00:05:45 | zooko: | This is good enough that I want to port it into -wizards from twitter: https://twitter.com/zooko/status/608423673616343040 |
00:06:41 | frankenmint: | thx |
00:07:34 | kanzure: | .tw |
00:07:35 | yoleaux: | Outstanding post by @JeremyRubin: Eight urgent issues in Bitcoin which are more important than block size. https://twitter.com/JeremyRubin/status/608421368674328576 (@zooko) |
00:07:46 | kanzure: | .tw https://twitter.com/JeremyRubin/status/608421368674328576 |
00:07:46 | yoleaux: | I just put out a blog post on some other things to talk about other than block size https://medium.com/@jeremyrubin/8-problems-with-bitcoin-to-solve-before-block-size-6b4d35e0c6f9 #bitcoin (@JeremyRubin) |
00:07:46 | fenn: | the tweet is a link to https://medium.com/@jeremyrubin/8-problems-with-bitcoin-to-solve-before-block-size-6b4d35e0c6f9 |
00:07:57 | kanzure: | gah |
00:10:57 | frankenmint: | reading the first concern is setting the tone of skepticism I hold for the remaining 7 problems to read about |
00:11:30 | frankenmint: | "This is more important than block size because, while it would be nice to support all of humanity’s transactional volume in Bitcoin, it is meaningless if that information can easily be stolen as we’ve seen with the numerous data breaches over the last few years or if that information can be weaponized against the population." < |
00:15:18 | gmaxwell: | frankenmint: there is another way to also think about this that I'm surprised that no one has caught on. |
00:16:44 | gmaxwell: | frankenmint: to the extent that we have extra capacity available (in terms of bandwidth and CPU cycles relative to software/protocol performance)-- it's not clear that we do have an excess, but assuming we do-- that excess can be used in many ways. It can be conserved, which can allow for more decenteralization, it can be spent to increase scale, it can be spent to increase privacy, it can be s |
00:16:50 | gmaxwell: | pent to increase flexibility, or it can be spent on a mixture of these things. |
00:17:25 | gmaxwell: | I agree that if there is an excess some of it should be spent on just increasing throughput. But how much? Well that depends on the other things that were forgoing by spending more of it on throughput. |
00:20:02 | frankenmint: | you mean having excess hardware on standby that only turns on if X-transactions sit in uxto? |
00:20:10 | frankenmint: | to relay trx? |
00:20:48 | gmaxwell: | No, I mean the ability of the network to support a particular amount of transaction capacity without people shutting off nodes due to their operating costs. |
00:20:51 | gmaxwell: | someone on BCT last night sent me this image, ... bitcoin node counts over time, though the general data isn't new to me (and I don't know the specifics of their methology); it paints a pretty bleak picture about our levels of excess capacity: https://i.imgur.com/EL0zHRe.jpg |
00:22:01 | frankenmint: | since we're sharing, here's a graph of analysis that luke-jr compiled using existing block data |
00:22:02 | frankenmint: | http://jsfiddle.net/r5swbpp8/1/embedded/result/ |
00:22:17 | frankenmint: | taken from here http://www.reddit.com/r/Bitcoin/comments/38giar/analysis_graphs_of_block_sizes/ |
00:25:40 | frankenmint: | that sharp drop between may and septermber makes no sense |
00:26:21 | frankenmint: | whatsup w/ that china data I think that's incorrect info |
00:26:42 | gmaxwell: | some of that is incorrect, no doubt. |
00:27:07 | frankenmint: | should be topsy turvy w/ heavier china influence in september |
00:27:30 | frankenmint: | ill look around for that on bct to read into more context, thx for sharing! |
00:27:50 | gmaxwell: | frankenmint: but through the end of 2012 into 2013 the blockchain grew tremendously due to a single service flooding the chain with tiny transactions. It went from a couple hours to sync the net for most people to days for many. |
