| 00:04:51 | bramc: | mrkent, frequently gmaxwell walks off because he has work to do. These sorts of discussions are things he's a bit sick of so they take low priority |
| 00:05:13 | bramc: | mrkent, Giving a high transaction fee on your transaction is exactly the same thing as 'paying off' a miner to take it faster. |
| 00:08:29 | mrkent: | bramc: heh, ya i know. was kidding |
| 00:12:41 | mrkent: | my final point does stand though if anyone else interested: Higher transaction count network is more valuable than lower transaction count network, thus miners would be compensated higher in the high value network. |
| 00:15:07 | gwillen: | gwillen is now known as Guest57539 |
| 00:15:38 | bramc: | mrkent, That's completely dependent on the number of potential buyers and how much they're willing to pay. It's regular monopoly pricing stuff http://econpage.com/201/handouts/pricing/ |
| 00:17:46 | mrkent: | In what scenario is a low transaction limit network more valuable than a high one? |
| 00:18:18 | psgs_: | psgs_ is now known as psgs |
| 00:18:49 | bramc: | mrkent, If there's one person who's willing to pay $1 million for a transaction, and 99 others who are willing to pay $1 each, then if you set the number of transactions at 100 you get $100 but if you set it at one you get $1 million |
| 00:20:21 | mrkent: | why wouldnt u get 1m + 100 at 100 txs |
| 00:21:09 | mrkent: | And why would that guy pay $1m when everyone else is paying $1? It's a transparent marketplace |
| 00:24:22 | bramc: | mrkent, Because it's an iterated game where everyone doing transactions can see the market price, so they'll all wind up paying about the same amount |
| 00:25:14 | bramc: | Oh you said that already, sorry. If you only let one transaction through then it isn't the case that everybody else is paying $1, what happens is that 'everybody else' is paying $1 million, because there aren't any other everybody elses |
| 00:25:40 | bramc: | Maybe I should have included an additional person willing to pay $1 million to avoid a fencepost error, because an auction is second price instead of first price. |
| 00:26:36 | gwollon: | gwollon is now known as gwillen |
| 00:28:08 | phantomcircuit: | We can probably get consensus around 1mb :-P |
| 00:28:09 | mrkent: | Right, so question of block size is really to answer where this supply/demand curve cross |
| 00:28:11 | phantomcircuit: | ++ |
| 00:28:46 | bramc: | mrkent, The supply curve is flat, it's the block size |
| 00:30:07 | phantomcircuit: | mrkent, the question is fundamentally very simple really, how decentralized should the system be? |
| 00:30:49 | phantomcircuit: | if your answer is very then basic math says large blocks are a folly |
| 00:32:30 | phantomcircuit: | the economic value of your transaction must equal or exceed the networks total cost to process and store your transaction |
| 00:32:49 | phantomcircuit: | the most direct indication of the value of the transaction is the fees |
| 00:34:05 | phantomcircuit: | if fees are essentially zero (the inevitable result of continuously increasing the blocksize limits to meet demand) then the network almost certainly collapses to a small set of nodes which find economic value in bitcoin existing itself |
| 00:34:19 | phantomcircuit: | ie only exchanges run nodes |
| 00:34:28 | phantomcircuit: | that's pretty clearly not a desired outcome |
| 00:37:22 | bramc: | Only exchanges running nodes would probably result in the cost of BTC plummeting |
| 00:43:17 | dgenr8: | hihoo |
| 01:00:38 | c0rw1n: | c0rw1n is now known as c0rw|zZz |
| 01:24:48 | gmaxwell: | kanzure: I thought this link was good as general frame setting https://medium.com/@allenpiscitello/what-is-bitcoin-s-value-proposition-b7309be442e3 |
| 01:47:36 | frankenmint: | frankenmint has left #bitcoin-wizards |
| 02:15:16 | kanzure: | typetypetype |
| 02:15:26 | kanzure: | transcripts incoming |
| 02:56:21 | andytoshi: | andytoshi has left #bitcoin-wizards |
| 04:11:50 | gmaxwell: | Anyone have a good suggestion for getting transactions signed with fancy scripts that solver doesn't know how to sign? (I mean suggestions simpler than teaching the solver to sign for them) |
| 04:26:32 | PRab_: | PRab_ is now known as PRab |
| 05:19:14 | kanzure: | http://diyhpl.us/wiki/transcripts/bitcoin-sidechains-unchained-epicenter-adam3us-gmaxwell/ |
