sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
snthsnth has joined #bitcoin-wizards
snthsnth has quit [Ping timeout: 248 seconds]
<CodeShark>
nsh: interpretation of quantum theory is a fun mental game - but in the end it always feels like we just sweep difficulties under a different rug :)
tcrypt has joined #bitcoin-wizards
skang404 has joined #bitcoin-wizards
blackwraith has quit [Ping timeout: 276 seconds]
Ylbam has quit [Quit: Connection closed for inactivity]
jnewbery has quit []
bitstein has joined #bitcoin-wizards
tcrypt has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Alopex has quit [Remote host closed the connection]
echonaut has quit [Remote host closed the connection]
<xinxi>
there is a constant range proof.
echonaut has joined #bitcoin-wizards
<xinxi>
It's always 18 group elements.
tcrypt_ has quit [Ping timeout: 255 seconds]
arubi has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
<andytoshi>
xinxi: that's broken, whoever runs `gencrs` can forge proofs
Chris_Stewart_5 has quit [Ping timeout: 265 seconds]
<xinxi>
andytoshi: how difficult is that?
<andytoshi>
xinxi: it's exactly as difficult as generating an honest proof, it looks like
<andytoshi>
but this is a -really- wordy construction, it might be easier or harder
<andytoshi>
xinxi: this is "proven secure in the CRS model" .. the CRS model is a security model in which certain undetectable forgeries just don't count, for the purpose of the paper
<andytoshi>
academics like this model because it's much easier to prove things in
<andytoshi>
but declaring that some forgeries don't count, doesn't change the fact that the scheme is broken
rusty has joined #bitcoin-wizards
<xinxi>
andytoshi: what's the security model used by current CT?
<xinxi>
standard model?
<andytoshi>
xinxi: random oracle model
DigiByteDev has joined #bitcoin-wizards
<andytoshi>
"standard model" means no oracles (in particular, hash functions can't be treated as producing random values)
<andytoshi>
sometimes you hear the "CRS model", which is some other model plus a backdoor algorithm and a security definition that excludes use of the backdoor ... many authors call this the "standard model" because technically a back door is not an oracle, and i guess they think it gives them some legitimacy to say "standard model"
<xinxi>
Random oracle model assumes true randomness. Isn't it broken either?
<andytoshi>
no, empiracally it appears that you can slot in "hash the current state of the system with SHA2 or something" in place of true randomness, and the security still holds
<xinxi>
Yeah, but that's not true randomness.
<andytoshi>
in particular, if something was broken by this replacement, it'd somehow be exploiting the fact that a hash function is not really random ... but the structure that hash functions have is really different from the structure that the other parts of the algorithms have
<andytoshi>
and it appears that they don't ever interact (except in very contrived constructions designed to break in this way)
<xinxi>
Yeah, it's pretty good randomness and difficult to break.
<andytoshi>
well, we've had some 20+ years of random oracle schemes and no used system has ever been broken because of it
<xinxi>
I am wondering is CRS similar to that? Is there any CRS based algorithms broken because of the assumption of the security model?
<andytoshi>
i mean, this is a bit of a dodgy thing to say. certainly hash functions are broken and then the schemes that use them are broken because of this
<andytoshi>
xinxi: yes, when you replace a common reference string with something that's physically instantiated, then anyone in possession of its source can break the system, usually
<andytoshi>
so most CRS schemes are literally broken by definition when they are instantiated
<andytoshi>
every time
rgrant has joined #bitcoin-wizards
midnightmagic has quit [Ping timeout: 265 seconds]
wrv has quit [Ping timeout: 240 seconds]
<xinxi>
andytoshi: Can we change the method by using ECDH to exchange the common string?
<xinxi>
I feel the setting of the problem in the paper is a bit different from CT, where we can get a public key of the receiver.
<andytoshi>
xinxi: the "receiver" of the proof is every person using the system now and in the future
<andytoshi>
the recipient of the transaction is nobody special, security wise
<andytoshi>
but you touch on a good point -- often the CRS assumption is actually OK, when there is one person verifying (and not proving), and then they can generate the CRS
<andytoshi>
this is how greg maxwell's "zero-knowledge contingent payment" scheme works, offchain people exchange solution to some puzzle (and prove that the solution exists using some CRS-based proof scheme)
<andytoshi>
but unfortunately for a blockchain this is not the case, the verifier set is open-ended
<rgrant>
is there a way for one of n multisig participants to update their address?
