sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
veleiro has joined #bitcoin-wizards
Peter00 has quit [Read error: Connection reset by peer]
jouke has joined #bitcoin-wizards
GAit has quit [Quit: Leaving.]
GAit has joined #bitcoin-wizards
voxelot has joined #bitcoin-wizards
Peter00 has joined #bitcoin-wizards
dansmith_btc has quit [Ping timeout: 240 seconds]
moa has quit [Quit: Leaving.]
zmachine has quit [Remote host closed the connection]
blackwraith has joined #bitcoin-wizards
_AlienTrooper has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
priidu has quit [Ping timeout: 240 seconds]
midnightmagic has quit [Ping timeout: 240 seconds]
AlienTrooper has quit [Ping timeout: 240 seconds]
aknix has quit [Ping timeout: 240 seconds]
aknix has joined #bitcoin-wizards
midnightmagic has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 248 seconds]
Peter00 has quit [Ping timeout: 264 seconds]
GAit has quit [Quit: Leaving.]
zmachine has joined #bitcoin-wizards
Peter00 has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
chjj has joined #bitcoin-wizards
GAit has quit [Client Quit]
GAit has joined #bitcoin-wizards
grandmaster has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
asux has quit [Ping timeout: 252 seconds]
Ylbam has quit [Quit: Connection closed for inactivity]
blackwraith has quit [Ping timeout: 264 seconds]
liead has quit [Ping timeout: 248 seconds]
voxelot has quit [Ping timeout: 260 seconds]
rusty has left #bitcoin-wizards [#bitcoin-wizards]
conner_ has quit [Remote host closed the connection]
belcher has quit [Quit: Leaving]
dnaleor has quit [Ping timeout: 272 seconds]
roidster has quit [Quit: ChatZilla 0.9.92 [SeaMonkey 2.39/20151103191810]]
liead has joined #bitcoin-wizards
roidster has joined #bitcoin-wizards
roidster is now known as Guest1585
Guest1585 is now known as roidster
veleiro has quit [Ping timeout: 245 seconds]
GAit has quit [Quit: Leaving.]
rusty has joined #bitcoin-wizards
jryahawk is now known as jrayhawk
cluckj has joined #bitcoin-wizards
conner_ has joined #bitcoin-wizards
veleiro has joined #bitcoin-wizards
arowser has quit [Quit: No Ping reply in 180 seconds.]
arowser has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 276 seconds]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
T23WS has joined #bitcoin-wizards
T23WS has quit [Client Quit]
rusty has quit [Ping timeout: 248 seconds]
TheSeven has quit [Ping timeout: 260 seconds]
TheSeven has joined #bitcoin-wizards
antanst has quit [Ping timeout: 276 seconds]
Starduster_ has joined #bitcoin-wizards
Starduster has quit [Ping timeout: 276 seconds]
justanot1eruser is now known as justanotheruser
jtimon has quit [Ping timeout: 245 seconds]
AusteritySucks has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
NewLiberty_ has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
sparetire has quit [Quit: sparetire]
voxelot has joined #bitcoin-wizards
phiche has joined #bitcoin-wizards
phiche1 has joined #bitcoin-wizards
phiche has quit [Ping timeout: 240 seconds]
arubi_ has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 276 seconds]
arubi has quit [Ping timeout: 250 seconds]
phiche1 has quit [Quit: Leaving.]
