes AdrianG Anduck BlueMatt midnightmagic otoburb kumavis starsoccer
08:05:15orwell.freenode.net:Users on #bitcoin-wizards: d9b4bef9 gribble jessepollak ryan-c Keefe indolering Graet jaromil sturles [ace] merlincorey morcos CryptOprah s1w roasbeef eric sdaftuar Xzibit17 warren Muis forrestv nanotube ajweiss guruvan SwedFTP pigeons afdudley phantomcircuit
09:59:11blackwraith:blackwraith is now known as priidu
10:03:19frankenm_:frankenm_ is now known as frankenmint
10:21:19Adlai`:Adlai` is now known as adlai
10:56:53frankenmint:frankenmint has left #bitcoin-wizards
12:04:09c0rw|zZz:c0rw|zZz is now known as c0rw1n
12:18:25blackwraith:blackwraith is now known as priidu
12:52:46jae:jae is now known as Guest6535
15:02:18frankenmint:frankenmint has left #bitcoin-wizards
15:42:50jae:jae is now known as Guest39790
15:56:57NewLiberty_:NewLiberty_ is now known as NewLiberty
16:36:51c0rw1n:c0rw1n is now known as c0rw|away
16:37:11jae:jae is now known as Guest40247
17:26:29jae:jae is now known as Guest96318
18:08:22NewLiberty__:NewLiberty__ is now known as NewLiberty
18:48:04jae:jae is now known as Guest2268
19:27:04helo:helo is now known as daaaang
19:27:18daaaang:daaaang is now known as helo
19:34:27gavinandresen:gavinandresen has left #bitcoin-wizards
19:41:21amiller:yall seen Trinocchio? http://eprint.iacr.org/2015/480.pdf
19:41:37fluffypony:the Disney film?
19:41:39fluffypony:* fluffypony jests
19:41:44amiller:its now safe to outsource your snark proofs to k/n servers
19:42:13amiller:they can produce snark proofs for you without actually having to know your secrets (unless more than k of them collude or whatever)
19:42:24fluffypony:ooooh I like this
19:42:57amiller:and it doesn't require a change to the underlying pinocchio protocol so even if they all cheat, then your secrets are stolen but at least the rest of whatever the system relying on the snark proofs (e.g. zerocash) isn't compromised
20:46:09gmaxwell:amiller: not compatible with the latest SNARK papers that use the recursive construction to get perfectly linear scaling, alas.
20:50:58Luke-Jr:amiller: is there a library that can be used for this purpose yet? ie, something I can throw in BFGMiner
20:51:35Luke-Jr:ie, something that doesn't require the executor to compile and run potentially malicious code
21:35:44andytoshi:maaku: gmaxwell: re my argument about impossibility of untrusted obfuscation, it is at https://www.wpsoftware.net/andrew/oldblog/?post=impossible-crs
21:36:15andytoshi:the argument was that you can't get rid of trusted setup for all systems (in particular this timelock scheme that i hand-wavily defined using obfuscation)
21:36:30andytoshi:but it doesn't argue that the obfuscation primitive itself requires a trusted setup
21:37:11andytoshi:(i feel like i did argue this somewhere, but didn't write it up, and don't recall how it went .. maybe i told it to gmaxwell here or offline and he remembers enough to prompt me?)
21:37:39gmaxwell:I think you did.
21:39:57andytoshi:i have argued that both obfuscation and snarks require multilinear maps, and that one went "matiyasevich's theorem says the computable subsets of NN are exactly the diophantine ones, therefore "cryptographically secure general computation" is as hard as "simultaneously cryptographically secure ring operations" for any definition of "cryptographically secure"
21:41:37andytoshi:but i am optimistic (though not very) that there will be some breakthrough in lattice crypto that allows efficient oblivious multiplication and addition without the trusted setup that graded encoded schemes do (graded encoded schemes are used in place of multilinear maps since there are no candidates for "pure" multilinear maps)
22:20:01dEBRUYNE__:dEBRUYNE__ is now known as dEBRUYNE
22:27:29PRab_:PRab_ is now known as PRab
22:49:42amiller:gmaxwell, actually i don't see any obstacle to using it recursively
22:52:27jae:jae is now known as Guest3385
22:54:25gmaxwell:amiller: you fully seralize.
22:55:24gmaxwell:amiller: e.g. yea, sure you could distribute each step but then you need a full RTT per machine instruction and a full resharing and such, and so what did the delegation accomplish?
22:56:15amiller:i dunno, at the output of one round of this, each server gets a secret share of the resulting proof
22:56:51amiller:so i dont see why you can't use those shares of the resulting proof as an input to a subsequent round, which involves computing on that proof
22:57:40c0rw|away:c0rw|away is now known as c0rw|zZz
22:58:11gmaxwell:you can but that doesn't sound useful as the users will end up having to do a communication round trip and resharing for every single tinyram instruction.
22:58:56amiller:i don't see where the users round trip came in
22:59:35amiller:user just provide some initial secret shares of the input, that's all
23:00:30amiller:the servers can compute function after function after function, each time receiving shares of the output
23:02:42amiller:the user doesn't even have to be there in the first place
23:02:58amiller:the user could distribute the shares of the private key to the servers at the very beginning
23:03:11amiller:and if k/n of the servers want to do something, anything, with that key, they can do so
23:04:58gmaxwell:not seeing how this works, the recursive function requires you verify a completed proof (with a different group) inside a proof. You can't verify a share. You can't update the hashtree over memory with just shares.
23:05:36gmaxwell:I'm sure (due to the existance of MPC generally) that its fundimentally possible, but I don't see how the efficient trick there would work.
23:06:13amiller:it's totally possible i'm misinterpreting some limitation of this, i'm not reading it at any close level at this point...
23:06:34amiller:i think you could update the hashtree over the memory using just the shares using generic MPC
23:06:42amiller:and that's fine, generic MPC isn't perfect but it's within the range of powerful servers
23:07:15gmaxwell:It's not clear to me that its actually "within the range of powerful servers", at least for actively secure MPC.
23:07:16amiller:you only need to use the 'efficient trick' to operate on the snarks
23:09:37amiller:anyway i dont think its necessary to bring hashtrees into this either, i think i like geppetto's approach better (but i also want to stay out of the 'snark wars' as much as possible)
23:31:00a5m0_:a5m0_ is now known as a5m0
23:55:18bosma:bosma is now known as Bosnia