wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
<katu> (aka, i dont trust it to be 2^160 for second preimage, but something significantly less, plus few bits of birthday likelyhood)
justanotheruser has quit [Ping timeout: 240 seconds]
CodeShark has quit [Ping timeout: 246 seconds]
midnightmagic has joined #bitcoin-wizards
bramc has quit [Quit: This computer has gone to sleep]
Quanttek has quit [Ping timeout: 260 seconds]
kmels has joined #bitcoin-wizards
jaja1 has joined #bitcoin-wizards
midnightmagic has quit [Quit: quit]
justanotheruser has joined #bitcoin-wizards
midnightmagic has joined #bitcoin-wizards
trinity_help has quit [Quit: Page closed]
esneider has quit [Remote host closed the connection]
esneider has joined #bitcoin-wizards
esneider has quit [Read error: Connection reset by peer]
esneider has joined #bitcoin-wizards
esneider has quit [Remote host closed the connection]
esneider has joined #bitcoin-wizards
esneider has quit [Remote host closed the connection]
jaja1 has quit [Quit: Page closed]
kgk has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 246 seconds]
kgk has quit [Ping timeout: 252 seconds]
psgs_ has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
blackwraith has quit [Read error: Connection reset by peer]
dEBRUYNE has quit [Ping timeout: 246 seconds]
King_Rex has quit [Remote host closed the connection]
psgs_ has quit [Quit: Leaving]
Giszmo has quit [Quit: Leaving.]
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
Ylbam has quit [Quit: Connection closed for inactivity]
afk11 has quit [Ping timeout: 240 seconds]
kmels has quit [Read error: Connection reset by peer]
Dr-G has joined #bitcoin-wizards
Dr-G2 has quit [Ping timeout: 240 seconds]
belcher has quit [Quit: Leaving]
afk11 has joined #bitcoin-wizards
TBI_ has joined #bitcoin-wizards
TBI has quit [Ping timeout: 240 seconds]
dEBRUYNE has joined #bitcoin-wizards
alpalp has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
Jeremy_Rand has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
<Jeremy_Rand> Am I correct in assuming that people have seen this paper from Microsoft Research on a Zerocoin construction that doesn't need trusted setup? https://eprint.iacr.org/2014/764 I'm curious if anyone has insights into whether something like it might eventually get implemented in Bitcoin. (Hope this isn't off-topic and that this is an okay place to ask.)
kgk has joined #bitcoin-wizards
kgk has quit [Ping timeout: 240 seconds]
afk11 has quit [Quit: Leaving.]
fkhan has quit [Ping timeout: 250 seconds]
<gmaxwell> Jeremy_Rand: it's been brought up in here before.
<gmaxwell> I don't remember it though (though I have the paper in the i've read this directory)
bedeho has joined #bitcoin-wizards
<gmaxwell> Jeremy_Rand: does it have proofs that are a function of the size of anonymous group?
<MRL-Relay> [shen] Jeremy_Rand: seems similar in intent to something I posted yesterday that's being worked on for Monero (assuming no flaws are found) https://github.com/ShenNoether/MiniNero/blob/master/RingCT0.3.pdf
<MRL-Relay> [shen] I had read it before, but somehow missed the part where they claimed non-interactivity
<gmaxwell> ah yea, it sends log(n) data in the proof, and requires O(n) computation in the verifier.
<Jeremy_Rand> gmaxwell: O(n) computation where n is the anonymity set? Or something else? (Sorry if I'm asking dumb questions)
<gmaxwell> Jeremy_Rand: yea, in the size of the members of the ring.
<gmaxwell> and IIRC the log part had a fairly big constant factor, which made it less interesting for monero style usage.
<gmaxwell> I could be misremembering.
fkhan has joined #bitcoin-wizards
fkhan has joined #bitcoin-wizards
<Jeremy_Rand> gmaxwell: so for an anonymity set like Zerocoin (i.e. all coins ever minted) that would presumably be prohibitive?
<gmaxwell> I wish there was a standarized table for schemes to disclose their requirements (trusted setup, communications complexity, yadda yadda)
<gmaxwell> Jeremy_Rand: potentially, but if used that way there are other problems for use in bitcoin. (the perpetually growing accumulator is unfortunate)
<Jeremy_Rand> gmaxwell: I see. That's unfortunate; it would be nice to see a Zerocoin/Zerocash alternative that has a good anonymity set but doesn't have the problems that those schemes come with. I suppose too good to be true?
