wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
mkarrer__ has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
mkarrer has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 246 seconds]
mkarrer has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
mkarrer__ has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
mkarrer has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
mkarrer__ has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
mkarrer__ has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
phantomcircuit has quit [Quit: quit]
mkarrer__ has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
phantomcircuit has joined #bitcoin-wizards
mkarrer has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
phantomcircuit has quit [Client Quit]
phantomcircuit has joined #bitcoin-wizards
mkarrer__ has quit [Read error: Connection reset by peer]
phantomcircuit is now known as Guest96695
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
mkarrer__ has quit [Read error: No route to host]
afk11 has joined #bitcoin-wizards
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
ASTP001 has joined #bitcoin-wizards
ASTP001 has quit [Client Quit]
mkarrer__ has quit [Ping timeout: 252 seconds]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: No route to host]
shesek has quit [Ping timeout: 252 seconds]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
trippysalmon has joined #bitcoin-wizards
mkarrer__ has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: No route to host]
frankenmint has joined #bitcoin-wizards
jaekwon has joined #bitcoin-wizards
cryptowest has quit [K-Lined]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
trippysalmon has quit [Ping timeout: 250 seconds]
afk11 has quit [Ping timeout: 240 seconds]
mkarrer__ has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
jaekwon has quit [Remote host closed the connection]
mkarrer has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
Guest96695 has quit [Remote host closed the connection]
phantomcircuit has joined #bitcoin-wizards
mkarrer has quit [Read error: No route to host]
mkarrer has joined #bitcoin-wizards
phantomcircuit has quit [Max SendQ exceeded]
mkarrer has quit [Read error: Connection reset by peer]
phantomcircuit has joined #bitcoin-wizards
mkarrer__ has joined #bitcoin-wizards
mkarrer__ has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
shesek has quit [Ping timeout: 246 seconds]
mkarrer has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Read error: Connection reset by peer]
mkarrer__ has joined #bitcoin-wizards
mkarrer__ has quit [Read error: Connection reset by peer]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Ping timeout: 244 seconds]
afk11 has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
pavel_ has joined #bitcoin-wizards
priidu has quit [Ping timeout: 272 seconds]
Tenhi has quit [Ping timeout: 240 seconds]
Dr-G has quit [Disconnected by services]
Dr-G2 has joined #bitcoin-wizards
paveljanik has quit [Ping timeout: 240 seconds]
Tenhi has joined #bitcoin-wizards
Cory has quit [Ping timeout: 240 seconds]
Pasha has joined #bitcoin-wizards
jtimon_ has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 240 seconds]
Pasha is now known as Cory
davec has quit [Read error: Connection reset by peer]
davec has joined #bitcoin-wizards
c0rw1n is now known as c0rw|zZz
crescendo has quit [Ping timeout: 264 seconds]
crescendo has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
King_Rex has quit [Remote host closed the connection]
belcher has quit [Quit: Leaving]
cryptowest has joined #bitcoin-wizards
drwin_ has joined #bitcoin-wizards
drwin has quit [Read error: Connection reset by peer]
smk has left #bitcoin-wizards [#bitcoin-wizards]
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
metamarc has joined #bitcoin-wizards
afk11 has quit [Ping timeout: 244 seconds]
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
<polyclef>
ring signatures are solid, there might be an interesting way to apply brands scheme for dealing with double spending by identity revelation to discourage sibylls, but I'd defer to someone else (adam3us?) for specifics
<polyclef>
s/apply brands/apply something like brands/
adam3us has joined #bitcoin-wizards
TheSeven has quit [Disconnected by services]
[7] has joined #bitcoin-wizards
cfields has quit [Remote host closed the connection]
coryfields has quit [Quit: No Ping reply in 180 seconds.]
coryfields has joined #bitcoin-wizards
cfields has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
bigreddmachine has joined #bitcoin-wizards
snthsnth has quit [Ping timeout: 250 seconds]
drwin_ has quit [Read error: Connection reset by peer]
drwin has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
snthsnth has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 272 seconds]
[\\\] is now known as imsaguy
imsaguy is now known as tripleslash
alpalp has quit [Ping timeout: 260 seconds]
pavel_ has quit [Quit: Leaving]
chmod755 has joined #bitcoin-wizards
bigreddmachine has quit [Remote host closed the connection]
snthsnth has quit [Ping timeout: 244 seconds]
p15x has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
ThomasV has quit [Ping timeout: 260 seconds]
crescendo has quit [Ping timeout: 272 seconds]
crescendo has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
mjerr has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
DougieBot5000 has quit [Quit: Leaving]
p15 has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
ThomasV has joined #bitcoin-wizards
Newyorkadam has joined #bitcoin-wizards
rusty has left #bitcoin-wizards [#bitcoin-wizards]
kmels has quit [Ping timeout: 255 seconds]
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 260 seconds]
Newyorkadam has quit [Quit: Newyorkadam]
rubensayshi has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
frankenmint has quit []
sparetire_ has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
jtimon_ has quit [Ping timeout: 265 seconds]
ThomasV has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
AaronvanW has quit [Ping timeout: 246 seconds]
shesek has joined #bitcoin-wizards
tripleslash has quit [Read error: Connection reset by peer]
bedeho has quit [Ping timeout: 240 seconds]
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
b-itcoinssg has joined #bitcoin-wizards
Mably has quit [Ping timeout: 255 seconds]
Guyver2 has joined #bitcoin-wizards
Mably has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
moa has quit [Quit: Leaving.]
