sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Nightwolf has quit [Read error: Connection reset by peer]
bsm117532 has quit [Quit: Leaving.]
Nightwolf has joined #bitcoin-wizards
bsm117532 has joined #bitcoin-wizards
dnaleor has quit [Quit: Leaving]
dnaleor has joined #bitcoin-wizards
bsm117532 has quit [Remote host closed the connection]
bsm117532 has joined #bitcoin-wizards
belcher has quit [Quit: Leaving]
lvns has joined #bitcoin-wizards
lvns has quit [Remote host closed the connection]
throughnothing has joined #bitcoin-wizards
Ylbam has quit [Quit: Connection closed for inactivity]
pistdov has quit [Quit: btc]
Burrito has quit [Quit: am sleep]
throughn_ has joined #bitcoin-wizards
throughnothing has quit [Ping timeout: 250 seconds]
throughnothing has joined #bitcoin-wizards
blackwraith has quit [Ping timeout: 246 seconds]
throughn_ has quit [Ping timeout: 250 seconds]
lvns has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
PaulCapestany has quit [Ping timeout: 250 seconds]
lvns has quit [Ping timeout: 244 seconds]
pro has quit [Quit: Leaving]
jarret has quit [Read error: Connection reset by peer]
lvns has joined #bitcoin-wizards
JackH has quit [Ping timeout: 246 seconds]
lvns has quit [Ping timeout: 260 seconds]
throughn_ has joined #bitcoin-wizards
throughn_ has quit [Remote host closed the connection]
justanotheruser has quit [Read error: Connection reset by peer]
throughnothing has quit [Ping timeout: 250 seconds]
justanotheruser has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
PaulCape_ has quit [Ping timeout: 260 seconds]
lvns has joined #bitcoin-wizards
copumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
lvns has quit [Ping timeout: 240 seconds]
NewLiberty has quit [Ping timeout: 240 seconds]
supasonic has quit [Ping timeout: 276 seconds]
supasonic has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
PaulCapestany has quit [Ping timeout: 246 seconds]
rubensayshi has quit [Ping timeout: 264 seconds]
throughnothing has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
lvns has joined #bitcoin-wizards
RedEmerald has joined #bitcoin-wizards
throughnothing has quit [Quit: Leaving...]
CodeArtix has quit [Remote host closed the connection]
lvns has quit [Remote host closed the connection]
lvns has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 260 seconds]
PaulCape_ has quit [Ping timeout: 260 seconds]
lvns has quit [Remote host closed the connection]
rubensayshi has joined #bitcoin-wizards
lvns has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
lvns has quit [Remote host closed the connection]
lvns has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
PaulCapestany has quit [Ping timeout: 252 seconds]
NewLiberty has quit [Ping timeout: 276 seconds]
lvns has quit [Remote host closed the connection]
PaulCapestany has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
PaulCape_ has quit [Ping timeout: 250 seconds]
lvns has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
ClockCat has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
PaulCapestany has quit [Ping timeout: 264 seconds]
NewLiberty has joined #bitcoin-wizards
bsm117532 has quit [Read error: No route to host]
bsm117532 has joined #bitcoin-wizards
lvns has quit [Remote host closed the connection]
<Taek>
I am hoping that there can be some discussion about miner centralization.
<Taek>
To me, it seems like the biggest problem currently is related to economies of scale, particularly as far as manufacturing goes
<Taek>
But there's also a research component that makes it difficult for smaller miners to compete
<bsm117532>
Are single manufacturers gaining the output of ASIC factories and turning them into Bitcoin mining farms, at present?
<Taek>
As far as I can tell, both of those factors outweigh most everything else
<Taek>
bsm117532: bitfury is a good example of this, I believe all of their farms are built from their cutting edge hardware
<Taek>
I am further wondering if this could be mitigated somewhat by leveraging hardware which is not inherently wasteful
<bsm117532>
So I've been evolving towards a weird idea...imagine a PBFT (let's call it Honey, @amiller) that accepts transactions of a special kind that represent an expenditure of real-world assets (aka PoW).
<Taek>
and what I mean by that, is that mining ASICs have exactly one use
<Taek>
but, something like storage harddrives have multiple uses, and therefore reasons to be puchased and 'decentralized' beyond merely mining
<bsm117532>
Taek: I think the only solution for the Bitcoin ecosystem is ASICs that cannot be moved to another coin. That destroys the security guarantees of the system.