| 05:19:48 | gmaxwell: | oh wow, oh yea, adam talked about extension blocks in that somewhat. |
| 05:20:02 | kanzure: | just finished typing |
| 05:20:17 | kanzure: | (i had a break) |
| 05:28:00 | kanzure: | i was especially intrigued by the idea of locking down even soft-forks, that's quite the card to play |
| 05:31:13 | gmaxwell: | IMO it's more of a philosphical statement than a pratical one. I agree with its as a philosphy. there is also more to that that I think wasn't in the interview. |
| 05:31:47 | gmaxwell: | which is this idea we were calling evil forks at the time, and were intentionally not proposing (though they've since been independantly invented twice so I don't see any point in being quiet about them now) |
| 05:31:49 | kanzure: | i see; yeah i mean crippling our ability to do soft-forks is probably a lot of foot shooting, but is good philosophy. |
| 05:32:10 | gmaxwell: | which is that you can basically build a soft fork which makes a hardfork extension via an extension block but denies all other transactions. |
| 05:32:33 | gmaxwell: | which sort of highlights why at least at the limits softforks are bad too. |
| 05:33:09 | kanzure: | would it be too impossibly insane to require rule changes to also require sha256 variations |
| 05:33:12 | kanzure: | er.. uh.. |
| 05:33:25 | kanzure: | hm nevermind |
| 05:33:31 | kanzure: | the answer is yes |
| 05:34:15 | gmaxwell: | you can't really deny softforks in any case, not without heroic non-realistic crypto and such. or at least we've not though of a pratical way to. |
| 05:59:39 | Luke-Jr: | gmaxwell: I'm still somewhat planning a proposal for that; if for nothing other than merge-mining (doesn't need to touch block sizes - though it can if there's consensus for that) |
| 06:00:30 | Luke-Jr: | need to get a reference implementation done and make sure the wording is right first though |
| 06:00:57 | Luke-Jr: | (including a plan for solving people trying to activate it without consensus) |
| 08:05:13 | sendak.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:13 | sendak.freenode.net: | Users on #bitcoin-wizards: andy-logbot jtimon damethos ThomasV darwin_ Mably hktud0 antanst p15 p15x d1ggy cryptowest_ shen_noe zooko mjerr _biO_ PRab [7] xcthulhu Adlai Dr-G2 MoALTz_ gmaxwell ttttemp gwillen jrayhawk dgenr8 robogoat Tebbo waxwing metamarc Starduster hulkhogan_ Giszmo dc17523be3 sparetire_ lclc koshii Logicwax STRML kyuupichan catlasshrugged akstunt600 sl01 kanzure midnightmagic jmcn goregrind Luke-Jr spinza Iriez hashtag LeMiner joecool gielbier |
| 08:05:13 | sendak.freenode.net: | Users on #bitcoin-wizards: paveljanik fenn fanquake MrTratta bliljerk101 gnusha adam3us bedeho rustyn wizkid057 OneFixt SubCreative jgarzik maaku akrmn mariorz mikolalysenko Meeh justanotherusr devrandom Krellan bosma ajweiss Cory so cornusammonis sparetire s1w elastoma poggy PaulCapestany lnovy HM jouke Emcy dansmith_btc hayek heath tromp c0rw|zZz catcow btcdrak Xzibit17 prosodyContext vonzipper adams__ michagogo dasource yrashk CryptoGoon mappum CryptOprah artifexd |
| 08:05:13 | sendak.freenode.net: | Users on #bitcoin-wizards: Muis runeks kumavis platinuum jbenet phantomcircuit Madars yorick mm_1 melvster tromp_ sneak go1111111 sadoshi amiller fluffypony livegnik mountaingoat a5m0 Apocalyptic triazo wiz wumpus ebfull EasyAt Alanius iddo forrestv theymos Taek AlexStraunoff luny copumpkin null_radix helo smooth lmatteis narwh4l thrasher` otoburb Keefe weex pigeons sturles nephyrin [d__d] rasengan berndj harrow qawap mengine superobserver stonecoldpat davout jessepollak |
| 08:05:13 | sendak.freenode.net: | Users on #bitcoin-wizards: huseby espes GreenIsMyPepper CodeShark veox yoleaux comboy stevenroose kinlo gavinandresen nickler cdecker K1773R ggreer isis bsm117532 harrigan scoria brand0 larraboj nsh jonasschnelli leakypat epscy lmacken cfields coryfields BrainOverfl0w @ChanServ AdrianG Anduck BlueMatt starsoccer d9b4bef9 gribble ryan-c indolering Graet jaromil [ace] merlincorey morcos roasbeef eric sdaftuar warren nanotube guruvan SwedFTP afdudley richardus petertodd |
| 08:05:13 | sendak.freenode.net: | Users on #bitcoin-wizards: dignork xabbix Jaamg Fistful_of_Coins throughnothing_ mr_burdell Eliel optimator BananaLotus binaryatrocity _whitelogger Zouppen crescend1 TD-Linux warptangent azariah |
| 09:27:28 | nsh: | bah, logs to read.. :) |
| 09:30:06 | MoALTz_: | MoALTz_ is now known as MoALTz |
