sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
wumpus has quit [Ping timeout: 240 seconds]
<bsm117532>
Ah you're correct. I thought you were just multiplying expectation values...but it turns out to be correct in this case.
wumpus has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
lclc has joined #bitcoin-wizards
molz_ has quit [Read error: Connection reset by peer]
<Jeremy_Rand[m]>
maaku: I was unclear in my wording, let me try again. With standard merged mining, the parent and child chains can re-org independently, because the parent chain's headers aren't validated via SPV, they're only used to validate that the individual child block headers have valid PoW.
<Jeremy_Rand[m]>
I'm asking about the idea of a merged mining system where re-orging the parent chain necessarily causes the child chain to re-org, because the child chain's most-work rule is based on SPV validation of the parent chain's block headers.
<Jeremy_Rand[m]>
The rough idea I had for implementation of the logic is that, in the event of a fork in the child chain, the side of the fork that includes an earlier-height block in the longest parent chain would win
<Jeremy_Rand[m]>
s/includes/is commit to by
<Jeremy_Rand[m]>
committed*
* Jeremy_Rand[m]
fails at typing this evening
<Jeremy_Rand[m]>
The motivation for my inquiry is the idea of building a merge-mined chain that can't be 51% attacked without also 51%-attacking the parent chain. Which would resolve one of the major security weaknesses of merge-mined chains (they can be attacked independently of their parent).
<Jeremy_Rand[m]>
bsm1175321: oh cool, thank you. Great to hear that this idea is being worked on and that I'm not the first one to think of it. Is sdlerner the first person to propose this?
<bsm1175321>
I'm not finished reading his draft, but it's not so different from many other ideas floating out there.
<bsm1175321>
I'm not really convinced... if one of the two chains provides a scaling (or some other) advantage...why do you need the other one? The motivation seems to be that this could be a way to extend Bitcoin without requiring changes to Bitcoin. Where "extend" = "atomically trade into a merge-mined altcoin".
<Jeremy_Rand[m]>
bsm1175321: I assume the benefit would be the ability to experiment with new chain validation rules without the risk of easy 51% attacks against the experimental chain?
<Jeremy_Rand[m]>
(Some of which might have to do with scaling)
<Jeremy_Rand[m]>
Anyway, I'm giving a talk in a few weeks, and this concept is going to be briefly mentioned, and I'd like to know whom I should credit for coming up with it before I did. (I would feel horrible if I inadvertently failed to credit someone for their work.)
<bsm1175321>
...which is the same motivation behind Elements Alpha, but no one has a truly acceptable way to trade in and out of the chain, hence the Elements federated peg.
<Jeremy_Rand[m]>
bsm1175321: Atomic cross chain trades without a fixed exchange rate rule are totally okay for some use cases. Although I agree that 2-way pegs are better if they can be done safely.
<bsm1175321>
See also "drivechains"
<bsm1175321>
These ideas are floating around, but I'd say none of them has really picked up much steam. (Much less steam than say, segwit, and we see how that's going)
<Jeremy_Rand[m]>
bsm1175321: if, hypothetically, there were a proposal that had considerably better security than standard merged mining in the case where the child chain has a low USD per block reward, it's plausible that Namecoin would at least consider adopting it.
<bsm1175321>
The issue is in convincing enough miners to do the merge mining.
<Jeremy_Rand[m]>
bsm1175321: and thanks for the drivechains reference, will Google around for that
<Jeremy_Rand[m]>
bsm1175321: Namecoin has sufficient hashpower that that's not a problem (we're about half of Bitcoin), the much bigger issue is that our exchange rate is so much lower than Bitcoin that it would be cheap to bribe miners to attack us
Hunger| has quit [Ping timeout: 252 seconds]
<Jeremy_Rand[m]>
Obviously I wish our hashrate were higher too
<bsm1175321>
There's another way to think about the whole thing...make an "extension block" and a soft fork to move funds into it.
<Jeremy_Rand[m]>
bsm1175321: the extension block proposals require post-softfork full nodes to validate the extension blocks, right? Or have I missed something?
<bsm1175321>
There's really only one economic asset, and that's the brute-forced hash. Putting two tradeable assets on the same chain is silly, IMHO.
<bsm1175321>
Jeremy_Rand[m]: correct. It's not so different from segwit, where the witness block is an extension block of sorts.
mrkent has joined #bitcoin-wizards
<Jeremy_Rand[m]>
bsm1175321: I'm not sure I follow what proposal you're referring to with "putting 2 tradeable assets on the same chain"?