PaulCapestany has joined #bitcoin-wizards
<bsm117532>
I had some conversations with zooko in Hong Kong about this regarding Zcash.
priidu has joined #bitcoin-wizards
<Taek>
being a minority hashrate is definintely a danger
<bsm117532>
They've chosen a memory-hard algorithm, which means that Ethereum hardware can/will be reallocated to mine Zcash.
<bsm117532>
One or the other will be a minority.
<Taek>
but if you are majority, another coin would need to fund enough incentive to get 51% of the hashrate off of your coin
<Taek>
right. It's bad to be the minority, but I don't think it's similarly bad to be the majority
<Taek>
as long as the incentive remains
<Taek>
and barriers to collusion also remain
<bsm117532>
I've been racking my brains for ways that hardware can be so "special purpose" but I keep coming back to the same conclusion: the only way to be truly secure is to couple your coin with ASIC manufacuring, probably using an open source design with many manufacturers.
PaulCape_ has quit [Ping timeout: 244 seconds]
<bsm117532>
Taek: Let's imagine two coins, and you know the amount of hashpower that could potentially be reallocated to your coin. A logical computation of "confirmation time" is infinite for the minority coin.
<Taek>
yes, but I'm talking about the majority coin
<Taek>
minority coins can defend themselves by picking a different algo and getting an ASIC out
<bsm117532>
So the only way a coin is secure if there do not exist assets in the world that could be reallocated to perform a 51% attack...
<Taek>
well, they are still subject to the growing pains associated with getting multiple manufacturers that are all competitive
thekrynn_ has left #bitcoin-wizards ["Textual IRC Client: www.textualapp.com"]
<bsm117532>
If I had to release a coin today, I'd do it in concert with VHDL for a reasonable miner chip.
<Taek>
well, or you make sure that at every step there's not enough incentive to reallocate those resources
<Taek>
attacking a coin still requires burning power
<bsm117532>
Taek: how do you make there not be an incentive to reallocate resources?
<Taek>
don't have enough money worth of double spends
<bsm117532>
??? don't understand...
<Taek>
if it's going to cost $1,000 in electricity to attack a minority coin, the profits from such an attack need to be at least $1,000 or the attack doesn't make sense
<Taek>
barring vandalism, which might happen at the $1,000 range but probably not with larger sums of money
<bsm117532>
Ok so there's hardware X that can compute Pow X at rate blah... and hardware Y that can compute hardware X at rate blahblah... The point of ASICs is to make the difference between X and Y an order of magnitude...
<bsm117532>
In the big picture there's only a couple of resources: compute cycles/s, and storage. I'm struggling to come up with a third that could ever be an order of magnitude over something else...
<Taek>
Storage in many ways seems pretty attractive to me
<bsm117532>
Which means only two coins ever could be secure. Let's call them Bitcoin and Ethereum (assuming they don't shoot themselves in the foot with Casper)
<bsm117532>
I know it does Taek :-P
<Taek>
I meant as a method for securing consensus
<Taek>
I disagree that you can only have two coins which are secure. If the hardware is difficult enough to build, and is single-purpose, you can have as many coins as you have sufficiently unique hashing algorithms
<Taek>
well
NewLiberty has quit [Ping timeout: 260 seconds]
<bsm117532>
Well there are several levels of "storage" which differ by orders of magnitude: L1 cache, L2 cache, DRAM, spinning rust. If each differs by an order of magnitude in capacity, then in principle each can secure a coin, in principle.
<Taek>
I guess at the end of the day it really does just come down to economic power and mobility
<Taek>
You can consider the entire global GDP as resources that could be reallocated to attacking Bitcoin
<Taek>
but it may take a year or two to build enough specialized hardware to actually pull off an attack
<Taek>
The difference between that and multi-coin GPU mining is the spin-up and spin-down time
<bsm117532>
Taek: It's hard to estimate the "external threat", but at a protocol level, I'm working on a "high water mark" basis which defines the confirmation times, and the estimation of how secure your network is. (e.g. the highest hashrate you've ever seen -- which implies that hashrate is generally increasing)
<bsm117532>
e.g. if the hashrate now is 0.1 but you previously saw it at 10, you know it's trivial for the 99% attacker to construct a new chain. Transactions should never be confirmed.
