wumpus changed the topic of #bitcoin-wizards to: This channel is is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Newyorkadam has quit [Quit: Newyorkadam]
c0rw|awa_ is now known as c0rw1n
Burrito has quit [Ping timeout: 272 seconds]
rusty has joined #bitcoin-wizards
mdavid613 has quit [Quit: Leaving.]
Jeremy_Rand_ has quit [Ping timeout: 256 seconds]
King_Rex has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 255 seconds]
Giszmo has quit [Quit: Leaving.]
King_Rex has quit [Remote host closed the connection]
<instagibbs>
I for one welcome our new Go-playing computer overlords
<gmaxwell>
well they don't play, only count. :P
mdavid613 has joined #bitcoin-wizards
<bramc>
Mathematical proofs are short enough that it would be entirely feasible to generate ZK proofs that a proof of a particular theorem passed a verifier. Univalent foundations are apparently totally practical, the guy who came up with them who does some very deep category-theory-like stuff does his day to day work using them now.
<bramc>
Hopefully it's only a matter of time before mathematicians not computer-verifying their proofs is viewed like programmers not getting their code to compile.
<gmaxwell>
very few proofs are computer verfied now, though.. one could hope... it turns out that formal mathmathical writing is often not formal enough to make the process easy!
<bramc>
gmaxwell, There's a combination of needing a tool which is sufficiently easy to use and the inherent difficulty of the task. For a long time code proving systems were the moral equivalent of machine code. They're much better now, although I don't know if any rises to be the moral equivalent of Python.
<bramc>
As for the inherent difficulties, people should finish their homework! While formality is harder than just writing down the proof, it's probably easier than the effort of the proof plus review plus headaches caused when the whole process goes awry.
<bramc>
It would be so nice if normal mathematical work was done on the mathwiki which people uploaded proofs to which were automatically verified.
bendavenport has quit [Quit: bendavenport]
<bramc>
Really dumb question about memory management: If you're doing work on multiple places in deep memory for n pieces of memory, does it start forcing cache misses at some fixed n? If so, what is the n? Is 2 safe? 3? 10?
<bramc>
So far on my merkle data structure, I've decided that (a) when doing a batched insertion/deletion, rather than recalculating things as it does an update, it will invalidate hashes as necessary and do a lazy recalculation from the root once it's all completed. This is in principle more cache misses, but I really, really, don't feel like implementing it the 'right' way.
<bramc>
(b) Related to that, when doing a batched update it will sort the individual updates and do them in order mostly separately, using the path from the root for the last one to reduce lookups for the next one, basically starting at the bottom and working up until a common ancestor is hit, but it's treated as advisory.
<bramc>
Come to think of it, maybe I should view (b) as another optimization which I don't need to do because I'm already doing the clumping to avoid cache misses, and depending on a few things it might be faster to search from the top than the bottom, so I should just punt and search from the top every time
King_Rex has joined #bitcoin-wizards
<gmaxwell>
I many not understand the question. So modern CPU L2/L3 cache are set associative caches, 16-way is common. so, if I parse your question right, n=16 if the stars align and nothing else gets in the waay.
<gmaxwell>
er many->may. waay->way*
<bramc>
Something which seems vaguely aesthetically related, today I learned that the best technique anyone has come up with for making chess engines run on multiple cores is something called lazy-smp, which is fancy talk for 'give them no knowledge of each other but have them use the same cache of positions', which sounds an awful lot like something an idiot hacker who didn't know what he was doing would do, but it's fabulous and getting coordination overhe
<bramc>
ad under control and works well in practice.
kgk_ has quit [Ping timeout: 256 seconds]
<bramc>
gmaxwell, Thanks that answered my question, that's very reassuring.
<Taek>
maaku, bramc, phantomcircuit: can someone volunteer to check out and contribute to the knosys page on utxo commitments?
King_Rex has quit [Remote host closed the connection]
mdavid613 has quit [Quit: Leaving.]
<bramc>
That allows me to be extremely sloppy about a number of things and everything will still work well.
<bramc>
Memoization really feels like magic pixie dust. Don't worry about the nominal asymptotic, just add this weird subtlety to your seemingly horrifically inefficient algorithm and everything will be fine.
