sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
JHistone has quit [Quit: Leaving]
bildramer has quit [Ping timeout: 260 seconds]
bildramer has joined #bitcoin-wizards
edvorg has quit [Ping timeout: 244 seconds]
dnaleor has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
moa has joined #bitcoin-wizards
MoALTz has quit [Quit: Leaving]
proslogion has quit [Ping timeout: 250 seconds]
Alopex has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
YOU-JI has joined #bitcoin-wizards
Starduster has quit []
Alopex has quit [Remote host closed the connection]
copumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
Alopex has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 258 seconds]
pro has quit [Quit: Leaving]
Chris_Stewart_5 has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
davec has quit [Ping timeout: 258 seconds]
jgarzik has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
davec has joined #bitcoin-wizards
LeMiner has joined #bitcoin-wizards
mdavid613 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 252 seconds]
orville has joined #bitcoin-wizards
jgarzik has quit [Quit: Leaving]
sausage_factory has quit [Ping timeout: 240 seconds]
Alopex has quit [Remote host closed the connection]
mdavid613 has quit [Quit: Leaving.]
Alopex has joined #bitcoin-wizards
<kanzure>
nsh: next time i'll use astral projection to get you a live feed or somthing, sorry about that
<kanzure>
it is interesting how many computer science grad students are not aware of merkle trees
Emcy has quit [Ping timeout: 260 seconds]
ThomasV has joined #bitcoin-wizards
orville has left #bitcoin-wizards [#bitcoin-wizards]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
<kanzure>
[re: why biology is not like software engineering] "... there is no source, the bytecode has multiple reentrent abstractions, is unstable and has a very low signal to noise ratio, the runtime is unbootstrappable, the execution is nondeterministic, it tries to randomly integrate and execute code from other computers... multiple reentrant and self-modifying abstractions. absolutely everything has subtle side effects."
<kanzure>
"Abstractions work in machine code because we built the machines to make abstractions possible. Natural cells don't work like that. The closest thing to cells in the machine code world are demoscene x86 assembly blobs -- filled with insane hacks to make something awesome work in a small amount of space, with lots of weird code and data reuse and generative magic."
<kanzure>
"It's worse than that though. Never forget that the true "compiler" of DNA is Physics, specifically that of protein folding, conformational dynamics, and catalysis. It won't be simulated anytime soon with anything approaching useful kinetic accuracy. (It's not clear if we'll ever get kT-accurate quantum simulations of correlated electron wavefunctions that scale to protein-sized systems, though there is some hope in the far future ...
<kanzure>
... with exotic computing architectures.)"
<kanzure>
"So ultimately what software useful for synthetic biology is going to do is help us curate all of our brute-force efforts to build and screen libraries of pseudorational libraries of proteins, pathways, and cells. -Not- provide shitty abstraction layers that rest upon our incredibly shaky understanding of what's going on circa 2012. Think of curating an incredibly complicated genetic-programming run across a hundred-thousand ...
<kanzure>
... clusters -- that gives a better sense of the flavor of what's needed."
<kanzure>
"We invented the light-build long before we understood QFT. We'll be building amazing cellular machines long before we really understand them quantitatively. Synbio's (and diybio's) biggest sin is repeatedly elevating the convenient metaphors with EE/CS into a slick-looking action plan that doesn't respect the fundamental differences between these machine architectures."
<kanzure>
"Let me reemphasize the point here. Programmers can exist because WE built computers -explicitly- to support those abstraction layers. The Wizards of EE formed a powerful magical convenant that protects all the gentle digital denizens from concerning themselves with the horrors of physical reality that lays sealed beneath the woven lithography. It took them decades and a trillion dollars to build those magical seals."
<kanzure>
"In biology we haven't even begun to form powerful enough magic to seal away the chaos of physical reality. Over the next few decades we'll almost certainly rebuild simple microbial cells (piecemeal, haltingly, not all at once) with an increasingly modularized set of signaling components and metabolic cores whose behavior we'll have -evolved- to be isolated and predictable. It will take bajillions of manhours to do that, and it will ...
<kanzure>
... almost entirely be done by limited guesswork and brute-force screening (i.e. traditional engineering). Only once we've untangled the gordian knot of the cell will we be able to construct these magical abstraction layers atop it.... and they'll probably be leaky layers at that."
<kanzure>
"Yes, but what -isn't- hackable? Look, my gripe here is that cells are really -nothing- like a von neumann machine. They're both nonlinear dynamical systems that happen to carry lots of "code" that controls their evolution in time. That's the strongest similarity. Cells deserve more than crappy metaphors to other kinds of systems. If y'all really want to improve how we engineer cells, it's worth taking a few years to begin ...
