00:05:45zooko:This is good enough that I want to port it into -wizards from twitter: https://twitter.com/zooko/status/608423673616343040
00:06:41frankenmint:thx
00:07:34kanzure:.tw
00:07:35yoleaux:Outstanding post by @JeremyRubin: Eight urgent issues in Bitcoin which are more important than block size. https://twitter.com/JeremyRubin/status/608421368674328576 (@zooko)
00:07:46kanzure:.tw https://twitter.com/JeremyRubin/status/608421368674328576
00:07:46yoleaux:I just put out a blog post on some other things to talk about other than block size https://medium.com/@jeremyrubin/8-problems-with-bitcoin-to-solve-before-block-size-6b4d35e0c6f9 #bitcoin (@JeremyRubin)
00:07:46fenn:the tweet is a link to https://medium.com/@jeremyrubin/8-problems-with-bitcoin-to-solve-before-block-size-6b4d35e0c6f9
00:07:57kanzure:gah
00:10:57frankenmint:reading the first concern is setting the tone of skepticism I hold for the remaining 7 problems to read about
00:11:30frankenmint:"This is more important than block size because, while it would be nice to support all of humanity’s transactional volume in Bitcoin, it is meaningless if that information can easily be stolen as we’ve seen with the numerous data breaches over the last few years or if that information can be weaponized against the population." <
00:15:18gmaxwell:frankenmint: there is another way to also think about this that I'm surprised that no one has caught on.
00:16:44gmaxwell:frankenmint: to the extent that we have extra capacity available (in terms of bandwidth and CPU cycles relative to software/protocol performance)-- it's not clear that we do have an excess, but assuming we do-- that excess can be used in many ways. It can be conserved, which can allow for more decenteralization, it can be spent to increase scale, it can be spent to increase privacy, it can be s
00:16:50gmaxwell:pent to increase flexibility, or it can be spent on a mixture of these things.
00:17:25gmaxwell:I agree that if there is an excess some of it should be spent on just increasing throughput. But how much? Well that depends on the other things that were forgoing by spending more of it on throughput.
00:20:02frankenmint:you mean having excess hardware on standby that only turns on if X-transactions sit in uxto?
00:20:10frankenmint:to relay trx?
00:20:48gmaxwell:No, I mean the ability of the network to support a particular amount of transaction capacity without people shutting off nodes due to their operating costs.
00:20:51gmaxwell:someone on BCT last night sent me this image, ... bitcoin node counts over time, though the general data isn't new to me (and I don't know the specifics of their methology); it paints a pretty bleak picture about our levels of excess capacity: https://i.imgur.com/EL0zHRe.jpg
00:22:01frankenmint:since we're sharing, here's a graph of analysis that luke-jr compiled using existing block data
00:22:02frankenmint:http://jsfiddle.net/r5swbpp8/1/embedded/result/
00:22:17frankenmint:taken from here http://www.reddit.com/r/Bitcoin/comments/38giar/analysis_graphs_of_block_sizes/
00:25:40frankenmint:that sharp drop between may and septermber makes no sense
00:26:21frankenmint:whatsup w/ that china data I think that's incorrect info
00:26:42gmaxwell:some of that is incorrect, no doubt.
00:27:07frankenmint:should be topsy turvy w/ heavier china influence in september
00:27:30frankenmint:ill look around for that on bct to read into more context, thx for sharing!
00:27:50gmaxwell:frankenmint: but through the end of 2012 into 2013 the blockchain grew tremendously due to a single service flooding the chain with tiny transactions. It went from a couple hours to sync the net for most people to days for many.
00:32:09gmaxwell:[OT] http://torrentfreak.com/elsevier-cracks-down-on-pirated-scientific-articles-150609/ in which Elsevier complains about libgen challenging their ability to censor data online, "As a result, its repository of illegally obtained content poses a threat to both quality journal publishing and to public health and safety"
00:40:22Taek:were there really 300,000 nodes at one point? That seems so strange to me
00:40:57gmaxwell:no, thats probably overcounting dynamic IPs.
