00:00:37akrmn:does anyone have a link to a proposal for miner decentralization that doesn't involve tree chain like structures?
00:00:58akrmn:like something that has a good chance of scaling
00:02:14leakypat:petertodd: do you have builds for the RBF client or am I to compile from github myself?
00:10:37CodeShark:akrmn: working on ideas - hopefully one of these days I can be more constructive on this front rather than mostly pointing out how what we have won't work :p
00:14:36akrmn:CodeShark: My best idea is tree-structured subchains, but if someone has a better idea I would like to read it
00:15:14akrmn:I guess we can just set a limit on the scalability and rely on contracts
00:15:19akrmn:but doesn't seem elegant to me
00:15:45petertodd:leakypat: no builds just yet; will soon
00:16:33petertodd:leakypat: just did rbf for v0.11.0rc2 actually: https://github.com/petertodd/bitcoin/tree/replace-by-fee-v0.11.0rc2
00:17:03c0rw|away:c0rw|away is now known as c0rw1n
00:18:34petertodd:leakypat: also working on a fix so full and fss RBF will be more compatibile, so you can use both at the same time
00:18:53CodeShark:a few things: 1) it's not necessary for everyone to verify everyone else's stuff...what really matters is that validators don't collude to fool everyone else. 2) it's not necessary to check everything...it is enough that the rate of failure be sufficiently negligible and we can rely on nondeterminism. 3) It is better for those who need to construct proofs to have some stake in the result so that incentives are there to do
00:18:53CodeShark:so. 4) Risk can be managed by adding collective fees of some sort...or encouraging insurance, market making, and other such people who are willing to assume risk
00:20:28CodeShark:5) a nested structure is probably a good idea, with the stuff closer to the root representing more global consensus states
00:24:20akrmn:CodeShark: I think you have the same idea as me (https://bitcointalk.org/index.php?topic=1083345.0)
00:25:22akrmn:You just need a way to keep deep forks minimal. That's what I'm trying to think about now.
00:26:04akrmn:like if a deep child chain has a mistake, do all the other chains get affected?
00:26:26akrmn:I think it should be acceptable to keep going even if there is a small mistake in a child chain transaction
00:27:02CodeShark:regarding things like invalid blocks, we could just roll back the bad transactions and their dependencies and punish the miner rather than rolling back the entire block if a bad transaction is discovered
00:27:14CodeShark:but the process of rolling back transaction dependencies is not that cheap
00:27:39CodeShark:it gets more expensive with time...but at least it results in far less disruption to everyone else
00:27:59akrmn:I think once a transaction goes from a child chain to a parent chain, the parent chain has to stick with it
00:28:15akrmn:even if later a mistake is found in the child chain transaction
00:30:36akrmn:but good to know I'm not the only one thinking about these things. Sipa doesn't seem to like it. He seems to think that only omniscient nodes are useful for network security. But I think with this kind of rule that I just gave, it can limit the effect on the parent chains so maybe it is more acceptable.
00:31:14CodeShark:I think sipa's main critique, if I remember seeing it right, was the cost of transfering between chains
00:32:03akrmn:there's no delay if the parent gets to commit to the child.
00:40:04CodeShark:so one way is fast, but what about going in the other direction?
00:40:09akrmn:(I mean: If an output goes in a transaction in a child chain, and then later in a transaction in a parent chain, then even though the value in the child chain is later found out to be wrong, nodes should just keep going with the value in the parent chain)
00:40:16akrmn:still need to clarify that
00:40:43akrmn:the child chain trusts the parent chain so it's easy the other way also
00:41:09dgenr8:CodeShark: setting aside radical redesigns of the blockchain, and ignoring privacy, a way to ask your remaining peers to prove a new tx invalid would seem very helpful
00:43:16CodeShark:dgenr8: if we could somehow reward peers for doing so you may be onto something
00:44:09CodeShark:then the main threat would be at the network level...where someone manages to block your connections to honest nodes
00:44:32CodeShark:(ignoring privacy for a moment)
00:44:50dgenr8:CodeShark: is that a big issue? they aren't rewarded for anything else...
00:46:52CodeShark:dgenr8: how costly is it for the node to do this? we'd need a full txout index, no?