<bsm117532>
Also, adjust your coin allocation accordingly...
frankenmint has joined #bitcoin-wizards
<Taek>
That's assuming that your coin is worth attacking still
<Taek>
if the valuation has dropped, or if the activity has dropped, etc, it may simply be more expensive to attack the coin than the reward is worth
<bsm117532>
When confirmation times are conflated hashpower, we're stuck with that.
<Taek>
It's not trivial for the 99% attacker to build a new chain though
<Taek>
they still have to spend money to actually do it
blackwraith has joined #bitcoin-wizards
lvns has joined #bitcoin-wizards
<bsm117532>
Well, when your security parameter is 50%, and you know for an absolute fact that there exists an entity that is willing and capable of reallocating resources to provide > 50% of the currently observed hashpower...one should not in good conscience confirm any transactions.
<Taek>
I'm stuck on the 'is willing' part
NewLiberty has joined #bitcoin-wizards
<bsm117532>
So tie a function to 'is willing', and put it into your "confirmatoin" function.
priidu has quit [Ping timeout: 272 seconds]
MaxSan_ has joined #bitcoin-wizards
<Taek>
I can see an incentive to execute a 51% attack - you get 100% of the block rewards - except you have to commit at least as many resources as all your competitors combined, which means you're still spending more resources than your competitors think the mining is worth
<bsm117532>
It's entirely possible to confirm transactions if "is willing" < 50%
<bsm117532>
No asset exists in a vacuum. Miners will always reallocate their resources (if possible) among assets to maximize profits.
<bsm117532>
At a protocol level, it's impossible to know the situation with respect to external assets.
<bsm117532>
I'm really struggling to come up with a "third" mining function (aside from CPU -- Bitcoin and memory -- Ethereum).
<Taek>
short term memory and long term memory are effectively completely different resources
<bsm117532>
Best I've been able to come up with is to wedge yourself into a particular niche of hardware that is super-efficient at mining your coin because of the size of L1/L2/memory/storage.
<bsm117532>
exactly.
PaulCape_ has joined #bitcoin-wizards
<bsm117532>
But there you're often a factor of 2, getting an order of magnitude is extremely difficult.
<Taek>
But like, sha2 and sha3 are also effectively entirely different resources. You need completely different hardware to efficiently do either
<bsm117532>
Why? Because no one has put sha3 into an ASIC yet?
<Taek>
sha3 asics can't be pointed at the bitcoin network
<Taek>
if I have $1 billion in sha3 asics, it does nothing to help me 51% Bitcoin
PaulCapestany has quit [Ping timeout: 240 seconds]
<bsm117532>
Yes. So it seems to me that the optimal situation is to target a new hash function that is CPU, not memory-bound.
<bsm117532>
A memory-bound function will always allow a cheap CPU with lots of memory to be retargeted to any memory-bound function.
ThomasV has quit [Ping timeout: 258 seconds]
<bsm117532>
In the beginning, there are no ASICs. But your coin is not secure until there are ASICs...and they're not all controlled by one entity...
<Taek>
well, there's some question as to whether you can create memory which can more efficiently handle a single function
<bsm117532>
For memory-bound functions we're talking factors of 2...who cares. I need orders of magnitude.
<Taek>
are you sure that's the theoretical limit? What if there's some breakthrough in memristor technology?
<bsm117532>
I make no claims about memristors, quantum computers, aliens, or dragons.
<bsm117532>
At least one of those things might be real.
<Taek>
I don't know enough about the tech to know how big of an assumption it is to assume they don't exist given a $XXX million bounty
<bsm117532>
Well, memristors exist, but are not practical. Quantum computers exist, but are confused, and not quantum (the biggest example is D-Wave which is an annealing, non-quantum process). No comment on the other two...
<bsm117532>
In the quantum realm, entropy sucks... Time will tell.
<bsm117532>
I *really* want to come up with a third option for mining.