00:41:08gmaxwell:there were on the order of 80k reachable I believe though.
01:00:03moa:elsevier is worried about "consumer protection" like the NYDFS is worried about consumer protection
01:00:26frankenmint:moa: I read that and thought "LOL TPP"
01:00:47frankenmint:sadly
01:03:57gmaxwell:It's not unique to elsevier, I wrote about this problem of journals, museums, and libraries turning themselves into censors because suppressing information is pretty much the only element of curation that more traditional instutions can clearly do in a fundimentally better way than newer approaches.
01:05:37ajweiss:the relationship between science and funding is starting to really show its age
01:07:17frankenmint:gmaxwell: the unintended consequence is ip theft, but at the same time ip law is based on rules set around the mid 19th century
01:07:38frankenmint:archaic and certainly never considered in the context of digital instantaneously available information
01:08:02akstunt600:IP just doesnt "fit" into the direction things are moving
01:08:08moa:ajweiss: we need a new model ... Scicoin?
01:08:11akstunt600:i dont think anyone can really change that
01:08:44frankenmint:moa: akstunt600 at this point we're talking revolution is the only way to make changes to that clusterfuck
01:09:09frankenmint:because its 'powers at will' enforcing old rules to enforce ip law
01:09:11akstunt600:Well everyday that goes by whil the government remains the same puts us closer
01:09:23akstunt600:Tech will outpace government
01:09:30akstunt600:already is
01:10:08frankenmint:its not govt
01:10:14frankenmint:its private enterprise doing this
01:10:17ajweiss:moa: if anyone can ever write a program that can determine the value of an academic work, i'd be really impressed... especially considering "the value of an academic work" is largely undefined
01:10:33akstunt600:frankenmint, by way of the government rules and regs
01:10:38akstunt600:its complicit system
01:10:42akstunt600:a^
01:11:24frankenmint:ahh yes :/
01:11:45ajweiss:although, heh, it would be a pretty fun project to try and train a machine to spot papers with screwed up statistics
01:11:50frankenmint:ajweiss: that's called technological singularity
01:11:52moa:ajweiss: altcoins don't need a verifiable value basis for another chain ...
01:12:10moa:just a vague idea and a cute name seems to work fine
01:12:13frankenmint:i mean in my opinion that is what happens
01:12:44akstunt600:The recent fraud in Pharma with regards too academics works is an example of the brokeness
01:12:52akstunt600:its completely not working the way it is already
01:12:59frankenmint:fun quick find from this talking: http://en.wikipedia.org/wiki/Robot_Scientist
01:13:37akstunt600:hehe thats cool
01:13:37ajweiss:pharma gets even more complicated
01:13:42moa:oh wait, we could monetise citation ratings in an altcoin ... make it more corrupt than it already is
01:14:10ajweiss:with all it's weird incentives. even just the system for determining merit and awarding grant funds in basic biology is a mess...
01:14:34ajweiss:the gatekeepers are basically employees of elsevier and nature
01:14:36frankenmint:lets have a thought experiment: can a volunteerism FOSS exclusive society succeed over existing systems?
01:14:56frankenmint:ajweiss: lexusnexus also comes to mind
01:15:03akstunt600:heh
01:15:12moa:proof of work is abit like publish or perish
01:15:32ajweiss:for example: a paper in nature or science is estimated to be worth just over a million in grant funds
01:16:36akstunt600:with the proper incentives a gofundme or kickstarter might work well
01:16:41akstunt600:its an already proven thing
01:16:56akstunt600:Facebook should have been on this way back in the day
01:16:58akstunt600:lol
01:18:26ajweiss:problem with crowdfunding is that it rewards charlatans... but how can you ever really know who the charlatans really are?