00:32:09 | gmaxwell: | [OT] http://torrentfreak.com/elsevier-cracks-down-on-pirated-scientific-articles-150609/ in which Elsevier complains about libgen challenging their ability to censor data online, "As a result, its repository of illegally obtained content poses a threat to both quality journal publishing and to public health and safety" |
00:40:22 | Taek: | were there really 300,000 nodes at one point? That seems so strange to me |
00:40:57 | gmaxwell: | no, thats probably overcounting dynamic IPs. |
00:41:08 | gmaxwell: | there were on the order of 80k reachable I believe though. |
01:00:03 | moa: | elsevier is worried about "consumer protection" like the NYDFS is worried about consumer protection |
01:00:26 | frankenmint: | moa: I read that and thought "LOL TPP" |
01:00:47 | frankenmint: | sadly |
01:03:57 | gmaxwell: | It's not unique to elsevier, I wrote about this problem of journals, museums, and libraries turning themselves into censors because suppressing information is pretty much the only element of curation that more traditional instutions can clearly do in a fundimentally better way than newer approaches. |
01:05:37 | ajweiss: | the relationship between science and funding is starting to really show its age |
01:07:17 | frankenmint: | gmaxwell: the unintended consequence is ip theft, but at the same time ip law is based on rules set around the mid 19th century |
01:07:38 | frankenmint: | archaic and certainly never considered in the context of digital instantaneously available information |
01:08:02 | akstunt600: | IP just doesnt "fit" into the direction things are moving |
01:08:08 | moa: | ajweiss: we need a new model ... Scicoin? |
01:08:11 | akstunt600: | i dont think anyone can really change that |
01:08:44 | frankenmint: | moa: akstunt600 at this point we're talking revolution is the only way to make changes to that clusterfuck |
01:09:09 | frankenmint: | because its 'powers at will' enforcing old rules to enforce ip law |
01:09:11 | akstunt600: | Well everyday that goes by whil the government remains the same puts us closer |
01:09:23 | akstunt600: | Tech will outpace government |
01:09:30 | akstunt600: | already is |
01:10:08 | frankenmint: | its not govt |
01:10:14 | frankenmint: | its private enterprise doing this |
01:10:17 | ajweiss: | moa: if anyone can ever write a program that can determine the value of an academic work, i'd be really impressed... especially considering "the value of an academic work" is largely undefined |
01:10:33 | akstunt600: | frankenmint, by way of the government rules and regs |
01:10:38 | akstunt600: | its complicit system |
01:10:42 | akstunt600: | a^ |
01:11:24 | frankenmint: | ahh yes :/ |
01:11:45 | ajweiss: | although, heh, it would be a pretty fun project to try and train a machine to spot papers with screwed up statistics |
01:11:50 | frankenmint: | ajweiss: that's called technological singularity |
01:11:52 | moa: | ajweiss: altcoins don't need a verifiable value basis for another chain ... |
01:12:10 | moa: | just a vague idea and a cute name seems to work fine |
01:12:13 | frankenmint: | i mean in my opinion that is what happens |
01:12:44 | akstunt600: | The recent fraud in Pharma with regards too academics works is an example of the brokeness |
01:12:52 | akstunt600: | its completely not working the way it is already |
01:12:59 | frankenmint: | fun quick find from this talking: http://en.wikipedia.org/wiki/Robot_Scientist |
01:13:37 | akstunt600: | hehe thats cool |
01:13:37 | ajweiss: | pharma gets even more complicated |
01:13:42 | moa: | oh wait, we could monetise citation ratings in an altcoin ... make it more corrupt than it already is |
01:14:10 | ajweiss: | with all it's weird incentives. even just the system for determining merit and awarding grant funds in basic biology is a mess... |
01:14:34 | ajweiss: | the gatekeepers are basically employees of elsevier and nature |
01:14:36 | frankenmint: | lets have a thought experiment: can a volunteerism FOSS exclusive society succeed over existing systems? |
01:14:56 | frankenmint: | ajweiss: lexusnexus also comes to mind |
01:15:03 | akstunt600: | heh |
01:15:12 | moa: | proof of work is abit like publish or perish |