moa has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
phiche has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
GamerSg has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 260 seconds]
Ylbam has joined #bitcoin-wizards
tromp_ has quit [Remote host closed the connection]
GamerSg has left #bitcoin-wizards [#bitcoin-wizards]
supasonic has quit [Ping timeout: 250 seconds]
roidster has quit [Quit: ChatZilla 0.9.92 [SeaMonkey 2.39/20151103191810]]
adam3us has joined #bitcoin-wizards
LeMiner has quit [Ping timeout: 246 seconds]
damethos has joined #bitcoin-wizards
jcluck has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
ThomasV has joined #bitcoin-wizards
cluckj has quit [Ping timeout: 256 seconds]
cluckj has joined #bitcoin-wizards
Burrito has joined #bitcoin-wizards
jcluck has quit [Ping timeout: 256 seconds]
dnaleor has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 250 seconds]
jcluck has joined #bitcoin-wizards
cluckj has quit [Ping timeout: 252 seconds]
DougieBot5000 has quit [Quit: Leaving]
cluckj has joined #bitcoin-wizards
jcluck has quit [Ping timeout: 276 seconds]
tromp_ has joined #bitcoin-wizards
licnep has quit [Quit: Connection closed for inactivity]
tromp_ has quit [Ping timeout: 245 seconds]
AaronvanW has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
andy-logbot has quit [Remote host closed the connection]
andy-logbot has joined #bitcoin-wizards
* andy-logbot
is logging
RoboTeddy has quit []
_AlienTrooper is now known as AlienTrooper
AlienTrooper has quit [Changing host]
AlienTrooper has joined #bitcoin-wizards
sCOGSBY has quit [Read error: Connection reset by peer]
adam3us has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
damethos has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
moa has quit [Quit: Leaving.]
GAit has quit [Quit: Leaving.]
roconnor has quit [Ping timeout: 256 seconds]
liead has quit [Ping timeout: 276 seconds]
btcdrak has quit [Quit: Connection closed for inactivity]
ThomasV has quit [Ping timeout: 272 seconds]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
wasi has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
btcdrak has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
tromp_ has quit [Ping timeout: 250 seconds]
GAit has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
LeMiner has joined #bitcoin-wizards
ttttemp has quit [Remote host closed the connection]
grandmaster is now known as dansmith_btc
ttttemp has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
liead has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
voxelot has quit [Ping timeout: 240 seconds]
roman has joined #bitcoin-wizards
Peter00 has quit [Ping timeout: 256 seconds]
roman has quit [Read error: Connection reset by peer]
laurentmt has quit [Quit: laurentmt]
liead has quit [Read error: Connection reset by peer]
liead has joined #bitcoin-wizards
MoALTz has quit [Quit: Leaving]
liead has quit [Read error: Connection reset by peer]
liead has joined #bitcoin-wizards
liead has quit [Ping timeout: 240 seconds]
nuke1989 has joined #bitcoin-wizards
GAit has quit [Quit: Leaving.]
GAit has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
liead has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 260 seconds]
voxelot has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
voxelot has quit [Ping timeout: 250 seconds]
adam3us has quit [Quit: Leaving.]
jtimon has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
melvster has quit [Ping timeout: 245 seconds]
Guyver2 has quit [Ping timeout: 245 seconds]
tromp_ has quit [Remote host closed the connection]
iddo_ has quit [Remote host closed the connection]
supasonic has joined #bitcoin-wizards
p15x has quit [Ping timeout: 245 seconds]
melvster has joined #bitcoin-wizards
MoALTz has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
MoALTz has quit [Quit: Leaving]
Giszmo has joined #bitcoin-wizards
sparetire has joined #bitcoin-wizards
yorick__ is now known as yorick
liead has quit [Read error: Connection reset by peer]
Quanttek has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
Guyver2 has quit [Client Quit]
roidster has joined #bitcoin-wizards
roidster is now known as Guest70819
Guest70819 is now known as roidster
se3000 has joined #bitcoin-wizards
Guest25_ has joined #bitcoin-wizards
MoALTz has joined #bitcoin-wizards
markus-k has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
damethos has joined #bitcoin-wizards
nubbins` has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 256 seconds]
NewLiberty_ has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
bityogi has joined #bitcoin-wizards
fkhan has joined #bitcoin-wizards
markus-k has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
tromp_ has joined #bitcoin-wizards
conner_ has quit [Remote host closed the connection]
<bsm117532>
Pay no attention to NSA's bad SSL cert...