| 09:47:56 | nsh: | it's a pretty subtle thing, one of us Should Have Caught It but i'm not too suprised it got thruogh |
| 09:47:56 | nsh: | well, the paper can just say H(some algebraic formula), the code needs to have temporary variables and stuff, i don't think you can force them to match |
| 09:48:46 | nsh: | ^ depend on the context, you can probably standardise the expansion from algebraic expression for easier detection of inconsistency, i'd guess |
| 09:49:15 | nsh: | * nsh reads the paper |
| 10:26:54 | c0rw|zZz: | c0rw|zZz is now known as c0rw1n |
| 10:47:41 | Mably_: | Mably_ is now known as Mably |
| 11:50:03 | waxwing: | gmaxwell: i think andytoshi's latest ver still has errors in that line, i think it should be corrected from the 1st to 2nd here: http://pastebin.com/EWQJZpwy |
| 11:50:11 | waxwing: | id PM him but not here i think |
| 15:35:23 | rustyn_: | rustyn_ is now known as rustyn |
| 15:48:54 | fluffypony: | this is like Ethereal Verses, but for startups: https://fusiondotnet.files.wordpress.com/2015/06/iterating-grace_digitized_small.pdf |
| 15:49:19 | fluffypony: | plus the author is unknown, big mystery and all that |
| 15:55:26 | jae: | jae is now known as Guest4135 |
| 17:08:35 | wallet42: | wallet42 is now known as Guest22448 |
| 17:08:36 | wallet421: | wallet421 is now known as wallet42 |
| 17:21:59 | cpacia: | cpacia has left #bitcoin-wizards |
| 17:30:29 | frankenmint: | frankenmint has left #bitcoin-wizards |
| 17:36:32 | kanzure: | http://diyhpl.us/wiki/transcripts/bitcoin-adam3us-fungibility-privacy/ |
| 17:43:06 | nsh: | ty |
| 17:44:14 | fluffypony: | awesome |
| 17:53:49 | maaku: | maaku is now known as Guest81738 |
| 18:02:48 | Guest81738: | Guest81738 is now known as maaku |
| 18:16:22 | nsh: | kanzure, is there some simple jslib you could wrap you transcriptions in that would allow readers to correct typos inline while reading? |
| 18:16:39 | kanzure: | you click "edit" |
| 18:16:41 | kanzure: | it's a wiki.... |
| 18:16:45 | nsh: | oh, right |
| 18:16:54 | nsh: | yeah, i guess that's moderately unshit |
| 18:16:59 | nsh: | contenteditable would be much less unshit |
| 18:17:12 | kanzure: | well it's also a git repository |
| 18:17:49 | kanzure: | and if you happen to also hate git, then github.com has a web browser interface for editing content too, https://github.com/kanzure/diyhpluswiki/edit/master/transcripts/bitcoin-adam3us-fungibility-privacy.mdwn |
| 18:18:02 | nsh: | cool |
| 18:18:28 | nsh: | ah, this is fine :) |
| 18:30:31 | adam3us: | adam3us has left #bitcoin-wizards |
| 18:32:06 | wallet42: | wallet42 is now known as Guest92304 |
| 18:32:06 | wallet421: | wallet421 is now known as wallet42 |
| 18:35:07 | nsh: | "There was another ecash project that came later from Stefan Brands, one of David Chaum's PhD students. It had many more features based on the representation problem, and an extension of the Schnorr signature scheme. It had blind signatures, which are necessary for privacy, and it supported multiple denominations, and it did not have the single denomination efficiency problem." <-- what is this? |
| 18:35:28 | nsh: | oh, never mind. got it |
| 18:51:26 | nsh: | are we absolutely certain it's not possible to do a trusted-setup in secure multiparty computation with enough distribution of trust as to give reasonable confidence that it can't be consolidated again? |
| 18:52:25 | nsh: | [ie, enough participants] |
| 18:54:00 | kanzure: | maybe there are trusted setup fraud proof mechanisms |
| 19:11:37 | nsh: | sadly no, the rule is that systems requiring trusted setup tend to invoke startlingly untraceable fraud for anyone with the trapdoor |
| 19:12:02 | nsh: | i can't think of any where abuse of the trapdoor is detectable, in a distributed system |
| 19:16:59 | jgarzik: | Updated BIP 100 draft: http://gtf.org/garzik/bitcoin/BIP100-blocksizechangeproposal.pdf |
| 19:20:15 | kanzure: | nsh: well i was thinking of some single-use key scenario, but i see your point |
| 19:21:04 | nsh: | * nsh nods |
| 19:23:25 | wallet42: | wallet42 is now known as Guest54301 |
| 19:23:25 | wallet421: | wallet421 is now known as wallet42 |
| 19:30:17 | nsh: | #nsactions floating around and spaced out in time, it's not obvious that you paid $5. You know and the merchant knows it, but the merchant doesn't know it.' |