01:15:32 | ajweiss: | for example: a paper in nature or science is estimated to be worth just over a million in grant funds |
01:16:36 | akstunt600: | with the proper incentives a gofundme or kickstarter might work well |
01:16:41 | akstunt600: | its an already proven thing |
01:16:56 | akstunt600: | Facebook should have been on this way back in the day |
01:16:58 | akstunt600: | lol |
01:18:26 | ajweiss: | problem with crowdfunding is that it rewards charlatans... but how can you ever really know who the charlatans really are? |
01:18:33 | TD-Linux: | gmaxwell, oh no it's sciencedirect |
01:18:52 | frankenmint: | I ignore crowdfunding for that reason ajweiss |
01:19:01 | frankenmint: | til of star citizen, never even heard of it |
01:41:47 | bramc: | gmaxwell, 'bleak' is right |
01:42:37 | bramc: | Did the great firewall start blocking bitcoin? Did china make it illegal? Is there a barely-connected bitcoin network sitting within China? |
01:46:48 | bramc: | Does anybody know if ZK-based proof of time scheme (which would hence have good witness size) would be demonstrably canonical, assuming the security assumptions held up? |
02:59:57 | Adlai`: | Adlai` is now known as adlai |
04:39:34 | www: | hey guys |
04:39:54 | www: | what do you think of BitAlias? https://medium.com/@yanislav/bitalias-7b66bffed9d8 |
06:38:29 | wallet421: | wallet421 is now known as wallet42 |
07:58:06 | fanquake: | fanquake has left #bitcoin-wizards |
08:05:17 | barjavel.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
08:05:17 | barjavel.freenode.net: | Users on #bitcoin-wizards: andy-logbot orperelman CoinMuncher priidu hashtag jae_ damethos bosma s1w- hktud0 jtimon p15x kyuupichan catlasshrugged antanst NewLiberty wallet42 ThomasV cryptowest_ elastoma Iriez www cornus_ammonis p15 TheSeven shesek adlai poggy joecool Dr-G2 PRab moa d1ggy_ akstunt600 justanotheruser PaulCapestany pollux-bts ttttemp sparetire_ mikolalysenko lnovy HM Starduster shen_noe Tebbo spinza robogoat akrmn adam3us jouke Emcy dansmith_btc hayek |
08:05:17 | barjavel.freenode.net: | Users on #bitcoin-wizards: gielbier tucenaber heath gmaxwell dc17523be3 tromp Relos c0rw|zZz metamarc LeMiner pgokeeffe catcow btcdrak Xzibit17 prosodyContext vonzipper adams__ michagogo dasource yrashk mariorz CryptoGoon mappum CryptOprah artifexd Muis runeks kumavis platinuum jbenet fenn bliljerk101 Guest53541 phantomcircuit Madars sipa yorick jmcn mm_1 waxwing melvster tromp_ Pan0ram1x sneak go1111111 sadoshi gwillen amiller fluffypony livegnik mountaingoat a5m0 |
08:05:18 | barjavel.freenode.net: | Users on #bitcoin-wizards: Apocalyptic triazo wiz wumpus ebfull EasyAt Alanius iddo maaku koshii Luke-Jr MoALTz bedeho2 forrestv theymos ircLuigi rustyn Taek zmachine AlexStraunoff luny midnightmagic antgreen copumpkin Tiraspol null_radix helo smooth grandmaster lmatteis narwh4l thrasher` otoburb Keefe weex pigeons sturles nephyrin dgenr8 [d__d] rasengan berndj harrow STRML qawap lclc mengine superobserver wizkid057 stonecoldpat Meeh davout jessepollak huseby espes |
08:05:18 | barjavel.freenode.net: | Users on #bitcoin-wizards: GreenIsMyPepper Logicwax CodeShark veox yoleaux comboy stevenroose kinlo sl01 gavinandresen nickler cdecker jrayhawk K1773R ggreer Hunger- isis bsm117532 harrigan andytoshi scoria brand0 larraboj gnusha nsh jonasschnelli leakypat epscy lmacken cfields Krellan coryfields kanzure azariah warptangent TD-Linux crescend1 Zouppen _whitelogger binaryatrocity BananaLotus optimator Eliel mr_burdell throughnothing_ Fistful_of_Coins Jaamg xabbix dignork |
08:05:18 | barjavel.freenode.net: | Users on #bitcoin-wizards: petertodd richardus afdudley SwedFTP guruvan ajweiss nanotube warren BrainOverfl0w @ChanServ AdrianG Anduck BlueMatt starsoccer d9b4bef9 gribble ryan-c indolering Graet jaromil [ace] merlincorey morcos roasbeef eric sdaftuar |
08:50:55 | c0rw|zZz: | c0rw|zZz is now known as c0rw1n |
10:14:41 | s1w-: | s1w- is now known as s1w |
10:59:49 | justanot1eruser: | justanot1eruser is now known as justanotheruser |
