sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
netzin has quit [Read error: Connection reset by peer]
netzin has joined #bitcoin-wizards
netzin has quit [Client Quit]
bildramer has quit [Ping timeout: 252 seconds]
bildramer has joined #bitcoin-wizards
rusty2 has quit [Ping timeout: 258 seconds]
byteflame has joined #bitcoin-wizards
byteflame has quit [Ping timeout: 250 seconds]
belcher has quit [Quit: Leaving]
Ylbam has quit [Quit: Connection closed for inactivity]
fabianfa_ has quit [Quit: why]
byteflame has joined #bitcoin-wizards
aalex__ has quit [Ping timeout: 258 seconds]
aalex__ has joined #bitcoin-wizards
Giszmo1 has quit [Quit: Leaving.]
byteflame has quit [Ping timeout: 244 seconds]
King_Rex has quit [Remote host closed the connection]
aalex__ has quit [Ping timeout: 276 seconds]
aalex__ has joined #bitcoin-wizards
ratoder has quit [Remote host closed the connection]
chjj_ has quit [Ping timeout: 250 seconds]
aalex__ has quit [Ping timeout: 250 seconds]
aalex__ has joined #bitcoin-wizards
chjj_ has joined #bitcoin-wizards
N0S4A2 has joined #bitcoin-wizards
sausage_factory has joined #bitcoin-wizards
blackwraith has quit [Ping timeout: 240 seconds]
mdavid613 has quit [Quit: Leaving.]
aalex__ has quit [Ping timeout: 250 seconds]
aalex__ has joined #bitcoin-wizards
sausage_factory has quit [Ping timeout: 240 seconds]
<kanzure>
"We show that the MEMS gyroscopes found on modern smart phones are sufficiently sensitive to measure acoustic signals in the vicinity of the phone. The resulting signals contain only very low-frequency information (<200Hz). Nevertheless we show, using signal processing and machine learning, that this information is sufficient to identify speaker information and even parse speech. Since iOS and Android require no special permissions to ...
<kanzure>
... access the gyro, our results show that apps and active web content that cannot access the microphone can nevertheless eavesdrop on speech in the vicinity of the phone."
<fluffypony>
clever
Mazz_ has quit [Remote host closed the connection]
aalex__ has quit [Ping timeout: 252 seconds]
aalex__ has joined #bitcoin-wizards
licnep has quit [Quit: Connection closed for inactivity]
rusty2 has quit [Ping timeout: 240 seconds]
shesek has quit [Read error: Connection reset by peer]
<nsh>
if you had access to 20 gyros in one room, you could achieve roughly linear increase in resolution
<nsh>
nontrivial dsp problem though
<nsh>
(not a nontrivial dsp problem that is unstudied in signals intelligence community)
btcdrak has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
TheSeven has quit [Ping timeout: 258 seconds]
[7] has joined #bitcoin-wizards
Alopex has joined #bitcoin-wizards
Mazz_ has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
pro has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
davec has quit [Read error: Connection reset by peer]
davec has joined #bitcoin-wizards
Alopex has joined #bitcoin-wizards
binns has quit [Ping timeout: 250 seconds]
toktok has joined #bitcoin-wizards
go1111111 has quit [Ping timeout: 258 seconds]
binns has joined #bitcoin-wizards
zxzzt has quit [Ping timeout: 250 seconds]
wallet42 has quit [Read error: Connection reset by peer]
r0ach has quit [Read error: Connection reset by peer]
r0ach has joined #bitcoin-wizards
Tenhi has quit [Ping timeout: 260 seconds]
wallet42 has joined #bitcoin-wizards
zxzzt has joined #bitcoin-wizards
go1111111 has joined #bitcoin-wizards
Tenhi has joined #bitcoin-wizards
contrapumpkin has joined #bitcoin-wizards
copumpkin has quit [Ping timeout: 244 seconds]
<nsh>
who will explain this 'Non-interactive three-way diffie hellman.' to me
jtimon has joined #bitcoin-wizards
toktok has quit [Ping timeout: 252 seconds]
Mazz_ has quit [Ping timeout: 244 seconds]
Mazz_ has joined #bitcoin-wizards
toktok has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 260 seconds]
AusteritySucks has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
moa has quit [Quit: Leaving.]
r0ach has quit []
<Alanius>
nsh: you mean the Joux protocol?