01:18:33TD-Linux:gmaxwell, oh no it's sciencedirect
01:18:52frankenmint:I ignore crowdfunding for that reason ajweiss
01:19:01frankenmint:til of star citizen, never even heard of it
01:41:47bramc:gmaxwell, 'bleak' is right
01:42:37bramc:Did the great firewall start blocking bitcoin? Did china make it illegal? Is there a barely-connected bitcoin network sitting within China?
01:46:48bramc:Does anybody know if ZK-based proof of time scheme (which would hence have good witness size) would be demonstrably canonical, assuming the security assumptions held up?
02:59:57Adlai`:Adlai` is now known as adlai
04:39:34www:hey guys
04:39:54www:what do you think of BitAlias? https://medium.com/@yanislav/bitalias-7b66bffed9d8
06:38:29wallet421:wallet421 is now known as wallet42
07:58:06fanquake:fanquake has left #bitcoin-wizards
08:05:17barjavel.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:17barjavel.freenode.net:Users on #bitcoin-wizards: andy-logbot orperelman CoinMuncher priidu hashtag jae_ damethos bosma s1w- hktud0 jtimon p15x kyuupichan catlasshrugged antanst NewLiberty wallet42 ThomasV cryptowest_ elastoma Iriez www cornus_ammonis p15 TheSeven shesek adlai poggy joecool Dr-G2 PRab moa d1ggy_ akstunt600 justanotheruser PaulCapestany pollux-bts ttttemp sparetire_ mikolalysenko lnovy HM Starduster shen_noe Tebbo spinza robogoat akrmn adam3us jouke Emcy dansmith_btc hayek
08:05:17barjavel.freenode.net:Users on #bitcoin-wizards: gielbier tucenaber heath gmaxwell dc17523be3 tromp Relos c0rw|zZz metamarc LeMiner pgokeeffe catcow btcdrak Xzibit17 prosodyContext vonzipper adams__ michagogo dasource yrashk mariorz CryptoGoon mappum CryptOprah artifexd Muis runeks kumavis platinuum jbenet fenn bliljerk101 Guest53541 phantomcircuit Madars sipa yorick jmcn mm_1 waxwing melvster tromp_ Pan0ram1x sneak go1111111 sadoshi gwillen amiller fluffypony livegnik mountaingoat a5m0
08:05:18barjavel.freenode.net:Users on #bitcoin-wizards: Apocalyptic triazo wiz wumpus ebfull EasyAt Alanius iddo maaku koshii Luke-Jr MoALTz bedeho2 forrestv theymos ircLuigi rustyn Taek zmachine AlexStraunoff luny midnightmagic antgreen copumpkin Tiraspol null_radix helo smooth grandmaster lmatteis narwh4l thrasher` otoburb Keefe weex pigeons sturles nephyrin dgenr8 [d__d] rasengan berndj harrow STRML qawap lclc mengine superobserver wizkid057 stonecoldpat Meeh davout jessepollak huseby espes
08:05:18barjavel.freenode.net:Users on #bitcoin-wizards: GreenIsMyPepper Logicwax CodeShark veox yoleaux comboy stevenroose kinlo sl01 gavinandresen nickler cdecker jrayhawk K1773R ggreer Hunger- isis bsm117532 harrigan andytoshi scoria brand0 larraboj gnusha nsh jonasschnelli leakypat epscy lmacken cfields Krellan coryfields kanzure azariah warptangent TD-Linux crescend1 Zouppen _whitelogger binaryatrocity BananaLotus optimator Eliel mr_burdell throughnothing_ Fistful_of_Coins Jaamg xabbix dignork
08:05:18barjavel.freenode.net:Users on #bitcoin-wizards: petertodd richardus afdudley SwedFTP guruvan ajweiss nanotube warren BrainOverfl0w @ChanServ AdrianG Anduck BlueMatt starsoccer d9b4bef9 gribble ryan-c indolering Graet jaromil [ace] merlincorey morcos roasbeef eric sdaftuar
08:50:55c0rw|zZz:c0rw|zZz is now known as c0rw1n
10:14:41s1w-:s1w- is now known as s1w
10:59:49justanot1eruser:justanot1eruser is now known as justanotheruser
11:52:21waxwing:so would it be fair to say that this: H = to_point(SHA256(ENCODE(G))) is basically functioning as a NUMS ?