<zooko>
lol
<zooko>
Hrm, now I'm wondering if we should bump up the secure hash outputs in Zcash to 384 bits just so we don't have to have this conversation or endure the penumbra of FUD.
<zooko>
*sigh*
<bsm117532>
Hey why not sha-512? No one wants factors of 3.
<zooko>
We're probably going to use BLAKE2s, BTW, and the reason would be that it slows us down more to have extra bits, but that would need to be measured.
<zooko>
gotta reboot to try to cure audio driver bugs. :-( bbiab
zooko has quit [Quit: ERC Version 5.3 (IRC client for Emacs)]
zooko has joined #bitcoin-wizards
<bsm117532>
BTW Congrats to the Broncos zooko!
<zooko>
bsm117532: ☺
<zooko>
bsm117532: oh yeah, BLAKE2s doesn't even go up > 256 bit outputs. Bah.
<zooko>
bsm117532: I'm just going to ignore that NSA FUD for now.
<zooko>
I'm going to act as if I know what they're up to, and what they're up to is a giant DoS on strong and open crypto development and adoption. ;-)
<zooko>
Zcash can't be post-quantum-secure right now anyway for other reasons.
<zooko>
Well, to be clear, the confidentiality properties of Zcash could be cracked by a sufficiently enormous quantum computer, if such a thing were ever to exist.
<bsm117532>
their FAQ has some interesting responses on that: They don't want to force vendors from RSA->ECC->Quantum-Resistant public key since the time scale of each transition is 20-30 years and we expect Quantum-Resistant pubkey schemes in less than 20 years.
<bsm117532>
So they're skipping ECC in their recommendations...
phiche has joined #bitcoin-wizards
<zooko>
bsm117532: thanks for mining their FAQ and handing me that nugget.
<bsm117532>
Actually someone else in ##crypto found it...I just copied it here.
fuc has joined #bitcoin-wizards
<maaku>
bsm117532: reading the sha3 incremental hash paper, it strikes me that it would be interesting to build a version control system using the variable-sized data hash
<bsm117532>
maaku: Can you elaborate? I'm not sure what you mean.
<maaku>
bsm117532: the "variable-size data" incremental hash basically breaks a piece of data into a singly-linked-list structure, where you can insert/update/delete in compact form
<maaku>
so you could have a cryptographic version control system like monotone, except for which you don't need the full files in order to validate/apply diffs
<bsm117532>
maaku: That's exactly where I'm going...you don't have to have the full UTXO set to validate/apply diffs...
<maaku>
(separately I've been wanting for some time to change monotone to use bitcoin-like script signatures, which would let you do cool stuff like threshold commits)
conner_ has quit [Remote host closed the connection]
<maaku>
bsm117532: actually for the txout spend history it's probably better to use the non-variable form
<bsm117532>
I got excited to find that paper, but admit I haven't read it yet. I'll try to say something more intelligent about it later today...
<maaku>
and when you spend an output you just update the prior record, marking it as spent
damethos has joined #bitcoin-wizards
<maaku>
Well there are plusses and minuses to each approach.
frankenmint has joined #bitcoin-wizards
phiche has quit [Quit: Leaving.]
frankenmint has quit [Ping timeout: 245 seconds]
supasonic has quit [Ping timeout: 260 seconds]
davec has quit [Read error: Connection reset by peer]
davec has joined #bitcoin-wizards
phiche has joined #bitcoin-wizards
phiche has quit [Quit: Leaving.]
dnaleor has quit [Ping timeout: 245 seconds]
AusteritySucks has quit [Ping timeout: 248 seconds]
wasi has quit [Ping timeout: 256 seconds]
chmod755 has joined #bitcoin-wizards
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
AusteritySucks has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
dEBRUYNE_ has joined #bitcoin-wizards
arubi_ is now known as arubi
dEBRUYNE has quit [Ping timeout: 256 seconds]
PaulCapestany has quit [Quit: .]