<nsh>
it's something pairing based that Boneh alluded to in the recent dev meeting
<Alanius>
so: Alice, Bob and Charlie all publish their contributions: g^a, g^b, g^c and keep a, b, c secret
* nsh
nods
<Alanius>
Alice is able to compute the pairing of Bob and Charlie's contributions: e(g^b, g^c) = e(g,g)^(bc)
<Alanius>
and she then raises that to her own secret value a
<Alanius>
essentially the same process happens for Bob and Charlie
<nsh>
oh, interesting
<nsh>
why won't it scale beyond three?
<nsh>
oh right, need more rounds
<nsh>
if you higher order pairings you could do more parties. hmmm
<Alanius>
well, maybe there exists a trilinear map (tripling?) e that can take g^b, g^c, g^d to e(g,g,g)^(bcd)
* nsh
nods
<nsh>
that's what i should have said, higher order linear maps
<Alanius>
finding such a map would make you famous :)
<nsh>
heh heh :)
<nsh>
my main problem in life is beyond too (in)famous :)
<Alanius>
I think fhe actually implies multilinear maps, but the problem there is efficiency (or lack thereof)
<nsh>
right
<nsh>
it might be possibl--- no, that's a terrible idea. hmmm, maybe it's not
<nsh>
(it might be possible to hedge up DHKE products while incidentally transacting then use an accumulator structure to launder them periodically. giving folk access to precached shared secrets if they need them for a channel)
<nsh>
i guess that already happens in elements alpha
<nsh>
sans the laundering
aalex__ has quit [Ping timeout: 240 seconds]
<Alanius>
wait, what?
aalex__ has joined #bitcoin-wizards
<nsh>
so with confidential transactions you do non-interactive DHKE with each transaction, and this can be used to reclaim space in the range proof for a secure cryptographic messaging channel. this means anyone that's transacted has created a potentially-reusable symmetric cryptographic session
<nsh>
which is kinda handy i guess. trying to think of other ways that might happen if we moved to something like BLS sigs
<nsh>
and more speculatively whether you could aggregate the key exchange across a chain of transactions
murch has quit [Quit: Leaving.]
toktok has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
Transisto2 has quit [Ping timeout: 276 seconds]
rusty2 has joined #bitcoin-wizards
hashtag_ has quit [Ping timeout: 244 seconds]
lmatteis has quit [Ping timeout: 258 seconds]
toktok has joined #bitcoin-wizards
lmatteis has joined #bitcoin-wizards
fabianfabian has joined #bitcoin-wizards
rusty2 has quit [Ping timeout: 260 seconds]
aalex__ has quit [Ping timeout: 240 seconds]
aalex__ has joined #bitcoin-wizards
JackH_ has joined #bitcoin-wizards
toktok has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
JackH_ has quit [Read error: Connection reset by peer]
toktok has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 260 seconds]
King_Rex has joined #bitcoin-wizards
JackH has quit [Quit: Leaving]
markus-k has joined #bitcoin-wizards
toktok has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
paveljanik has quit [Quit: Leaving]
[Derek] has quit [Ping timeout: 264 seconds]
[Derek] has joined #bitcoin-wizards
[Derek] is now known as Guest73674
fabianfabian has quit [Quit: why]
bildramer has joined #bitcoin-wizards
toktok has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 258 seconds]
cyphase has joined #bitcoin-wizards
aalex__ has quit [Ping timeout: 252 seconds]
aalex__ has joined #bitcoin-wizards
r0ach has joined #bitcoin-wizards
mkarrer has quit [Remote host closed the connection]
mkarrer has joined #bitcoin-wizards
andytoshi has quit [Changing host]
andytoshi has joined #bitcoin-wizards
contrapumpkin is now known as copumpkin
johntramp has quit [Ping timeout: 264 seconds]
atgreen has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 244 seconds]
AusteritySucks has quit [Ping timeout: 258 seconds]
Noldorin has quit [Ping timeout: 265 seconds]
Guyver2 has joined #bitcoin-wizards
Noldorin has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
Mazz_ has quit [Ping timeout: 260 seconds]
Mazz_ has joined #bitcoin-wizards
<andytoshi>
kanzure: i downloaded that onion link and rehosted it at https://download.wpsoftware.net/bitcoin/wizardry/mimblewimble.txt in case you want to rehost as well. idk if it's correct but it sounds legit. the first bit of it (the OWAS stuff) i had actually come up with a slightly more space-wasting version on my own not too long ago, so this isn't a total crank at least
<andytoshi>
is this channel mirrored on slack somewhere?