dEBRUYNE has quit [Ping timeout: 255 seconds]
mkarrer has joined #bitcoin-wizards
mkarrer has quit [Client Quit]
hearn has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 255 seconds]
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
hazirafel has joined #bitcoin-wizards
hazirafel has quit [Remote host closed the connection]
Guyver2 has quit [Quit: :)]
shesek has quit [Read error: Connection reset by peer]
dEBRUYNE has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
hearn has quit [Ping timeout: 252 seconds]
hearn has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
King_Rex has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
roxtrongo has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
ratbanebo has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
c0rw|zZz is now known as c0rw1n
Huxy has joined #bitcoin-wizards
Huxy- has quit [Ping timeout: 265 seconds]
dc17523be3 has quit [Ping timeout: 244 seconds]
ThomasV has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
smooth is now known as yGyG
yGyG is now known as smooth
hazirafel has joined #bitcoin-wizards
p15x has quit [Max SendQ exceeded]
p15x has joined #bitcoin-wizards
p15x has quit [Max SendQ exceeded]
p15x has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
p15_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 246 seconds]
p15 has quit [Ping timeout: 260 seconds]
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
p15x has joined #bitcoin-wizards
frankenmint has quit []
GGuyZ has quit [Quit: GGuyZ]
dEBRUYNE has quit [Ping timeout: 246 seconds]
hazirafel has quit [Quit: Leaving]
hearn has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
p15x_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 250 seconds]
adam3us has joined #bitcoin-wizards
adam3us has quit [Client Quit]
damethos has quit [Quit: Bye]
ThomasV has quit [Ping timeout: 268 seconds]
kang_ has joined #bitcoin-wizards
Quanttek has joined #bitcoin-wizards
GGuyZ has joined #bitcoin-wizards
smooth is now known as muneromooo
muneromooo is now known as smooth
smooth is now known as sm00th
sm00th is now known as fIuffypony
alferz has quit [Ping timeout: 244 seconds]
fIuffypony is now known as TheRealFluffypon
TheRealFluffypon is now known as smooth
jgarzik has joined #bitcoin-wizards
Jaamg has quit [Remote host closed the connection]
b-itcoinssg has quit [Quit: Connection closed for inactivity]
alferz has joined #bitcoin-wizards
alferz has joined #bitcoin-wizards
smooth is now known as Tank
Tank is now known as Guest22470
alferz has quit [Ping timeout: 244 seconds]
Guest22470 is now known as smooth
Populus has joined #bitcoin-wizards
Populus has joined #bitcoin-wizards
ASTP001 has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
c-cex-yuriy has joined #bitcoin-wizards
ratbaneb_ has joined #bitcoin-wizards
ratbanebo has quit [Ping timeout: 256 seconds]
ThomasV has joined #bitcoin-wizards
afk11 has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
Populus has quit [Read error: Connection reset by peer]
jaekwon has quit [Remote host closed the connection]
jaekwon has joined #bitcoin-wizards
<nwilcox>
Because the blockchain provides consensus, it can be used to resolve collisions in a less-than-collision-resistant hash function.
<andytoshi>
kanzure: i'll try to bug blumberg one of these days
<nwilcox>
So would it be possible to replace pubkey / script hashes with a shorter bit string, provided we require anyone who needs to verify those hashes must also maintain context from the blockchain history?
trippysalmon has joined #bitcoin-wizards
zooko has quit [Remote host closed the connection]
<andytoshi>
kanzure: it's interesting that blumberg's high-level interests align so closely with my own, given that he does everything topologically (which i have zero interest in)
<nwilcox>
This could be both a scaling and a usability hack. (Not sure what proportion of storage/bandwidth is hashes, so not sure how much it helps with that.)
<andytoshi>
nwilcox: sure, if we could expect everyone to "maintain context" blockheaders themselves would suffice
<andytoshi>
in that example the context for a transaction would be (a) the whole transaction, (b) its merkle path in the block to the hash in the header, (c) the same for all its inputs and so on
zooko has joined #bitcoin-wizards
<andytoshi>
welll, actually, scratch that, i think this does not provide useful protection against double-spends unless everyone stores every transaction (and that's where we're at now)
<nwilcox>
andytoshi: If k txouts pay to pubkey hash H, this currently uses k*H*hash_size bytes in aggregate for all of those txns, right?
<andytoshi>
nwilcox: yes
<nwilcox>
-and to verify a transaction "locally" (without double spend protection), a non-full-node can check hashes and signatures.
<zooko>
nwilcox: but, those can be coalesced by the controller of the private key.
<andytoshi>
..but given that the pubkeyhash is (on a UI level) a label for the txouts, i'd expect k to be one in most cases
<zooko>
If he wants. Not that he pays the scaling costs of not doing so.
<nwilcox>
I'm confused a bit. If my wallet sends your wallet BTC in two separate transactions, doesn't it repeat your pubkey hash twice on the wire?
<andytoshi>
nwilcox: no, if you send two transactions you need to spend (at least) two different txouts
<nwilcox>
-and whenever any full node verifies blocks containing either of those two txns, they download the same hash twice.
<nwilcox>
andytoshi: Two txouts to the same pubkey hash.
<andytoshi>
nwilcox: i'm telling you that's rare (and for privacy reasons we'd prefer it never happen)
<andytoshi>
and no, they would not download the same hash twice; verifiers would have both txouts cached
<andytoshi>
and the two transactions would refer to different txouts, which would have different (txhash, vout) identifiers
<nwilcox>
andytoshi: First, let's set aside privacy. I'm willing to concede this isn't useful if it requires sacrificing privacy, but I want to explore it with that simplification.
<nwilcox>
Next, when you say "two txns would refer to different txouts", you are refering to their txins, right? I'm focused on the scriptPubKey in the txouts.
<nwilcox>
If (privacy be-damned), two transactions make payments to the same pubkey, the contain txouts which repeat the pubkey's hash, correct?
<andytoshi>
yes
<nwilcox>
s/the contain/they contain/g
<nwilcox>
Ok, so if we sacrifice (in addition to privacy!) the ability for nodes to verify signatures "locally", then can't we only include a smaller number of bits on the wire and rely on the blockchain to resolve hash collisions?
