sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
TheSeven has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
mol has joined #bitcoin-wizards
molz has quit [Ping timeout: 250 seconds]
murch has quit [Remote host closed the connection]
Ylbam has quit [Quit: Connection closed for inactivity]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 245 seconds]
Noldorin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
Noldorin has joined #bitcoin-wizards
Alopex has quit [Remote host closed the connection]
NewLiberty has joined #bitcoin-wizards
CodeShark has quit [Read error: Connection reset by peer]
Alopex has joined #bitcoin-wizards
CodeShark has joined #bitcoin-wizards
Noldorin has quit [Ping timeout: 250 seconds]
yokwe has quit [Ping timeout: 252 seconds]
cannedprimates has quit [Read error: Connection reset by peer]
mariorz has quit [Ping timeout: 252 seconds]
yokwe has joined #bitcoin-wizards
ibrightly has quit [Ping timeout: 258 seconds]
cannedprimates has joined #bitcoin-wizards
ibrightly has joined #bitcoin-wizards
mariorz has joined #bitcoin-wizards
btcdrak has quit [Ping timeout: 248 seconds]
btcdrak has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 245 seconds]
NewLiberty has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
NewLiberty has quit [Ping timeout: 245 seconds]
nooblord has quit [Quit: Leaving]
NewLiberty has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 256 seconds]
zooko has joined #bitcoin-wizards
pro has quit [Quit: Leaving]
alpalp is now known as alpalpwi
alpalpwi is now known as alpalp
funkenstein_ has joined #bitcoin-wizards
dnaleor has quit [Quit: Leaving]
molz has joined #bitcoin-wizards
mol has quit [Ping timeout: 256 seconds]
Dizzle has joined #bitcoin-wizards
DigiByteDev has joined #bitcoin-wizards
alpalp has quit [Ping timeout: 245 seconds]
Cory has joined #bitcoin-wizards
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
veleiro has quit [Ping timeout: 245 seconds]
ThomasV has joined #bitcoin-wizards
funkenstein_ has quit [Ping timeout: 252 seconds]
Alopex has quit [Remote host closed the connection]
zooko has quit [Ping timeout: 245 seconds]
Alopex has joined #bitcoin-wizards
DigiByteDev has quit [Quit: DigiByteDev]
molz has quit [Ping timeout: 256 seconds]
TheSeven has quit [Ping timeout: 256 seconds]
[7] has joined #bitcoin-wizards
moli has joined #bitcoin-wizards
moli has quit [Ping timeout: 256 seconds]
moli has joined #bitcoin-wizards
rusty has left #bitcoin-wizards [#bitcoin-wizards]
Aranjedeath has quit [Ping timeout: 245 seconds]
Ylbam has joined #bitcoin-wizards
moli has quit [Read error: Connection reset by peer]
moli has joined #bitcoin-wizards
roconnor has quit [Ping timeout: 250 seconds]
Topogetcyrpto has quit [Quit: Topogetcyrpto]
molz has joined #bitcoin-wizards
moli has quit [Ping timeout: 256 seconds]
Dizzle has quit [Remote host closed the connection]
Dizzle has joined #bitcoin-wizards
BashCo has quit [Remote host closed the connection]
wizkid057 has quit [Ping timeout: 250 seconds]
wizkid057 has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 260 seconds]
MoALTz has quit [Quit: Leaving]
CrazyLoaf has quit [Quit: Connection closed for inactivity]
BashCo has joined #bitcoin-wizards
BashCo_ has joined #bitcoin-wizards
anon616 has quit [Ping timeout: 250 seconds]
copumpkin has quit [Ping timeout: 250 seconds]
anon616 has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 252 seconds]
copumpkin has joined #bitcoin-wizards
murch has joined #bitcoin-wizards
xeon-eno1f has quit [Quit: leaving]
xeon-enouf has joined #bitcoin-wizards
_mn3monic has quit [Ping timeout: 260 seconds]
ThomasV has joined #bitcoin-wizards
mountaingoat has quit [Ping timeout: 250 seconds]
harrymm has quit [Ping timeout: 265 seconds]
CrazyLoaf has joined #bitcoin-wizards
mountaingoat has joined #bitcoin-wizards
harrymm has joined #bitcoin-wizards
jhogan42 has joined #bitcoin-wizards
jhogan42_ has joined #bitcoin-wizards
jhogan42 has quit [Ping timeout: 250 seconds]
paveljanik has quit [Quit: Leaving]
GreekMiner has joined #bitcoin-wizards
<GreekMiner>
morning guys!