<rgrant>
(using MAST, advanced key techniques, or an OP that people have already proposed)
<xinxi>
andytoshi: OK. I know what you mean.
<andytoshi>
rgrant: an address doesn't hit any blockchain structures until after somebody has sent money to it .. and at that point i think all the keys need to be committed to for the system to have sane semantics
<andytoshi>
so the answer is no, and no amount of crypto can get around it
<andytoshi>
(before anything hits the blockchain, they can just replace their address on whatever medium is being used to send it to would-be spenders, ofc)
tcrypt has joined #bitcoin-wizards
<rgrant>
if we know we want another address beforehand, we can put a branch into a MAST tx with the address (and even keep some secret piece of that branch in the meantime, to not grant the address any control now). it would be nice to take this a step further.
<rgrant>
the business case is key rotation or selling one's participation in a long-running multisig
tcrypt is now known as tcrypt[away]
tcrypt[away] has quit [Ping timeout: 250 seconds]
<rgrant>
it also seems that building the multisig out of MAST branch concatenation (using an opcode that reaches elsewhere in the MAST), rather than by concatenating at MAST-creation time, could allow one to specify a brnch with only one signature required, that then copies/recomputes the other subbranches, without knowing the other signatures.
<rgrant>
this last part is a hunch.
tcrypt has joined #bitcoin-wizards
xinxi has quit [Remote host closed the connection]
tcrypt is now known as tcrypt[away]
tcrypt[away] has quit [Client Quit]
chjj has quit [Ping timeout: 276 seconds]
Noldorin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
<rgrant>
ahh, but either the TXOUT moves with one signature, or it requires the multisig. i think i see the problem.
snthsnth has quit [Ping timeout: 244 seconds]
<rgrant>
so this is a little clunky, but the solution might be an opcode that specifies which nodes of a MAST may be replaced when a certain key signs, and sends funds to a new UTXO with the recomputed MAST. other keys used in the multisig would want to carefully review this replaceable-branch list, whereer the opcode occurs.
rgrant has left #bitcoin-wizards [#bitcoin-wizards]
tcrypt has joined #bitcoin-wizards
tcrypt has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
pro has quit [Quit: Leaving]
tcrypt has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
tcrypt has quit [Ping timeout: 272 seconds]
tcrypt has joined #bitcoin-wizards
gsdgdfs has joined #bitcoin-wizards
Transisto2 has quit [Ping timeout: 250 seconds]
YOU-JI has joined #bitcoin-wizards
YOU-JI has quit [Client Quit]
YOU-JI has joined #bitcoin-wizards
moa has joined #bitcoin-wizards
moa has quit [Changing host]
moa has joined #bitcoin-wizards
<sipa_>
andytoshi: "empirically it appears"... just empirically? isn't that the basis for fiat-shamir?
YOU-JI has quit [Client Quit]
mhanne has quit [Quit: leaving]
mhanne has joined #bitcoin-wizards
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
cjd has quit [Ping timeout: 265 seconds]
superkuh has joined #bitcoin-wizards
cjd has joined #bitcoin-wizards
moli has quit [Ping timeout: 264 seconds]
sipa_ has quit [Quit: leaving]
TheSeven has quit [Ping timeout: 255 seconds]
[7] has joined #bitcoin-wizards
nooblord has quit [Quit: Leaving]
meZee has quit [Ping timeout: 250 seconds]
meZee has joined #bitcoin-wizards
moli has joined #bitcoin-wizards
Joseph__ has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 255 seconds]
tcrypt has quit [Read error: Connection reset by peer]
tcrypt has joined #bitcoin-wizards
Topoget has joined #bitcoin-wizards
Topoget has left #bitcoin-wizards [#bitcoin-wizards]
Topogetcyrpto has joined #bitcoin-wizards
Topogetcyrpto has quit [Client Quit]
Topogetcyrpto has joined #bitcoin-wizards
Topogetcyrpto has quit [Client Quit]
snthsnth has joined #bitcoin-wizards
tcrypt has quit [Ping timeout: 272 seconds]
tcrypt has joined #bitcoin-wizards
AusteritySucks has joined #bitcoin-wizards
DigiByteDev has quit [Quit: DigiByteDev]