| 19:31:30 | nsh: | * 'Another one is merge avoidance which is just that in the payment protocol you can pay for a transaction in multiple parts. If you need to pay $15, if you pay you know $5 three times and there's lots of $5 transactions floating around and spaced out in time, it's not obvious that you paid $5. You know and the merchant knows it, but the merchant doesn't know it.' |
| 19:31:48 | nsh: | not sure how to fix that without listening to the talk |
| 19:54:48 | antanst: | antanst has left #bitcoin-wizards |
| 19:58:59 | nsh: | * nsh wonders why the proof of no-wrapping in single-homomorphic ElGamal or other contexts is the 'expensiver, larger' kind |
| 20:00:02 | gmaxwell: | nsh: larger compared to what? |
| 20:00:38 | nsh: | from the context i guess larger than snark-type proofs ( http://diyhpl.us/wiki/transcripts/bitcoin-adam3us-fungibility-privacy/ ) |
| 20:01:03 | nsh: | -- |
| 20:01:04 | nsh: | o then there's the idea that you could do something to cryptographically hide the value in a way that would be compatible with bitcoin. There's a homomorphic encryption method. There's also single-homomorphic encryption, which means you could have encrypted values such that you have an encrypted value A, and add to the ciphertext the encrypted value of B, and the result is the decryption of A + B. So decryption can work through encryption for some scheme |
| 20:01:04 | nsh: | s like ElGamal which works with a variant elliptic curve (51m 39sec). This addition is not normal addition, it's addition modulo n the order of the curve. Knowing that, if you were using these coins, you could add n to your balance, so it oculd become an easy way to print unlimited amounts of bitcoin basically, so you have to use a zero-knowledge range proof to prevent the wrapping, and it's an expensive larger kind of proof. |
| 20:01:06 | nsh: | This zero-knowledge range proof from Schoenmakers 2000 ish, I tried to optimize it. The normal bitcoin value is 8 bytes, 64 bits, and the optimized range proof in homomorphic value is about 1 kilobyte per encrypted value. That's quite a bit of bloat, but it could be interesting for high-value transactions where you don't want to reveal the contract amount or something. Basically it just works because the exponent or the scalar multiplies in elliptic curv |
| 20:01:11 | nsh: | e notation add up. So there's a random value x, which is just to hide the values which cannot be bruteforced, and then a second base h and the value is v, and it also works with unencrypted values, you can mix both encrypted and unencrypted values. You need the fee to be in the clear so that the miner can accept it. It's a different privacy feature than cryptographically anonymous coins. The transactions are linkable, but people can't tell how much money |
| 20:01:16 | nsh: | is changing hands. |
| 20:01:18 | nsh: | -- |
| 20:02:29 | nsh: | can you not do something like have an additional quadratic function of the total and an argument that the relation that only holds for n equals 1 |
| 20:02:44 | nsh: | (relation between the linear function and quadratic function) |
| 20:03:01 | gmaxwell: | You cannot compute point times point in a regular ec group. |
| 20:03:38 | nsh: | oh, right |
| 20:04:08 | nsh: | could you pair with another nonlinear function that doesn't require point multiplication? |
| 20:27:26 | andytoshi: | nsh: i think if you found such a function that did anything useful for you, it'd turn out to be a pairing (maybe a pairing composed with some weird isomorphism) |
| 20:28:00 | nsh: | * nsh nods |
| 20:38:31 | nsh: | kanzure, pull requested |
| 20:54:38 | zooko: | zooko is now known as zookonick |
| 20:54:38 | zookonick: | zookonick is now known as zooko2 |
| 21:14:44 | crainbf: | crainbf has left #bitcoin-wizards |
| 21:42:45 | prevara: | anyone wanna trade\ |
| 21:45:45 | leakypat: | theymos: hey, just FYI bitcointalk seem to be blocked for most people in Asia now |
| 21:48:51 | fluffypony: | leakypat: off topic, try a PM |
| 21:59:21 | prevara: | * prevara I am selling worwide paypal and wellfargo account msg me if intrested |
| 22:08:05 | nsh: | prevara, not here. |
| 22:29:56 | contrapumpkin: | contrapumpkin is now known as copumpkin |
| 22:40:07 | kanzure: | nsh: merged |
| 22:54:01 | Luke-Jr: | Luke-Jr has kicked prevara from #bitcoin-wizards |
| 23:32:40 | Luke-Jr: | Luke-Jr has kicked btcbuyz from #bitcoin-wizards |