<kanzure>
... understanding how they really work."
<kanzure>
"Those of you who have not done biology can't realize how primitive things still are. A CS analogy is that we're trying to reverse engineer a non-deterministic alien architecture from the future via a remote debugger over a noisy line that has no error correction and runs at a fraction of a millibaud, where every peek or poke costs hundreds to thousands of dollars. With the advent of high-throughput sequencing we just figured out how ...
<kanzure>
... to get noisy ROM/RAM dumps (genotype), but still have precious little ability to quickly interact with the biological systems under study (phenotype). Biology is much more like hacking and reverse engineering than it is like physics or mathematics. A working exploit is worth much more than general pontification. The transformative events in biology these days are the clever hacks that enable whole new classes of fast experiments to ...
<kanzure>
... be done: quick homologous recombination induced by CRISPR, optical interrogation of neural systems using light-sensitive ion channels, the development of adeno-associated viruses for rapid introduction of genetic material, etc. In the coming decades the combination of such clever hacks with cheaper automation and sensors will hopefully bring a flood of new data that will make a predictive, quantitative science of biology possible. ...
<kanzure>
... With cheap and plentiful data, perhaps clever minds might discover general quantitative principles that we can't see yet. But the data is what's lacking, not cleverness."
<gribble>
Your current monologue is at least 1 line long.
<kanzure>
mumblelogue
<cjd>
it looks interesting though...
RoboTeddy has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
YOU-JI has quit [Quit: Leaving...]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
slackircbridge has quit [Remote host closed the connection]
slackircbridge1 has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
RoboTeddy has quit []
ThomasV has quit [Ping timeout: 258 seconds]
murch has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
ThomasV has joined #bitcoin-wizards
Alopex has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
priidu has quit [Ping timeout: 264 seconds]
ThomasV has quit [Ping timeout: 250 seconds]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
* nsh
attends
<nsh>
i bet i could weave 100 lithographies
pro has joined #bitcoin-wizards
Guyver2 has quit [Quit: :)]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 258 seconds]
[7] has joined #bitcoin-wizards
molz has quit [Ping timeout: 244 seconds]
<maaku_>
That's a good rant
<maaku_>
Where did it come from?
<nsh>
scott aaronson meet-up presumably
ThomasV has joined #bitcoin-wizards
proslogion has joined #bitcoin-wizards
<proslogion>
can you use range proof to prove the spending amount is within much smaller limits?
<waxwing>
proslogion: sure
<nsh>
range proof can prove any arbitrary range
<waxwing>
size of range proof depends heavily of course on range
<proslogion>
waxwing: nsh is there a asymptotic dependence of the size on the range?
<nsh>
it's just a structure of digit commitments in a connected ring signature [any monotonic function can be proven]
<waxwing>
the borromean optimization is going to be more significant as the range gets larger btw
<nsh>
proslogion, in the alpha-CT implementation it's asymptotically slightly sublinear in the term complexity of the statement
<proslogion>
waxwing: nsh thanks
<waxwing>
yes slightly sublinear due to borromean optimization right
<proslogion>
was wondering if you can use that to support spending limits as with a ETH wallet contract
<nsh>
and if the proof is not required to be ZK wrt transacting parties, you can reclaim ~80% of the blinding factors as a secret message
<proslogion>
so to promote CT use
<nsh>
this defeats the MW aggregation though
<waxwing>
oh, so that's what you meant yesterday :)
<nsh>
well, 80% of the rangeproof
<proslogion>
yes
<gmaxwell>
you can just look at perfectly linear in the size (in bits) with a very small constant component.
<waxwing>
nsh: what gets reclaimed (at least in the version i saw) is basically all of it: just that last 32 byte forged sig is reserved for amount encoding.
<waxwing>
but now i say that, i'm wondering where the 80% figure came from, i must have misunderstood somewhere, for a ~ 2.5K output it looks like more than 80%?
<gmaxwell>
(CT is size five group elements worth to code two bits of range, plus a group eliment worth of constant overhead)... of all this one group element out of the five can't be reclaimed, nor the constant overhead.
<sipa>
for every factor 4 in the range proof size, there is 128 bytes or reusable data and 32 bytes of nonreusable
<gmaxwell>
so it's pretty much precisely 80% that can be reclaimed asymtoptically.
<waxwing>
oh i'm forgetting the commitment
<nsh>
can someone say succinctly why it txs can't be aggregated by pederson commitment if the rangeproof is non-ZK to sender and/or recipient?