<bsm1175321>
Merge mined coins have only one economic asset: the brute forced hash, but two "coins".
Hunger- has joined #bitcoin-wizards
<Jeremy_Rand[m]>
bsm1175321: for things like Namecoin, it's desirable (in some senses) for Bitcoin nodes to not validate Namecoin blocks, because making Bitcoin nodes parse/store name data violates the social contract of Bitcoin (i.e. that nodes store financial data in order to gain access to a currency)
<Jeremy_Rand[m]>
(I realize that not everyone agrees with that particular social contract.)
<Jeremy_Rand[m]>
So merged mining is useful, but would be more useful if re-orging Namecoin required also re-orging Bitcoin.
<bsm1175321>
I'm just speaking in purely economic terms...not complaining about Namecoin in particular. Frankly I think an identity layer MUST be merge-mined with the asset, or you introduce counterparty risk to an otherwise perfect cryptographic system.
<bsm1175321>
(but it's not a separate asset, it's identity)
Ylbam has quit [Quit: Connection closed for inactivity]
<Jeremy_Rand[m]>
bsm1175321: Any idea when sdlerner's paper will be made public? Like, say, in the next 2 weeks? Would be cool if there's something concrete for me to cite.
<Jeremy_Rand[m]>
(If not, I'm happy to just cite him by name)
pero has left #bitcoin-wizards ["Leaving"]
<bsm1175321>
Well he's circulating a ~25 page draft to a few people, and I've invited him to talk about it at BitDevs in NYC on March 2, so hopefully he makes it public before then!
<Jeremy_Rand[m]>
bsm1175321: Ah good! My talk is circa a week after that.
<bsm1175321>
Where/what is your talk?
<Jeremy_Rand[m]>
bsm1175321: I'm speaking at QCon London in the blockchain track; my talk is mostly a case study of Namecoin and Monero, but I'm trying to work in various alternate approaches to the issues they try to solve
<Jeremy_Rand[m]>
So alternate approaches to merged mining are totally on topic
<bsm1175321>
I'm sure you know about keybase and blockstack/onename on the identity front.
<bsm1175321>
My company is working on identity in a different way than onename/namecoin -- re-using your spent bitcoin keys for identification purposes...
<Jeremy_Rand[m]>
bsm1175321: Yes, I'm familiar with Blockstack. Keybase isn't really blockchain related so I'm not planning to cover it.
<Jeremy_Rand[m]>
(I do plan to cover Blockstack)
<bsm1175321>
Keybase is similar to some certificate transparency efforts, in that they hash&smash commitments to keys, IIRC.
<bsm1175321>
Ooops...hash&smash = put Merkle roots in OP_RETURN.
<Jeremy_Rand[m]>
bsm1175321: I'd be interested in learning more about your company's work. Is much info public at this point?
<bsm1175321>
No, virtually nothing is public yet.
<Jeremy_Rand[m]>
bsm1175321: Okay. When the info becomes public I look forward to reading up on it. :)
Kexkey has quit [Ping timeout: 240 seconds]
oleganza has quit [Quit: oleganza]
Giszmo1 has joined #bitcoin-wizards
Giszmo has quit [Ping timeout: 240 seconds]
wumpus has quit [Ping timeout: 260 seconds]
wumpus has joined #bitcoin-wizards
HostFat__ has joined #bitcoin-wizards
HostFat_ has quit [Ping timeout: 252 seconds]
AaronvanW has quit [Ping timeout: 258 seconds]
AaronvanW has joined #bitcoin-wizards
wumpus has quit [Ping timeout: 260 seconds]
kankles has quit [Ping timeout: 258 seconds]
kenshi84_ is now known as kenshi84
kankles has joined #bitcoin-wizards
deepbook5broo has joined #bitcoin-wizards
deepbook5broo has left #bitcoin-wizards [#bitcoin-wizards]
PRab has joined #bitcoin-wizards
Giszmo1 has quit [Quit: Leaving.]