<nwilcox>
There are those two crucial sacrifices, and even then I'm not sure if this helps scalability at all.
<zooko>
nwilcox: I'm trying to suggest something which I think has the same effect.
<nwilcox>
resolving collisions eg: "Take sha256(msg) then truncate it to 64 bits. If that's already present in my contextual state, then take the sha256(sha256(msg)) and check again, etc..
<nwilcox>
zooko: What is that?
<zooko>
nwilcox: the recipient can *spend* those two utxos.
<zooko>
Then there are no longer 2, but only 1, utxo.
<nwilcox>
zooko: Ah, okay. I'm focused on the bandwidth of transactions. That would involve repeating the pubkey hash twice for the initial two transactions, plus another transaction.
<nwilcox>
Maybe utxo size in any given block is more important than serialization size of transactions.
<zooko>
Ah, I was focused on the size of the utxo set, which is a different measure.
<nwilcox>
Hrm... maybe I should learn about which measures represent the important scaling bottleneck.
<zooko>
*nod*
bedeho has joined #bitcoin-wizards
<nwilcox>
Changing block size is one way to address txn/time by changing bandwidth.
<nwilcox>
Shrinking txn serialization size is another way to raise txn/time *without* changing bandwidth.
adam3us has joined #bitcoin-wizards
<nwilcox>
My intuition is that utxo set size isn't a bottleneck for scaling txn/time.
frankenmint has joined #bitcoin-wizards
<nwilcox>
Actually, this hack may help with all hashes, regardless of their reuse, and therefore it may not impact bitcoin privacy at all.
<nwilcox>
It still requires a fundamental change which sacrifices local transaction verification.
<nwilcox>
-and it might not work when multiple transactions refer to different hashes whose shortened version collides within the same block.
frankenmint has quit [Remote host closed the connection]
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
adam3us has quit [Ping timeout: 255 seconds]
<nwilcox>
Hm... Actually the whole idea may be incoherent. In order to resolve collisions, a rule would say "the first colliding input, x_0, gets to 'claim' that output, and the next colliding input, x_1, has to be further processed."
<nwilcox>
But the input x_0 (eg a pubkey) is typically not known to the blockchain when txos refer to it initially.
<zooko>
Doesn't sound like a promising approach since, as you say, it requires a disruptive change which sacrifices a widely-used feature.
<nwilcox>
I'm not sure how widely used local transaction verification is used...
<nwilcox>
Safest to assume some important userbase for any feature of unknown usage.
adam3us has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
roxtrongo has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
adam3us has quit [Ping timeout: 246 seconds]
hearn_ has joined #bitcoin-wizards
Emcy_ has joined #bitcoin-wizards
hearn has quit [Ping timeout: 246 seconds]
Emcy has quit [Ping timeout: 240 seconds]
ASTP001 has joined #bitcoin-wizards
hearn_ has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
Newyorkadam has joined #bitcoin-wizards
roxtrongo has quit [Remote host closed the connection]
zooko has quit [Remote host closed the connection]
jtimon has joined #bitcoin-wizards
CodeShark_ has joined #bitcoin-wizards
bedeho has quit [Read error: Connection reset by peer]
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
nwilcox has quit [Ping timeout: 264 seconds]
kmels has joined #bitcoin-wizards
Jaamg has joined #bitcoin-wizards
CodeShark_ has quit [Ping timeout: 250 seconds]
kang_ has quit [Quit: Page closed]
jaekwon has quit [Remote host closed the connection]
ASTP001 has joined #bitcoin-wizards
ASTP001 has quit [Client Quit]
ASTP001 has joined #bitcoin-wizards
Dizzle has quit [Read error: Connection reset by peer]
Dizzle has joined #bitcoin-wizards
jaekwon has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
Newyorkadam has joined #bitcoin-wizards
jaekwon has quit [Remote host closed the connection]
nwilcox has joined #bitcoin-wizards
Anarcho has quit []
Quanttek has quit [Ping timeout: 250 seconds]
hearn has joined #bitcoin-wizards
<kanzure>
oh for proof-of-treachery your supernode could really be a 1-of-10000 "at least 1 honest node" protocol of some kind. but they could still coerce everyone to change the fraud proof handling stuff because the costs of setting up an alternative set of supernodes is very high. maybe you could steal back their fees/income and give it to the one honest node as a result.
adam3us has joined #bitcoin-wizards
hearn has left #bitcoin-wizards ["Textual IRC Client: www.textualapp.com"]
rubensayshi has quit [Remote host closed the connection]
jtimon has quit [Ping timeout: 264 seconds]
bedeho has joined #bitcoin-wizards
<gmaxwell>
The attacker could just paritition you from the 1-of-. All the fraud proof oriented approaches are very censorship vulnerable :(. The biggest weakness there, and I can't even say its purely additive, because of the supernode cost issues.
nwilcox has quit [Quit: leaving]
zooko has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
<kanzure>
contigency plans for what to do about extremely costly supernodes would be a nice thing to have, like maybe instead of degradation of transactions/sec you can get degradation of some other property as you bootstrap again below that supernode costliness threshold.
jaekwon has joined #bitcoin-wizards
<kanzure>
wait how does the partioning work? i was thinking of a 1-of-10,000 multisig party.
<gmaxwell>
08:54 < nwilcox> So would it be possible to replace pubkey / script hashes with a shorter bit string, provided we require anyone who needs to verify those hashes must also maintain context from the blockchain history?
<gmaxwell>
You can, yes, of course you're exposed to attack under reorg and by miners; and-- you end up with forever growing random access data to deal with.
BigBitz has quit [Quit: This should never appear!]