11:59:40sipa:yes
11:59:59sipa:any nums used as X ciordinate would do
12:00:51waxwing:or maybe satoshi deliberately chose secp256k1 and sha256 for this purpose :))
12:59:35nsh:NUMS?
13:02:27waxwing:nsh: nothing up my sleeve number
13:05:39nsh:ah, right
13:15:47antanst:antanst has left #bitcoin-wizards
14:09:50Guyver2_:Guyver2_ is now known as Guyver2
17:35:18waxwing:"In this scheme, rather than having kG = sG + exG" <-- from 2.2 of borromean paper, shouldn't that be minus?
17:35:52andytoshi:waxwing: they are equivalent
17:36:01andytoshi:only rule is that it should be consistent through the whole paper..
17:36:07waxwing::)
17:37:05andytoshi:damn, i think that paragraph is inconsistent with the rest of the paper tho :/
17:37:18waxwing:the hobgoblin of little minds
17:41:30andytoshi:thx for reading so carefully, i fixed it locally, it will appear in the next public push
17:49:43c0rw1n:c0rw1n is now known as c0rw|away
18:38:09kanzure:http://blog.silentsignal.eu/2015/06/10/poisonous-md5-wolves-among-the-sheep/
18:38:24kanzure:https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf
18:39:19narwh4l:"mystery:
18:40:02narwh4l:Duqu is definitely NSA, I think it was mentioned in one of the public docs
18:41:07narwh4l:Anyway, ruskies will always be decent hackers and I'm glad Kaspersky is around
18:41:16kmels:kmels is now known as kmels_
18:41:20kmels_:kmels_ is now known as kmels
20:16:51shen_noe:gmaxwell, how does your to_point function work? https://people.xiph.org/~greg/confidential_values.txt
20:16:59antanst:antanst has left #bitcoin-wizards
20:18:06sipa:shen_noe: interpret the argument as serialized X coordinate, compute the corresponding even Y coordinate to make it lie on the curve, and return the resulting point
20:20:02shen_noe:ahh, ok that makes more sense than to_point = take an integer and multiply it by the basepoint
20:20:08shen_noe:lol
20:21:24gmaxwell:I updated the text file to clarify this.
20:23:30shen_noe:thanks, it was probably clear enough I was just thinking different ways to get H from a hash
20:24:54gmaxwell:shen_noe: you're the second person who'd raised the concern, in fact. and the xG approach is the one thing that you cannot do or it totally breaks the security of the scheme. :)
20:50:29wallet42:sipa: does every X has a Y in the curve order?
20:51:27sipa:no, 1 in 2
20:51:43sipa:because every point has a negation which has the same X but opposite Y
20:52:03sipa:and there are around 2^256 coordinates and around 2^256 points
21:08:24shen_noe:if I combine ct and coinjoin / coinswap in one transaction, does each input need its own ring sig to obscure the amount?
21:09:19sipa:ring signatures are not used to obscure the amounts; pedersen commitments are used for that
21:09:36sipa:the ring signatures are used internally in the range proof of each output, to prove that the value is not negative
21:09:58sipa:this is independent of coinjoin or anything; every confidential output needs a range proof
21:11:44shen_noe:so one output = one ring sig?