mountaingoat has quit [Ping timeout: 245 seconds]
mountaingoat has joined #bitcoin-wizards
jhogan42_ has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]
dgenr8 has quit [Ping timeout: 260 seconds]
ThomasV has quit [Ping timeout: 252 seconds]
dnaleor has joined #bitcoin-wizards
_mn3monic has joined #bitcoin-wizards
xsdfdfsa has joined #bitcoin-wizards
dgenr8 has joined #bitcoin-wizards
xsdfdfsa has quit [Ping timeout: 250 seconds]
skang404 has joined #bitcoin-wizards
CrazyLoaf has quit [Quit: Connection closed for inactivity]
jtimon has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
lmatteis has joined #bitcoin-wizards
xsdfdfsa has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 252 seconds]
ratoder has joined #bitcoin-wizards
funkenstein_ has joined #bitcoin-wizards
funkenstein_ is now known as Guest88061
Guest88061 has quit [Client Quit]
<skang404>
Hey all, I requested for comments on a few scaling ideas (https://www.youtube.com/watch?v=oydJoAcdlUw) but have got no response. I am trying to convert this to a paper so that it is more readable but need help. Would anyone of you be kind enough to comment to this please?
xissburg_ has quit [Quit: ZZZzzz…]
xissburg has joined #bitcoin-wizards
GreekMiner has quit [Quit: Nettalk6 - www.ntalk.de]
davec has quit [Read error: Connection reset by peer]
davec has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
<murch>
skang404: Perhaps it would be helpful if you summarized the video in a few sentences and then elaborated on the points that people ask about?
ThomasV has quit [Ping timeout: 260 seconds]
skang404 has quit [Remote host closed the connection]
pro has joined #bitcoin-wizards
xissburg has quit [Quit: ZZZzzz…]
CrazyLoaf has joined #bitcoin-wizards
xsdfdfsa has quit [Read error: Connection reset by peer]
nooblord has joined #bitcoin-wizards
<nsh>
what's the most practical scheme under which to achieve a zk proof of knowledge of a commitment preimage?
<nsh>
(computationally zk)
<Alanius>
under what commitment function?
Guyver2 has joined #bitcoin-wizards
<nsh>
well, i thought pederson might be easiest
<nsh>
but would be interesting to see for arbitrary hash function
aalex has joined #bitcoin-wizards
<nsh>
hal finney had a proposal involving malleable sigs and modified SHA1 circuit but seems a bit abstruse
<nsh>
but i think it comes down to either garbling circuits or some homeomorphism in the commitment
bsm117532 has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
MoALTz has joined #bitcoin-wizards
runeks has quit [Ping timeout: 250 seconds]
kumavis has quit [Ping timeout: 250 seconds]
kumavis has joined #bitcoin-wizards
kumavis has quit [Ping timeout: 260 seconds]
jlopp has quit [Quit: Page closed]
Dizzle has quit [Quit: Leaving...]
adams__ has quit [Ping timeout: 258 seconds]
kumavis has joined #bitcoin-wizards
runeks has joined #bitcoin-wizards
adams__ has joined #bitcoin-wizards
chjj has quit [Ping timeout: 260 seconds]
Aranjedeath has joined #bitcoin-wizards
<uiuc-slack3>
<amiller> nsh maybe you could clarify the question a bit?
<uiuc-slack3>
<amiller> pedersen commitments are super easy to give a proof of knowledge for
<nsh>
amiller, I want to prove that I know the preimage of a hash without telling you what the hash is. This is in the context of an auditor proving to someone that they've seen the whole merkle tree of a log, without the inefficiency of seeing all the data
<uiuc-slack3>
<amiller> zkpok{ (x,r): C = g^x h^r } ..... k1,k2 <- random in Zp, c = H(g^k1 h^k2), return (g^k1 h^k2, k1 + cx, k2+cr)
<nsh>
-musalbas
<uiuc-slack3>
<amiller> nsh can you use an interactive protocol
<nsh>
any in particular?
<uiuc-slack3>
<amiller> where the auditor does aeveral rounds of iteration w the prover
<nsh>
i saw one that is inefficient (i.e. takes 5 seconds)
<uiuc-slack3>
<amiller> if you run the same protocol in designated verifier mode, it should be the same performance, but without requiring trusted setup
<nsh>
ah
<kanzure>
maaku: ah, i thought you meant yesterday "after 13,104 blocks, all UTXOs in testnet become spendable, from 13,104 blocks after the fork" but in https://github.com/bitcoin/bitcoin/issues/8956 i see you mean only old utxos become spendable.