edvorg has joined #bitcoin-wizards
<pigeons>
yeah i think i saw a read only room on slack the one time i went to the "bitcoin core" slack
<pigeons>
linked to this room
<andytoshi>
kk. i posted that and immediately a slack link-expander hit my server. (i don't mind obvs for a public room, but it startled me)
<andytoshi>
the claim of this paper is that he can structure transactions (a) with full OWAS, basically every block is a coinjoin of all its transactions, and (b) such that you can do full validation of the chain without needing all the historic data, basically just the utxoset and a (relatively) small bit of each block
<andytoshi>
with just discrete logs
<andytoshi>
i already have a slight improvement i think ... when i was looking into this on my own, i found i could do payment channels .. this jedusor guy seems to just drop all script ability entirely and says "future research" but i think i have a way to do checklocktimeverify without breaking any of his crypto
<andytoshi>
(basically with the output you sign "after block X, this output should be replaced with this other one, then you do some sort of proof that the other one commits to the same value. just signing with the difference is sufficient)
<andytoshi>
then i _think_ you can do multisig in the standard schnorr way, though it's a PITA, you've gotta interactively create the rangeproof and stuff (need to look into this more)
ruby32 has joined #bitcoin-wizards
AusteritySucks has joined #bitcoin-wizards
thepumpernickle1 has quit [Ping timeout: 258 seconds]
thepumpernickle1 has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
johntramp has joined #bitcoin-wizards
<lmatteis>
i love how papers are shared as .txt :)
Ylbam has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
toktok has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
supasonic has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
BashCo has quit [Remote host closed the connection]
laurentmt has joined #bitcoin-wizards
thepumpernickle1 has quit [Ping timeout: 244 seconds]
thepumpernickle1 has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
Guest10 has quit [Client Quit]
mdavid613 has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
Mazz_ has quit [Ping timeout: 244 seconds]
* nsh
blinks
laurentmt has quit [Quit: laurentmt]
Mazz_ has joined #bitcoin-wizards
AusteritySucks has quit [Ping timeout: 258 seconds]
Burrito has joined #bitcoin-wizards
aalex__ has quit [Read error: Connection reset by peer]
aalex__ has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 276 seconds]
<nsh>
andytoshi, 'So instead, we allow the transaction to sum to a nonzero value k*G, and require a signature of an empty string with this as key, to prove its amount component is zero.'
<nsh>
i'm not sure how this solves the problem of nonzero sum
Chris_Stewart_5 has joined #bitcoin-wizards
* nsh
continues reading
<andytoshi>
nsh: if the sum is nonzero this "k*G" value will be k*G + something*H, and it'll be impossible for anyone to sign with that
<nsh>
oh, hmm
* nsh
nods
zooko has quit [Ping timeout: 250 seconds]
* nsh
frowns
<nsh>
i'm sure it must become possible to forge more potential transactions the more aggregation there is. there might then be an attach where after enough blocks if the attacker had retained/obtained enough residual information about r-values used along the way they could recover someone's k
<nsh>
*attack
<andytoshi>
that would entail breaking discrete log
<andytoshi>
no matter how much information an attacker had
<nsh>
andytoshi, how is the rangeproof validity is maintained in aggregation?