<gmaxwell>
kanzure: your security assumption is that at least 1 of 1000 is honest. Right? That means up to 999 are dishonest. A dishonest party signs, and a sybil attack prevents communication from the honest party.
<gmaxwell>
So you get a no-fraud signature, and you're denied access to the wait-theres-fraud signature.
<kanzure>
m-of-m but yes i see your point for 1-of-m (which is obvious)
<gmaxwell>
now, if you said 1000-of-1000 you'd have it, but there is an obvious reliablity issue there.
<kanzure>
i was referring to 1-of-m as in 1 has to be honest, but you're right that when saying x-of-y it's usually talking about the threshold to be considered valid, whoops
<gmaxwell>
You could relax e.g. to a 990 of 1000 to have some redundancy, and perhaps thats more reasonable.
<kanzure>
also you have backlog in pm to review
<gmaxwell>
okay makes more sense.
<kanzure>
but yeah the other issues you have brought up are also troubling
<kanzure>
once you have a sufficiently high supernode cost, there's really no hope for rebooting the network
<kanzure>
but this might be true for all possible systems :-)
smk has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
zooko has quit [Ping timeout: 244 seconds]
Burrito has joined #bitcoin-wizards
Tiraspol has quit [Read error: Connection reset by peer]
Tiraspol has joined #bitcoin-wizards
Dizzle_ has joined #bitcoin-wizards
Dizzle has quit [Disconnected by services]
Dizzle_ is now known as Dizzle
roxtrongo has joined #bitcoin-wizards
Dizzle has quit [Read error: Connection reset by peer]
Dizzle has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 264 seconds]
hazirafel has joined #bitcoin-wizards
eudoxia_ has joined #bitcoin-wizards
eudoxia_ has quit [Remote host closed the connection]
<gmaxwell>
We've been building some interest outside of the bitcoin ecosystem on script-as-a-digital-signature-system
<gmaxwell>
I wish we were further along with script replacement stuff. :(
eudoxia has quit [Ping timeout: 250 seconds]
chmod755 has joined #bitcoin-wizards
Dizzle has quit [Ping timeout: 240 seconds]
nwilcox has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
<aj>
gmaxwell: "script replacement stuff" ? more info pls? :)
<gmaxwell>
aj: There are several lines of long term development related to an improved replacement for Bitcoin script incorporating several of the powerful observations we've made in the last couple years.
<aj>
gmaxwell: are there threads / white papers / ... about it that i could read?
<gmaxwell>
scattered, and no awesome overviews right now.
<gmaxwell>
The most important being the fundimenal difference between computation and verification. For example, division is expensive to perform. But if I asked you to verify a transcript of a program that divided you could still do so even if you were unable to divide yourself: You can take the answer and _multiply_ (which is cheap) and then check that the result agreed with the inputs. Turns out that
<gmaxwell>
this thinking has deep implications.
shesek has quit [Read error: Connection reset by peer]
<aj>
gmaxwell: sounds like verifying a proof versus constructing one, too
<nsh>
'Imagine a cert that embeds its own validation & revocation scripts, using a language like #Bitcoin transaction code. Interested? @pwuille?'
<gmaxwell>
One way this thinking applies is what P2SH does-- the program comes with the signature, and the pubkey only commits to it. This can be applied recursively in a powerful way. Imagine your program as a tree that branches for every OR condition. Now build a hashtree over the program code. When you spend, you need only reveal the segments you actually executed, not the whole program.
<gmaxwell>
We call that MAST: merkelized abstract syntax tree.
<kanzure>
isn't this the MAST/MTUT thing.
<kanzure>
yes ok.
<kanzure>
also i think the spelling needs to be figured out because i saw merklized abstract syntax tree and merkleized and merkelized when i was reading most -wizards logs recently
<gmaxwell>
At an extreme you can get some incredible compression for two party contracts; e.g. make your script {2 of 2 multisig} OR {complex contract}. And so long as everyone cooperates, the network never sees the complex contract.
<kanzure>
aj: no :-)
<nsh>
(it's merkleized or Merkle-ized [s#z#s# as appropriate])
<aj>
kanzure: aww come on, it's perfect! it's murky because you never see the whole thing!
<gmaxwell>
Another thing we've learned, is that any sensible multi-condition authorization scheme at the top level is a monotone boolean function. For example, it is not sensible to have a policy which says Alice && Bob && !Carol since carol could always just choose not to sign (or have her signature stripped).
<nsh>
(which neatly corresponds to the kind of access structures you can achieve with certain types of group signature)
<nsh>
(not that this does bitcoin any good, directly)
<gmaxwell>
Monotone boolean functions are those functions that can be constructed exclusively with AND and OR gates (or, equally, with threshold gates). They have a useful property that they are trivally composable. E.g. you can take an AND or an OR of two sensible policies and you get a sensible policy, or you can put a sensible policy as any leaf in another sensible policy and get another one.
<gmaxwell>
They also have the property that you can sign 'your part' of a monotone function without understanding any of the rest. E.g. they're cumulative.
<gmaxwell>
So there has been a fair amount of discussion talking about the space of monotone functions, efficient encodings for them, etc. As it seems like it would be sensible for any future script to have a monotone decison tree as a first class construct.
* nsh
nods
<gmaxwell>
There are other assorted bits of thinking which are relevant, e.g. we now know how to make any such system very soft-fork friendly.
<gmaxwell>
OTOH, soft-fork-friendlyness has bad effects when script is used outside of a consensus system.
<gmaxwell>
Part of the importance of handling it specifically.
<kanzure>
would a sighash type fix this
<gmaxwell>
kanzure: what I had proposed previously is that at the top level you have a monotone tree and at each leaf there is a condition and each condition begins with a rule specifier. An application could choose how it handles unknown specifiers. In a consensus system, you'd assume an unknown specifier is a soft-fork and silently accept.
smk has left #bitcoin-wizards [#bitcoin-wizards]
<gmaxwell>
In other contexts you'd assume it was a future feature and you'd reject with a notice that the signature couldn't be understood.