conner_ has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
Dizzle has joined #bitcoin-wizards
Oizopower has joined #bitcoin-wizards
Tasoshi has quit [Read error: Connection reset by peer]
Tasoshi has joined #bitcoin-wizards
zooko has quit [Remote host closed the connection]
supasonic has joined #bitcoin-wizards
espes__ has quit [Ping timeout: 250 seconds]
phiche has joined #bitcoin-wizards
<bsm117532>
maaku: iSHAKE256 is intended to have a security parameter of 256 bits for a set size of 32GB, and block sizes of 1MB. If I extrapolate in my head...a Merkle tree-based set of the same size for 256-bit hashes at 32GB (so about 100M outputs) requires a proof size of log_2(32e9/256)*256=7kb.
<bsm117532>
maaku: Their proof sizes are ~6.5k so size-wise it's a wash. However it appears that adding or removing an element of the set may be hundreds or thousands of times faster.
<bsm117532>
Sharding using such a technique implies a pretty fundamental tradeoff of storage vs. bandwidth. A txn with input and output proofs would be ~ 7kb*(#inputs + #outputs), so higher instantaneous bandwidth, though all that data could be pruned.
ghtdak has joined #bitcoin-wizards
crowleyman has joined #bitcoin-wizards
<bsm117532>
Hitting Visa's 2000 txn/s assuming 3.5 (in/out)puts per txn comes to about 50 Mb/s bandwidth. Of course the whole idea here is sharding, so divide that by the number of nodes and multiply by a redundancy factor. Seems reasonable...
AusteritySucks has quit [Ping timeout: 240 seconds]
<bsm117532>
With a redundancy factor of 20 (each utxo is duplicated on 20 nodes) that's 200kb/s per node.
conner_ has quit [Remote host closed the connection]
AusteritySucks has joined #bitcoin-wizards
davec has quit [Ping timeout: 240 seconds]
<bsm117532>
This is reminding me of some analysis I did a while ago on Bloom and Cuckoo filters: Their size is O(N) in the number of elements contained in the set (after you normalize out confusion in the #keys and #bits).
<bsm117532>
Perhaps it's a more fundamental result that proof of set inclusion or exclusion must scale as O(log(N)) in the set size. My dream of doing it in O(1) trades hash collision resistance as the set size gets larger.
ghtdak has quit [Ping timeout: 256 seconds]
zooko has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
<Eliel_>
I've been thinking about N-way channels lately and am now quite interested about the idea of Ns in the thousands. It should be possible to build a structure where each participant only needs to update their signature when their own output in the channel changes. Then, if individual txouts could be broadcast and included in blocks individually, while still allowing other txouts in the transaction to stay non-final, it could poten
davec has joined #bitcoin-wizards
<bsm117532>
Eliel_: you got cut off...
<Eliel_>
... Then, if individual txouts could be broadcast and included in blocks individually, while still allowing other txouts in the transaction to stay non-final, it could potentially solve the scaling issue entirely.
adam3us has quit [Quit: Leaving.]
<bsm117532>
Can you define a "N-way channel"? Are you talking about payment channels?
<Eliel_>
bsm117532: yes, a payment channel with more than 2 participants.
dEBRUYNE_ has quit [Ping timeout: 276 seconds]
<Eliel_>
with a mechanism for allowing an individual to leave the channel and take their coins out of it without forcing the entire channel to close.
<bsm117532>
Well AFAIK a cooperative close of a channel can happen immediately. So it comes down to: can a set of locked UTXO's found, and the correct signatories, to close a subset of the channels. No?
conner_ has joined #bitcoin-wizards
<Eliel_>
bsm117532: well, currently N-way channels come with the trouble of needing all participants to be online for anything at all to happen and you can't really allow the entire channel to close when just one participant wants out. The structure becomes useless.