<nsh>
how are the ... validities
<andytoshi>
nsh: every unspent output has a rangeproof. every input is explicit
<andytoshi>
who cares what the actual history is, that's all you need to know to be assured there is no inflation
<nsh>
right
<nsh>
you just need to retain the utxo proofs
<nsh>
gotta be some way this is sneaky, otherwise it's too good to be true...
<andytoshi>
hah, yeah, i know the feeling
<nsh>
:)
<andytoshi>
so one thing instagibbs pointed out to me offline is that you can lie to new users about the -age- of unspent outputs
<nsh>
hm, right
<andytoshi>
like you create an output, spend it, later create the same output again. everyone who was online the whole time knows about the new output. but you tell a new user about the -old- one and not the -new- one
<andytoshi>
but it's hard for me to understand whether or not this actually matters..
<nsh>
but you could commit OOB to some timestamping ledger when you first got an output
<nsh>
and prove it later, i think
<andytoshi>
yeah, sure, or even a recent blockhash
* nsh
nods
<nsh>
biggest loss is script
<andytoshi>
this would make you more vulnerable to reorgs. would need to think about the tradeoffs here, it seems like this whole scheme is pretty fragile in the case of deep reorgs
<nsh>
oh yeah
<instagibbs>
I think it's interesting in any case that you get a rolling UTXO commitment essentially
<nsh>
i think there would have to be some conservative retention window
<nsh>
but we have equivalent stuff in bitcoin already for ageing block subsidy, etc.
<andytoshi>
yeah nsh like a few thousand blocks maybe. hard to say. on bitcoin we've never had more than 30 block reorg, on testnet we've had over 1000 a few times
<nsh>
so it'll not be any more complex than that really i think
<nsh>
reorg distribution is a function of PoW and game theory and economics and other stuff not treated
aalex__ has quit [Ping timeout: 244 seconds]
<nsh>
what about range proof reclamation, is that still possible?
<nsh>
(reuse for messaging/data)
<andytoshi>
yeah. it's hard to think about .. in bitcoin a 100 block reorg is about twice as hard as a 50 block one, and causes roughly twice the damage. but if there was a cliff where basically the whole system broke, that changes the incentives
* nsh
nods
<andytoshi>
nsh: still possible but you've gotta keep it forever cuz most nodes won't
<nsh>
aye, sure
<andytoshi>
in elements we use it just for ephemeral information anyway..
aalex__ has joined #bitcoin-wizards
Mazz_ has quit [Remote host closed the connection]
<nsh>
but this means you could build a twister-like ephemeral microblogging / IM into a client for essentially free
<andytoshi>
yep
<nsh>
and highly censorship resistant :)
<nsh>
well, depending on hashpower
<nsh>
so that's neat :)
<nsh>
(and dependent on enough nodes for accessibility saturation)
<andytoshi>
well, publishing stuff is hard .. if you reveal the encryption key that exposes the value
<nsh>
you can do it for the cost of fees
<nsh>
with 0 valued transactions, no?
<andytoshi>
ah, yes
<andytoshi>
or 1 valued transactions, he gives some reason there not to allow 0-valued outputs
ThomasV has quit [Ping timeout: 264 seconds]
<nsh>
right
<andytoshi>
(because they can be made to sum to 0, and be hidden from some users, and you've got a consensus failure.)
<nsh>
hmm
<nsh>
how do you know that/when you have the whole utxo collected from the network?
<andytoshi>
nsh: when everything adds up to 0, you've got everything
<nsh>
relative to the most recent block?
