00:04:51bramc:mrkent, frequently gmaxwell walks off because he has work to do. These sorts of discussions are things he's a bit sick of so they take low priority
00:05:13bramc:mrkent, Giving a high transaction fee on your transaction is exactly the same thing as 'paying off' a miner to take it faster.
00:08:29mrkent:bramc: heh, ya i know. was kidding
00:12:41mrkent:my final point does stand though if anyone else interested: Higher transaction count network is more valuable than lower transaction count network, thus miners would be compensated higher in the high value network.
00:15:07gwillen:gwillen is now known as Guest57539
00:15:38bramc:mrkent, That's completely dependent on the number of potential buyers and how much they're willing to pay. It's regular monopoly pricing stuff http://econpage.com/201/handouts/pricing/
00:17:46mrkent:In what scenario is a low transaction limit network more valuable than a high one?
00:18:18psgs_:psgs_ is now known as psgs
00:18:49bramc:mrkent, If there's one person who's willing to pay $1 million for a transaction, and 99 others who are willing to pay $1 each, then if you set the number of transactions at 100 you get $100 but if you set it at one you get $1 million
00:20:21mrkent:why wouldnt u get 1m + 100 at 100 txs
00:21:09mrkent:And why would that guy pay $1m when everyone else is paying $1? It's a transparent marketplace
00:24:22bramc:mrkent, Because it's an iterated game where everyone doing transactions can see the market price, so they'll all wind up paying about the same amount
00:25:14bramc:Oh you said that already, sorry. If you only let one transaction through then it isn't the case that everybody else is paying $1, what happens is that 'everybody else' is paying $1 million, because there aren't any other everybody elses
00:25:40bramc:Maybe I should have included an additional person willing to pay $1 million to avoid a fencepost error, because an auction is second price instead of first price.
00:26:36gwollon:gwollon is now known as gwillen
00:28:08phantomcircuit: We can probably get consensus around 1mb :-P
00:28:09mrkent:Right, so question of block size is really to answer where this supply/demand curve cross
00:28:46bramc:mrkent, The supply curve is flat, it's the block size
00:30:07phantomcircuit:mrkent, the question is fundamentally very simple really, how decentralized should the system be?
00:30:49phantomcircuit:if your answer is very then basic math says large blocks are a folly
00:32:30phantomcircuit:the economic value of your transaction must equal or exceed the networks total cost to process and store your transaction
00:32:49phantomcircuit:the most direct indication of the value of the transaction is the fees
00:34:05phantomcircuit:if fees are essentially zero (the inevitable result of continuously increasing the blocksize limits to meet demand) then the network almost certainly collapses to a small set of nodes which find economic value in bitcoin existing itself
00:34:19phantomcircuit:ie only exchanges run nodes
00:34:28phantomcircuit:that's pretty clearly not a desired outcome
00:37:22bramc:Only exchanges running nodes would probably result in the cost of BTC plummeting
01:00:38c0rw1n:c0rw1n is now known as c0rw|zZz
01:24:48gmaxwell:kanzure: I thought this link was good as general frame setting https://medium.com/@allenpiscitello/what-is-bitcoin-s-value-proposition-b7309be442e3
01:47:36frankenmint:frankenmint has left #bitcoin-wizards
02:15:26kanzure:transcripts incoming
02:56:21andytoshi:andytoshi has left #bitcoin-wizards
04:11:50gmaxwell:Anyone have a good suggestion for getting transactions signed with fancy scripts that solver doesn't know how to sign? (I mean suggestions simpler than teaching the solver to sign for them)
04:26:32PRab_:PRab_ is now known as PRab
05:19:48gmaxwell:oh wow, oh yea, adam talked about extension blocks in that somewhat.
05:20:02kanzure:just finished typing
05:20:17kanzure:(i had a break)
05:28:00kanzure:i was especially intrigued by the idea of locking down even soft-forks, that's quite the card to play
05:31:13gmaxwell:IMO it's more of a philosphical statement than a pratical one. I agree with its as a philosphy. there is also more to that that I think wasn't in the interview.