<Taek>
Why? I hold the opinion that we really only want one blockchain
<Taek>
if all applications are using the same blockchain, they are reinforcing eachother
<Taek>
you can't reorg one of them without reorging all of them, which contains something of a MAD component
<Taek>
but it also just means that it takes more resources overall to mount an attack
<Taek>
and it also makes it more difficult to fully exploit the attack. It's one thing to double-spend Bitcoin. But if to get the full benefit of the attack you need to double spend Bitcoin, do a proof re-roll on Sia, deanonymize Monero, etc, then you're going to have a harder time mounting an attack
<Taek>
and if you are willing to give up SPV, it's pretty trivial to get everyone on the same blockchain by allowing arbitrary data in the transactions
PaulCapestany has joined #bitcoin-wizards
roman has joined #bitcoin-wizards
PaulCape_ has quit [Ping timeout: 244 seconds]
<maaku>
"if you are willing to give up SPV" -- you've entered into fantasy land
<Taek>
that bad? I was under the impression that SPV is not even that prevalient, most clients depend on a central server
<Taek>
I'd rather point my phone to my box at home than have it do SPV, and I don't think most people care very much
<Taek>
I also think there are probably clever ways to restore SPV, especially if we get decent snarks in the near future
ManfredMacx has joined #bitcoin-wizards
Aranjedeath has quit [Remote host closed the connection]
<maaku>
Almost nobody uses bitcoind as their wallet. It is not even officially recommended.
sausage_factory has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
<Taek>
really? I use bitcoind - why is it not recommended?
<maaku>
Now no one really does true SPV either, but that's our failing as developers. It is the obvious goal to achieve: hardware SPV wallets.
blackwraith has quit [Ping timeout: 276 seconds]
<maaku>
Taek if you scale a block chain like you're taking about there'd be no way you'd be runnin a daemon at home to point your wallet at.
<maaku>
We're kinda at that limit already.
<Taek>
you'd still have the blocksize restriction. Also, no need to look at data you don't understand
<Taek>
the advantage is that you get the majority chain's reorg defense - you have to pay higher fees to make it onto the chain, but you'd also have better defense
<maaku>
I frankly see no use case that benefits from having to parse through terabytes of data to find the things you care about.
PaulCapestany has quit [Ping timeout: 276 seconds]
<Taek>
reorg security is a huge benefit. For example, Sia has something like 2000 GPUs mining on it, which is nice but doesn't come anywhere close to the level of defense enjoyed by Bitcoin
<maaku>
Force everyone to download everything and nobody will use it.
ThomasV has joined #bitcoin-wizards
<Taek>
that's the security model I'm familiar with for Bitcoin? You only get trustless security if you've got the whole chain. SPV doesn't tell you that the blocks are correct, and it doesn't tell you if there's a cartel that's withholding blocks in a way that prevents new miners from joining the network
<Taek>
snarks can get you correctness, but the only way to be sure that there isn't a cartel withholding the information needed to extend the chain is to have that information yourself
<maaku>
Taek: SPV tells you that there would be an economic cost to a block being incorrect.
<maaku>
That's the entire basis of bitcoin's security -- economic costs.
<maaku>
Miners should not be SPV because that undermines those economic arguments. But anyone else? it's perfectly acceptable and defensible to use SPV.
<Taek>
only if you can assume that an incorrect block would not end up in the longest chain. But if everyone (including the miners) is doing SPV, you lose that guarantee
<Taek>
from what we've seen in practice, miner's are comfortable doing SPV mining
maaku has left #bitcoin-wizards ["uninteresting"]
<Taek>
=/
supasonic has quit [Ping timeout: 252 seconds]
AusteritySucks has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
<vyvojar>
Taek: agreed, i think the assumption "miners would not endanger their reputation" is deeply flawed
<vyvojar>
they wont do something *immediately* affecting their reputation, but as long it stays "hidden", anything will be fair game.
<Taek>
I think I was being somewhat unfair though, it's pretty likely that you'd have supernodes at universities and whatnot that were validating all transactions
<Taek>
but, at least personally, it's a lot more significant to be able to verify trustlessly that everything is valid. That removes all fears of collusion and backdoors, at least among the validators
PaulCape_ has quit [Ping timeout: 276 seconds]
<vyvojar>
Taek: depends, how fast does news from checking-but-powerless spread?
<vyvojar>
is it enough to prevent doublespends? or to ruin reputation of pools doing spv?