00:47:02CodeShark:I mean, a full tx index
00:47:47CodeShark:or hmm...I guess spent outputs don't really matter
00:47:52CodeShark:except for reorgs
00:51:10CodeShark:it would actually be possible to pay people for these proofs if only the bitcoin script could reference other parts of the blockchain :p
00:51:56dgenr8:CodeShark: first task is to decide what the question would be, and what the answer would look like. then how to get there.
00:53:56dgenr8:CodeShark: sorry i can't just point you at a commit ;)
00:55:16CodeShark:so the question is: does this transaction conflict with any other transaction you know of? and the answer is a proof that they spend a common input
00:56:04CodeShark:they or one of their dependencies, that is
00:56:50CodeShark:so in the general case it requires constructing two dependency chains - but it's easier to prove conflict than to prove that they connect to the blockchain
00:57:12CodeShark:so we really have two questions here
00:57:14dgenr8:you started out just concerned about double-spends
00:57:41CodeShark:right - if you are only concerned about double-spends then just demonstrating a shared spent output is sufficient
00:58:16CodeShark:and you'd probably want to be able to check the signatures along the way
00:58:49CodeShark:but hmm
00:59:01CodeShark:even checking signatures, unless you check that they do connect to the main chain it's super simple to cheat
00:59:23CodeShark:you could stick your own transactions in the middle and sign them...and they'll never confirm
01:00:52CodeShark:so it doesn't really seem worth doing unless you can prove that they do connect
01:01:18CodeShark:right, so I take that back :p
01:01:28CodeShark:it is not sufficient to just show a shared spent output :)
01:02:39CodeShark:I guess a more general question is: show me how this transaction connects to the block chain
01:03:02dgenr8:an invalidation proof could consist of a single connected conflicting spend
01:05:43dgenr8:do you check whether other peers inv'ed a tx that pays you? that means they like it
01:06:05dgenr8:oh you have a filter
01:06:24CodeShark:yeah - lol
01:06:41dgenr8:gtg ttyl
01:06:51CodeShark:later, dgenr8 - thanks for the thoughts
01:08:10CodeShark:akrmn: still looking over your proposal...
01:09:24phantomcircuit:CodeShark, nobody has yet shown an efficient way do fraud proofs for aggregate limits short of zk-SNARKS
01:09:51phantomcircuit:proposals to commit to the aggregate limit values in fixed locations are the closest but have significant issues
01:11:11CodeShark:doesn't have to be zk, but yeah
01:12:11CodeShark:the thing is that it is probably not necessary for everyone to check the fraud proofs
01:13:29CodeShark:but I sense self-reference here :p
01:14:14CodeShark:someone then needs to construct a fraud proof of the fraud proof :p
01:15:34phantomcircuit:CodeShark, everybody needs to check the fraud proofs that they receive
01:15:48phantomcircuit:the problem is that the fraud proof for aggregate limit violations is... the entire block
01:16:24akrmn:CodeShark: Thanks. I don't really have a high level of popularity in this community, so it is hard to get people to give serious feedback
01:17:11dgenr8:CodeShark: XT nodes relay direct double-spends that match your filter. but not when they appear in a block, and not when the conflict is with an ancestor.
01:17:28dgenr8:CodeShark: as the author of that patch i'm going to consider that ...
01:17:45akrmn:also I have to rewrite some things more clearly
01:18:33CodeShark:phantomcircuit: I was speaking regarding the ability to reward fraud proofs
01:18:53phantomcircuit:CodeShark, uh
01:18:59CodeShark:but yeah, let's not get into that problem yet
01:19:02phantomcircuit:how do you reward the producer of a fraud proof?
01:19:08phantomcircuit:im not sure that's possible
01:19:13CodeShark:with a script that can reference the relevant parts of the state
01:19:25CodeShark:signed by both
01:21:00phantomcircuit:CodeShark, and you pass the fraud proof off to a node
01:21:13phantomcircuit:who immediately removes your script and issues a new fraud proof with his
01:21:27CodeShark:hence requiring both signatures
01:22:01CodeShark:yes, it requires some blinding
01:22:30CodeShark:might require some pk fancy crypto :p
01:22:33CodeShark:but I think it's possible
01:22:43CodeShark:err, zk fancy crypto
01:23:01phantomcircuit:CodeShark, im thinking it's impossible
01:23:15phantomcircuit:the other party has to be able to validate the fraud proof
01:23:17CodeShark:three phases:
01:23:21phantomcircuit:in which case they can generate their own
01:23:57CodeShark:actually four rounds
01:24:10CodeShark:1) party A requests proof from party B. 2) party B supplies zk proof, 3) party A signs, 4) party B reveals plaintext proof
01:24:53CodeShark:the script is only satisfied if (4) happens, of course
01:30:16CodeShark:there might even be a way to condense it into only two rounds with some more clever tricks
02:20:11c0rw1n:c0rw1n is now known as c0rw|zZz
02:23:59morcos:This was just posted by sdaftuar, some good thoughts on the dangers of the current hard fork crusade: https://medium.com/@sdaftuar/how-the-bitcoin-experiment-might-fail-7f6c24f99ecf
04:14:17amiller:how "robust" is the assumption that people will treat something like money / like a commodity if it behaves one?