<dEBRUYNE> Jeremy_Rand: Have you read shen´s paper already?
<gmaxwell> dEBRUYNE: it has a small anonymity set.
<Jeremy_Rand> dEBRUYNE: I haven't seen it. My loose understanding of the stuff Monero does is that the anonymity set is much smaller than the set of all past coins?
<gmaxwell> OTOH timing information often naturally makes the anonymity set small.
<dEBRUYNE> Jeremy_Rand: I am not capable enough to answer that, so I´ll let shen answer that
<dEBRUYNE> gmaxwell: I see
<phantomcircuit> gmaxwell, i think i remember you talking about it even :)
<MRL-Relay> [shen] Jeremy_Rand, currently (with visible amounts) yes, the intent of the paper is to show that we can hide amounts
<gmaxwell> shen_noe: when jeremy_rand is talking about requires all coins to be of equal value.
<MRL-Relay> [shen] thus the anonymity set will be all past non-linked coins
<MRL-Relay> [shen] gmaxwell, exactly - with the RingCT it will remove the need for them to be of equal value
<gmaxwell> shen: Your anonymity set is only the specific coins you invoke in your ring. Your potential anonymity set is larger.
<Jeremy_Rand> Zerocash has a pretty nice system with regards to anonymity set and efficiency. Unfortunately I calculated the cost of using 1000 parties in the setup process... it resulted in a transcript that was terabytes in size and would take years to verify. I therefore assume the Zerocash guys are imagining a much smaller set of setup parties, maybe something like 20 or so.
<gmaxwell> shen: I don't know if you ever saw my hidden value ring signature writeup, it's not as powerful as ringct though it's trivial.
<MRL-Relay> [shen] gmaxwell, ah yes, may have confused terminology there
<MRL-Relay> [shen] gmaxwell, I haven't but would be interested
<MRL-Relay> [shen] shen.noether@gmx.com if you want to send it
<gmaxwell> andytoshi: do you have the writeup for that handy? (andytoshi wrote it up, and extended it to also allow arbritary smart contracts)
<gmaxwell> Jeremy_Rand: also _much_ stronger cryptographic assumptions; pairing, KoE, etc.
<Jeremy_Rand> gmaxwell: yes, agreed. My understanding is that KoE has been studied for circa 20 years, though? (But not widely deployed in something where breaking it earns money)
<gmaxwell> Jeremy_Rand: _pairing_ is only about 15 years old.
<Jeremy_Rand> ah, wasn't aware of that
<gmaxwell> And there is a lot that hasn't been studied; e.g. people assuming that it's secure if the transfer group is large enough so that it's strong as a regular integer DL group; but all the schemes for picking efficient pairing friendly groups result in very specially structured p^k groups.. maybe DL is easier in these groups? Dunno if anyone has looked. Making it the center of a cryptocurrency where
<gmaxwell> its compromise results in undetectable inflation ... kinda scarry!
dEBRUYNE has quit [Ping timeout: 246 seconds]
<gmaxwell> Personally, I've been frusrtated by my failed efforts so far to find a way to take CT to perfect soundness.
<gmaxwell> I think that for inflation resistance lack of perfect soundness is a bigger barrier than 'modest' efficiency differences.
<Jeremy_Rand> yeah. Makes sense.
<Jeremy_Rand> In some cases (not really Bitcoin), it might possibly make sense to make all zerocoins expire periodically, along with all basecoins that have a zerocoin taint? That way zerocoin inflation is less profitable
<gmaxwell> I know with bitcoin I've had somewhat frequent questions (less commonly in the last year though) "What if the system's creator secretly mined a billion bitcoin for himself!?!" ... would be harder if that didn't have a nice answer.
<Jeremy_Rand> (I'm thinking of non-currency-oriented coins like Namecoin, where if someone can register a bunch of names on the cheap, that's somewhat less damaging than in a currency system)
<gmaxwell> Jeremy_Rand: yes, thats also an answer to the evergrowing accumulator issue, just expire accumulators.
<gmaxwell> Jeremy_Rand: yea, exactly ... I'd really like to see for of these bleeding edge protocols deployed in cases that where compromise is somewhat less devistating.