<Taek>
depends on how concisely you can prove fraud
<Taek>
and also, what happens if a validating node goes rogue and hits the news about fraud, even if no fraud has occurred
<Taek>
you'd need a snark or a full validating node to be certain that no fraud had occurred
<Taek>
the best fraud proofs that I know of require you to still have all the data, because of the data witholding attack
<vyvojar>
i assume only the simple case, that is opportunistic attackers "riding" a net reorg
<vyvojar>
which is what we've observed in the wild thus far
<Taek>
in the simple case, an outright double spend, news would travel quickly because the fraud proof is fairly concise
<vyvojar>
situation could change dramatically though if true hash power markets are established
<vyvojar>
there already was/is one for altcoins iirc
<vyvojar>
"i really want to has for the current highest bidder, i really dont care about the network as such :)"
<vyvojar>
*hash
<vyvojar>
while the market/demand dynamic will stop outright temporary 51% buyers, it is still far more frightening than current pool situation.
<vyvojar>
ie a rather inflexible market and miners dont automatically jump on highest offer
<Taek>
Yeah, I'm worried about that too. If we assume a perfectly efficient market for hashrate, it'd be pretty trivial for someone to offer a 10% premium and then get 51% hashrate. But that's assuming miners are greedily selling to the highest bidder. I don't think that realistically this would happen for Bitcoin - the value would drop dramatically and the miners would lose everything if there was a 51% attack
<Taek>
and miner's seem to be at least aware enough to watch out for that
<vyvojar>
Taek: i am far less optimistic. current "altruism" is in place because significant chunk of miners (and especially pool owners) have a stake in bitcoin
<vyvojar>
Taek: but the moment miners who mine but dont hold bitcoin outnumber vested stake miners, it might coincide with ideal market emergence
<vyvojar>
again, this is what we've observed with altcoins.
<Taek>
altcoins are slightly different because when you wipe out an altcoin with a 51% attack most of the altcoin ecosystem is left intact - you've got more prey
<Taek>
but if you do that with Bitcoin, you've wiped out most of the revenue opportunity
<vyvojar>
yes, in that sense bitcoin is somewhat protected that none of its contenders seem to be going after its hashrate market.
<vyvojar>
so far
<othe>
well most use a different pow anyway, so they simply can´t... but they have to or some grumpy btc pool admin would just wipe them out before they get big anyway
<vyvojar>
othe: yes, its an inverse problem, but altcoin could also first build its market cap via different means (think for example PoS like ethereum) and then suddenly attempting to cannibalize btc market
<vyvojar>
provided that the cap is up to it, the hashrate market emergence could be rather fast and dramatic[1~
<vyvojar>
by suddenly attempting i mean having PoW hardfork switch programmed in along the way
<vyvojar>
*bitcoin PoW
PaulCape_ has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
<Taek>
that's an interesting attack but I also don't think it's very likely. You wouldn't want to try to cannibalize Bitcoin unless you had a pretty substantial advantage in terms of hashing incentive
PaulCapestany has quit [Ping timeout: 252 seconds]
<vyvojar>
Taek: I imagine it could be worded something innocent, like "dont let those outdated bitcoin ASIC lay waste, mine $altcoin with it". But indeed it's far fetched unless some black swan happens, say, a true (state backed?) contender with serious capital backing which can pull off all sorts of interesting things Bitcoin can't.
<vyvojar>
(in te[4~rms of econ wars)
shesek has quit [Ping timeout: 258 seconds]
<katu>
vyvojar: anything but the old equipment would be used if it's more profitable than bitcoin per ghash :)
<vyvojar>
katu: of course .. but not really. if it's more profitable, the point of break even shifted. at least part of obsolete machines (for bitcoin) would be used. this is assuming abrubt shift to bitcoin poW, it is extremely unlikely something like this would evolve steadily.
ghtdak has quit [Ping timeout: 272 seconds]
<Taek>
The argument is that if it suddenly made sense for old machines, it would also make sense for new machines
ghtdak has joined #bitcoin-wizards
<vyvojar>
btw, >it'd be pretty trivial for someone to offer a 10% premium and then get 51% hashrate
<vyvojar>
depends on market depth. i'd argue it's rather unusual to offer mere 10% premium and bottom 50% of market depth.