04:14:20amiller:like, how crappy can a monetary policy where tons of people will use a cryptocurrency based on it, and the system would still work
04:15:51amiller:its too bad that there aren't yet many "appcoins" that have been a demonstrable success, because it would be easier to look at the incentives in those systems.. they wouldn't even necessarily need to compete
04:16:16amiller:namecoin as a whole should be 'earning income' from domain name registration fees... my understanding is that no one is using it though
04:17:00amiller:but a cryptocurrency with some nice feature like that basically has an export economy of some kind, surely that can only help it
04:17:27phantomcircuit:amiller, that nobody is using namecoin is itself a data point
04:18:08amiller:yeah well i don't trust any strong inferences based on it :O
04:28:12zooko:amiller: I don't think we can make any reliable predictions or generalizations about this.
04:28:22zooko:But if you do make some, I want to know!
04:53:56leakypat:* leakypat compiles Bitcoin qt for the first time and reflects on what a huge responsibility running the release procedure an official version would be
04:55:44jgarzik:phantomcircuit, amiller: it is false that no one is using namecoin
04:56:12jgarzik:several identity projects are building on top of it
04:56:33phantomcircuit:jgarzik, that's not a good idea
04:56:40phantomcircuit:the codebase is almost entirely unmaintained
04:58:26CodeShark:leakypat: welcome to the club :)
04:58:29jgarzik:phantomcircuit, also untrue
04:58:29jgarzik:but whatever. Spewing falsehoods we wish to be true on this channel is becoming the norm.
04:59:21amiller:here's joe bonneau's takedown of namecoin http://weis2015.econinfosec.org/papers/WEIS_2015_kalodner.pdf
04:59:29phantomcircuit:jgarzik, i'd bet you serious money i can cripple namecoin in a matter of a few days
04:59:34phantomcircuit:but doing so is probably a felony
05:00:01amiller:in this channel falsehoods must be spewed in pdf form
05:00:03jgarzik:phantomcircuit, you also claim the ability to cripple bitcoin
05:01:14CodeShark:usage isn't really the point - the current design simply is not viable
05:01:26CodeShark:at least not beyond an experimental research network
05:01:35CodeShark:that's just hard math
05:01:58CodeShark:it's not even controversial to anyone who bothers to make the calculations
05:02:22CodeShark:but it's still a cool idea - I hope someone manages to find a way to make something like that viable
05:04:32CodeShark:it's hardly ever the case with any technology that early prototypes are viable. this space is a little exceptional in seeming to expect that this doesn't apply here
05:05:29phantomcircuit:jgarzik, k
05:05:40CodeShark:add to that the fact that the design makes it so that all upgrades to the plane can only be done while in flight...and if you screw up you crash...and...voila!
05:06:05CodeShark:fun, no? :)
05:06:14amiller:i wish we could learn more from altcoins
05:06:22amiller:maybe there's something to glean from them
05:06:40amiller:bitcoin is still 'small', and so all the altcoins are really small, it's hard to believe there's a lot of signal there as far as what to do and not to do
05:06:58amiller:does a crash usually kill those or is it slow atrophy
05:08:06amiller:i think (not too sure) no one cares enough about them to have big hard-fork dilemmas
05:09:35phantomcircuit:amiller, slow atrophy
05:09:56phantomcircuit:amiller, the one thing that has been shown to be 100% true is that anything which is available on a liquid market has value regardless of actual utility
05:10:05phantomcircuit:which is a neat observation
05:19:08zooko:jgarzik: Do you see IRC privmsgs for me? Once upon a time freenode silently silenced my privmsgs to some folks, and I've never trusted it since.
05:19:13zooko:jgarzik: from me, that is.