TheSeven has quit [Ping timeout: 240 seconds]
<Jeremy_Rand> gmaxwell: fyi, I happen to be a Namecoin developer :) We're interested in Zerocash, but not totally sold on it. If someone can get a bunch of cheap names, that's not really that devastating.
<gmaxwell> Jeremy_Rand: I'd think that the zerocash functionality would be the least interesting thing to improve about namecoin. :P
TheSeven has joined #bitcoin-wizards
<gmaxwell> Like, SPV mode, and blinding the registrations so people can't trawl through the database looking for things that offend them would be higher on my priority list. :)
<Jeremy_Rand> gmaxwell: certainly a lot is improvable. I've seen your "Namecoin that sucks less" list a while back :)
<gmaxwell> I spent a while trying to think about how one could have commited names (e.g. you register H(name)) but also disallow typosquatting.
<Jeremy_Rand> gmaxwell: wouldn't hashing names just be security by obscurity since you could brute force or rainbow-table the system? Something like scrypt might prevent that but has its own problems
<Jeremy_Rand> and if a name is sufficiently high entropy that you can't brute force it... doesn't that make it probably not memorable?
<gmaxwell> Jeremy_Rand: you could do that, but if a name is obscure then you won't find it-- basically avoiding the hidden service enumeration problem that tor has suffered from. It also improves plausable denyability for miners ("I'm going to sue you because you let this dude register MyNameTM.bit").
<gmaxwell> I think there is a pretty big gap between easily bruteforcable and totally non-memorable; and thats also up to the users. if they pick a sufficiently non-guessable name, they get a private registration as a side effect.
<Jeremy_Rand> gmaxwell: yeah, true
<Jeremy_Rand> gmaxwell: it might make sense to allow the blinding to be optional? So if you want your name to be public knowledge, you can provide the cleartext; if not, you can provide a hash only?
<Jeremy_Rand> Other thing is that public names make filtering by prefix easy. Which is useful in some cases.
<gmaxwell> I think part of my goal on doing that was to avoid having any plaintext data in the blockchain, because it's a risk to the system. (some dim bulb fills the data records with taylor swift albums and then every node is getting taken down with DMCA requests). To avoid that you have H(name) be the key and H2(name) be an encryption key for the results records.
<Jeremy_Rand> gmaxwell: yes. If that's the goal, what happens when someone registers the name H("x") or some other trivially low-entropy name? Is a Taylor Swift album encrypted with a 1-byte-of-entropy key considered to be DMCA-able?
<gmaxwell> Jeremy_Rand: evidence suggests that it may not be (at least in the limited vaguely applicable case law, but it's hard to say!).
<gmaxwell> But ignoring that you could also make it optional, ... the only real disadvantage I'd come up with for that was that with public names rejecting typo squatting is much easier.
<Jeremy_Rand> gmaxwell: oh? I looked briefly for such case law a while back but I couldn't find anything obvious. Do you happen to remember what evidence you saw?
<Jeremy_Rand> gmaxwell: for rejecting typo squatting, why not have the DNS server transform typos into a canonical form before looking it up? That seems to be the easy way to do it, rather than doing so in advance via name validation rules.
<gmaxwell> Jeremy_Rand: I can go ask, wasn't my research. if you'll be on sometime next week.
<Jeremy_Rand> gmaxwell: I can try to be online next week, yes
<gmaxwell> Jeremy_Rand: I am not following what you're thinking there.. how does the server know which of wikipedia and wikiedia is canonical?
<Jeremy_Rand> gmaxwell: ah, yeah, so if two people register names that collide, you need a way to disambiguate. You could pick the one that was registered first. Expirations make this more complicated, I'm not sure if it's possible.
<Jeremy_Rand> I guess that doesn't help for "wikiedia"
<Jeremy_Rand> but for a substitution of homographs or something, it would work, I think
<gmaxwell> right and what I suggest is that registration of "too near" names just not be allowed. (there are many candidate algorithims for this)
kgk has joined #bitcoin-wizards
<Jeremy_Rand> you could hypothetically use a zk-SNARK to solve it. Except then you have trusted setup and crazy crypto assumptions.
<gmaxwell> for the really awful unicode ones (e.g. visually indistinguishable fake names) resolver canonicalization can work.
<gmaxwell> Sure but who cares about trusted setup and crazy assumptions when it's only used for nearness matching. :)
<gmaxwell> thats exactly the kind of thing I think we should use that stuff for first.. :)
<Jeremy_Rand> true, that seems like a lot of effort for an attacker for a pretty small payoff
<gmaxwell> right and if at the end it loses nearness matching, and the world learns the cryptosystem is weaker than expected.. great.