<Taek>
In the altcoin ecosystem maybe. Would be interesting to see what would happen if a mining pool started doing increased payouts. Ghash.io is a pretty good example of miners deciding to leave the pool because they cared about the health of the ecosystem that they were mining
<Taek>
unless there was some other event I'm not aware of that caused the exodus
shesek has joined #bitcoin-wizards
<vyvojar>
would not other players start immediately placing higher ask price the moment they observe an no-matter-the-price buyer?
<vyvojar>
thats how rational market normally react. ideal hash market would be something like p2pool where each share is a contract paid on share delivery - a miner can always renege on established trade (and buyer gets refund). this allows the ask side to act very flexibly.
<smooth>
"value would drop dramatically and the miners would lose everything if there was a 51% attack" <= not really true there was a 51% attack (gambling site was attacked by ghash, allegedly via a rogue employee i think)
<smooth>
you see this assumption a lot, that as soon as some attack occurs the value will evaporate but i dont relaly believe it
<smooth>
it happens in alts that are fragile to begin with an an attack is an excuse for everyone who was looking for an exit anyway to dump and move on
<smooth>
but in bitcoin or anything with value, an attack would likely (and did) have limited effect
<Taek>
depends on the attack. If suddenly all the other pools stopped finding blocks, I think you'd see a pretty significant panic. If transactions stopped confirming regardless of fee, you'd also see a significant panic.
<Taek>
but you might be right, I may be overestimating the price response
<smooth>
sure, that's a wider sort of attak than "merely" a 51% attack
PaulCapestany has joined #bitcoin-wizards
<vyvojar>
smooth: imo the gist of it nobody cares preemptively, reaction happens post-facto. if 51% happened to defraud large btc exchange, i'm positive we'd see large confidence drop.
<Taek>
the exchange might try to cover it up.
<vyvojar>
but defrauding obscure gambling site didnt affect anyone, nobody cares preemptively (even if theres proof it happened)
<smooth>
we see large exchange hacks, not much price impact
<smooth>
i think a large percentage of bitcoin investors take a longer term view. if problems occur the default assumption is that they get fixed and bitcoin is still valuable
<vyvojar>
something like 51% attacks to commit fraud is rather fundamental attack, don't you think?
<Taek>
I'm definitely more on smooth's side with this one. My understanding of historical events is that security compromises, such as large forks due to SPV mining, have not had a large impact on the price
<Taek>
I would have expected that to be more significant, but it wasn't
<smooth>
vyvojar: it depends if the forward-looking expectation is for such attacks to become rampant or unrecoverable
PaulCape_ has quit [Ping timeout: 272 seconds]
TheSeven has quit [Ping timeout: 258 seconds]
<smooth>
otherwise, everyone knows such attacks are possible, the fact that it occurs is not really new information
<vyvojar>
Taek: my point is that reaction is always adequate to action. the fraud would have to be significant enough to trigger panic.
[7] has joined #bitcoin-wizards
<vyvojar>
IMO the reason sophisticated attackers dont try this is that there is no suitable route to divert their ill gotten goods into
<vyvojar>
if they trigger panic and they still hold bitcoin it is dangerous pyrrhic victory
<vyvojar>
basically why PoS "work" in practice despite NaS (even though for these there is suitable exit route - bitcoin :)
<smooth>
not really there are plenty of markets to short and profit from price declines
<smooth>
but you have to be confident there will actually be price declines if you rip off an exchange, not clear at all to me
<smooth>
now if exchanges were public companies and you could short their stock, that might be a better route (assuming you don't get caught)
AaronvanW has quit [Remote host closed the connection]
<vyvojar>
smooth: the short market profit seems to be rather meager (not enough lenders) rather than direct theft from exchange, considering reversal through 51%
<vyvojar>
but i agree this is good vector for other attacks, especially for comparably trivial DoS ones
<vyvojar>
All in all, wild speculation about incentives. I wonder how a real economic analysis could be[C conducted, agent simulation?
<katu>
vyvojar: re DoS triggering panic, look at price & panic development when the 1MB bug (and subsequent chain fork) appeared
<katu>
smooth: indeed, shorting the exchange stock would effectively insure the heist
CubicEarth has joined #bitcoin-wizards
<da2ce7_mobile>
hello.
<da2ce7_mobile>
What is the smallest cryptographic signature scheme? For sending over super restricted bandwidth like SMS. - Only needs 80 to 90 bits of security.