AaronvanW has quit [Ping timeout: 246 seconds]
<bramc>
Taek, Not related to anything cryptocurrency, one of my kids has gotten really into martial arts, specifically kajukembo
King_Rex has joined #bitcoin-wizards
<gmaxwell>
bramc: there are other details to worry about for highest performance, e.g. memory accesses do not have byte granularity, -- you load (and cache) a full cacheline at a time (typically 64 or even 128 bytes) so cacheline spanning reads can force the load of two cachelines, memory accesses which are paged misaligned (e.g. cross a 4k boundary in a single read) have higher overhead (at least on x86).
<gmaxwell>
.. in general access to different pages can cause pressure on the TLB caches. ...
sparetire_ has quit [Quit: sparetire_]
<phantomcircuit>
Taek, that seems like a nice list already
<bramc>
Taek, I don't have much to add to that page, although the intention for what I'm working on now is for it to be put up later as something which should be linked from that page, but at least at first it will have some truly obnoxious caveats like 'this should really be ported to C'
kgk_ has joined #bitcoin-wizards
<Taek>
I do hope we can get a culture going where people collect knowledge as they learn or create it
<bramc>
gmaxwell, What I'm doing now is ugly enough without even trying to worry about that level of optimization. It's so much better than the thing which already exists, and those optimization are difficult enough with small enough potential benefit, that I'm just going to punt
<Taek>
ie, bramc: once you have a proposal that's mostly good (even if incomplete), you should add it
<Taek>
One thing definitely missing from that page is the channel logs on the subject
<bramc>
Taek, I really, really, don't feel comfortable putting it up until it's at least a working implementation, because the whole point is that it's supposed to be semantically compatible with what maaku's already done.
<phantomcircuit>
Taek, im not sure my thinking on utxo commitments qualifies as knowledge yet :)
<bramc>
phantomcircuit, I believe our last conversation on the subject basically amount to you already knowing about the stuff I'm working on but haven't done it because you've been hoping some sucker would go through all the pain, and that would apparently be me.
<phantomcircuit>
rusty, so i was thinking, could back refs in the utxo enable fraud proofs for false utxo commitments without needing to check the entire blockchain?
<rusty>
phantomcircuit: ummm... maybe
<phantomcircuit>
ie "this utxo entry was added in block a" "ok i can prove that it wasn't"
<phantomcircuit>
rusty, yeah that's kind of been my response to most of these things
<bramc>
Right now I'm stumbling over where and how the sibling relationships between blocks should be stored
kgk_ has quit [Ping timeout: 255 seconds]
Ylbam has quit [Quit: Connection closed for inactivity]
<bramc>
I have this concept of a 'block' which is a contiguous chunk of memory in which related tree nodes are stored. Memory management within a block is that new stuff is always added to the end, and when it runs out of room it consolidates down all the memory used within itself to be contiguous again and if necessary moves some stuff into a sibling block and if that isn't possible moves some stuff into a child block
King_Rex has quit [Remote host closed the connection]
<bramc>
Consolidating a block isn't such a big deal, it only involves rewriting the parent and the original, so it can be done more than necessary in the name of efficiency.
<bramc>
When you add something new, you try to add it to the same block as the parent node. That's where all the cache coherence efficiency comes from.
kgk_ has joined #bitcoin-wizards
<bramc>
To move stuff to a sibling block, you look at the inputs and try to find the inputs with the smallest number of local children and move enough of them that you locally have free space up to some threshold (I'm thinking 15% as a default) into a sibling block with enough free space to accomodate them, and if there is no such sibling block you make a new one
<bramc>
And if there's only one input into the current block you lop off a branch and move it into a child.
<bramc>
Does this make sense to people or am I babbling?
<bramc>
Come to think of it, a whole lot of accounting of sibling blocks can be done in the parent by (a) having each node remember how many children it has, and (b) have a rule that blocks never, ever have children unless they only have a single input
<bramc>
And the count information only needs to be in out-pointers, so it isn't all that much overhead
<bramc>
Although that does mean that counts can't be updated lazily, but that isn't a big deal.
<bramc>
One thing about this block concept is that I've decided to just plain support variable length node data structures, which in some ways is a huge pain but in others is a huge relief.