<Eliel_>
(not to mention spammy)
<Eliel_>
for small Ns of parties that trust each other to not close it lightly, N-way channels would probably be usable even now, but it's rather limited.
<maaku>
bsm117532: right, I suspect there's a fundamental reason why those proof sizes corrolate
<maaku>
bsm117532: however note that the incremental hash output doesn't have to be transmitted on wire!
<maaku>
that's where the real savings come from
<maaku>
If I understand it correctly, I should be able to just give you the unspent outputs and the height+position at which they were included (to construct the ID), and that is sufficient to verify they are unspent
conner_ has quit [Ping timeout: 250 seconds]
<maaku>
So that means a block would need to relay with the nAmount+scriptPubKey for each input it spends, and the receiver can fully validate while keeping only 330 bytes of intermediate state
<maaku>
no merkle trees required
<maaku>
that's pretty magic
shesek has quit [Ping timeout: 240 seconds]
<maaku>
Eliel_: you failed to provide justification for N-way channels in the first place
<maaku>
why are they interesting?
NewLiberty_ has quit [Ping timeout: 260 seconds]
shesek has joined #bitcoin-wizards
<Eliel_>
maaku: an N-way channel can function as a 2-way channel between any 2 of the N participants. It could improve the efficiency of routing networks like LN a lot.
<maaku>
Eliel_: when you work out the number of messages required for N-way channel negotiation, and frequency of failure, I suspect it will come out looking the same as a graph of 2-way channels
<Eliel_>
maaku: yes, that's the problem with them currently.
cfields has quit [Ping timeout: 252 seconds]
cfields has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
GAit has quit [Quit: Leaving.]
<Eliel_>
maaku: I don't think those limitations are inherent though.
GAit has joined #bitcoin-wizards
<Eliel_>
The hard part is that making them clearly superior would require coming up with a composable structure that allowed any 2 participants to modify their own outputs without requiring everyone else from the channel to be available immediately to confirm the change.
<Eliel_>
However, that breaks the ability for anyone to close the channel at will, so it also needs a mechanism that allows an individual participant to exit the channel without closing it for anyone else.
rustyn_ has joined #bitcoin-wizards
rustyn has quit [Disconnected by services]
rustyn_ is now known as rustyn
GAit has quit [Quit: Leaving.]
GAit has joined #bitcoin-wizards
LeMiner has quit [Read error: Connection reset by peer]
laurentmt has quit [Quit: laurentmt]
Guyver2 has quit [Ping timeout: 245 seconds]
conner_ has joined #bitcoin-wizards
LeMiner has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 264 seconds]
ghtdak has joined #bitcoin-wizards
hazirafel has joined #bitcoin-wizards
btcdrak has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
laurentmt has joined #bitcoin-wizards
mengine has quit [Remote host closed the connection]
<bsm117532>
maaku: I don't understand your argument, and I think it's because you're assuming you have the full UTXO set while I'm assuming I have only a fraction. Therefore I need to retrieve a proof from my peers for each input and output that lies outside the range of TXID's I'm holding from the UTXO set.
adam3us has joined #bitcoin-wizards
<bsm117532>
maaku: This also implies that a miner could mine while holding *none* of the UTXO set, if all txn's had full proofs attached. One could separate compensation for storing UTXO state and mining...
zooko has quit [Ping timeout: 245 seconds]
moa has joined #bitcoin-wizards
dnaleor has quit [Quit: Leaving]
Yoghur114 has joined #bitcoin-wizards
nabu has quit [Ping timeout: 248 seconds]
nabu has joined #bitcoin-wizards
wasi has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
<dgenr8>
bsm117532: why just the UTXO set? Suppose you hold a txid range for everything back to genesis, so you're a guy who can prove spentness for that range
<bsm117532>
dgenr8: UTXO (sub-)set is exactly txid range plus vout information.