<da2ce7_mobile>
Is there any such standards?
PaulCape_ has joined #bitcoin-wizards
<vyvojar>
da2ce7_mobile: yes. also ask in ##crypto, your topic is unrelated to bitcoin.
<sipa>
BLS has a signature which is twice the security parameter
<sipa>
so 160-bit sigbature for 80-bit security
PaulCapestany has quit [Ping timeout: 240 seconds]
<da2ce7_mobile>
sipa, hmm cool thanks; 160-bit is quite reasonable to put at the end of a SMS. Leaving ~110 characters for the message.
<katu>
da2ce7_mobile: 130+
<katu>
sipa: why not ec-schnorr?
<da2ce7_mobile>
katu, 20bytes base64 is 28characters. so 140 - 28 = 112 characters remaining. Unless I'm missing something?
<katu>
da2ce7_mobile: 26 characters. also 160-28.
<sipa>
katu: ec-schnorr sigs are 4x the security parameter
<sipa>
in size
<katu>
sipa: ah
<katu>
so 256bit curve schnorr is merely 64bit security?
<da2ce7_mobile>
cool. well that's what I needed to know. :) it seems like it is very feasible :)
<sipa>
katu: 256bit curve schnorr uses 512-bit signatures and has 128-bit securitt
heretolearn has joined #bitcoin-wizards
Tiraspol has quit [Remote host closed the connection]
Tiraspol has joined #bitcoin-wizards
<sipa>
katu: 256 bit BLS uses 256-bit signatures and has 128-bit security
N0S4A2 has quit [Quit: WeeChat 1.5]
PaulCapestany has joined #bitcoin-wizards
PaulCape_ has quit [Ping timeout: 258 seconds]
<katu>
sipa: ah, didn't realize there is s,e pair and not just s.
CubicEarth has quit []
<sipa>
katu: in EC schnorr the signature typically consists of (s,R.x) rather than (s,e), as this allows batch validation
<sipa>
it's just a reformulation and has the same size
dEBRUYNE has joined #bitcoin-wizards
<sipa>
for traditional (non EC), the (s,R) formulation is not usable as the group is much larger
MaxSan_1 has joined #bitcoin-wizards
MaxSan_ has quit [Ping timeout: 252 seconds]
JackH has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 244 seconds]
PaulCapestany has quit [Ping timeout: 252 seconds]
jtimon has quit [Ping timeout: 244 seconds]
AaronvanW has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
PaulCape_ has quit [Ping timeout: 252 seconds]
sausage_factory has quit [Ping timeout: 246 seconds]
Tiraspol has quit [Remote host closed the connection]
Tiraspol has joined #bitcoin-wizards
Tiraspol has quit [Changing host]
Tiraspol has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
PaulCapestany has quit [Ping timeout: 252 seconds]
pro has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
PaulCape_ has quit [Ping timeout: 252 seconds]
PaulCape_ has joined #bitcoin-wizards
PaulCapestany has quit [Ping timeout: 252 seconds]
b-itcoinssg has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
c0rw1n_ has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
PaulCape_ has quit [Ping timeout: 252 seconds]
NewLiberty has quit [Ping timeout: 276 seconds]
MaxSan_ has joined #bitcoin-wizards
MaxSan_1 has quit [Ping timeout: 250 seconds]
kwando_kwando has joined #bitcoin-wizards
roman has quit [Read error: Connection reset by peer]
PaulCape_ has joined #bitcoin-wizards
spinza has quit [Ping timeout: 260 seconds]
PaulCapestany has quit [Ping timeout: 252 seconds]
spinza has joined #bitcoin-wizards
draynium has joined #bitcoin-wizards
JHistone has joined #bitcoin-wizards
draynium has quit [Remote host closed the connection]
gHEr has joined #bitcoin-wizards
gHEr has quit [Client Quit]
JHistone has quit [Client Quit]
JHistone has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
Davasny has joined #bitcoin-wizards
PaulCape_ has quit [Ping timeout: 252 seconds]
Guyver2 has quit [Remote host closed the connection]
kwando_kwando has left #bitcoin-wizards [#bitcoin-wizards]
PaulCape_ has joined #bitcoin-wizards
PaulCapestany has quit [Ping timeout: 252 seconds]
Tiraspol has quit [Remote host closed the connection]