<bramc>
Come to think of it, my previous idea that the best way to add a child node is to lop off a single branch is 100% wrong. The best way to add a child node is to trim off a bunch of leaves, to try to keep the depths consistent.
<bramc>
Is anybody following this, or am I explaining things to the bear?
<kanzure>
well, i was going to reference some of these notes later when i look at whatever code you haven't released yet
<bramc>
kanzure, Fair enough. This is basically documentation which should go on my code to explain what on earth is going on.
<bramc>
Really this should be a data structure on par with an ordinary set, meaning hardly anyone should look under the hood, for there be dragons.
<bramc>
I'm still working on the highly level view of what data goes where, but I think I just got over my last major stumbling block and am almost ready to start designing things at the byte level.
<bramc>
Almost. Still need to work some stuff out about thresholds and block restructuring. Block restructuring is a somewhat expensive operation, but it's done batched only when certain thresholds are exceeded at a tradeoff between cost of reorgs and amount of memory overhead which is needed for book processing
<bramc>
Bit of trivia: Traditional libraries need about 1/3 of their floorspace devoted to book processing. The San Francisco Library was designed by a marquee name architect who couldn't be bothered to do his research and only allocated 1/10.
<kanzure>
would also be good to make strong concrete statements about what the merkle root can be trusted to prove and not prove when given various paths, or rather, assumptions that would violate the security of the strategy
<kanzure>
*assumptions that when broken
<bramc>
kanzure, I'm going to make it semantically identical to what maaku has already built, just more space efficient and allowing for batched updates with less hashing and fewer cache misses
afk11 has quit [Ping timeout: 252 seconds]
<bramc>
Well isn't that special. Ping time to facebook from this coffee shop is 70ms with zero packet loss, but facebook pages, and only facebook pages, load slow as molasses.
<rusty>
kanzure: I'm impressed with your abilty (and jgarzik's) to hang out here while simultaneously moderating those 6 emails!
afk11 has joined #bitcoin-wizards
<kanzure>
rusty: i thought it was 150?
<kanzure>
what?
<rusty>
kanzure: I cut it down...
<kanzure>
ah, i've been drafting an email to the fastest typer in the world
<kanzure>
i'll uh.. speed things up.
<rusty>
kanzure: start responding with "have you considered the following: <random academic citations>". I find it's helpful to slow down conversations :)
<bramc>
I'm on approximately zero mailing lists. The semantics that nobody should expect that I've seen anything unless I respond to it are very useful.
<kanzure>
does that include bitcoin-dev?
<rusty>
kanzure: uhh... have you considered H. Massias, X.S. Avila, and J.-J. Quisquater, "Design of a secure timestamping service with minimaltrust requirements," In 20th Symposium on Information Theory in the Benelux, May 1999?
<kanzure>
yeah i binged on timestamping server papers a while back
<yoleaux>
fluffypony: Sorry, that doesn't appear to be an HTML page.
<fluffypony>
"On the (in)security of a Self-Encrypting Drive series"
<fluffypony>
hopefully nobody here uses WD's "self-encrypting" hard drives
<gmaxwell>
wait. ram leakage? .. that suggest the encryption was actually encryption! shocking!
kgk_ has joined #bitcoin-wizards
<fluffypony>
"At any point in time an attacker can implement an attack with a complexity of 28 to bruteforce the current state of the 255 byte RNG sequence generated from the on-board LSFR"
<fluffypony>
"Another fact that dramatically reduces the possible UNIX timestamp range is the fact that all HDDs are marked with a production date printed on the actual HDD. The factory DEKF must have been generated close to this date. Our test devices show that the factory DEKF set was generated within days after the HDD production date. We did not take advantage of this fact since the complexity of the attack was already easy to handle for
<fluffypony>
all possible timestamps. However, this fact might apply to other chips, where the on-board RNG has a higher complexity compared to the JMS538S."
<fluffypony>
I wonder if any of the Bitcoin hardware wallets suffer from something like that
midnightmagic has joined #bitcoin-wizards
<gmaxwell>
fluffypony: so I'm surprised that it was even that strong; though given that it wasn't pure snake oil.. with all that fancy DSP controlled stuff, you think they could have gotten a nice mechnical randomness source-- e.g. the servo error signal, or data read noise.