11:52:21 | waxwing: | so would it be fair to say that this: H = to_point(SHA256(ENCODE(G))) is basically functioning as a NUMS ? |
11:59:40 | sipa: | yes |
11:59:59 | sipa: | any nums used as X ciordinate would do |
12:00:51 | waxwing: | or maybe satoshi deliberately chose secp256k1 and sha256 for this purpose :)) |
12:59:35 | nsh: | NUMS? |
13:02:27 | waxwing: | nsh: nothing up my sleeve number |
13:05:39 | nsh: | ah, right |
13:15:47 | antanst: | antanst has left #bitcoin-wizards |
14:09:50 | Guyver2_: | Guyver2_ is now known as Guyver2 |
17:35:18 | waxwing: | "In this scheme, rather than having kG = sG + exG" <-- from 2.2 of borromean paper, shouldn't that be minus? |
17:35:52 | andytoshi: | waxwing: they are equivalent |
17:36:01 | andytoshi: | only rule is that it should be consistent through the whole paper.. |
17:36:07 | waxwing: | :) |
17:37:05 | andytoshi: | damn, i think that paragraph is inconsistent with the rest of the paper tho :/ |
17:37:18 | waxwing: | the hobgoblin of little minds |
17:41:30 | andytoshi: | thx for reading so carefully, i fixed it locally, it will appear in the next public push |
17:49:43 | c0rw1n: | c0rw1n is now known as c0rw|away |
18:38:09 | kanzure: | http://blog.silentsignal.eu/2015/06/10/poisonous-md5-wolves-among-the-sheep/ |
18:38:24 | kanzure: | https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf |
18:39:19 | narwh4l: | "mystery: |
18:40:02 | narwh4l: | Duqu is definitely NSA, I think it was mentioned in one of the public docs |
18:41:07 | narwh4l: | Anyway, ruskies will always be decent hackers and I'm glad Kaspersky is around |
18:41:16 | kmels: | kmels is now known as kmels_ |
18:41:20 | kmels_: | kmels_ is now known as kmels |
20:16:51 | shen_noe: | gmaxwell, how does your to_point function work? https://people.xiph.org/~greg/confidential_values.txt |
20:16:59 | antanst: | antanst has left #bitcoin-wizards |
20:18:06 | sipa: | shen_noe: interpret the argument as serialized X coordinate, compute the corresponding even Y coordinate to make it lie on the curve, and return the resulting point |
20:20:02 | shen_noe: | ahh, ok that makes more sense than to_point = take an integer and multiply it by the basepoint |
20:20:08 | shen_noe: | lol |
20:21:24 | gmaxwell: | I updated the text file to clarify this. |
20:23:30 | shen_noe: | thanks, it was probably clear enough I was just thinking different ways to get H from a hash |
20:24:54 | gmaxwell: | shen_noe: you're the second person who'd raised the concern, in fact. and the xG approach is the one thing that you cannot do or it totally breaks the security of the scheme. :) |
20:50:29 | wallet42: | sipa: does every X has a Y in the curve order? |
20:51:27 | sipa: | no, 1 in 2 |
20:51:43 | sipa: | because every point has a negation which has the same X but opposite Y |
20:52:03 | sipa: | and there are around 2^256 coordinates and around 2^256 points |
21:08:24 | shen_noe: | if I combine ct and coinjoin / coinswap in one transaction, does each input need its own ring sig to obscure the amount? |
21:09:19 | sipa: | ring signatures are not used to obscure the amounts; pedersen commitments are used for that |
21:09:36 | sipa: | the ring signatures are used internally in the range proof of each output, to prove that the value is not negative |
21:09:58 | sipa: | this is independent of coinjoin or anything; every confidential output needs a range proof |
21:11:44 | shen_noe: | so one output = one ring sig? |
21:12:26 | sipa: | there is one ring singature per *bit* in the range proof |
21:12:38 | sipa: | so there are typically 32 per confidential output |
21:12:58 | sipa: | though all ring signatures are combined as a single borromean ring signature |
21:14:04 | shen_noe: | sipa thanks for the explanation |
21:22:51 | shen_noe: | ahh... what I meant about each input in the coinjoin, actually was thinking of something like a darkcoin setup where coinjoin is accomplished roughly by sending your coins to a masternode, and then getting them back, so transaction sent to the masternode would have one ring sig |
21:23:17 | sipa: | shen_noe: the *outputs* have ring sigs, not the transactions |