05:20:20jgarzik:zooko, I just responded to your PM. Lots going on right now and I'm kinda burned out on FUD (not yours, others).
07:03:24www:can you encrypt/decrypt messages using Secp256k1 ?
07:09:45www:i have heard conflicting statements - who knows for sure?
07:14:43fluffypony:www: secp256k1 is *just* an elliptic curve
07:14:47fluffypony:that said, you can use ECIES
07:15:03fluffypony:(Elliptic Curve Integrated Encryption Scheme)
07:16:06fluffypony:here's an implementation: https://bitcointalk.org/index.php?topic=627927.0
07:16:12fluffypony:here's another one: https://github.com/planetbeing/bitcoin-encrypt
07:16:16fluffypony:both use ECIES
07:18:06www:thanks fluffypony
07:18:14www:'a little known elliptic curve encryption system using ECDH and a Symmetric Cipher '
07:42:31amiller:that seems a lot like DHAES https://www.iacr.org/cryptodb/data/paper.php?pubkey=11329
07:43:31amiller:if you really want to stick within bitcoin crypto
07:43:47fluffypony:it's an improvement on DHAES
07:43:53fluffypony:from 2 or 3 years later
07:44:01amiller:you could chain sha256s together for your symmetric crypto
07:45:05fluffypony:"ECIES has been standardized in ANSI X9.63, IEEE 1363a, ISO/IEC 18033-2, and SECG SEC-1"
08:05:15hobana.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:15hobana.freenode.net:Users on #bitcoin-wizards: andy-logbot paveljanik priidu Quanttek gill3s NewLiberty Aquentin jtimon jmcn Tiraspol cdecker www ThomasV spinza damethos moa Mably wallet42 badmofo execut3 zooko [7] Dr-G Madars nessence c0rw|zZz adam3us2 melvster jgarzik shaul bosma mkarrer roybadami LeMiner sparetire_ waxwing MoALTz justanotherusr MrTratta gielbier digitalmagus UllrSkis lnovy MRL-Relay theymos stonecoldpat epscy dgenr8 mountaingoat SDCDev pollux-bts p15 rht__ Jaamg PRab
08:05:15hobana.freenode.net:Users on #bitcoin-wizards: Tebbo rustyn PaulCapestany forrestv espes gnusha Cory Luke-Jr tucenaber p15x Emcy goregrind bliljerk101 elastoma ThinThread austinhill jonasschnelli huseby null_radix catcow adams__ Taek rasengan cfields btcdrak bedeho phantomcircuit kanzure sadoshi SwedFTP dc17523be3 TD-Linux GreenIsMyPepper hulkhogan_ richardus sl01 michagogo otoburb isis ttttemp kinlo EasyAt nephyrin` Krellan nsh vonzipper larraboj_ mariorz coryfields_ sneak optimator
08:05:16hobana.freenode.net:Users on #bitcoin-wizards: go1111111 stevenroose BlueMatt eric afdudley0 warptangent ryan-c luny crescendo prosodyContext_ mappum wiz nickler_ jbenet kyuupichan livegnik pigeons davout Fistful_of_Coins @ChanServ AdrianG Graet morcos xabbix Eliel leakypat brand0 harrigan harrow berndj weex thrasher` smooth iddo Apocalyptic yorick platinuum kumavis runeks artifexd CryptoGoon yrashk s1w so ajweiss wizkid057 lclc gwillen K1773R CodeShark bsm117532 sundance jcorgan OneFixt
08:05:16hobana.freenode.net:Users on #bitcoin-wizards: ebfull dasource _whitelogger koshii lmatteis akrmn SubCreative tromp_ face mm_1 maaku Meeh_ qawap jrayhawk azariah_ warren merlincorey midnightmagic HM sturles AlexStraunoff [d__d] dansmith_ jessepollak a5m0_ wumpus petertodd comboy Xzibit17 Muis binaryatrocity_ starsoccer Iriez ggreer roasbeef heath grubles helo veox Anduck gavinand1esen yoleaux dignork guruvan poggy sparetire throughnothing catlasshrugged [ace] BrainOverfl0w indolering
08:05:16hobana.freenode.net:Users on #bitcoin-wizards: grandmaster mengine Guest68586 nanotube gribble fenn jaromil Alanius_ jouke STRML superobserver andytoshi scoria Logicwax BananaLotus akstunt600 amiller Starduster fluffypony mikolalysenko
08:24:44nsh:.wik Forking lemma
08:24:45yoleaux:"The forking lemma is any of a number of related lemmas in cryptography research." — https://en.wikipedia.org/wiki/Forking_lemma
11:06:35c0rw|zZz:c0rw|zZz is now known as c0rw1n
12:49:58waxwing:Electrum is using ECIES now, plus other things too, i forgot .. maybe subspace?