DigiByteDev has joined #bitcoin-wizards
DigiByteDev has quit [Client Quit]
Alopex has quit [Remote host closed the connection]
DigiByteDev has joined #bitcoin-wizards
Alopex has joined #bitcoin-wizards
tcrypt_ has joined #bitcoin-wizards
tcrypt_ has left #bitcoin-wizards [#bitcoin-wizards]
NewLiberty has joined #bitcoin-wizards
Joseph__ has quit [Ping timeout: 244 seconds]
tcrypt has quit [Ping timeout: 272 seconds]
DigiByteDev has quit [Ping timeout: 248 seconds]
meZee has quit [Ping timeout: 265 seconds]
amiller has quit [Ping timeout: 276 seconds]
amiller has joined #bitcoin-wizards
amiller is now known as Guest75206
Guest75206 has quit [Changing host]
Guest75206 has joined #bitcoin-wizards
Guest75206 is now known as amiller
meZee has joined #bitcoin-wizards
Topogetcyrpto has joined #bitcoin-wizards
Transisto2 has joined #bitcoin-wizards
gsdgdfs has quit [Ping timeout: 272 seconds]
gsdgdfs has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
Transisto2 has quit [Ping timeout: 244 seconds]
Transisto2 has joined #bitcoin-wizards
davec has quit [Read error: Connection reset by peer]
davec has joined #bitcoin-wizards
Topogetcyrpto has quit [Ping timeout: 244 seconds]
gsdgdfs has quit [Ping timeout: 255 seconds]
gsdgdfs has joined #bitcoin-wizards
snthsnth has quit [Ping timeout: 265 seconds]
Transisto2 has quit [Ping timeout: 265 seconds]
Topogetcyrpto has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
NewLiberty has quit [Read error: Connection timed out]
NewLiberty_ has joined #bitcoin-wizards
NewLiberty_ is now known as NewLiberty
Giszmo has quit [Quit: Leaving.]
DigiByteDev has joined #bitcoin-wizards
Aranjedeath has quit [Ping timeout: 255 seconds]
AaronvanW has quit [Ping timeout: 276 seconds]
jtimon has quit [Ping timeout: 272 seconds]
murch has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
rubensayshi has joined #bitcoin-wizards
Topogetcyrpto has quit [Ping timeout: 264 seconds]
gielbier has quit [Ping timeout: 250 seconds]
Topogetcyrpto has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Changing host]
AaronvanW has joined #bitcoin-wizards
gielbier has joined #bitcoin-wizards
gielbier has quit [Changing host]
gielbier has joined #bitcoin-wizards
<andytoshi>
sipa: the basis for fiat-shamir is that you can change an interactive scheme into an RO one
<andytoshi>
that RO is secure in real life is an empirical matter
<andytoshi>
cf "random oracles are practical"
murch has quit [Remote host closed the connection]
skang404 has quit [Ping timeout: 244 seconds]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
AaronvanW has quit [Ping timeout: 276 seconds]
Yogh has quit [Ping timeout: 255 seconds]
Yogh has joined #bitcoin-wizards
DigiByteDev has quit [Ping timeout: 255 seconds]
<nsh>
(the transform itself provably secure given RO-assumption however)
midnightmagic has joined #bitcoin-wizards
Topogetcyrpto has quit [Ping timeout: 260 seconds]
Topogetcyrpto_ has joined #bitcoin-wizards
CryptoAi is now known as CryptoTraderClub
<CryptoTraderClub>
Looking for coin fundamental analysts. Can you make good calls on crypto coins ?
Topogetcyrpto has quit [Ping timeout: 240 seconds]
Giszmo has joined #bitcoin-wizards
jl2012 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
wrv has joined #bitcoin-wizards
wrv has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
edvorg has joined #bitcoin-wizards
<kanzure>
"Our comparison reveals that in any settings where distributed trust is possible (i.e., one is willing to trust any set of known participants), Bitcoin can collapse into CT and the need for both mining and the storage of the blockchain disappears."
<sipa>
CT?
<kanzure>
certificate transparency
<sipa>
ah
<kanzure>
sort of a weird way to go about getting that result ("hey trusted systems can be more trusty!") but w/e...
NewLiberty has quit [Ping timeout: 255 seconds]
xissburg_ is now known as xissburg
<wumpus>
they're right, if you remove the aspect of trustlessness, there is no point in doing mining and verification of the entire blockchain
<wumpus>
but that's the catch isn't it...