05:31:47gmaxwell:which is this idea we were calling evil forks at the time, and were intentionally not proposing (though they've since been independantly invented twice so I don't see any point in being quiet about them now)
05:31:49kanzure:i see; yeah i mean crippling our ability to do soft-forks is probably a lot of foot shooting, but is good philosophy.
05:32:10gmaxwell:which is that you can basically build a soft fork which makes a hardfork extension via an extension block but denies all other transactions.
05:32:33gmaxwell:which sort of highlights why at least at the limits softforks are bad too.
05:33:09kanzure:would it be too impossibly insane to require rule changes to also require sha256 variations
05:33:12kanzure:er.. uh..
05:33:25kanzure:hm nevermind
05:33:31kanzure:the answer is yes
05:34:15gmaxwell:you can't really deny softforks in any case, not without heroic non-realistic crypto and such. or at least we've not though of a pratical way to.
05:59:39Luke-Jr:gmaxwell: I'm still somewhat planning a proposal for that; if for nothing other than merge-mining (doesn't need to touch block sizes - though it can if there's consensus for that)
06:00:30Luke-Jr:need to get a reference implementation done and make sure the wording is right first though
06:00:57Luke-Jr:(including a plan for solving people trying to activate it without consensus)
08:05:13sendak.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:13sendak.freenode.net:Users on #bitcoin-wizards: andy-logbot jtimon damethos ThomasV darwin_ Mably hktud0 antanst p15 p15x d1ggy cryptowest_ shen_noe zooko mjerr _biO_ PRab [7] xcthulhu Adlai Dr-G2 MoALTz_ gmaxwell ttttemp gwillen jrayhawk dgenr8 robogoat Tebbo waxwing metamarc Starduster hulkhogan_ Giszmo dc17523be3 sparetire_ lclc koshii Logicwax STRML kyuupichan catlasshrugged akstunt600 sl01 kanzure midnightmagic jmcn goregrind Luke-Jr spinza Iriez hashtag LeMiner joecool gielbier
08:05:13sendak.freenode.net:Users on #bitcoin-wizards: paveljanik fenn fanquake MrTratta bliljerk101 gnusha adam3us bedeho rustyn wizkid057 OneFixt SubCreative jgarzik maaku akrmn mariorz mikolalysenko Meeh justanotherusr devrandom Krellan bosma ajweiss Cory so cornusammonis sparetire s1w elastoma poggy PaulCapestany lnovy HM jouke Emcy dansmith_btc hayek heath tromp c0rw|zZz catcow btcdrak Xzibit17 prosodyContext vonzipper adams__ michagogo dasource yrashk CryptoGoon mappum CryptOprah artifexd
08:05:13sendak.freenode.net:Users on #bitcoin-wizards: Muis runeks kumavis platinuum jbenet phantomcircuit Madars yorick mm_1 melvster tromp_ sneak go1111111 sadoshi amiller fluffypony livegnik mountaingoat a5m0 Apocalyptic triazo wiz wumpus ebfull EasyAt Alanius iddo forrestv theymos Taek AlexStraunoff luny copumpkin null_radix helo smooth lmatteis narwh4l thrasher` otoburb Keefe weex pigeons sturles nephyrin [d__d] rasengan berndj harrow qawap mengine superobserver stonecoldpat davout jessepollak
08:05:13sendak.freenode.net:Users on #bitcoin-wizards: huseby espes GreenIsMyPepper CodeShark veox yoleaux comboy stevenroose kinlo gavinandresen nickler cdecker K1773R ggreer isis bsm117532 harrigan scoria brand0 larraboj nsh jonasschnelli leakypat epscy lmacken cfields coryfields BrainOverfl0w @ChanServ AdrianG Anduck BlueMatt starsoccer d9b4bef9 gribble ryan-c indolering Graet jaromil [ace] merlincorey morcos roasbeef eric sdaftuar warren nanotube guruvan SwedFTP afdudley richardus petertodd
08:05:13sendak.freenode.net:Users on #bitcoin-wizards: dignork xabbix Jaamg Fistful_of_Coins throughnothing_ mr_burdell Eliel optimator BananaLotus binaryatrocity _whitelogger Zouppen crescend1 TD-Linux warptangent azariah
09:27:28nsh:bah, logs to read.. :)
09:30:06MoALTz_:MoALTz_ is now known as MoALTz