<Jeremy_Rand> indeed.
<Jeremy_Rand> I guess a zk-SNARK would also be a good way to prove that the data attached to a name is actually encrypted with a key that hashes to the name?
<Jeremy_Rand> or is there a simpler way that I'm failing to think of?
<gmaxwell> yea, thats what I was thinking before, I think.. so you can prove that it is encrypted by doing the p2sh^2 thing... which is kinda lame. E.g. double encrypt it and prove the outer encryption by revealing the outer key but not saving it.
kgk has quit [Ping timeout: 268 seconds]
<Jeremy_Rand> gmaxwell: wouldn't that let someone reveal outer encrypted data that might not actually be encrypted? Or am I confused about what you're suggesting?
<gmaxwell> the inner encryption might not actually be an encryption, but you wouldn't be saving the key, and would have no ability to lookup or decode the potentially unlawful content on your own.
<Jeremy_Rand> actually, backing up, I'm not sure that a zk-SNARK could prove lack of "too near" names without knowledge of what the other names are. That sounds like it shouldn't be possible.
<gmaxwell> Hm didn't I just comment on this? maybe I didn't send that line.
<gmaxwell> Jeremy_Rand: the way you would do this is you would reveal a fingerprint used for nearness testing, and prove its valid. So you leak some information about the name, but not the name itself.
<Jeremy_Rand> gmaxwell: ah, I see. Yes, I guess that could be workable.
<gmaxwell> e.g. if you cared about sounds-alike names you'd reveal the soundex value, for example.
<Jeremy_Rand> would be interesting
<Jeremy_Rand> gmaxwell: anyway, thanks for the nice comments. I'll hopefully stick around here. :)
Newyorkadam has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
OneFixt_ has joined #bitcoin-wizards
Londe2 has joined #bitcoin-wizards
PRab_ has joined #bitcoin-wizards
gribble has quit [Disconnected by services]
Taek42 has joined #bitcoin-wizards
sl01_ has joined #bitcoin-wizards
helo_ has joined #bitcoin-wizards
otoburb_ has joined #bitcoin-wizards
xeon-eno1f has joined #bitcoin-wizards
gmaxwell_ has joined #bitcoin-wizards
coryfields_ has joined #bitcoin-wizards
jouke has joined #bitcoin-wizards
gavinand1esen has joined #bitcoin-wizards
luke-jr_ has joined #bitcoin-wizards
aj__ has joined #bitcoin-wizards
gmaxwell_ is now known as Guest81501
prosodyvVC_ has joined #bitcoin-wizards
null_rad- has joined #bitcoin-wizards
Guest81501 has quit [Changing host]
Guest81501 has joined #bitcoin-wizards
cfields_ has joined #bitcoin-wizards
phantomcircuit_ has joined #bitcoin-wizards
cryptowest_ has joined #bitcoin-wizards
bedeho has quit [*.net *.split]
nsh has quit [*.net *.split]
PRab has quit [*.net *.split]
airbreather has quit [*.net *.split]
aj has quit [*.net *.split]
Londe has quit [*.net *.split]
Taek has quit [*.net *.split]
mariorz has quit [*.net *.split]
TD-Linux has quit [*.net *.split]
Krellan has quit [*.net *.split]
Luke-Jr has quit [*.net *.split]
prosodyvVC has quit [*.net *.split]
jonasschnelli has quit [*.net *.split]
phantomcircuit has quit [*.net *.split]
OneFixt has quit [*.net *.split]
GAit has quit [*.net *.split]
mappum has quit [*.net *.split]
otoburb has quit [*.net *.split]
BlueMatt has quit [*.net *.split]
dasource has quit [*.net *.split]
ibrightly has quit [*.net *.split]
GreenIsMyPepper has quit [*.net *.split]
coryfields has quit [*.net *.split]
bildramer has quit [*.net *.split]
heath has quit [*.net *.split]
mikolalysenko has quit [*.net *.split]
runeks has quit [*.net *.split]
a5m0 has quit [*.net *.split]
helo has quit [*.net *.split]
cryptowest has quit [*.net *.split]
berndj has quit [*.net *.split]
