| 00:54:23 | jae: | jae is now known as Guest61148 |
| 02:43:18 | c0rw1n: | c0rw1n is now known as c0rw|zZz |
| 02:54:38 | Bosnia: | Bosnia is now known as bosma |
| 03:01:53 | robogoat: | Anybody aware of a requester-pays s3 bucket containing the blockchain data files? |
| 03:04:03 | robogoat: | Or just publically accessible? |
| 04:12:30 | GGuyZ_: | GGuyZ_ is now known as GGuyZ |
| 08:05:15 | orwell.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: andy-logbot rubensayshi Sub|afk blackwraith Adlai` antanst NewLiberty_ paveljanik CoinMuncher nemild jrayhawk Relos Mably b_lumenkraft ThomasV hktud0 K1773R lclc_ justanotheruser arubi bosma Quanttek frankenm_ Guest95228 adam3us daira1 luny Emcy TheSeven tcrypt Dr-G2 wonk_unit Guest61148 d1ggy_ Iriez shesek melvster gill3s moa tromp_ DrWatto akrmn prodatalab Luke-Jr dc17523be3 stonecoldpat spinza thrasher` afk11 theymos stevenroose waxwing |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: Apocalyptic p15_ hulkhogan_ LeMiner Logicwax go1111111 copumpkin ebfull prosodyContext ggreer tromp PRab rustyn jmcn Hunger- PaulCapestany ttttemp_ c0rw|zZz Pan0ram1x jcorgan zmachine isis dgenr8 nickler Cory cryptowest_ gielbier mengine EasyAt lmatteis sneak mkarrer_ HM grandmaster Starduster bsm117532 zz_lnovy harrigan andytoshi scoria gavinandresen brand0 larraboj bedeho2 OneFixt superobserver kyletorpey gmaxwell vonzipper mappum MoALTz |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: Jouke weex harrow gnusha nsh triazo jonasschnelli mountaingoat CryptoGoon wizkid057 berndj leakypat pollux-bts platinuum Oizopower jbenet dasource btcdrak tucenaber kyuupichan helo Taek Madars iddo GreenIsMyPepper amiller epscy adams__ wiz michagogo mikolalysenko artifexd dansmith_btc lmacken yrashk cfields Krellan coryfields Meeh catlasshrugged Alanius null_radix kanzure bliljerk_ azariah warptangent sparetire davout comboy TD-Linux yorick |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: crescend1 veox mm_1 Zouppen huseby _whitelogger wumpus binaryatrocity heath BananaLotus maaku face_ [d__d] optimator Eliel narwh4l koshii mr_burdell throughnothing_ elastoma fluffypony Fistful_of_Coins yoleaux Jaamg xabbix mariorz catcow a5m0_ smooth dignork runeks Sqt poggy livegnik petertodd richardus nephyrin phedny so BrainOverfl0w @ChanServ gwillen kinlo sl01 STRML espes AdrianG Anduck BlueMatt midnightmagic otoburb kumavis starsoccer |
| 08:05:15 | orwell.freenode.net: | Users on #bitcoin-wizards: d9b4bef9 gribble jessepollak ryan-c Keefe indolering Graet jaromil sturles [ace] merlincorey morcos CryptOprah s1w roasbeef eric sdaftuar Xzibit17 warren Muis forrestv nanotube ajweiss guruvan SwedFTP pigeons afdudley phantomcircuit |
| 09:59:11 | blackwraith: | blackwraith is now known as priidu |
| 10:03:19 | frankenm_: | frankenm_ is now known as frankenmint |
| 10:21:19 | Adlai`: | Adlai` is now known as adlai |
| 10:56:53 | frankenmint: | frankenmint has left #bitcoin-wizards |
| 12:04:09 | c0rw|zZz: | c0rw|zZz is now known as c0rw1n |
| 12:18:25 | blackwraith: | blackwraith is now known as priidu |
| 12:52:46 | jae: | jae is now known as Guest6535 |
| 15:02:18 | frankenmint: | frankenmint has left #bitcoin-wizards |
| 15:42:50 | jae: | jae is now known as Guest39790 |
| 15:56:57 | NewLiberty_: | NewLiberty_ is now known as NewLiberty |
| 16:36:51 | c0rw1n: | c0rw1n is now known as c0rw|away |
| 16:37:11 | jae: | jae is now known as Guest40247 |
| 17:26:29 | jae: | jae is now known as Guest96318 |
| 18:08:22 | NewLiberty__: | NewLiberty__ is now known as NewLiberty |
| 18:48:04 | jae: | jae is now known as Guest2268 |
| 19:27:04 | helo: | helo is now known as daaaang |
| 19:27:18 | daaaang: | daaaang is now known as helo |
| 19:34:27 | gavinandresen: | gavinandresen has left #bitcoin-wizards |
| 19:41:21 | amiller: | yall seen Trinocchio? http://eprint.iacr.org/2015/480.pdf |
| 19:41:37 | fluffypony: | the Disney film? |
| 19:41:39 | fluffypony: | * fluffypony jests |
| 19:41:44 | amiller: | its now safe to outsource your snark proofs to k/n servers |
| 19:42:13 | amiller: | they can produce snark proofs for you without actually having to know your secrets (unless more than k of them collude or whatever) |
| 19:42:24 | fluffypony: | ooooh I like this |
| 19:42:57 | amiller: | and it doesn't require a change to the underlying pinocchio protocol so even if they all cheat, then your secrets are stolen but at least the rest of whatever the system relying on the snark proofs (e.g. zerocash) isn't compromised |
| 19:43:23 | fluffypony: | yeah |
| 20:46:09 | gmaxwell: | amiller: not compatible with the latest SNARK papers that use the recursive construction to get perfectly linear scaling, alas. |