<dgenr8>
so just semantics? you include something that was spent years ago?
conner_ has quit [Remote host closed the connection]
conner_ has joined #bitcoin-wizards
AusteritySucks has quit [Ping timeout: 276 seconds]
<dgenr8>
nodes of this type would have SPV security. which should be fine, if they are serving SPV clients.
<dgenr8>
With a sufficiently narrow slice, not much distinguishes such nodes from SPV wallets. Each would register for a small set of txid stems.
chmod755 has quit [Quit: Ex-Chat]
davec has quit [Ping timeout: 240 seconds]
ThomasV has joined #bitcoin-wizards
davec has joined #bitcoin-wizards
AusteritySucks has joined #bitcoin-wizards
<teslax>
oh! the onboard HD4600 seems to be dead to. hm. strange. very strange.
<teslax>
vodka. NOW!
teslax has left #bitcoin-wizards [#bitcoin-wizards]
<fluffypony>
wut
Oizopower has quit [Quit: Connection closed for inactivity]
<bsm117532>
dgenr8: This is better than (current) SPV security because of the UTXO proofs. I'm not verifying backwards n-blocks-deep, I'm verifying that my UTXO's are unspent at a particular height.
<bsm117532>
SPV security is admittedly something I need to think more about...
kelly has joined #bitcoin-wizards
<bsm117532>
Taek: Does Sia or Storj or any other data-storage project compensate holders of the data? How do you prove that they hold it and prevent a MITM from claiming they held it, after the storage-holder provides it?
moa has quit [Ping timeout: 252 seconds]
laurentmt has quit [Quit: laurentmt]
AusteritySucks has quit [Ping timeout: 240 seconds]
Quanttek has quit [Ping timeout: 248 seconds]
<maaku>
bsm117532: I'm not sure what use case you are imagining
<maaku>
bsm117532: the one I'm describing above is stateless mining
<maaku>
and/or stateless transaction validation for relay
<bsm117532>
maaku: I'm trying to shard the blockchain, so you don't have to hold the entire UTXO set.
frankenmint has joined #bitcoin-wizards
<maaku>
bsm117532: with this scheme you don't have to hold *any* of the utxoset...
<maaku>
that's what I mean by stateless
<bsm117532>
maaku: correct.
<bsm117532>
I think we're using different words to describe functionally the same thing...
<maaku>
bsm117532: I'm confused as to why you need to "retrieve a proof from my peers for each input and output"
<maaku>
bsm117532: In principle the only data you need is 32 bytes per input spent in the block
<bsm117532>
maaku: I want to attach a proof to the txn that each input is unspent at a particular block height. Once I have that and if I know the UTXO set Merkle root, I know the txn is valid, without having any of the blockchain.
<bsm117532>
maaku: How do you get down to 32 bytes?
AusteritySucks has joined #bitcoin-wizards
murch has joined #bitcoin-wizards
kelly has quit [Ping timeout: 252 seconds]
kelly has joined #bitcoin-wizards
<dgenr8>
bsm117532: codeshark is also very concerned about incentivizing nodes. maybe you just turn SPV wallets into nodes by registering for a few extra txid stems. that helps privacy too
dEBRUYNE_ has joined #bitcoin-wizards
conner_ has quit [Remote host closed the connection]
<dgenr8>
fullnodes backstop the whole thing. they can serve any proof, but you'd hope that there were dozens of other live sources so it wasn't necessary to ask
dEBRUYNE has quit [Ping timeout: 276 seconds]
tromp_ has joined #bitcoin-wizards
<amiller>
i think it's a problem that there is no explicit incentive for being a full node
<amiller>
even if there were a broken incentive scheme
<amiller>
it would at least make it clear that it's an economic decision
<amiller>
actually i'm not sure hwether that's good or bad... if the main reason people run full nodes today really is osmething like altruism, then maybe a buggy incentive scheme would make them go away and fail to produce anything better
<amiller>
that's i think the main reason why Tor has been reluctant to adopt any payment scheme for relays
Guyver2_ has joined #bitcoin-wizards
Guyver2 has quit [Ping timeout: 245 seconds]
<amiller>
on the other hand, i think this is the main reason that people apply game theory to the miners but not at all for the full nodes
Guyver2_ is now known as Guyver2
<CodeShark>
We should probably stop thinking in terms of full node = validator and instead think full node = prover
<CodeShark>
Full nodes should be optimized for serving short proofs
<dgenr8>
an idea was floated to stick the p2p protocol behind 21.co pay wrapper ... down the rabbit hole
<amiller>
i like the full node = prover idea
tromp_ has quit [Ping timeout: 272 seconds]
<maaku>
bsm117532: I need to understand the cryptography of iSHAKE to continue this conversation further
<maaku>
but it is my understanding that you don't need the per-input proofs
<maaku>
I could be wrong on that though
<maaku>
CodeShark: we shouldn't need to rely on external proofs...