<nsh>
hmm
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
sumah has quit [Quit: Leaving]
<kanzure>
"This system would allow new opcodes to be added in a cleaner fashion. Nodes which don't understand the opcodes would just accept the script."
b-itcoinssg has joined #bitcoin-wizards
drwin has quit []
Guyver2 has joined #bitcoin-wizards
fabianfabian has joined #bitcoin-wizards
nullbyte has joined #bitcoin-wizards
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
trippysalmon has quit [Read error: Connection timed out]
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
drwin has joined #bitcoin-wizards
fabianfabian has quit [Read error: Connection reset by peer]
droark has quit [Quit: Later.]
jaekwon has quit [Remote host closed the connection]
Quanttek has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
CodeShark_ has joined #bitcoin-wizards
shesek has quit [Read error: Connection reset by peer]
gavinandresen has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
ASTP001 has joined #bitcoin-wizards
jaekwon has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
shesek has quit [Read error: Connection reset by peer]
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
digitalmagus has quit [Ping timeout: 264 seconds]
shesek has joined #bitcoin-wizards
ginah has joined #bitcoin-wizards
nwilcox has quit [Quit: leaving]
ASTP001 has joined #bitcoin-wizards
copumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
Tiraspol has quit [Ping timeout: 252 seconds]
trippysalmon has joined #bitcoin-wizards
Tiraspol has joined #bitcoin-wizards
<andytoshi>
gmaxwell: great summary of "new script" thinking, i haven't seen all that written out at once before
roxtrongo has joined #bitcoin-wizards
roxtrongo has quit [Remote host closed the connection]
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
shesek has quit [Read error: Connection reset by peer]
SwedFTP has quit [Ping timeout: 260 seconds]
moa has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
drwin has quit [Ping timeout: 240 seconds]
copumpkin has joined #bitcoin-wizards
SwedFTP has joined #bitcoin-wizards
AnoAnon has joined #bitcoin-wizards
AnoAnon has quit [Max SendQ exceeded]
<b-itcoinssg>
What is the reasoning behind duplicating a leaf of an odd number merkle tree, instead of using the odd number leaf as a separate branch to build the merkle tree?
<gmaxwell>
Your question is unclear to me.
<gmaxwell>
The duplication bitcoin does is bad and creates a vulnerability, a second preimage attack. Something just needs to be padded there. Ideally it would be accomplished by something outside of the domain of the input.
chmod755 has quit [Quit: Ex-Chat]
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
ASTP001 has joined #bitcoin-wizards
melvster has quit [Remote host closed the connection]
melvster has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 268 seconds]
<gmaxwell>
On the subject of the index of bitcoin ideas stuff... there is now enough material gathered that sorting through it is hard. I'm thinking about ranking criteria which we could use to sort the stuff. Implemented? Widely deployed? Well-defined/described? Feasable? Useful? what other largely orthorgonal characteristics could we use to rank the sorts of raw ideas that have poured out of our ext
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
<gmaxwell>
very nice.
<gmaxwell>
Feasability is a bit orthorgonal though, e.g. there are ideas which I'm pretty sure actually don't work... but they are still interesting because they pose a problem which might be worth solving.
<gmaxwell>
Or like all these proposals to fix value under signature with hardforks. I think thats boneheaded. :) but it only takes a few seconds of thought to go "oh yea, you can do the same thing with a softfork".
<gmaxwell>
(well not just a hardfork but a total halt-all-transactions flag-day)
<gmaxwell>
Really need better language than hard/soft forks, e.g. distinguishing details like must-upgrade-all-systems-at-once which traditionally had meant hardfork, but right now the recent blocksize stuff has made people think of hardforks incorrectly because the BIP101 proposed hardfork is a very unusual one.
nwilcox has joined #bitcoin-wizards
GGuyZ has quit [Quit: GGuyZ]
user7779078 has joined #bitcoin-wizards
<kanzure>
perhaps it should be judged by idea bus factor
shesek has quit [Read error: Connection reset by peer]
<zooko>
gmaxwell: +1 The terminology of "hard/soft fork" is a big impediment to my own thinking and to others I try to communicate with.
shesek has joined #bitcoin-wizards
<gmaxwell>
zooko: its an improvement over not having that distinction at all... but the terms arose organically, and without any real intent.
<gmaxwell>
Hard fork was created to distinguish ordinary network forking from an unrecoverable difference in rules.
<gmaxwell>
And then soft fork came about later to distinguish the changes that were only one-way hard-forks.
<kanzure>
hmm i wonder if there's any cryptography stuff in the soviet patent system http://patentdb.su/
<tromp_>
hi, zooko
ASTP001 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
<zooko>
We're finally making forward progress! Also, apparently the way publicity works, I have to avoid talking about it in forums where other people, especially journalists, could hear, if I want to get lots of publicity later from other journalists. :-/
<zooko>
I'm still working out that part.
<zooko>
But fuck it, I'm going to answer your question right now and hopefully not regret it.
<zooko>
So, we got cash in the bank, allowing us to hire another engineer, and so stop worrying about starving to death, and since then (which is quite recent),
<zooko>
we're doing a bunch of boring engineering work like build system, unit tests, etc.
shesek has quit [Read error: Connection reset by peer]
<zooko>
My current priority is figuring out how to navigate this publicity stuff so that we can be all out in the open from there forward.