<fluffypony>
I know right
<fluffypony>
they could have used spin times and all sorts
kgk_ has quit [Ping timeout: 252 seconds]
RedEmerald has quit [Ping timeout: 250 seconds]
chris13243 has quit [Ping timeout: 246 seconds]
<gmaxwell>
fluffypony: well apparently its some usb bridge, e.g. no access to the sweet mechnical noise.
midnightmagic has quit [Ping timeout: 252 seconds]
<fluffypony>
ah, so then they slap on a 1c external temperature probe and use that :-P
DougieBot5000 has quit [Quit: Leaving]
nivah has joined #bitcoin-wizards
midnightmagic has joined #bitcoin-wizards
gwillen has quit [Ping timeout: 252 seconds]
Emcy has joined #bitcoin-wizards
Emcy has joined #bitcoin-wizards
Emcy has quit [Remote host closed the connection]
orik has quit [Ping timeout: 250 seconds]
melvster has quit [Ping timeout: 250 seconds]
midnightmagic has quit [Quit: quit]
mjerr has quit [Ping timeout: 240 seconds]
matsjj has quit [Ping timeout: 255 seconds]
mjerr has joined #bitcoin-wizards
matsjj has joined #bitcoin-wizards
midnightmagic has joined #bitcoin-wizards
melvster has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
poppingtonic1 has joined #bitcoin-wizards
poppingtonic has quit [Ping timeout: 240 seconds]
poppingtonic1 is now known as poppingtonic
kgk_ has joined #bitcoin-wizards
kgk_ has quit [Ping timeout: 268 seconds]
jaromil_ has joined #bitcoin-wizards
rustyn has quit [Read error: Connection reset by peer]
rustyn has joined #bitcoin-wizards
p15 has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
rubensayshi has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 265 seconds]
bedeho has quit [Ping timeout: 252 seconds]
CoinMuncher has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
jaromil_ has quit [Ping timeout: 240 seconds]
matsjj has quit [Ping timeout: 255 seconds]
mjerr has quit [Ping timeout: 272 seconds]
mjerr has joined #bitcoin-wizards
matsjj has joined #bitcoin-wizards
matsjj_ has joined #bitcoin-wizards
matsjj has quit [Ping timeout: 260 seconds]
dEBRUYNE has joined #bitcoin-wizards
jaromil_ has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
Londe has joined #bitcoin-wizards
moa has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
sparetire_ has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 264 seconds]
bramc has quit [Quit: This computer has gone to sleep]
jaromil_ has quit [Ping timeout: 260 seconds]
a5m0 has quit [Ping timeout: 244 seconds]
a5m0 has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
ThomasV has quit [Client Quit]
melvster has quit [Ping timeout: 265 seconds]
Guyver2 has quit [Ping timeout: 260 seconds]
erasmospunk has joined #bitcoin-wizards
erasmosp_ has joined #bitcoin-wizards
erasmospunk has quit [Ping timeout: 240 seconds]
jaromil_ has joined #bitcoin-wizards
melvster has joined #bitcoin-wizards
jtimon has quit [Remote host closed the connection]
airbreather has quit [Remote host closed the connection]
kgk_ has joined #bitcoin-wizards
kgk_ has quit [Ping timeout: 272 seconds]
AaronvanW has quit [Ping timeout: 246 seconds]
poppingtonic1 has joined #bitcoin-wizards
poppingtonic has quit [Ping timeout: 244 seconds]
poppingtonic1 is now known as poppingtonic
AaronvanW has joined #bitcoin-wizards
moa has joined #bitcoin-wizards
melvster has quit [Ping timeout: 250 seconds]
matsjj_ has quit [Remote host closed the connection]
ThomasV has quit [Ping timeout: 255 seconds]
melvster has joined #bitcoin-wizards
airbreather has joined #bitcoin-wizards
afk11 has joined #bitcoin-wizards
King_Rex has joined #bitcoin-wizards
Guyver2 has quit [Ping timeout: 260 seconds]
berndj has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
erasmospunk has quit [Remote host closed the connection]
bedeho has joined #bitcoin-wizards
moa has quit [Quit: Leaving.]