xeon-enouf has quit [*.net *.split]
null_radix has quit [*.net *.split]
jouke_ has quit [*.net *.split]
sl01 has quit [*.net *.split]
gmaxwell has quit [*.net *.split]
cfields has quit [*.net *.split]
gavinandresen has quit [*.net *.split]
GreenIsMyPepper_ has joined #bitcoin-wizards
TD-Linux has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
bildramer has joined #bitcoin-wizards
GAit is now known as Guest13178
phantomcircuit_ is now known as phantomcircuit
berndj has joined #bitcoin-wizards
a5m0 has joined #bitcoin-wizards
BlueMatt has joined #bitcoin-wizards
heath has joined #bitcoin-wizards
gribble has joined #bitcoin-wizards
Krellan has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
mikolalysenko has joined #bitcoin-wizards
ibrightly has joined #bitcoin-wizards
airbreather has joined #bitcoin-wizards
bedeho has joined #bitcoin-wizards
prosodyvVC_ is now known as prosodyvVC
mappum has joined #bitcoin-wizards
luke-jr_ is now known as Luke-Jr
dasource has joined #bitcoin-wizards
nsh has joined #bitcoin-wizards
runeks has joined #bitcoin-wizards
mariorz has joined #bitcoin-wizards
badmofo has joined #bitcoin-wizards
Taek42 is now known as Taek
Burrito has quit [Ping timeout: 272 seconds]
Madars has quit [Ping timeout: 252 seconds]
jonasschnelli has joined #bitcoin-wizards
bedeho has quit [Ping timeout: 250 seconds]
ThomasV has joined #bitcoin-wizards
Madars has joined #bitcoin-wizards
solonian has joined #bitcoin-wizards
solonian has quit [Client Quit]
bedeho has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 250 seconds]
solonian has joined #bitcoin-wizards
solonian has quit [Client Quit]
Newyorkadam has quit [Quit: Newyorkadam]
bramc has quit [Quit: This computer has gone to sleep]
Guest81501 is now known as gmaxwell
dhafk has left #bitcoin-wizards [#bitcoin-wizards]
roxtrongo has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
bedeho has quit [Ping timeout: 244 seconds]
ThomasV has joined #bitcoin-wizards
esneider has joined #bitcoin-wizards
maaku has quit [Remote host closed the connection]
bedeho has joined #bitcoin-wizards
maaku has joined #bitcoin-wizards
maaku is now known as Guest88932
Guest88932 is now known as maaku
ThomasV has quit [Ping timeout: 246 seconds]
CodeShark has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
MoALTz has quit [Quit: Leaving]
ThomasV has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
roxtrongo has quit [Remote host closed the connection]
aj__ is now known as aj
Quanttek has joined #bitcoin-wizards
matsjj has joined #bitcoin-wizards
mjerr has joined #bitcoin-wizards
matsjj has quit [Remote host closed the connection]
matsjj has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 260 seconds]
ThomasV has joined #bitcoin-wizards
esneider has quit [Remote host closed the connection]
ThomasV has quit [Ping timeout: 255 seconds]
ThomasV has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
kgk has quit [Ping timeout: 240 seconds]
roxtrongo has quit [Ping timeout: 272 seconds]
moa has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
esneider has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
esneider has quit [Ping timeout: 240 seconds]
TBI has joined #bitcoin-wizards
TBI_ has quit [Ping timeout: 264 seconds]
bedeho has quit [Ping timeout: 244 seconds]
dEBRUYNE_ has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 265 seconds]
justanotheruser has quit [Ping timeout: 272 seconds]
belcher has joined #bitcoin-wizards
Yoghur114 has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
xanerode has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 246 seconds]
ThomasV has quit [Ping timeout: 240 seconds]