AaronvanW has quit []
NemosCene21 has joined #bitcoin-wizards
Noldorin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
<NemosCene21>
hey guys and gals! I'm new to bitcoin, can I ask for tips to start earning some?
oleganza has joined #bitcoin-wizards
NemosCene21 has quit [Ping timeout: 260 seconds]
uiuc-slack has quit [Remote host closed the connection]
uiuc-slack has joined #bitcoin-wizards
rusty2 has quit [Ping timeout: 255 seconds]
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
psztorc__ has joined #bitcoin-wizards
Guest58074 is now known as todaystomorrow
<todaystomorrow>
NemosCene21 I
<todaystomorrow>
will tell you about it in ##bitcoin, they answer more basic questions
<todaystomorrow>
but basically nemoscene21 step 1) find people with bitcoins
<todaystomorrow>
2) convince them to give you bitcoins
<bsm1175321>
I so wish I had ops.
psztorc_ has quit [Ping timeout: 240 seconds]
cluckj has quit [Ping timeout: 256 seconds]
cluckj has joined #bitcoin-wizards
pro has quit [Quit: Leaving]
psztorc__ has quit [Quit: Leaving]
NewLiberty has joined #bitcoin-wizards
NemosCene21 has joined #bitcoin-wizards
CrazyLoaf has quit [Quit: Connection closed for inactivity]
NemosCene21 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
katu has quit [Ping timeout: 258 seconds]
TheSeven has quit [Ping timeout: 240 seconds]
TheSeven has joined #bitcoin-wizards
katu has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 256 seconds]
chjj has joined #bitcoin-wizards
mrkent has quit [Remote host closed the connection]
mrkent has joined #bitcoin-wizards
mrkent has quit [Remote host closed the connection]
mrkent has joined #bitcoin-wizards
chjj has quit [Ping timeout: 260 seconds]
mrkent has quit []
mrkent has joined #bitcoin-wizards
mrkent has quit [Client Quit]
mrkent has joined #bitcoin-wizards
mrkent has quit [Max SendQ exceeded]
mrkent has joined #bitcoin-wizards
mrkent has quit [Client Quit]
mrkent has joined #bitcoin-wizards
mrkent has quit [Client Quit]
mrkent has joined #bitcoin-wizards
mrkent has quit [Client Quit]
lclc has joined #bitcoin-wizards
oleganza has quit [Quit: oleganza]
lclc has quit [Ping timeout: 268 seconds]
oleganza has joined #bitcoin-wizards
oleganza has quit [Client Quit]
Aranjedeath has quit [Quit: Three sheets to the wind]
CrazyLoaf has joined #bitcoin-wizards
lclc has joined #bitcoin-wizards
katu has quit [Ping timeout: 255 seconds]
Ylbam has joined #bitcoin-wizards
BashCo has quit [Remote host closed the connection]
BashCo has joined #bitcoin-wizards
kankles has quit [Ping timeout: 240 seconds]
NewLiberty_ has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 240 seconds]
NewLiberty has joined #bitcoin-wizards
NewLiberty_ has quit [Ping timeout: 255 seconds]
katu has joined #bitcoin-wizards
JayDugger has left #bitcoin-wizards [#bitcoin-wizards]
AaronvanW has joined #bitcoin-wizards
wumpus has joined #bitcoin-wizards
BashCo_ has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 240 seconds]
mountaingoat has quit [Ping timeout: 245 seconds]
BashCo has joined #bitcoin-wizards
BashCo_ has quit [Ping timeout: 240 seconds]
BashCo_ has joined #bitcoin-wizards
mountaingoat has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 240 seconds]
jannes has joined #bitcoin-wizards
rusty2 has quit [Ping timeout: 260 seconds]
lclc has quit [Ping timeout: 260 seconds]
EvilHero_ has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
JackH has joined #bitcoin-wizards
mountaingoat has quit [Ping timeout: 240 seconds]
mrkent has joined #bitcoin-wizards
mrkent has quit [Client Quit]
mrkent has joined #bitcoin-wizards
mrkent has quit [Client Quit]
rusty2 has quit [Quit: Leaving.]