<zooko>
Thanks for asking!
shesek has joined #bitcoin-wizards
<tromp_>
i ask because a while ago, you mentioned a possible testnet launch in august
<zooko>
:-( My calendar has an old faded scratch on it that says "Launch Test Net" on
<zooko>
Mon Aug 31. :-(
<tromp_>
of course i know such ETAs just mean " guaranteed not to happen before ..."
shesek has quit [Read error: Connection reset by peer]
<zooko>
We don't ... Heh heh heh.
<zooko>
I think the actual software is *almost* actually runnable for that purpose, but I'm blocked on my confusion about how to do PR.
<zooko>
I also tried to hire a PR expert to help me with that, and then I was blocked on my confusion about how to hire PR experts.
<zooko>
So I gave up on that and went back to working on it myself.
shesek has joined #bitcoin-wizards
<zooko>
"it" -> arranging PR, talking to journalists, etc.
shesek has quit [Read error: Connection reset by peer]
<tromp_>
btw, i recently got access to a beefy nVidia GPU card and completed my cuda miner for Cuckoo Cycle
<zooko>
Oh, interesting!
<zooko>
Are any altcoins deploying Cuckoo PoW yet?
<tromp_>
turns out performance matches a 4-core hyperthreaded Core i7
<zooko>
Cool data point!
<MRL-Relay>
[othe] on what card model tromp?
<tromp_>
GTX 980
<tromp_>
optimum #threads was 512
<MRL-Relay>
[othe] pretty much like cryptonight
<zooko>
What'
shesek has joined #bitcoin-wizards
<zooko>
s cryptonight?
<tromp_>
no, still not deployed, zooko
<MRL-Relay>
[othe] zooko, the pow used in monero
<tromp_>
perhaps more interesting, the GPU only spends 15% of runtime computing
<MRL-Relay>
[othe] the hash to watt ratio is around 2x better than for a cpu
<MRL-Relay>
[othe] for AMD cards, nvidia cards are slower
<tromp_>
no, in absolute terms, disregarding watts
<MRL-Relay>
[othe] due to some slower memory it seems
<MRL-Relay>
[othe] hash to watt is the only thing that counts
<MRL-Relay>
[othe] a highend amd card does 2x the speed of an i7
<gmaxwell>
I think the monero stuff is a regretfully bad example of POW stuff, in particular, the performance is so horriffic that its almost always a smoking out DOS attack. :( Also, a lot of the design seemed to have been motivated by an effort to unethically obfscuate it. (old history, sure, but its baggage on the design)
<gmaxwell>
s/smoking out/smoking hot/
<tromp_>
i have no idea how much power the GTX980 uses when running cuckoo
<gmaxwell>
I have no clue about current GPUs, but I know on older ones memory was a lot of the power usage. I significantly improved my bitcoin farm's H/j by downclocking the memory to the point that the cards would crash if a display was attached. :)
<tromp_>
presumably the core i7 is at least twice as efficient in hash/watt
<smooth>
gmaxwell: The performance isn't really that bad. Before it was properly optimized it was something like one second per hash which is obviously terrible. But now at <20ms/hash on one core, it's not. If you are going to get banned by sending bad hashes and you have to rely on botnets all over the place you will have trouble connecting fast enough to max out CPU
<zooko>
Interesting data points! Thanks gmaxwell and smooth.
<tromp_>
zooko, are you still going with catena for pow?
<zooko>
No, probably the Password Hashing Competition's winner, which is a (variant of) Argon2.
<gmaxwell>
smooth: for example, the privacy of the system is critically dependant on hiding yourself from network observers.. so you'd want to run over tor... but the banning as a fix to dealing with garbage doesn't work without expensive 'identities' for peers. :(
<zooko>
There's one open question in my mind about efficiency of verification, which I *think* can be fixed with a Merkle Tree and the verifier verifying a subset of the proofs...
<zooko>
But I'm not sure, hence the "open question" part...
<tromp_>
you'll also have the challenge of needing to provide optimized gpu argon2 miners for a "fair" launch
shesek has quit [Read error: Connection reset by peer]
<smooth>
gmaxwell: i doubt that DoS is fixable without some kind of identities. If you dont get hit with CPU burning you will still get your network connection flooded.
Quanttek has quit [Ping timeout: 256 seconds]
<gmaxwell>
smooth: I say this not to be negative about monero, it's a problem for bitcoin too... but just much worse for monero since the native POW is so costly to verify. Also, doesn't the 20ms number need hardware AES support?
<gmaxwell>
smooth: on networks like tor you can use POW to prevent network flooding too.
<zooko>
tromp: Hm.
<smooth>
gmaxwell: yes with hardware AES, but even without its is much better than before, around 100ms i think.
<MRL-Relay>
[othe] "fair" launch can only be archived when you emission the coins on some kind of better curve, like a few months dont emission a lot of coins at all, else some chinese gpu farm will just grab them all anyway and i doubt thats more "fair"
<gmaxwell>
smooth: okay the number in my mind (which I thought was the unoptimized case) was 7 hashes per second.
<smooth>
and increasingly little hardware lacks AES hardware
shesek has joined #bitcoin-wizards
<gmaxwell>
smooth: it's off by default in virtually every motherboard I've touched because of psycho export restriction cargo culting! :(
<zooko>
gmaxwell: haha! really!?
<zooko>
Wow.
<smooth>
gmaxwell: interesting, i haven't seen that (turned off by default). i did notice the BIOS option showing up though
<gmaxwell>
Just informal expirence, but at least both supermicro and asus (I think?) ship with it off by default in the bios.
<MRL-Relay>
[othe] not for consumer boards?
<gmaxwell>
Just got a MB-X10DA-I-O-P that shipped with it off.
<MRL-Relay>
[othe] i run a bunch of asus boards, tho the ones sold in europe where are less weird crypto laws. all of them have aesni on by default
Dizzle has quit [Quit: Leaving...]