<nsh>
-it
<waxwing>
i mean the "C_i" let's say
<waxwing>
so yes asymptotically 80%, that's clear, thanks gmaxwell
<gmaxwell>
nsh: the MW technique requires the sender not know the blinding factors of the outputs, if they do, they can just steal them back at any time.
<nsh>
yes, but i think you can allow for shading the hmac seed while protecting the recipient's authentication blinding factor
<nsh>
*sharing
<nsh>
you just have to split the sum again somehow
<gmaxwell>
I'm forgetting now why the final GE can't be reclaimed.. I was thinking it was because reclaiming it required solving a discrete log prob.. oh yea thats why. you can store data in it, but the reciever learns data*G not data.
<nsh>
oh
<gmaxwell>
if your data in those fields was very small, they could solve the DLP for them. :P
<nsh>
heh heh :)
<gmaxwell>
so, e.g. storing an extra couple bytes per 'digit' would be plausable. But it seemed a bit crazy even fore me.
<gmaxwell>
s/fore/for/
<nsh>
can you weaken your privkey specifically for a bearer of another privkey?
<nsh>
(by the pubkey)
<gmaxwell>
it's not really a weaken question, just a question of how much range there is.. if you only store 8 bits you can solve the DLP with a little table. :P
<nsh>
i'm not convinced there isn't entropy still to reclaim
<nsh>
to stop sender stealing outputs back they just need to be ignorant of a single additive factor still
<gmaxwell>
yea, sure you could still store some data.
<nsh>
that means all the other factors can still be shared between sender and recipient through some unwinding mechanism i think
<nsh>
but it might undermine the aggregation security. that's not intuitive to me
<gmaxwell>
but the direction is wrong.
<nsh>
yes, receiver constructs rangeproof
<nsh>
which is less intrinsically useful
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
<gmaxwell>
if you know the values but not blinding factors, you can still get 3 of 5 of the elements worth... but the reciever in MW creates the range proof as you must know the blinding factor to create it.. and the sender really must not know this.
MoALTz has joined #bitcoin-wizards
* nsh
nods
<gmaxwell>
MW can be constructed with no value privacy, but it still has a commitment and you need a PoK.
<nsh>
proof of key? (the empty string signing)
<nsh>
proof of knowledge, i mean
<gmaxwell>
yes.
MrHodl has joined #bitcoin-wizards
Ylbam has quit [Quit: Connection closed for inactivity]
AaronvanW has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 240 seconds]
Emcy has joined #bitcoin-wizards
moli has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
YOU-JI has joined #bitcoin-wizards
moa has quit [Quit: Leaving.]
ThomasV has quit [Ping timeout: 240 seconds]
bildramer has quit [Ping timeout: 250 seconds]
bildramer has joined #bitcoin-wizards
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 258 seconds]
bildramer1 is now known as bildramer
b-itcoinssg has joined #bitcoin-wizards
<Taek>
It seems to me that with MW you would not be able to use a seed to backup your wallet. When you get sent money, the sender has to send you some information about the outputs you are receiving, which you have to save
<Taek>
being able to re-derive any secrets generated by you wouldn't be sufficient to recover funds.
maaku_ has quit [Ping timeout: 244 seconds]
maaku has joined #bitcoin-wizards
<sipa>
Taek: indeed
aalex has quit [Ping timeout: 258 seconds]
aalex has joined #bitcoin-wizards
YOU-JI has quit [Quit: Leaving...]
hashtag has quit [Ping timeout: 265 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
copumpkin has joined #bitcoin-wizards
maaku has quit [Ping timeout: 244 seconds]
maaku has joined #bitcoin-wizards
<kanzure>
maaku: that particular rant is a combination of observations from jrayhawk, anselm levskaya, michael wittig and a few others. those exact wordings were actually from many years ago. biology sucks. a lot.
<kanzure>
and some aspects from scott aaronson meetup i suppose, yes.
aalex has quit [Ping timeout: 244 seconds]
ghtdak has quit [Quit: WeeChat 1.3]
aalex has joined #bitcoin-wizards
edvorg has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 260 seconds]
b-itcoinssg has quit [Quit: Connection closed for inactivity]
ThomasV has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 252 seconds]
WungFu has joined #bitcoin-wizards
ghtdak has joined #bitcoin-wizards
<andytoshi>
Taek: the sender doesn't need to know anything about the outputs you're receiving
<andytoshi>
well, except the total value
priidu has joined #bitcoin-wizards
<andytoshi>
you create the outputs, you can do this totally deterministically. you'll wind up with this excess kG value which gets attached to the tx, and you can't control that (since it's the sum of your blinding factors and the sender's) but that's fine, you don't need to keep it