| 20:50:58 | Luke-Jr: | amiller: is there a library that can be used for this purpose yet? ie, something I can throw in BFGMiner |
| 20:51:35 | Luke-Jr: | ie, something that doesn't require the executor to compile and run potentially malicious code |
| 21:35:44 | andytoshi: | maaku: gmaxwell: re my argument about impossibility of untrusted obfuscation, it is at https://www.wpsoftware.net/andrew/oldblog/?post=impossible-crs |
| 21:36:15 | andytoshi: | the argument was that you can't get rid of trusted setup for all systems (in particular this timelock scheme that i hand-wavily defined using obfuscation) |
| 21:36:30 | andytoshi: | but it doesn't argue that the obfuscation primitive itself requires a trusted setup |
| 21:37:11 | andytoshi: | (i feel like i did argue this somewhere, but didn't write it up, and don't recall how it went .. maybe i told it to gmaxwell here or offline and he remembers enough to prompt me?) |
| 21:37:39 | gmaxwell: | I think you did. |
| 21:39:57 | andytoshi: | i have argued that both obfuscation and snarks require multilinear maps, and that one went "matiyasevich's theorem says the computable subsets of NN are exactly the diophantine ones, therefore "cryptographically secure general computation" is as hard as "simultaneously cryptographically secure ring operations" for any definition of "cryptographically secure" |
| 21:41:37 | andytoshi: | but i am optimistic (though not very) that there will be some breakthrough in lattice crypto that allows efficient oblivious multiplication and addition without the trusted setup that graded encoded schemes do (graded encoded schemes are used in place of multilinear maps since there are no candidates for "pure" multilinear maps) |
| 22:20:01 | dEBRUYNE__: | dEBRUYNE__ is now known as dEBRUYNE |
| 22:27:29 | PRab_: | PRab_ is now known as PRab |
| 22:49:42 | amiller: | gmaxwell, actually i don't see any obstacle to using it recursively |
| 22:52:27 | jae: | jae is now known as Guest3385 |
| 22:54:25 | gmaxwell: | amiller: you fully seralize. |
| 22:55:24 | gmaxwell: | amiller: e.g. yea, sure you could distribute each step but then you need a full RTT per machine instruction and a full resharing and such, and so what did the delegation accomplish? |
| 22:56:15 | amiller: | i dunno, at the output of one round of this, each server gets a secret share of the resulting proof |
| 22:56:51 | amiller: | so i dont see why you can't use those shares of the resulting proof as an input to a subsequent round, which involves computing on that proof |
| 22:57:40 | c0rw|away: | c0rw|away is now known as c0rw|zZz |
| 22:58:11 | gmaxwell: | you can but that doesn't sound useful as the users will end up having to do a communication round trip and resharing for every single tinyram instruction. |
| 22:58:56 | amiller: | i don't see where the users round trip came in |
| 22:59:35 | amiller: | user just provide some initial secret shares of the input, that's all |
| 23:00:30 | amiller: | the servers can compute function after function after function, each time receiving shares of the output |
| 23:02:42 | amiller: | the user doesn't even have to be there in the first place |
| 23:02:58 | amiller: | the user could distribute the shares of the private key to the servers at the very beginning |
| 23:03:11 | amiller: | and if k/n of the servers want to do something, anything, with that key, they can do so |
| 23:04:58 | gmaxwell: | not seeing how this works, the recursive function requires you verify a completed proof (with a different group) inside a proof. You can't verify a share. You can't update the hashtree over memory with just shares. |
| 23:05:36 | gmaxwell: | I'm sure (due to the existance of MPC generally) that its fundimentally possible, but I don't see how the efficient trick there would work. |
| 23:06:13 | amiller: | it's totally possible i'm misinterpreting some limitation of this, i'm not reading it at any close level at this point... |
| 23:06:34 | amiller: | i think you could update the hashtree over the memory using just the shares using generic MPC |
| 23:06:42 | amiller: | and that's fine, generic MPC isn't perfect but it's within the range of powerful servers |
| 23:07:15 | gmaxwell: | It's not clear to me that its actually "within the range of powerful servers", at least for actively secure MPC. |
| 23:07:16 | amiller: | you only need to use the 'efficient trick' to operate on the snarks |
| 23:09:37 | amiller: | anyway i dont think its necessary to bring hashtrees into this either, i think i like geppetto's approach better (but i also want to stay out of the 'snark wars' as much as possible) |
| 23:31:00 | a5m0_: | a5m0_ is now known as a5m0 |
| 23:55:18 | bosma: | bosma is now known as Bosnia |