<gmaxwell>
(a dual 2011v3 board)
<smooth>
i agree with what othe said about launch. slowly ramp up the rewards over some time period that is reasnoable for people to deploy and optimize
<tromp_>
zooko, have you considered using multiple pows, like myriad?
<MRL-Relay>
[othe] multiple pow sound more like adding multiple points of failure
<zooko>
tromp: we have.
<zooko>
tromp: Myriad-like things went into the bucket of potentially good ideas that we don't have enough teeth to chew.
<zooko>
That's a big bucket.
<tromp_>
othe: it's not. when a system is secured by 50% pow1 and 50% pow2, it cannot be attacked by just getting tons of pow1 hashing power
<zooko>
othe: there's a proposal for multi-PoW, named Myriad, which makes it so it only goes south if they *all* fail.
<zooko>
It's a really neat idea.
<tromp_>
the simplest attack wld be to duplicate both the existing pow1 and pow2 hashing power
<MRL-Relay>
[othe] because botnets care about that?
<zooko>
smooth: Hm. Interesting.
<smooth>
zooko: i think i first heard it from gmaxwell, to be fair
<MRL-Relay>
[othe] if you dont want your coin attacked use something were its *easy* to get a asic miner out, prolly sth like blake if u dont want to use sha
<zooko>
smooth: I think it is safe to assume that all interesting novel cryptocurrency ideas were earlier proposed by gmaxwell.
<smooth>
zooko: haha, nice
<smooth>
tromp_: 50/50 you can still be attacked fairly easily right, maybe 3-4 is better
shesek has quit [Read error: Connection reset by peer]
<tromp_>
othe: except asic hashing power tends to get centralized, chinese gov can twist arm of serval of largest mining operations
<smooth>
tbh so far we've seen all hashing power get fairly centralized
shesek has joined #bitcoin-wizards
<zooko>
smooth: including XMR?
<smooth>
zooko: well its hard to say, maybe its all one big botnet right?
<zooko>
What's the distribution of LTC mining like?
<tromp_>
smooth: i think 2 is optimal. make one pow compute bound, and one memory bound
Mably has quit [Ping timeout: 265 seconds]
<tromp_>
smooth with 3 or 4 attacker can ignore 1 or 2
<smooth>
in theory (in practice hard to say): cpu->botnets, gpu->big GPU farms, ASIC->manufactuers
<tromp_>
sorry, i mean ignore just 1
<smooth>
tromp_: but im thinking with 2 if you crack one hard then you get that, plus a small fraction of the other one and you're there
<zooko>
smooth: what are the most valuable examples of CPU-oriented PoW coins?
<smooth>
zooko: im pretty sure monero is the most valuable one
<smooth>
zooko: who knows really, its sort of the nature of mining that unless you have big public or semi-public operations like BTC its not transparent
<zooko>
smooth: okay, thanks.
<smooth>
zooko: filter non-mineable, monero is #9. bytecoin is phony, the rest are clearly not CPU
kmels has quit [Ping timeout: 252 seconds]
<smooth>
all above it ar esha, scrypt, x11
<gmaxwell>
tromp_: doesn't sound like an unreasonable intution there--- the "dozen functions" stuff to me mostly sounds like "we're going to shove costs into ASIC design NRE, thus assuring there is no competative market for mining hardware"
<smooth>
also bytecoin has essentially no mining either
<tromp_>
coin magi is claimed to be gpu resistant. but i've also seen ppl claim it has private gpu miners
<smooth>
magi has $26K market cap...
<tromp_>
the cuckoo cycle gpu code is embaressingly simple; basically two 10 line routines
c0rw|away is now known as c0rw1n
<smooth>
tromp_: haven't many of the mining "breakthroughs" like going GPu or ASIC or whaever been more tha 4x jumps?
<tromp_>
i'm a strong believer in avoiding complexity
Newyorkadam has quit [Quit: Newyorkadam]
<smooth>
it would imagine a good protection of multi would be one getting REALLY cracked
<smooth>
or algorithmic improvements for that matter, not just hardware
<gmaxwell>
I still think an under evaluated concern is how much advantage is actually needed to screw things up.
<gmaxwell>
In the limit, mining runs at break even, small advantages are huge differences in profit. It may well be the case that a 10% efficiency difference (or whatever) pushes everyone less efficient out.
<smooth>
maybe none :(
shesek has quit [Read error: Connection reset by peer]
<gmaxwell>
And so all these things that hope to prevent 10x-100x differences from specialized hardware are actually inadequate.
<smooth>
i mean none inherent in the algorithm. in the real world someone always has an advantage, which is not really encouraging
shesek has joined #bitcoin-wizards
<gmaxwell>
right but do people have massively unequal access to advantage?
<gmaxwell>
some kinds of advantage are useful... e.g. free power that doesn't scale.
<tromp_>
gmaxwell: another extreme is millions of ppl willing to mine at a loss as in a lottery, makling commercial mining impossible
<gmaxwell>
locations that need the waste heat anyways, but again, there is only so much low grade heat anyone needs.
<smooth>
maybe we can say that someone always has a scalable advantage. i dont know if that is true, but it seems it very well might be
<tromp_>
which is more likely if e.g. phones can mine overnight with moderate efficiency
davec has quit [Read error: Connection reset by peer]
<gmaxwell>
tromp_: yea, surprisingly (to me) that hasn't worked _at all_ in bitcoin. It's extremely frustrating, several times I've seen people in one breath talk about mining at the biggest possible pool for low variance and the next they talk about spending their mining income at a negative expectation gambling 'dice' site.
<gmaxwell>
smooth: there are disadvantages of scale too. Esp in heat removal... optimal heat removal efficiency wants the lowest density possible.