12:50:05waxwing:disclaimer: i have the memory of a goldfish
12:55:30fluffypony:waxwing: I believe it's all telepathy nowadays
12:58:40waxwing:yeah, it was subspace i was thinking of
13:58:45giel_:giel_ is now known as gielbier
14:05:34kanzure:waxwing: perhaps it was mentioned in http://diyhpl.us/wiki/transcripts/gmaxwell-bitcoin-selection-cryptography/
14:06:36waxwing:kanzure: i know that story quite intimately 'cos i was the one who alerted gmaxwell to it here on IRC :)
14:06:53waxwing:i just have a feelign that it's been redone on electrum, but properly. i may be imagining that though
14:07:03waxwing:as for subspace, they are using ECIES via pyelliptic
14:17:28instagibbs:falsehoods must be spread in *latex* form *wags finger at jgarzik BIP100 pdf*
14:18:59instagibbs:Checking namecoin github... namecoin hasn't had a merge in half a year AFAICT. Namecore(?) is much more active.
14:20:09instagibbs:(not calling your bip falsehood, just goofing)
14:20:11zooko:I've been chatting with Namecoin devs who told me that they were working on stuff.
14:20:17zooko:But I didn't look at commit logs.
14:20:43instagibbs:dunno, just reporting my 10 second google search :)
14:20:48instagibbs:makes me an expert
14:20:53zooko:More than me!
14:20:57zooko:Or, we're different kinds of experts.
14:21:59zooko:amiller: it seems to me that Namecoin has never (yet) offered the actual functionality that is its suppose added functionality on top of being a currency.
14:22:21zooko:Because, that functionality requires being accessible+integrated into the web browsers of hundreds of millions of normal users.
14:22:26zooko:And Namecoin has never (yet) done that.
14:24:29midnightmagic:namecoin is not where the current namecoin developers are doing their work and is essentially abandoned.
14:24:57instagibbs:that was my only reasonable interpretation of zooko and my observations :)
14:28:16instagibbs:midnightmagic: any details on where then? I'd like to follow the work
14:30:34midnightmagic:yep. i believe right here is where miners are supposed to get their namecoind from: https://github.com/namecoin/namecore.git
14:33:27instagibbs:thanks. Alright back to work
14:38:23zooko:midnightmagic: thanks!
14:42:22nsh:* nsh squares zooko's bar tab
14:43:03zooko:* zooko looks askance at nsh
14:43:24nsh:i can't square your circle, but i can pay for you drinks
14:43:31nsh:it was a silly gesture of friendship :)
14:43:54nsh:*triangle even
14:43:57zooko:I was thinking of visiting UK soon, but it looks like I might be headed for S. Korea instead ...
14:44:13nsh:for recreation or ?
14:44:20zooko:Okay, my 5 year old is waiting for me to play Minecraft with him so he can show me a new house he has constructed...
14:44:23zooko:nsh: yes!
14:44:27zooko:bye for now!
14:44:28nsh:hope you have fun :)
14:44:41fluffypony:lol nsh
14:44:44fluffypony:* fluffypony got the squaring joke
14:46:16nsh:* nsh smiles
15:33:33c0rw1n:c0rw1n is now known as c0rw|away
15:51:02prosodyContext_:prosodyContext_ is now known as prosodyContext
16:01:23hearn_:hearn_ is now known as hearn
16:59:29afdudley0:afdudley0 is now known as afdudley
18:38:17mrkent:Any well documented descriptions of what happened with the testnet fork a few weeks back?
18:42:00MRL-Relay:[shen] www perhaps see https://security.stackexchange.com/questions/34567/ecc-in-openpgp
18:42:10MRL-Relay:[shen] oops didn't scroll to bottom
18:42:13MRL-Relay:[shen] :p
20:54:09cryptojonathan_d:cryptojonathan_d is now known as cryptojonathan
22:57:56jb55-:jb55- is now known as jb55
23:38:14dEBRUYNE_:dEBRUYNE_ is now known as dEBRUYNE