* Eliel
I wonder when we'll actually start seeing accountability for companies claiming their device does something like encryption, when it actually merely pretends to do it.
Dizzle__ has joined #bitcoin-wizards
Dizzle has quit [Disconnected by services]
Dizzle__ is now known as Dizzle
eudoxia has joined #bitcoin-wizards
LeMiner has quit [Ping timeout: 246 seconds]
bedeho has quit [Ping timeout: 240 seconds]
zooko has joined #bitcoin-wizards
ttttemp_ has joined #bitcoin-wizards
ttttemp_ has quit [Remote host closed the connection]
ASTP001 has quit [Read error: Connection reset by peer]
ASTP001 has joined #bitcoin-wizards
ASTP001 has quit [Client Quit]
ttttemp_ has joined #bitcoin-wizards
zwischenzug has joined #bitcoin-wizards
ttttemp_ has quit [Remote host closed the connection]
bedeho has joined #bitcoin-wizards
zooko has quit [Ping timeout: 240 seconds]
ttttemp has quit [Remote host closed the connection]
zwischenzug has quit [Remote host closed the connection]
ttttemp has joined #bitcoin-wizards
erasmospunk has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 240 seconds]
damethos has quit [Quit: Bye]
damethos has joined #bitcoin-wizards
arubi has quit [Ping timeout: 250 seconds]
bedeho has quit [Ping timeout: 244 seconds]
arubi has joined #bitcoin-wizards
bedeho has joined #bitcoin-wizards
ghtdak has quit [Quit: WeeChat 1.4-dev]
<ens>
hey anyone here know about abstract state machine modelling?
<ens>
i know that ms research asml is supposed to be the best but i've been looking into xasm for it instead
DougieBot5000 has joined #bitcoin-wizards
nwilcox has joined #bitcoin-wizards
ghtdak has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
shen_noe has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
nivah has quit [Ping timeout: 268 seconds]
kgk_ has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
LeMiner has joined #bitcoin-wizards
kgk_ has quit [Ping timeout: 240 seconds]
eudoxia has quit [Quit: Leaving]
zwick has joined #bitcoin-wizards
tlrobinson has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 255 seconds]
King_Rex has quit [Quit: Leaving...]
gwillen has joined #bitcoin-wizards
gwillen is now known as Guest49950
mjerr has quit [Ping timeout: 240 seconds]
Guest49950 has quit [Changing host]
Guest49950 has joined #bitcoin-wizards
Guest49950 is now known as gwillen
zwick has quit [Quit: WeeChat 1.2]
bedeho has quit [Ping timeout: 252 seconds]
zwick has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
mjerr has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
matsjj has joined #bitcoin-wizards
poppingtonic has quit [Remote host closed the connection]
bedeho has joined #bitcoin-wizards
poppingtonic has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
mdavid613 has joined #bitcoin-wizards
chris13243 has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 240 seconds]
Giszmo has joined #bitcoin-wizards
zooko has quit [Ping timeout: 264 seconds]
rubensayshi has quit [Ping timeout: 240 seconds]
melvster has quit [Ping timeout: 260 seconds]
poppingtonic has quit [Ping timeout: 240 seconds]
chris13243 has quit [Ping timeout: 264 seconds]
shesek has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
nivah has joined #bitcoin-wizards
Dizzle has quit [Remote host closed the connection]
ASTP001 has joined #bitcoin-wizards
mdavid613 has quit [Quit: Leaving.]
melvster has joined #bitcoin-wizards
<amiller>
is there a way to make multi-hop micropayments that are more 'transactional', so you can make a large trustless payment without having to do lots of very small incremental payments
<gmaxwell>
amiller: uh? what is a 'payment'?
<gmaxwell>
(because I think you're using a different definition than I would by default, as otherwise lightning is the answer)
<amiller>
gmaxwell, for example A --$50--> hub --$50--> B
<amiller>
uh i mean in the context of lightning
<amiller>
my understanding is the main defense against the hub taking the money is that you only do incremental payments
<gmaxwell>
amiller: there is a lot of back and forth chatter revising transactions but one or less transaction ends up brocast externally beyond the three parties.