<smooth>
someone even tried to sell a "lottery machine" miner. went nowhere
<tromp_>
gmaxwell wonderful example of completely irrational behaviour
<smooth>
gmaxwell: yes but what im saying is that if you assing to each actor a number indicating the degree of useful scalability (after netting out waste heat, etc.) it is not clear that someone isn't the absolute winner
<smooth>
*assign to
<kanzure>
hmm in treechains i really like the "parent blockchain sets the difficulty" because this fixes a lot of child chain difficulty retargeting attacks caused by large quantities of pow hashrate showing up and leaving
<gmaxwell>
smooth: yes, someone is the 'winner' but some of the things I mention have upper limits.. many people have access to 'free' power (e.g. power paid for as part of a flat agreement), but can only draw a kilowatt or two.
<smooth>
gmaxwell: just saying it doesn't seem to have worked out that way. suggesting a model for maybe why not
<smooth>
but also true the game is not over by any means
<gmaxwell>
smooth: ah. Well in bitcoin space, because access to hardware has trumped energy cost at every point in time people were actually excited about getting involved. I don't think more is required than that.
<kanzure>
does anyone have -wizards logs from 2014-03-01 to 2014-10-01?
<gmaxwell>
I can point to several forum threads where people are calling me unkind names when I suggest energy efficiency as even a consideration!
<kanzure>
gmaxwell: bah just wait until they start calling you a bioterrorist. i get that one a lot.
<kanzure>
i was going to look up treechain stuff in -wizards logs but i am missing multiple months in my log archive :-(
davec has joined #bitcoin-wizards
<kanzure>
hmm wait no that doesn't help with difficulty retargeting attacks on child chains.... something at n levels deep is 2^(n - c) more vulnerable to a somewhat successful miner from level (parent - c)
<kanzure>
i guess you could just have 2^n more child blocks at those levels to make up for this -___-
<kanzure>
er more child chains
GGuyZ has joined #bitcoin-wizards
hazirafel has quit [Ping timeout: 264 seconds]
<kanzure>
((this makes it so that on average the likelihood of a large-enough attacker selecting any particular child treechain to attack is very low)) (but why didn't this hold for pow altcoin altchains in the past?)
Guyver2 has quit [Quit: :)]
dEBRUYNE has quit [Ping timeout: 265 seconds]
<smooth>
kanzure: maybe im misunderstanding your point but how is it not true. most altcoins have not been attacked
<smooth>
there is certainly a degree of "why even bother to attack this one when there are 1000 other ones just like it"
<gmaxwell>
One of the many reasons why 'it hasn't broken yet!' is nearly useless.
<gmaxwell>
(also: when things do break the cryptocurrency industry doesn't tend to learn from the break)
<kanzure>
why would miner fees be enough to convince someone to mine at the << 2 difficulty child treechain but not the << 1 difficulty child treechain
user7779078 has quit [Remote host closed the connection]
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
snthsnth has joined #bitcoin-wizards
roxtrong_ has joined #bitcoin-wizards
<zooko>
tromp: how much memory does your high-end GPU have?
<kanzure>
"By the way, I had some more replies to my original mailing list post. Some people think that what I am doing can be achieved with bigger block sizes and with SPV nodes, but this is not true. One of the main advantages of this tree structure of subchains is that you can constrain your wallet to just one path of subchains, so you can download all the full blocks on each of these chains and be sure that you have the status of all the ...
<kanzure>
... UTXOs corresponding to your wallet. In simpler words, it lets you be sure of your balance in a scalable (O(log n)) way. Same with the balance of others you wish to track (such as your government representatives). I read a bit about so-called "UTXO commitments" but I don't think they are as reliable and decentralized as this method, since you still need supernodes to feed you the merkle-tree proofs. Can someone answer this?"
<kanzure>
"Actually, my scheme described above does not need merge-mined chains. As I mentioned, parent chains would get fees from child chain miners to put the hashes in, and (not sure if I said this) the fees can be in the form of outputs that are registered as spendable on the child chains only, so this would give the parent chain miners an incentive to be careful and validate as much as possible the transactions of the child chains."
<kanzure>
"Still, in principle it would be a small matter for someone to lease and concentrate hashpower on one among thousands of chains and launch a 51% attack. So I also like your idea of a hierarchy of sidechains where lower chains handle smaller transactions, thus there is less incentive to waste time on a double-spending attack on a chain limited to micropayments."
<kanzure>
hmmm i don't think anti-dos works like that :-) transaction value does not determine whether someone wants to ddos you
<kanzure>
also it's not just double-spending that you have to defend against
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
b-itcoinssg has quit [Quit: Connection closed for inactivity]
nwilcox has quit [Quit: leaving]
airbreather has joined #bitcoin-wizards
* Luke-Jr
ponders if there's any way to use idle GPU RAM for his system RAM :P
ThomasV has joined #bitcoin-wizards
<gmaxwell>
GPU swap. :P
<zooko>
Heh heh.
<aj>
gmaxwell: "<gmaxwell> so it would be nice if I could throw that into a theorm prover and ask it "is there any way to satisify this script that doesn't provide sixX or sigY"" -- has there been any progress on that in the past couple years?
<zooko>
tromp: what parameters of Cuckoo were you testing?
<gmaxwell>
aj: Not really, though -- well so if the top level of the script is a montone function its _very_ easy to answer that question.
shesek has quit [Read error: Connection reset by peer]
shesek has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 264 seconds]
<tromp_>
zooko i tried size 2^28
afk11 has quit [Remote host closed the connection]
<tromp_>
the GPU only does the edge trimming; the cycle detection (which takes less than 2% of runtime) is still on cpu
<tromp_>
size 2^30 is roughly 4 times slower as expected
<zooko>
So how much of the GPU's 6 GB of RAM did it use for the edge trimming?
c0rw1n is now known as c0rw|zZz
shesek has quit [Read error: Connection reset by peer]