EvilHero_ has quit [Ping timeout: 240 seconds]
mountaingoat has joined #bitcoin-wizards
lclc has joined #bitcoin-wizards
deadalnix has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
BashCo_ has quit [Ping timeout: 240 seconds]
pro has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
CrazyLoaf has quit [Quit: Connection closed for inactivity]
asjdfnhsadf has joined #bitcoin-wizards
kankles has joined #bitcoin-wizards
s4z has joined #bitcoin-wizards
aalex has joined #bitcoin-wizards
ibrightly has quit [Read error: Connection reset by peer]
ibrightly has joined #bitcoin-wizards
oneeman has joined #bitcoin-wizards
oleganza has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Giszmo1 has joined #bitcoin-wizards
Giszmo has quit [Ping timeout: 240 seconds]
s4z has quit [Remote host closed the connection]
spudowiar has joined #bitcoin-wizards
<spudowiar>
gmaxwell: Sorry if I shouldn't ask here, but I didn't want to PM you. Why did you disappear from #bitcoin earlier today?
<spudowiar>
!m everyone
<[d__d]>
You're doing good work, everyone!
<gribble>
Error: "m" is not a valid command.
jtimon has joined #bitcoin-wizards
todaystomorrow has quit [Ping timeout: 240 seconds]
atgreen has quit [Quit: Leaving]
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
nu11p7r has quit [Quit: WeeChat 1.4]
Guest84185 has quit [Changing host]
Guest84185 has joined #bitcoin-wizards
Guest84185 is now known as amiller
oleganza has quit [Quit: oleganza]
BashCo_ has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 240 seconds]
tromp has quit [Remote host closed the connection]
chjj has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
oleganza has joined #bitcoin-wizards
oleganza has quit [Client Quit]
chjj has quit [Remote host closed the connection]
Davasny has joined #bitcoin-wizards
Davasny is now known as Guest47865
oleganza has joined #bitcoin-wizards
WungFu has joined #bitcoin-wizards
BashCo_ has quit [Read error: Connection reset by peer]
abpa has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
quietbeast has joined #bitcoin-wizards
oneeman has quit [Quit: Leaving]
quietbeast has quit [Ping timeout: 240 seconds]
wasi has quit [Remote host closed the connection]
arubi has quit [Remote host closed the connection]
Giszmo1 has quit [Quit: Leaving.]
arubi has joined #bitcoin-wizards
Davasny_ has joined #bitcoin-wizards
Guest47865 has quit [Ping timeout: 240 seconds]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
lclc has quit [Ping timeout: 255 seconds]
btiefert has joined #bitcoin-wizards
aalex has quit [Ping timeout: 268 seconds]
btiefert has quit [Quit: btiefert]
NewLiberty_ has quit [Ping timeout: 255 seconds]
aalex has joined #bitcoin-wizards
deadalnix has quit [Ping timeout: 240 seconds]
WungFu has quit [Ping timeout: 255 seconds]
cluelessperson has quit [Quit: Laters]
cluelessperson has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 260 seconds]
WungFu has joined #bitcoin-wizards
<Taek>
I have a hard time believing that Lumio is the first place such an idea has appeared
<Taek>
kanzure: do you of any early posts/discussion of doing merged mining where the merged chain cannot be reorg'd unless the parent chain is also reorg'd?
blackwraith has joined #bitcoin-wizards
<Taek>
Jeremy_Rand[m]: have you considered what a hardfork like a BU / Bitcoin split could do? If they tradeoff having the most hashrate, any merged chains would be subject to a lot of chaos.
BashCo has quit [Remote host closed the connection]
spudowiar has left #bitcoin-wizards ["WeeChat 1.7"]
BashCo has joined #bitcoin-wizards
<kanzure>
dunno, sorry
<Taek>
I don't really remember it being discussed either, but it seems pretty obvious. Surprised it's never come up before
BashCo has quit [Ping timeout: 240 seconds]
<kanzure>
just because i don't have an immediate reference..? yeesh
jtimon has joined #bitcoin-wizards
NewLiberty_ has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 240 seconds]
BashCo has joined #bitcoin-wizards
wasi has joined #bitcoin-wizards
adiabat has quit [Remote host closed the connection]
adiabat has joined #bitcoin-wizards
WungFu has quit [Quit: Leaving]
tromp has joined #bitcoin-wizards
<Taek>
heh, perhaps I give you too much credit :P
tromp has quit [Ping timeout: 240 seconds]
none has joined #bitcoin-wizards
none is now known as Guest91134
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
<Jeremy_Rand[m]>
Taek: I did consider the issue of a non-Bitcoin blockchain overtaking Bitcoin as the dominant chain, which seems similar to your BU / Bitcoin split scenario. It is an issue, but my intuition is that it's still more expensive to attack under most circumstances than Namecoin's existing merged mining.