21:23:35 | sipa: | coinjoin just combines multiple outputs and inputs from different participants |
21:24:24 | sipa: | everyone just create their inputs and outputs (with blinded values and range proofs), and then they get combined, and then everyone signs off on the resulting combined transactions |
21:26:06 | shen_noe: | output is part of the transaction no? I was thinking of a scenario where coins are periodically mixed |
21:26:57 | sipa: | yes |
21:27:11 | sipa: | the scenario doesn't matter |
21:27:33 | sipa: | you have a bunch of people who create non-signed transactions, each with inputs and outputs |
21:27:53 | sipa: | coinjoin creates a joint non-signed transactions with all inputs from everyone and all outputs from everyone |
21:27:56 | shen_noe: | well, it kind of does, how many coinjoins transactions do I have to do to be anonymous |
21:28:00 | sipa: | then everyone signs off on the results |
21:28:25 | sipa: | i think you're confused |
21:28:29 | shen_noe: | say I have to do 1 coinjoin every 24 hours |
21:29:21 | sipa: | in the outputs of the to-be-coinjoined-transactions you create, you already have range proogs |
21:29:25 | sipa: | coinjoin does not touch them |
21:29:38 | sipa: | the whole question is orthogonal to coinjoin |
21:30:26 | sipa: | does every participant need its own ring rig? yes, and even one per bit of the range proof in each of the outputs created by each of the participants |
21:32:57 | shen_noe: | right, I get that it's orthogonal to coinjoin.. I'm just wondering for example, if I implement ct in dash/dark and my coins are periodically sent to a masternode.. now ct adds a bit of space, and all these mixing transactions now each have a ring sig |
21:33:27 | sipa: | the size is 2.5 kilobytes per output |
21:33:38 | sipa: | doesn't matter whether those outputs are touched by coinjoin or not |
21:35:26 | shen_noe: | so e.g. 2 to 8 rounds of mixing times 2.5 kb per each mix |
21:35:44 | shen_noe: | accumulated blockchain size is 2 to 8 x 2.5 kb? |
21:36:56 | sipa: | i think you're confused |
21:37:26 | shen_noe: | possibly |
21:37:29 | shen_noe: | * shen_noe goes to read more |
21:37:32 | sipa: | coinjoin does not create transactions |
21:37:40 | sipa: | maybe you have some higher level mixing on top |
21:37:58 | sipa: | coinjoin just joins multiple transactions together to obscure which inputs and outputs are related |
21:38:39 | shen_noe: | yes, that's what I'm thinking of ofc coinjoin does not creeate transactions |
21:38:53 | shen_noe: | mixing on top is what I mean here |
21:39:01 | sipa: | then do your homework :) |
21:39:02 | shen_noe: | (since that's where I've seen coinjoin in the wild) |
21:39:29 | sipa: | confidential transactions have 2.5 kilobyte per output, regardless of where that output came from |
21:39:39 | shen_noe: | yep. |
21:40:07 | shen_noe: | so know, let's suppose I implement a privacy coin |
21:40:16 | shen_noe: | ofc I could let people manually coinjoin |
21:40:34 | shen_noe: | but that might be inconvenient for them |
21:41:08 | shen_noe: | so now I do masternodes or whatever, mixing on top (accomplished via some coinjoin's / coinswaps whatever) |
21:41:56 | shen_noe: | now each mix the masternodes do has 2.5 kb per output |
21:42:03 | sipa: | no time for this now, sorry |
21:42:04 | sipa: | sipa has left #bitcoin-wizards |
21:42:10 | shen_noe: | thx for discussion |
21:51:51 | gmaxwell: | 14:12 < sipa> there is one ring singature per *bit* in the range proof |
21:52:01 | gmaxwell: | well technically one ring per pair of bits. :) |
22:09:05 | punsieve: | punsieve has left #bitcoin-wizards |
22:54:49 | andytoshi: | shen_noe: i can take over from sipa if you have more questions, tho i don't have a lot of time.. |
22:55:46 | andytoshi: | oh, never mind, i hadn't read to the bottom :) no darkcoin stuff please, check out https://bitcoin.stackexchange.com/a/29473 for discussion of anonymity tech |
22:59:08 | c0rw|away: | c0rw|away is now known as c0rw|timetravl |
23:16:28 | c0rw|timetravl: | c0rw|timetravl is now known as c0rw1n |