21:12:26sipa:there is one ring singature per *bit* in the range proof
21:12:38sipa:so there are typically 32 per confidential output
21:12:58sipa:though all ring signatures are combined as a single borromean ring signature
21:14:04shen_noe:sipa thanks for the explanation
21:22:51shen_noe:ahh... what I meant about each input in the coinjoin, actually was thinking of something like a darkcoin setup where coinjoin is accomplished roughly by sending your coins to a masternode, and then getting them back, so transaction sent to the masternode would have one ring sig
21:23:17sipa:shen_noe: the *outputs* have ring sigs, not the transactions
21:23:35sipa:coinjoin just combines multiple outputs and inputs from different participants
21:24:24sipa:everyone just create their inputs and outputs (with blinded values and range proofs), and then they get combined, and then everyone signs off on the resulting combined transactions
21:26:06shen_noe:output is part of the transaction no? I was thinking of a scenario where coins are periodically mixed
21:26:57sipa:yes
21:27:11sipa:the scenario doesn't matter
21:27:33sipa:you have a bunch of people who create non-signed transactions, each with inputs and outputs
21:27:53sipa:coinjoin creates a joint non-signed transactions with all inputs from everyone and all outputs from everyone
21:27:56shen_noe:well, it kind of does, how many coinjoins transactions do I have to do to be anonymous
21:28:00sipa:then everyone signs off on the results
21:28:25sipa:i think you're confused
21:28:29shen_noe:say I have to do 1 coinjoin every 24 hours
21:29:21sipa:in the outputs of the to-be-coinjoined-transactions you create, you already have range proogs
21:29:25sipa:coinjoin does not touch them
21:29:38sipa:the whole question is orthogonal to coinjoin
21:30:26sipa:does every participant need its own ring rig? yes, and even one per bit of the range proof in each of the outputs created by each of the participants
21:32:57shen_noe:right, I get that it's orthogonal to coinjoin.. I'm just wondering for example, if I implement ct in dash/dark and my coins are periodically sent to a masternode.. now ct adds a bit of space, and all these mixing transactions now each have a ring sig
21:33:27sipa:the size is 2.5 kilobytes per output
21:33:38sipa:doesn't matter whether those outputs are touched by coinjoin or not
21:35:26shen_noe:so e.g. 2 to 8 rounds of mixing times 2.5 kb per each mix
21:35:44shen_noe:accumulated blockchain size is 2 to 8 x 2.5 kb?
21:36:56sipa:i think you're confused
21:37:26shen_noe:possibly
21:37:29shen_noe:* shen_noe goes to read more
21:37:32sipa:coinjoin does not create transactions
21:37:40sipa:maybe you have some higher level mixing on top
21:37:58sipa:coinjoin just joins multiple transactions together to obscure which inputs and outputs are related
21:38:39shen_noe:yes, that's what I'm thinking of ofc coinjoin does not creeate transactions
21:38:53shen_noe:mixing on top is what I mean here
21:39:01sipa:then do your homework :)
21:39:02shen_noe:(since that's where I've seen coinjoin in the wild)
21:39:29sipa:confidential transactions have 2.5 kilobyte per output, regardless of where that output came from
21:39:39shen_noe:yep.
21:40:07shen_noe:so know, let's suppose I implement a privacy coin
21:40:16shen_noe:ofc I could let people manually coinjoin
21:40:34shen_noe:but that might be inconvenient for them
21:41:08shen_noe:so now I do masternodes or whatever, mixing on top (accomplished via some coinjoin's / coinswaps whatever)
21:41:56shen_noe:now each mix the masternodes do has 2.5 kb per output
21:42:03sipa:no time for this now, sorry
21:42:04sipa:sipa has left #bitcoin-wizards
21:42:10shen_noe:thx for discussion
21:51:51gmaxwell:14:12 < sipa> there is one ring singature per *bit* in the range proof
21:52:01gmaxwell:well technically one ring per pair of bits. :)
22:09:05punsieve:punsieve has left #bitcoin-wizards
22:54:49andytoshi:shen_noe: i can take over from sipa if you have more questions, tho i don't have a lot of time..
22:55:46andytoshi:oh, never mind, i hadn't read to the bottom :) no darkcoin stuff please, check out https://bitcoin.stackexchange.com/a/29473 for discussion of anonymity tech
22:59:08c0rw|away:c0rw|away is now known as c0rw|timetravl
23:16:28c0rw|timetravl:c0rw|timetravl is now known as c0rw1n