<nsh>
ok
<andytoshi>
(but if some subset could add up to 0 itself, which can only be done with specially crafted 0-value outputs, then this actually wouldn't do it)
<andytoshi>
nsh: so i think how this would work is that you do this magic compression thing to get all the blocks up to $tip - 5000 or something, and make sure the utxoset you're given at that block adds up to 0
<andytoshi>
then for the latest 5000 blocks, you download the entire blocks and play it forward
* nsh
nods
<nsh>
there's probably room for some spv trade-off on that parameter too
<nsh>
or light node
<nsh>
(at least somewhat better than the degree to which people trust bc.i, etc.)
<andytoshi>
i think the tradeoff is about reorg resistance
<andytoshi>
and about how much room you have to be lied to about coin age
* nsh
nods
<nsh>
not clear to me yet why only 0 transactions can be split into positive/negative and not any other sum
<andytoshi>
because only 0-valued outputs can be negated and still be rangeproofed to be in [0, 2^64]
<nsh>
oh right
<nsh>
heh
c0rw1n is now known as GreenBat
<nsh>
that's very quirky
GreenBat is now known as c0rw1n
<nsh>
i guess maths can be quirky
<nsh>
interesting q: '2. We require user to check all k*G values, when in fact all that is needed is that their sum is of the form k*G. Instead of using signatures is there another proof of discrete logarithm that could be combined?
<nsh>
oh, the badUTXOs DoS is nontrivial too
zooko has joined #bitcoin-wizards
<andytoshi>
mm, that one might actually be trivial, if everyone uses "round numbers" as anchor points you can ask other nodes which utxos in a given block were legit
<nsh>
any node can poison the set and it's computationally hard to know which tx broke the sum
<nsh>
hmm
<nsh>
not sure i follow
<andytoshi>
like nodes would have the real blockhash then a "pruned blockhash" representing the block as it stood at height 20000 or something
<andytoshi>
and if a node is suspicious, it can compare its "pruned blockhash" with that of other nodes
<nsh>
hmmm
<andytoshi>
(this was the first idea i came up with, maybe it's broken, or maybe there's some better way)
<nsh>
sounds like it would work, but unsure of interaction complexity vs. penetration of malicious nodes
<andytoshi>
kanzure: not yet, sorry
<kanzure>
hmph
Mazz_ has joined #bitcoin-wizards
<kanzure>
well you could always publish and say "oh also the asset type", if you feel too bad about publishing your draft on this
Mazz_ has quit [Client Quit]
<andytoshi>
kanzure: my draft on the mimblewimble stuff?
Mazz_ has joined #bitcoin-wizards
<andytoshi>
i didn't even have a draft, i just had most of the owas stuff in my head :P
<kanzure>
for some reason i sort of assumed you were working on aggregatable signatures for confidential transactions
<andytoshi>
no kidding
<andytoshi>
no, til a week or so ago i thought that'd require pairing .. i maybe talked about it, but i always thought it would require pairing so the result wasn't very interesting to me
<nsh>
so what has replaced the role of pairing here, exactly?
<nsh>
it's just pederson to the hilt i guess
<andytoshi>
hah, yeah, "pedersen to the hilt"
<nsh>
:)
jtimon has quit [Ping timeout: 276 seconds]
zooko has quit [Ping timeout: 276 seconds]
fkinglag has quit [Ping timeout: 276 seconds]
gmaxwell has joined #bitcoin-wizards
<kanzure>
there is an interesting method for parasitic colored coins that was recently mentioned to me, it's not my construction and i don't know who mentioned it to me, but basically the way it works is that you can use the existence of certain individual UTXOs as a way to store information about the status of the colored coins
fkinglag has joined #bitcoin-wizards
YouCallItFar has left #bitcoin-wizards [#bitcoin-wizards]
dnaleor has quit [Quit: Leaving]
laurentmt has joined #bitcoin-wizards
edvorg has quit [Ping timeout: 244 seconds]
maaku_ has joined #bitcoin-wizards
<maaku_>
kanzure that was from gmaxwell and sipa via me
toktok has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
Pr0t3us has joined #bitcoin-wizards
byteflame has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
chjj_ has quit [Quit: null]
BitcoinErrorLog has joined #bitcoin-wizards
BitcoinErrorLog has quit [Client Quit]
Pr0t3us has quit [Remote host closed the connection]
supasonic has quit [Ping timeout: 244 seconds]
Chris_Stewart_5 has quit [Ping timeout: 265 seconds]
zooko has joined #bitcoin-wizards
mdavid613 has quit [Quit: Leaving.]