<CodeShark>
Validation cannot be directly incentivized whereas proofs can
<maaku>
CodeShark: missing the point. we should design protocols that don't require central proof repositories
<dgenr8>
suppose when I click the "create address" button and get 1nfeFE97fIW..., my wallet begins downloading all historical txes starting with 1nfeF, with input branches and spend branches, and registers as a prover / interested party for this stem
<CodeShark>
maaku, why must they be central?
<maaku>
CodeShark: if they were truly decentralized you'd be creating your own proofs and not need to ask anyone else
<maaku>
there'd be no need to incentivise proof generation, because there'd be no demand for third parties to generate proofs
<CodeShark>
but the computational cost of proving is generally greater than the computational cost of verifying
<CodeShark>
the network is heterogenous
<maaku>
i suspect we are talking about different things
<maaku>
:shrug:
<CodeShark>
we start with proof of work - miners create proofs that are expensive to create but cheap to verify. Then we add state transitions and proofs of valid transitions
<CodeShark>
then by induction if block n is valid and transitions are valid, then block n + k is valid
<CodeShark>
Currently the proofs of valid transitions are too big
kelly has quit [Ping timeout: 252 seconds]
<CodeShark>
to prevent nodes from paracetizing full prover nodes we can require micropayments
<CodeShark>
*parasetizing
laurentmt has joined #bitcoin-wizards
moa has joined #bitcoin-wizards
<CodeShark>
You can still download the entire history from block 0 and not require short proofs
laurentmt has quit [Client Quit]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
<CodeShark>
Anyhow, point is paying for proofs can be made incentives compatible whereas there's really no way to reward validation that's directly incentives compatible
<CodeShark>
You get a tragedy of the commons situation
<maaku>
yeah i see that you are saying "we should make it so people can get paid to serve proofs because not everyone can run a full node"
<CodeShark>
Yep
<maaku>
and I was saying "we should redesign protocols so you don't have to be a full node to build/maintain your own proofs"
phiche has quit [Quit: Leaving.]
<maaku>
(this is -wizards)
<CodeShark>
Let's throw out the "full node" concept entirely in that case :)
<maaku>
right
<dgenr8>
you could pay for a proof that an input is valid, and pay extra for the proof that it is spent
wasi has quit [Ping timeout: 248 seconds]
Emcy has quit [Ping timeout: 256 seconds]
<bsm117532>
FWIW I'm thinking a totally decentralized, redundant "proof repository" which is identical to holding a fraction of the UTXO space.
DougieBot5000 has quit [Quit: Leaving]
<bsm117532>
e.g. I cover txids 0x0a.... to 0x0b.... and will respond with proofs of inclusion or exclusion for txids in that range.
<maaku>
bsm117532: what would a 'proof of inclusion' (or exclusion) look like using iSHAKE128?
Emcy has joined #bitcoin-wizards
Yoghur114 has quit [Remote host closed the connection]