<Jeremy_Rand[m]>
Taek: and yeah, the concept seems obvious enough that I'd be very surprised if it hasn't been discussed long ago
mrkent has joined #bitcoin-wizards
<Taek>
yeah I guess the existing merged mining does not set the bar very high
<Taek>
hmm, I wonder if you could use braids to pull work from both chains.
<Taek>
hmm I might just be really tired, but is such a scheme actually workable?
<Taek>
don't you need the Bitcoin chain to commit to the namecoin chain?
<Jeremy_Rand[m]>
Taek: yeah, Namecoin blocks are committed to by the Bitcoin coinbase tx
<Taek>
Jeremy_Rand[m]: is the idea that the child chain could only reorg if the parent chain also reorgs?
<Taek>
what's to stop the bitcoin coinbase tx from committing to a block that does not exist?
<Taek>
and if it does, how do you work around that?
<Jeremy_Rand[m]>
It's unclear to be exactly how a braid system would work for this, but I'm not familiar enough with the braid proposals to really evaluate the idea properly
<Jeremy_Rand[m]>
s/to be/to me
<Jeremy_Rand[m]>
Taek: the idea I had in my head is that the following rules are followed in order to decide what child chain is correct: (1) discard any child chains that don't follow the child validation rules; (2) if a fork remains in the child chain, choose the subset which are committed to in the earliest height of the parent chain; (3) if a fork remains in the child chain, then the most work in the child chain wins
<Taek>
ok. So I think this is a valid attack:
<Jeremy_Rand[m]>
So if the parent chain has a block that commits to a child block that doesn't exist, then that just means that that particular parent block isn't used to decide step 2
<Taek>
1. create a real, valid block that exists, and commit to it in the parent chain
<Taek>
2. withhold that block until some fork is pretty long
<Taek>
3. reveal the block and get a bunch of free double spends
laurentmt has joined #bitcoin-wizards
<Jeremy_Rand[m]>
Taek: hmm, yes, I think you're right that that's a valid attack. Not sure exactly how that can be protected against, or if it's actually possible to do so.
<Taek>
that's probably why there's not much literature around it
<Taek>
I think treechains have a similar problem
<Taek>
and iirc one of the solutions presented was that you could work around a withheld/invisible block by having future blocks committing to reorging the invisible block
<Taek>
which, is not all that pretty. But at the very least it means reorgs have to originate in the main chain
<Jeremy_Rand[m]>
Taek: Yep, entirely plausible that there's no way around that.
Chris_Stewart_5 has quit [Quit: WeeChat 0.4.2]
<Taek>
I wonder if Lumio has some novel approach to the problem
lclc has joined #bitcoin-wizards
Aranjedeath has joined #bitcoin-wizards
<Jeremy_Rand[m]>
Taek: sounds ugly, yes, thought not necessarily unworkable. It'll be cool to see how sdlerner deals with it.
<Jeremy_Rand[m]>
s/thought/though
mrkent has quit []
Guest91134 has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Kexkey has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 260 seconds]
lclc has quit [Ping timeout: 240 seconds]
Davasny_ has quit [Remote host closed the connection]
oleganza has quit [Quit: oleganza]
oleganza has joined #bitcoin-wizards
Sosumi has quit [Quit: Bye]
airbreather_ has joined #bitcoin-wizards
airbreather has quit [Ping timeout: 240 seconds]
airbreather__ has joined #bitcoin-wizards
airbreather_ has quit [Ping timeout: 240 seconds]
Guyver2 has quit [Ping timeout: 260 seconds]
saintromuald has quit [Read error: Connection reset by peer]
aburan28 has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
oleganza has quit [Quit: oleganza]
bsm117532 has quit [Ping timeout: 264 seconds]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
aalex has quit [Ping timeout: 255 seconds]
oleganza has joined #bitcoin-wizards
face has quit [Ping timeout: 255 seconds]
<gmaxwell>
"Yesterday, our team found a bug in our implementation of Zerocoin. A typographical error on a single additional character in code allowed an attacker to create Zerocoin spend transactions without a corresponding mint. We have identified the error and are pushing the fix urgently within the next 24 hours. We urge all pools and exchanges to update once the release is out." [...] "We estimate the a
<gmaxwell>
ttacker has created about 370,000 Zcoins which has been almost completely sold except for about 20,000+ Zcoin and absorbed on the market with a profit of around 410 BTC."