b-itcoinssg has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
zooko has quit [Ping timeout: 250 seconds]
AusteritySucks has joined #bitcoin-wizards
byteflame has quit [Ping timeout: 244 seconds]
ruby32 has quit [Remote host closed the connection]
byteflame has joined #bitcoin-wizards
supasonic has joined #bitcoin-wizards
Guest10 has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
rusty2 has joined #bitcoin-wizards
Aranjedeath has quit [Quit: Three sheets to the wind]
roidster has joined #bitcoin-wizards
roidster is now known as Guest67303
Guest67303 is now known as roidster
Guest10 has joined #bitcoin-wizards
ruby32 has joined #bitcoin-wizards
Guest10 has quit [Client Quit]
Aranjedeath has joined #bitcoin-wizards
roidster has quit [Client Quit]
roidster has joined #bitcoin-wizards
rusty21 has joined #bitcoin-wizards
rusty2 has quit [Ping timeout: 276 seconds]
Guest10 has joined #bitcoin-wizards
Guest10 has quit [Client Quit]
Guest10 has joined #bitcoin-wizards
bsm117532 has quit [Remote host closed the connection]
bsm117532 has quit [Remote host closed the connection]
laurentmt has joined #bitcoin-wizards
bsm117532 has joined #bitcoin-wizards
bsm117532 has quit [Remote host closed the connection]
bsm117532 has joined #bitcoin-wizards
mdavid613 has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
ruby32 has quit [Ping timeout: 260 seconds]
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
rusty21 has quit [Ping timeout: 244 seconds]
BitcoinErrorLog has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
Guest10 has quit [Client Quit]
dnaleor has joined #bitcoin-wizards
BitcoinErrorLog has quit []
Guyver2 has quit [Quit: :)]
rasengan has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
byteflame has quit [Ping timeout: 240 seconds]
xissburg has quit [Ping timeout: 265 seconds]
jgarzik has quit [Quit: This computer has gone to sleep]
MoALTz has quit [Quit: Leaving]
xissburg has joined #bitcoin-wizards
Guest10_ has joined #bitcoin-wizards
Guest10 has quit [Ping timeout: 244 seconds]
<andytoshi>
re mimblewimble, it's not quite OWAS because it's possible to separate out the transaction .. you have these k*G values which represent the excess, so you just need to find subsets of inputs and outputs that sum to each one
<andytoshi>
this is the subset-sum problem which is NP-hard in general, but might not be for many specific cases
<andytoshi>
having said that, the knowers of specific k*G values can interact to combine their transactions, which would make this much harder. an implementation of mimblewimble should maybe have network messages for doing this
<andytoshi>
err, not combine transactions, just combine their k*G values. the actual transactions don't need to be involved at all
ruby32 has joined #bitcoin-wizards
libertalis has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 240 seconds]
Guest10_ has quit [Ping timeout: 252 seconds]
<andytoshi>
ah, there's a simple fix, publish k1*G and k2, sign with k1*G but make the transaction excess be (k1 + k2)*G
<andytoshi>
and when combining transactions all the k2's just get added together
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
byteflame has joined #bitcoin-wizards
fkinglag has quit [Ping timeout: 244 seconds]
thepumpernickle1 has quit [Ping timeout: 260 seconds]