<sipa>
well there are degrees
NewLiberty has joined #bitcoin-wizards
<sipa>
if you have the ability to synchronize occasionally, you can distinguish between trust to not produce two versions of history, but not trust them not to authorize thefts
dnaleor has quit [Read error: Connection reset by peer]
<Chris_Stewart_5>
Has anyone taken steps to implementing mimble wimble as a sidechain?
nikivi has quit [Quit: zzz]
edvorg has quit [Ping timeout: 244 seconds]
nikivi has joined #bitcoin-wizards
nikivi has quit [Client Quit]
jnewbery has quit [Remote host closed the connection]
jnewbery has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
jnewbery has quit [Ping timeout: 244 seconds]
AaronvanW has quit [Changing host]
AaronvanW has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
NewLiberty has quit [Ping timeout: 255 seconds]
NewLiberty_ is now known as NewLiberty
e0_ has quit [Ping timeout: 265 seconds]
instagibbs has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
nickler has quit [Quit: leaving]
AaronvanW has quit [Ping timeout: 272 seconds]
nikivi has joined #bitcoin-wizards
jnewbery has joined #bitcoin-wizards
jnewbery has quit [Ping timeout: 260 seconds]
jnewbery has joined #bitcoin-wizards
e0_ has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Changing host]
AaronvanW has joined #bitcoin-wizards
nikivi has quit [Quit: irc]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
NotSure65 has joined #bitcoin-wizards
rubensayshi has quit [Remote host closed the connection]
bsm117532 has quit [Read error: Connection reset by peer]
bsm117532 has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
<JackH>
Is there any reason to think that Bitcoin wont eventually be taken over in terms of usage by Ethereum (serious question)
NotSure65 has quit [Remote host closed the connection]
<bsm117532>
Yes. Lots. I could go on and on and on. #bitcoin is probably better for that question.
AaronvanW has quit [Ping timeout: 272 seconds]
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Changing host]
AaronvanW has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 276 seconds]
Guyver2 has quit [Read error: Connection reset by peer]
Guyver2 has joined #bitcoin-wizards
jnewbery has quit [Remote host closed the connection]
nikivi has joined #bitcoin-wizards
nickler has joined #bitcoin-wizards
snthsnth has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 272 seconds]
r0ach has quit []
jtimon has joined #bitcoin-wizards
Burrito has joined #bitcoin-wizards
snthsnth has quit [Ping timeout: 255 seconds]
jnewbery has joined #bitcoin-wizards
<Taek>
Chris_Stewart_5: probably too early for that, the theory behind it is still advacing pretty rapidly
edvorg has joined #bitcoin-wizards
snthsnth has joined #bitcoin-wizards
edvorg has quit [Remote host closed the connection]
<Chris_Stewart_5>
Taek: Seems like it would be a good testing ground. Any way just thought i'd ask if anyone is actively working on it in code
jnewbery has quit [Remote host closed the connection]
jnewbery has joined #bitcoin-wizards
<bsm117532>
Anyone know where mimblewimble discussion is occurring? There's been precious little here since August.
edvorg has joined #bitcoin-wizards
e0_ has quit [Ping timeout: 250 seconds]
jtimon has quit [Ping timeout: 260 seconds]
<instagibbs>
anything public is likely here
MoALTz has quit [Quit: Leaving]
r0ach has joined #bitcoin-wizards
<Chris_Stewart_5>
Hopefully with segwit getting closer to deployment we can see things like that explored more
snthsnth has quit [Ping timeout: 240 seconds]
<sipa>
i don't think segwit helps for mimblewimble :)
<instagibbs>
first, we don't hash the witness, next we throw away script!
<Chris_Stewart_5>
sipa: but segwit does distract people like you from thinking/working on things like mimble wimble :-)
nikivi has quit [Quit: zzz]
Yogh has quit [Ping timeout: 240 seconds]
<sipa>
Chris_Stewart_5: ha yes
Yogh has joined #bitcoin-wizards
snthsnth has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
gabridome has joined #bitcoin-wizards
snthsnth has quit [Ping timeout: 260 seconds]
snthsnth has joined #bitcoin-wizards
CIS has joined #bitcoin-wizards
CIS is now known as cis
gabridome has quit [Ping timeout: 255 seconds]
e0_ has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
Alina-malina is now known as Samsepiol
Samsepiol is now known as Alina-malina
Burrito has quit [Quit: Leaving]
laurentmt has joined #bitcoin-wizards
jnewbery has quit [Remote host closed the connection]
jnewbery has joined #bitcoin-wizards
Burrito has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
gabridome has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
sparetire has quit [Ping timeout: 264 seconds]
JackH has quit [Read error: Connection reset by peer]