<amiller>
right - i'm interested right now in whats the structure of that back and forth chatter
<amiller>
i think it would be inconvenient if alice gets only part of the way, like A --$50/$50--> hub --$49/$50--> B
mdavid613 has joined #bitcoin-wizards
<amiller>
in which case bob doesn't give alice the gold-infused coffee, and maybe B is just supposed to refund A out of band and in either case it's not clear who is to blame, B or the hub
<gmaxwell>
amiller: in that case, it's no different a question than if A --> B directly.
<gmaxwell>
a increments the channel towards the hub, hub increments the channel towards b, hub sends alice the towards B update, repeat. But this is not public communication, it's back and forth with alice and the hub revising a single transaction. I don't think you should think of the transfer as 'many payments' any more than you do a http request as 'many connections' simply because TCP is sending the d
<gmaxwell>
ata incrementally with flow control between the parties. :)
<amiller>
tbh i'd probably like to get a signed receipt on my http responses
<amiller>
it also seems harder in a multi-hop setting to learn which link broke down
<kanzure>
do you mean https responses
<kanzure>
have you read the routing emails from lightning-dev?
<maaku>
amiller: lightning payments are not atomic (as database science defines the word), but they don't involve the payer making a bunch of incremental payments either
Burrito has joined #bitcoin-wizards
<maaku>
amiller: what you describe sounds like hub-and-spoke routing, not lightning
<maaku>
in lightning you do the routing and construct the path backwards getting the first hop to agree that once the payment is made there is no further action on the payer's part
<gmaxwell>
basically a cross _channel_ atomic swap between the channels, if you will. :)
<instagibbs>
there is also #lightning-dev
<amiller>
thx
chris13243 has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
c0rw|zZz is now known as c0rw1n
<amiller>
uh hrm... i had assumed that lightning had a hub-and-spoke generalization, where you can reuse some of the links for multiple sender-receiver pairs, now i dont think that's the case anymore
<gmaxwell>
it doesn't have a hub and spoke orginization (though you could use it that way if you wanted); and the links can be reused, in both directions.
Dizzle has quit [Quit: Leaving...]
nivah has quit [Ping timeout: 240 seconds]
nivah has joined #bitcoin-wizards
nwilcox has quit [Ping timeout: 240 seconds]
bedeho has quit [Ping timeout: 252 seconds]
paveljanik has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
bedeho has joined #bitcoin-wizards
bassguitarman has quit [Ping timeout: 240 seconds]
jbenet has quit [Ping timeout: 240 seconds]
bassguitarman has joined #bitcoin-wizards
chris13243 has quit [Ping timeout: 240 seconds]
Anduck has quit [Ping timeout: 240 seconds]
jbenet has joined #bitcoin-wizards
Anduck has joined #bitcoin-wizards
c-cex-finch has quit [Ping timeout: 240 seconds]
c-cex-finch has joined #bitcoin-wizards
bendavenport has joined #bitcoin-wizards
Yoghur114 has joined #bitcoin-wizards
CodeShark__ has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
gribble has quit [Read error: Connection reset by peer]
Jeremy_Rand_ has joined #bitcoin-wizards
comboy has joined #bitcoin-wizards
gribble has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
benjyzw has joined #bitcoin-wizards
erasmospunk has quit [Quit: ttm]
zooko has quit [Ping timeout: 240 seconds]
CodeShark_ has quit [Remote host closed the connection]
CodeShark_ has quit [Remote host closed the connection]
nwilcox has joined #bitcoin-wizards
CoinMuncher has quit [Quit: Leaving.]
gavinand1esen is now known as gavinandresen
damethos has quit [Quit: Bye]
giel__ has joined #bitcoin-wizards
gielbier has quit [Disconnected by services]
giel__ is now known as gielbier
gielbier has quit [Changing host]
gielbier has joined #bitcoin-wizards
hazirafel has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
<nsh>
your lives works are in vain, QCryptanalysis is on the horizon, all ECC is broken, don't even bother implementing it, NSA will save humanity, etc. etc.: https://eprint.iacr.org/2015/1018.pdf
giel__ has joined #bitcoin-wizards
gielbier has quit [Disconnected by services]
grantsmith has joined #bitcoin-wizards
giel__ is now known as gielbier
gielbier has quit [Changing host]
gielbier has joined #bitcoin-wizards
<gmaxwell>
oh they don't suggest my personal pet theory behind NSAs actions.