<nsh>
is this being used for something? (lightning_circuit)
<uiuc-slack3>
<amiller> no, it was a one-off just used to answer someone's questiona bout snark performance
<nsh>
i guess an issue here is trusted setup. musalbas's scheme is for an overlay to check proof-of-publication (and confirmation) of softare updates to secure against malicious updates
<nsh>
e.g. you'd not apply a patchset from repos unless update logs were committed to some ledger
<uiuc-slack3>
<amiller> i see, but it would be better using cryptography rather than needing to trust this overlay network
<nsh>
apparently not in designated verifier mode according to amiller
<uiuc-slack3>
<amiller> there a lot of tradeoffs and a few competing projects to choose between so i think there's not a 1-size-fits all answer.
* nsh
nods
<waxwing>
very interesting, so am i reading that 'lightning' github correctly as, you can prove interactively in about 10-20 seconds and in zk the knowledge of the preimage of a hash?
<waxwing>
well, i guess it's doing more than 1 preimage there
<waxwing>
or, no, is the key generation time not included
CrazyLoaf has quit [Quit: Connection closed for inactivity]
<uiuc-slack3>
<amiller> yeah, key generation is included
<uiuc-slack3>
<amiller> altogether only 15 seconds total
<uiuc-slack3>
<amiller> so if you want to have someone prove it to you, you can generate your own parameters
<waxwing>
i see, thanks
Aranjedeath has quit [Quit: Three sheets to the wind]
Aranjedeath has joined #bitcoin-wizards
Topogetcyrpto has joined #bitcoin-wizards
BashCo_ has quit [Remote host closed the connection]
xissburg has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
Guyver2 has quit [Remote host closed the connection]
BCBot has quit [*.net *.split]
catcow has quit [*.net *.split]
jlyndon_ has quit [*.net *.split]
Alanius has quit [*.net *.split]
warren has quit [*.net *.split]
CryptoTraderClub has quit [*.net *.split]
prosody has quit [*.net *.split]
mappum has quit [*.net *.split]
wallet42 has quit [*.net *.split]
kinlo has quit [*.net *.split]
phantomcircuit has quit [*.net *.split]
Muis has quit [*.net *.split]
koshii has quit [*.net *.split]
poggy has quit [*.net *.split]
morcos has quit [*.net *.split]
Piper-Off has quit [*.net *.split]
aspect_ has quit [*.net *.split]
PsychoticBoy has quit [*.net *.split]
bassguitarman has quit [*.net *.split]
blkdb has quit [*.net *.split]
epscy has quit [*.net *.split]
arubi has quit [*.net *.split]
Guest20676 has quit [*.net *.split]
Lightsword has quit [*.net *.split]
SirJacket has quit [*.net *.split]
thrasher` has quit [*.net *.split]
cjd has quit [*.net *.split]
tromp__ has quit [*.net *.split]
humd1ng3r has quit [*.net *.split]
asoltys has quit [*.net *.split]
kinlo has joined #bitcoin-wizards
asoltys_ has joined #bitcoin-wizards
phantomcircuit has joined #bitcoin-wizards
BCBot has joined #bitcoin-wizards
arubi has joined #bitcoin-wizards
sneak has joined #bitcoin-wizards
humding3r has joined #bitcoin-wizards
morcos has joined #bitcoin-wizards
warren has joined #bitcoin-wizards
tromp__ has joined #bitcoin-wizards
warren has quit [Changing host]
warren has joined #bitcoin-wizards
Alanius has joined #bitcoin-wizards
poggy_ has joined #bitcoin-wizards
sipa has joined #bitcoin-wizards
epscy has joined #bitcoin-wizards
sneak is now known as Guest26230
Piper-Off has joined #bitcoin-wizards
sipa has quit [Client Quit]
sipa has joined #bitcoin-wizards
sipa has quit [Client Quit]
Lightsword has joined #bitcoin-wizards
koshii has joined #bitcoin-wizards
qpm has quit [Ping timeout: 248 seconds]
thrasher` has joined #bitcoin-wizards
BCBot has quit [Remote host closed the connection]
BCBot has joined #bitcoin-wizards
kumavis has quit [Ping timeout: 256 seconds]
blkdb has joined #bitcoin-wizards
<midnightmagic>
w 49
sipa has joined #bitcoin-wizards
sipa has quit [Changing host]
sipa has joined #bitcoin-wizards
PsychoticBoy has joined #bitcoin-wizards
aspect_ has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
Muis has joined #bitcoin-wizards