kgk has quit [Ping timeout: 265 seconds]
AaronvanW has quit [Ping timeout: 246 seconds]
justanotheruser has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
xanerode has quit [Quit: Leaving]
xeon-eno1f has quit [Quit: leaving]
dj_ has joined #bitcoin-wizards
xeon-enouf has joined #bitcoin-wizards
King_Rex has joined #bitcoin-wizards
justanotheruser has quit [Ping timeout: 260 seconds]
matsjj has quit [Remote host closed the connection]
mjerr has quit [Ping timeout: 240 seconds]
pozitron has joined #bitcoin-wizards
bitor has joined #bitcoin-wizards
davec has quit [Ping timeout: 240 seconds]
bitor has quit [Quit: Saindo]
sparetire_ has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 264 seconds]
kgk has quit [Ping timeout: 260 seconds]
mjerr has joined #bitcoin-wizards
matsjj has joined #bitcoin-wizards
dj_ has quit [Quit: Page closed]
airbreather has quit [Remote host closed the connection]
bramc has joined #bitcoin-wizards
ectogestator has joined #bitcoin-wizards
ectogestator has quit [Client Quit]
<andytoshi> gmaxwell: the hidden value ringsig is https://download.wpsoftware.net/bitcoin/wizardry/ringsig-blinding.txt
<andytoshi> i'm amazed you can keep track of so many ideas here, i'd honestly forgotten entirely about that
esneider has joined #bitcoin-wizards
Burrito has joined #bitcoin-wizards
esneider has quit [Ping timeout: 265 seconds]
bramc has quit [Quit: This computer has gone to sleep]
nsh has quit [Excess Flood]
Guest13178 is now known as GAit
nsh has joined #bitcoin-wizards
ectogestator has joined #bitcoin-wizards
esneider has joined #bitcoin-wizards
davec has joined #bitcoin-wizards
esneider has quit [Remote host closed the connection]
<kanzure> "A new ring signature scheme from NTRU lattice"
<katu> it seems this paper claims (almost) O(1) ring signature sizes in NTRU
<katu> can somebody check whats the catch? (besides, well, NTRU)
c-cex-yuriy has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
afk11 has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
justanotheruser has joined #bitcoin-wizards
nivah has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 252 seconds]
moa has quit [Quit: Leaving.]
BananaLotus has quit [Ping timeout: 240 seconds]
guruvan has quit [Ping timeout: 240 seconds]
BananaLotus has joined #bitcoin-wizards
BananaLotus has quit [Excess Flood]
BananaLotus has joined #bitcoin-wizards
guruvan has joined #bitcoin-wizards
MoALTz has joined #bitcoin-wizards
adlai has quit [Ping timeout: 240 seconds]
OneFixt_ has quit [Remote host closed the connection]
justanotheruser has quit [Ping timeout: 264 seconds]
<andytoshi> i think NTRU is a pretty big catch :) wiki says it is not even zero-knowledge
<andytoshi> NTRUsign that is
<katu> andytoshi: yeah, i found the problem
<katu> its in fact group scheme, as there needs to be centrally generated master key for everybody
<katu> and the blinded keys they get is just permutation of the same key. meh.
<andytoshi> katu: which section? i glanced at that and thought the setup did not need to be trusted
<andytoshi> it was just, think of a bunch of primes and polynomials
<katu> andytoshi: However, from a ring’s perspective,
<katu> the key pairs that belong to the same ring are generated from
<katu> the same key pair through a skillful randomization.
<katu> and in the setup phase they seem to generate the master key
<andytoshi> it's not clear from the writeup what's secret and what's public in the setup phase. it looks like all the variables are used again so i thought they were all public?
afk11 has quit [Ping timeout: 250 seconds]
<andytoshi> oh i see, the master is the only one who can run KeyGen?