09:47:56nsh: it's a pretty subtle thing, one of us Should Have Caught It but i'm not too suprised it got thruogh
09:47:56nsh: well, the paper can just say H(some algebraic formula), the code needs to have temporary variables and stuff, i don't think you can force them to match
09:48:46nsh:^ depend on the context, you can probably standardise the expansion from algebraic expression for easier detection of inconsistency, i'd guess
09:49:15nsh:* nsh reads the paper
10:26:54c0rw|zZz:c0rw|zZz is now known as c0rw1n
10:47:41Mably_:Mably_ is now known as Mably
11:50:03waxwing:gmaxwell: i think andytoshi's latest ver still has errors in that line, i think it should be corrected from the 1st to 2nd here: http://pastebin.com/EWQJZpwy
11:50:11waxwing:id PM him but not here i think
15:35:23rustyn_:rustyn_ is now known as rustyn
15:48:54fluffypony:this is like Ethereal Verses, but for startups: https://fusiondotnet.files.wordpress.com/2015/06/iterating-grace_digitized_small.pdf
15:49:19fluffypony:plus the author is unknown, big mystery and all that
15:55:26jae:jae is now known as Guest4135
17:08:35wallet42:wallet42 is now known as Guest22448
17:08:36wallet421:wallet421 is now known as wallet42
17:21:59cpacia:cpacia has left #bitcoin-wizards
17:30:29frankenmint:frankenmint has left #bitcoin-wizards
17:53:49maaku:maaku is now known as Guest81738
18:02:48Guest81738:Guest81738 is now known as maaku
18:16:22nsh:kanzure, is there some simple jslib you could wrap you transcriptions in that would allow readers to correct typos inline while reading?
18:16:39kanzure:you click "edit"
18:16:41kanzure:it's a wiki....
18:16:45nsh:oh, right
18:16:54nsh:yeah, i guess that's moderately unshit
18:16:59nsh:contenteditable would be much less unshit
18:17:12kanzure:well it's also a git repository
18:17:49kanzure:and if you happen to also hate git, then github.com has a web browser interface for editing content too, https://github.com/kanzure/diyhpluswiki/edit/master/transcripts/bitcoin-adam3us-fungibility-privacy.mdwn
18:18:28nsh:ah, this is fine :)
18:30:31adam3us:adam3us has left #bitcoin-wizards
18:32:06wallet42:wallet42 is now known as Guest92304
18:32:06wallet421:wallet421 is now known as wallet42
18:35:07nsh:"There was another ecash project that came later from Stefan Brands, one of David Chaum's PhD students. It had many more features based on the representation problem, and an extension of the Schnorr signature scheme. It had blind signatures, which are necessary for privacy, and it supported multiple denominations, and it did not have the single denomination efficiency problem." <-- what is this?
18:35:28nsh:oh, never mind. got it
18:51:26nsh:are we absolutely certain it's not possible to do a trusted-setup in secure multiparty computation with enough distribution of trust as to give reasonable confidence that it can't be consolidated again?
18:52:25nsh:[ie, enough participants]
18:54:00kanzure:maybe there are trusted setup fraud proof mechanisms
19:11:37nsh:sadly no, the rule is that systems requiring trusted setup tend to invoke startlingly untraceable fraud for anyone with the trapdoor
19:12:02nsh:i can't think of any where abuse of the trapdoor is detectable, in a distributed system
19:16:59jgarzik:Updated BIP 100 draft: http://gtf.org/garzik/bitcoin/BIP100-blocksizechangeproposal.pdf
19:20:15kanzure:nsh: well i was thinking of some single-use key scenario, but i see your point
19:21:04nsh:* nsh nods
19:23:25wallet42:wallet42 is now known as Guest54301
19:23:25wallet421:wallet421 is now known as wallet42
19:30:17nsh:#nsactions floating around and spaced out in time, it's not obvious that you paid $5. You know and the merchant knows it, but the merchant doesn't know it.'