jlyndon_ has joined #bitcoin-wizards
CryptoTraderClub has joined #bitcoin-wizards
mappum has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
SirJacket has joined #bitcoin-wizards
bassguitarman has joined #bitcoin-wizards
catcow has joined #bitcoin-wizards
prosody has joined #bitcoin-wizards
kumavis has joined #bitcoin-wizards
qpm has joined #bitcoin-wizards
Davasny has joined #bitcoin-wizards
andytoshi has joined #bitcoin-wizards
andytoshi has quit [Changing host]
andytoshi has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
<musalbas>
I wonder if it's possible to have a provably append-only log, or merkle tree, that has O(log(n)) efficient lookups, i.e. the tree doesn't just grow in height for every append operation, but also in breadth
<musalbas>
So that we don't have trees with insane heights like 200,000, but we could have a maximum height of 128 that can represent every SHA1 hash
<musalbas>
but obviously the hard part is making it append-only, since the root hash will keep changing
chjj has quit [Ping timeout: 260 seconds]
laurentmt has joined #bitcoin-wizards
<musalbas>
but then again... I guess fundamentally such a tree will just tell if a hash has been seen or not
laurentmt has quit [Client Quit]
Davasny_ has joined #bitcoin-wizards
Davasny has quit [Ping timeout: 260 seconds]
jhogan42 has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 260 seconds]
<aj>
musalbas: append only merkle trees -- that's what peter todd's merkle mountain range stuff is good at; also described in rfc6962
<musalbas>
will take a look thanks
jhogan42 has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]
Guyver2 has quit [Read error: Connection reset by peer]
lmatteis has quit [Quit: Connection closed for inactivity]
jhogan42 has joined #bitcoin-wizards
<musalbas>
yeah so the mountain range stuff is basically it
<uiuc-slack3>
<amiller> musalbas i dont think merkle mountain range is necessary
<uiuc-slack3>
<amiller> nor necessarily solves the problem
<uiuc-slack3>
<amiller> it depends on what kind of lookup you want
<musalbas>
what does then?
<uiuc-slack3>
<amiller> do you want to have "non-membership" proofs/
<musalbas>
yes
<uiuc-slack3>
<amiller> ok then of the three alternatives, 1) orinary merkle tree, 2) merkle mountain range, 3) merkle trie or balanced merkle trie, only 3) will work for you
<musalbas>
maybe this was discussed before, but I'm alluding to it in the context of a blockchain where all transaction outputs are folded into one hash
<musalbas>
i see
<kanzure>
musalbas ignored my links :(
vdo has quit [Ping timeout: 268 seconds]
<musalbas>
kanzure, the 10 of them you linked to me in the other channel?
<kanzure>
yes
<musalbas>
i read the mountain range stuff you linked, but i didn't realize it did what i was asking for until now :)
<kanzure>
also, for folding outputs into one hash, you probably want a merkle sum tree
Guyver2 has joined #bitcoin-wizards
<musalbas>
but i should read the client-side validation stuff
<aj>
petertodd: non-membership proofs seem fine with MMRs, presuming they're added in key order; you just provide paths to the immediately prior and immediate successor nodes
<sipa>
aj: i believe petertodd talks about append-only structures, so they're not key ordered
<aj>
sipa: they are if the key increases monotonically (like a timestamp, or if you're trying to prove the value corresponding to a key doesn't match)
* kanzure
mumbles about modelica things
<brguy>
is this channel OK with newbie questions? :-)
tromp has joined #bitcoin-wizards
<fluffypony>
brguy: don't ask to ask, just ask
<brguy>
Why Bitcoin is not the first-option for smart-contract?
tromp_ has joined #bitcoin-wizards
<cjd>
So Vitalik could make money
* cjd
runs
<musalbas>
lol
tromp__ has quit [Ping timeout: 256 seconds]
tromp__ has joined #bitcoin-wizards
tromp has quit [Ping timeout: 256 seconds]
tromp has joined #bitcoin-wizards
tromp_ has quit [Ping timeout: 250 seconds]
<brguy>
haha, but technically nothing stops from using it for that reason, right?