<katu> yep
<andytoshi> ok, good catch. that's pretty irritating that they are unclear about that
<andytoshi> and you're right, "group signature" is the correct term for this
<katu> oh well, my quest to sift through scigen for O(1) continues
<andytoshi> thanks very much for doing it :)
Oizopower has joined #bitcoin-wizards
King_Rex has quit [Remote host closed the connection]
afk11 has joined #bitcoin-wizards
nsh has quit [Excess Flood]
nsh has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
orik has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
adlai has joined #bitcoin-wizards
Burrito has quit [Quit: Leaving]
Burrito has joined #bitcoin-wizards
rrrandom has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
belcher has quit [Ping timeout: 255 seconds]
rrrandom has quit [Client Quit]
belcher has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
kgk has quit [Ping timeout: 250 seconds]
roxtrongo has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
bedeho has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
airbreather has joined #bitcoin-wizards
nsh has quit [Excess Flood]
nsh has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
adlai has quit [Quit: Not all who wonder for lust]
nivah has quit [Ping timeout: 268 seconds]
esneider has joined #bitcoin-wizards
matsjj has quit [Remote host closed the connection]
LeMiner has quit [Read error: Connection reset by peer]
kyuupichan has quit [Ping timeout: 240 seconds]
LeMiner has joined #bitcoin-wizards
adlai has joined #bitcoin-wizards
esneider has quit [Remote host closed the connection]
ThomasV has quit [Ping timeout: 260 seconds]
akrmn has left #bitcoin-wizards [#bitcoin-wizards]
zooko has joined #bitcoin-wizards
zwischenzug has joined #bitcoin-wizards
esneider has joined #bitcoin-wizards
esneider has quit [Remote host closed the connection]
Oizopower has quit [Quit: Connection closed for inactivity]
Dr-G has left #bitcoin-wizards ["Leaving"]
ThomasV has joined #bitcoin-wizards
justanotheruser has joined #bitcoin-wizards
roxtrongo has quit [Remote host closed the connection]
crowleyman has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
ectogestator has quit [Quit: Page closed]
justanotheruser is now known as justanotherusr
mjerr has quit [Remote host closed the connection]
mjerr has joined #bitcoin-wizards
justanotherusr has quit [Quit: Reconnecting]
justanotherusr has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
esneider has joined #bitcoin-wizards
damethos has quit [Remote host closed the connection]
damethos has joined #bitcoin-wizards
esneider has quit [Remote host closed the connection]
roxtrongo has quit [Read error: Connection reset by peer]
TBI_ has joined #bitcoin-wizards
TBI has quit [Ping timeout: 240 seconds]
Newyorkadam has joined #bitcoin-wizards
orik has joined #bitcoin-wizards
afk11 has quit [Read error: Connection reset by peer]
paveljanik has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
belcher has quit [Ping timeout: 252 seconds]
belcher has joined #bitcoin-wizards
orik has quit [Max SendQ exceeded]
hashtag has quit [Ping timeout: 268 seconds]
ThomasV has quit [Ping timeout: 240 seconds]
matsjj has joined #bitcoin-wizards
matsjj has quit [Ping timeout: 250 seconds]
hashtag has joined #bitcoin-wizards
DeesEvilCapsicum has joined #bitcoin-wizards
<DeesEvilCapsicum> hello wizards!
<DeesEvilCapsicum> lol
justanotherusr has quit [Ping timeout: 240 seconds]
zooko has quit [Ping timeout: 240 seconds]
paveljanik has quit [Quit: Leaving]
mjerr has quit [Ping timeout: 250 seconds]
orik has joined #bitcoin-wizards
dEBRUYNE__ has joined #bitcoin-wizards
dEBRUYNE_ has quit [Read error: Connection reset by peer]
justanotherusr has joined #bitcoin-wizards
Guyver2 has quit [Quit: :)]
Newyorkadam has quit [Quit: Newyorkadam]
nsh has quit [Excess Flood]
Newyorkadam has joined #bitcoin-wizards
nsh has joined #bitcoin-wizards
matsjj has joined #bitcoin-wizards
matsjj has quit [Ping timeout: 260 seconds]
blackwraith has joined #bitcoin-wizards
priidu has quit [Ping timeout: 240 seconds]
crowleyman has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
DeesEvilCapsicum has quit [Ping timeout: 246 seconds]
xabbix has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
Newyorkadam has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
GreenIsMyPepper_ is now known as GreenIsMyPepper
nwilcox has joined #bitcoin-wizards
justanotherusr has quit [Quit: Reconnecting]
ThomasV has quit [Ping timeout: 250 seconds]
nwilcox has quit [Ping timeout: 240 seconds]
CodeShark has quit [Ping timeout: 240 seconds]
Newyorkadam has quit [Quit: Newyorkadam]
Newyorkadam has joined #bitcoin-wizards
hazirafel has quit [Remote host closed the connection]
DeesEvilCapsicum has joined #bitcoin-wizards
esneider has joined #bitcoin-wizards
Quanttek has quit [Remote host closed the connection]
c0rw1n has joined #bitcoin-wizards
<DeesEvilCapsicum> any wizards here??
<DeesEvilCapsicum> lol
esneider has quit [Remote host closed the connection]
esneider has joined #bitcoin-wizards
* belcher casts magic spell
<DeesEvilCapsicum> lol
* DeesEvilCapsicum has protection
* DeesEvilCapsicum gets out alter
<DeesEvilCapsicum> lol
DeesEvilCapsicum is now known as DeesMagicalBitCo
zwischenzug has quit [Ping timeout: 246 seconds]