19:31:30nsh:* 'Another one is merge avoidance which is just that in the payment protocol you can pay for a transaction in multiple parts. If you need to pay $15, if you pay you know $5 three times and there's lots of $5 transactions floating around and spaced out in time, it's not obvious that you paid $5. You know and the merchant knows it, but the merchant doesn't know it.'
19:31:48nsh:not sure how to fix that without listening to the talk
19:54:48antanst:antanst has left #bitcoin-wizards
19:58:59nsh:* nsh wonders why the proof of no-wrapping in single-homomorphic ElGamal or other contexts is the 'expensiver, larger' kind
20:00:02gmaxwell:nsh: larger compared to what?
20:00:38nsh:from the context i guess larger than snark-type proofs ( http://diyhpl.us/wiki/transcripts/bitcoin-adam3us-fungibility-privacy/ )
20:01:04nsh:o then there's the idea that you could do something to cryptographically hide the value in a way that would be compatible with bitcoin. There's a homomorphic encryption method. There's also single-homomorphic encryption, which means you could have encrypted values such that you have an encrypted value A, and add to the ciphertext the encrypted value of B, and the result is the decryption of A + B. So decryption can work through encryption for some scheme
20:01:04nsh:s like ElGamal which works with a variant elliptic curve (51m 39sec). This addition is not normal addition, it's addition modulo n the order of the curve. Knowing that, if you were using these coins, you could add n to your balance, so it oculd become an easy way to print unlimited amounts of bitcoin basically, so you have to use a zero-knowledge range proof to prevent the wrapping, and it's an expensive larger kind of proof.
20:01:06nsh:This zero-knowledge range proof from Schoenmakers 2000 ish, I tried to optimize it. The normal bitcoin value is 8 bytes, 64 bits, and the optimized range proof in homomorphic value is about 1 kilobyte per encrypted value. That's quite a bit of bloat, but it could be interesting for high-value transactions where you don't want to reveal the contract amount or something. Basically it just works because the exponent or the scalar multiplies in elliptic curv
20:01:11nsh:e notation add up. So there's a random value x, which is just to hide the values which cannot be bruteforced, and then a second base h and the value is v, and it also works with unencrypted values, you can mix both encrypted and unencrypted values. You need the fee to be in the clear so that the miner can accept it. It's a different privacy feature than cryptographically anonymous coins. The transactions are linkable, but people can't tell how much money
20:01:16nsh:is changing hands.
20:02:29nsh:can you not do something like have an additional quadratic function of the total and an argument that the relation that only holds for n equals 1
20:02:44nsh:(relation between the linear function and quadratic function)
20:03:01gmaxwell:You cannot compute point times point in a regular ec group.
20:03:38nsh:oh, right
20:04:08nsh:could you pair with another nonlinear function that doesn't require point multiplication?
20:27:26andytoshi:nsh: i think if you found such a function that did anything useful for you, it'd turn out to be a pairing (maybe a pairing composed with some weird isomorphism)
20:28:00nsh:* nsh nods
20:38:31nsh:kanzure, pull requested
20:54:38zooko:zooko is now known as zookonick
20:54:38zookonick:zookonick is now known as zooko2
21:14:44crainbf:crainbf has left #bitcoin-wizards
21:42:45prevara:anyone wanna trade\
21:45:45leakypat:theymos: hey, just FYI bitcointalk seem to be blocked for most people in Asia now
21:48:51fluffypony:leakypat: off topic, try a PM
21:59:21prevara:* prevara I am selling worwide paypal and wellfargo account msg me if intrested
22:08:05nsh:prevara, not here.
22:29:56contrapumpkin:contrapumpkin is now known as copumpkin
22:40:07kanzure:nsh: merged
22:54:01Luke-Jr:Luke-Jr has kicked prevara from #bitcoin-wizards
23:32:40Luke-Jr:Luke-Jr has kicked btcbuyz from #bitcoin-wizards