WungFu has joined #bitcoin-wizards
tromp__ has quit [Ping timeout: 260 seconds]
Davasny has joined #bitcoin-wizards
Davasny_ has quit [Ping timeout: 260 seconds]
danrobinson has joined #bitcoin-wizards
<danrobinson>
brguy: One reason is that Bitcoin Script is too limited to implement all but a limited range of smart contracts
<danrobinson>
There's no realistic way to implement a state machine
<brguy>
danrobinson: then a good reason people won't look for Bitcoin is because of that, not because it is needed a project to implement smart contracts on Bitcoin?
<brguy>
I've felt like it was a bit hard from an implementation point of view, but didn't imagine there was "no realistic way"
<danrobinson>
Yeah, it would almost certainly require improvements to the protocol. CheckOutputVerify to start, but probably more (i.e. loops, string concatenation opcodes that aren't disabled, some kind of eval...)
<cjd>
oh yeah but they're limiting Ethereum a bit too because arbitrary execution turns out to be attackable
<danrobinson>
And once you get beyond a certain degree of complexity you probably need something like gas to limit execution
<sipa>
in general, you don't aftually need to be able to run arbitrary instruction
chjj has quit [Ping timeout: 252 seconds]
<sipa>
all you need to be able to is, is prove that you were allowed to reach the state you're bringing the system in
<JackH>
is that MAST? or would more than MAST be required?
<sipa>
doing thatbin a compact, efficient, and privacy-preserving way is much harder
<sipa>
mast is a step along the way imho
<Taek>
Ethereum clearly is running into a ton of issues, not the least of which is that you can't tell if a script is valid without running it
<sipa>
and that you reveal your script to the whole world
<sipa>
and that it requires a ton of space
<Taek>
I'm glad that Bitcoin has chosen to not support it, the field just needs a lot more work.
<JackH>
would be nice to attract more mainstream developers though
<JackH>
its way to hardcore right now for all of us who are not sipa
<Taek>
JackH: mainstream developers are exactly some of the problems that Ethereum is having. The DAO was built by people who were vastly underqualified, and a lot of people got hurt
<brguy>
hence my problem to trust Ethereum
<JackH>
Taek, I know and I probably just say that it would be great if we had it solved by now. Not solved in the Ethereum way
<sipa>
i'd just be glad if we get to solve it eventually
<sipa>
mainstream attraction has brought hype, politics and drama
<sipa>
not solutions
<brguy>
sipa: I've seen the same problem in other open source projects, mainstream attraction is only good after a very good and stable basis
<sipa>
mainstream attraction has also brought money, and indirectly pays my salary
<sipa>
so i guess i won't complain too loudly
<JackH>
as long as we can keep mainstream out of the main protocol and turn the attention to secondary layers I think we will all benefit a lot
<brguy>
that's the good part, not only funding, but with more people involved it gets more stable, like a paradox
wasi_ has joined #bitcoin-wizards
wasi_ has quit [Read error: Connection reset by peer]
<JackH>
hey sipa if you are still here. Can you elaborate on this? Segwit is sold as a fix to malleability and a throughput increase (both true and very important). But you may have also heard that developers are more excited by the "scripting" functionality Segwit adds.
<JackH>
this is a rare thread that doesnt spin into hate
<sipa>
mast is a means of hiding branches of scripts that are not executed
<sipa>
and it builds on segwit, because part of segwit is the "script versioning" feature
<JackH>
ah yes just reading that now on bitcoincore
<sipa>
which could technically have been done independently, but is much easier together
<JackH>
how did I miss this too...
<sipa>
it turns every script change into a potential softforkable upgrade
<JackH>
damn this upgrade is a solid one
<sipa>
mast is just a prototype right now
<JackH>
yes, was referring to segwit
Davasny has quit [Remote host closed the connection]
chjj_ has joined #bitcoin-wizards
murch has quit [Remote host closed the connection]
wasi_ has joined #bitcoin-wizards
<bsm1175321>
brguy: One can certainly do many kinds of interesting contracts with Bitcoin script, but it's limitations force you to engineer things with more client side logic. As a consequence, Bitcoin usage tends to be more privacy-preserving. I fear Ethereum errs on the side of placing way too much data in public contracts, and it will come back to bite casual implementors.
wasi_ has left #bitcoin-wizards [#bitcoin-wizards]
WungFu has quit [Ping timeout: 260 seconds]
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
alpalp has joined #bitcoin-wizards
CrazyLoaf has quit [Quit: Connection closed for inactivity]