<jcorgan>
that's a pretty good read
<gmaxwell>
My theory is that they recommended 384 because they do not want people using *25519, which is starting to get some significant traction and formal standarization. ... either because it is insecure in some secret way known to them, or because it isn't.
Jeremy_Rand_ has quit [Ping timeout: 240 seconds]
chris13243 has joined #bitcoin-wizards
<MRL-Relay>
[shen] gmaxwell, I was thinking the same thing after reading some tweets earlier
giel__ has joined #bitcoin-wizards
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
gielbier has quit [Ping timeout: 272 seconds]
<gmaxwell>
unfortunately its not a useful theory, unless you know how to perform a long straddle trade on cryptosystem selection. :)
kgk_ has joined #bitcoin-wizards
gielbier has joined #bitcoin-wizards
gielbier has quit [Changing host]
gielbier has joined #bitcoin-wizards
<MRL-Relay>
[shen] well, I can at least make decisions about which cryptosystems to learn for my personal employment
tlrobinson has quit [Quit: tlrobinson]
giel__ has quit [Ping timeout: 240 seconds]
giel__ has joined #bitcoin-wizards
orik has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
gielbier has quit [Ping timeout: 264 seconds]
shen_noe has quit [Quit: Leaving]
ThomasV has quit [Quit: Quitte]
chris13243 has quit [Ping timeout: 265 seconds]
giel__ is now known as gielbier
gielbier has quit [Changing host]
gielbier has joined #bitcoin-wizards
badmofo has quit [Ping timeout: 240 seconds]
<bramc>
The really bizarre thing in the NSA's statement is that they don't advocate using symmetric key techniques for digital signatures which is the thing which actually makes sense to do if you're concerned about unknown possibilities for quantum cryptography. Not doing that tells me that they have a hard-on for fancy math.
zwick has quit [Ping timeout: 250 seconds]
<jgarzik>
pretty much a given - part of the funded mission is to maintain a "technological edge" in mathematics and crypto
matsjj has quit [Remote host closed the connection]
<petertodd>
jgarzik: which can lead to perverse incentives in cases where the older tech with less fancy math is actually the better solution
<jgarzik>
incentivizes things that bring us to the state we're in today - knowledge useful to the defense of the citizenry is likely denied them
<jgarzik>
a focus on weaponizing rather than improving everyone's defenses
zwick has joined #bitcoin-wizards
<petertodd>
jgarzik: oh, I mean even in the case where we're talking about the "strenghten america" goal - recommending merkle sigs for instance doesn't look good vs. recommending something fancier
mjerr has quit [Ping timeout: 255 seconds]
mrkent has joined #bitcoin-wizards
poppingtonic has joined #bitcoin-wizards
badmofo has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
poppingtonic has quit [Remote host closed the connection]
damethos has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
nwilcox has quit [Ping timeout: 252 seconds]
<gmaxwell>
bramc: yes, that was a super red flag for me.
<gmaxwell>
but it might have partly been due to a lack of standardized constructs.
poppingtonic has joined #bitcoin-wizards
zwick has quit [Quit: WeeChat 1.3]
giel__ has joined #bitcoin-wizards
gielbier has quit [Ping timeout: 264 seconds]
paveljanik has quit [Quit: Leaving]
gielbier has joined #bitcoin-wizards
gielbier has quit [Changing host]
gielbier has joined #bitcoin-wizards
nwilcox has joined #bitcoin-wizards
giel__ has quit [Ping timeout: 256 seconds]
ThomasV has joined #bitcoin-wizards
rusty has quit [Ping timeout: 246 seconds]
bedeho has quit [Ping timeout: 256 seconds]
justanotheruser has quit [Read error: Connection reset by peer]
ThomasV has quit [Ping timeout: 246 seconds]
<jcorgan>
i think the suggestion that it was politically motivated without a lot of internal expert consultation smells about right
bedeho has joined #bitcoin-wizards
Guyver2 has quit [Quit: :)]
devrandom has quit [Remote host closed the connection]