sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
pedrovian has quit [Remote host closed the connection]
pedrovian has joined #bitcoin-wizards
Samdney has quit [Quit: Verlassend]
talmai has joined #bitcoin-wizards
rmwb has quit [Remote host closed the connection]
Giszmo has quit [Quit: Leaving.]
Ylbam has quit [Quit: Connection closed for inactivity]
edvorg has joined #bitcoin-wizards
chatter29 has joined #bitcoin-wizards
<chatter29>
hey guys
<chatter29>
allah is doing
<chatter29>
sun is not doing allah is doing
<chatter29>
to accept Islam say that i bear witness that there is no deity worthy of worship except Allah and Muhammad peace be upon him is his slave and messenger
alpalp has quit [Ping timeout: 246 seconds]
chatter29 has quit [Client Quit]
alpalp has joined #bitcoin-wizards
alpalp has quit [Changing host]
alpalp has joined #bitcoin-wizards
cyphase has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 260 seconds]
edvorg has quit [Read error: Connection reset by peer]
skeuomorf has quit [Ping timeout: 240 seconds]
lmatteis has quit [Quit: Connection closed for inactivity]
kankles has joined #bitcoin-wizards
Firescar96 has joined #bitcoin-wizards
edvorg has joined #bitcoin-wizards
smartcontracts1 has quit [Ping timeout: 246 seconds]
rmwb has joined #bitcoin-wizards
smartcontracts1 has joined #bitcoin-wizards
marcinja has joined #bitcoin-wizards
edvorg has quit [Remote host closed the connection]
chjj has quit [Ping timeout: 256 seconds]
rmwb has quit [Remote host closed the connection]
rmwb has joined #bitcoin-wizards
wasi has quit [Remote host closed the connection]
danrobinson has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
chjj has joined #bitcoin-wizards
talmai has quit [Ping timeout: 256 seconds]
edvorg has joined #bitcoin-wizards
marcinja has quit [Quit: Page closed]
brianhoffman has joined #bitcoin-wizards
edvorg has quit [Remote host closed the connection]
<brianhoffman>
gmaxwell: curious why you included Sergio in the BIP if he didn’t even own the patents anymore
talmai has joined #bitcoin-wizards
<jeremyrubin>
gmaxwell: can I ask for a clarification? is there not another place to put the segwit commitment now that would be compatible with ASICBOOST?
<Taek>
and could you do it in a way that doesn't invalidate all the code that segwit-ready companies have already written?
edvorg has joined #bitcoin-wizards
edvorg has quit [Remote host closed the connection]
<jeremyrubin>
Well thats a "dev time v.s. miner time" thing, no?
<jeremyrubin>
I think I have an idea... let me research it a bit more
RubenSomsen has joined #bitcoin-wizards
<Taek>
it impacts a practical deployment timeline, and also psychological willingness. If you have to get companies to re-segwit-ify themselves, they will be discouraged.
<Taek>
btw, I'm not saying that you can't get away with it, I'm just saying that if you can avoid it, that's a much better situation
edvorg has joined #bitcoin-wizards
<gmaxwell>
brianhoffman: as far as the patent office is concerned he does.
<gmaxwell>
jeremyrubin: I don't believe there is any alternative that doesn't break covert asicboost.
<jeremyrubin>
I guess my question is why not exclude coinbase from witness commitment
<gmaxwell>
it is excluded.
<gmaxwell>
(how would it not be, that would be circular!)
<gmaxwell>
the problem is that the left side cannot commit to the right side, or vice versa.
<jeremyrubin>
If you just committed to extranonce
<jeremyrubin>
would not be circular
rmwb has quit [Remote host closed the connection]
<jeremyrubin>
*an extranonce
oleganza has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 268 seconds]
AaronvanW has quit []
<oleganza>
would that ugly method work: 2 segwit commitment txs, one in the middle of the block, another in the end of the block. The first one commits to the txs in the left side of the tx merkle tree, the second one commits to the txs in the right side? Not advocating for it, but entertaining an idea.
alpalp has quit [Ping timeout: 246 seconds]
pro has quit [Quit: Leaving]
edvorg has quit [Remote host closed the connection]
Guest10 has joined #bitcoin-wizards
K1NGREX has quit [Remote host closed the connection]
Guest10 has quit [Client Quit]
<gmaxwell>
oleganza: yes, but thats also like, "extension block" level of ugly, and it _still_ may break a specific construction of boost, which might not strictly use left and right but could be 2/4th and 3/4th or whatever.
Chris_Stewart_5 has joined #bitcoin-wizards
edvorg has joined #bitcoin-wizards
<gmaxwell>
oleganza: the problem with anything especially ugly (e.g. requring creating extra 0 value anyonecanspend coinbase outputs, and special dummy transactions to spend them and hold the commitments, ... and two different locations... basically it would be technical debt that people would argue we shouldn't take when we should be blocking the change..
<jeremyrubin>
Oh I think I'm understanding it more now
<jeremyrubin>
the part I was missing is the merkle tree generation part -- that would really benefit from a diagram
<jeremyrubin>
gmaxwell: what about sorting just the witness commitments?
<jeremyrubin>
that way when you permute the tree things don't change
<jeremyrubin>
Obviously that creates a problem with actually properly matching witnesses to txns
atgreen has joined #bitcoin-wizards
<jeremyrubin>
But there are a couple tricks one could use to make that less bad.
<gmaxwell>
jeremyrubin: sorting breaks boosting if the boosting is done with replacement rather than permutation; and it makes it harder to use the transactions due to dependencies, and would fall into the "crapping up the proposal to accomidate a propritary advatage that we should block anyways" pit.
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
<jeremyrubin>
Gotcha, so you are unaware if it's a permutation or a replacement thing, got it
<jeremyrubin>
and I agree, crapping up code to support something like this is negative
<jeremyrubin>
I am aware you spent a lot of time probably going through all possibilities
<Taek>
proprietary only in certain jurisdictions. Jurisdictions that have a history of enforcing garbage patents, meaning we have no guarantees that this patent BS won't crop up again
<gmaxwell>
jeremyrubin: yea, I don't mind discussing them.
<jeremyrubin>
would be great if you could make a bit more of that public if you have notes on the alternatives which don't work
<gmaxwell>
Also I suffered a constraint that we would discard now: I was hoping for a proposed change that I could make without disclosing that I thought asicboost was in use.
<jeremyrubin>
If it's a lot of work to compile maybe not worth it
<kanzure>
Taek: also the jurisdiction is a little fuzzy; it's not just the origin, it's also tihngs like foundries and other foundries that might make related masks.
<Taek>
kanzure: can you explain that more? I don't quite understand
<kanzure>
people think it be like non-intersecting circles, but it's more like a disgusting hairball
legogris has quit [Remote host closed the connection]
<Taek>
somehow that made sense
<gmaxwell>
Taek: there is basically nowhere where garbage patents aren't enforced because everyone does business internationally. Patent holder goes and get a judgement against _TSMC_ which is actually building the patent infringing device (in the unlikely case that they don't immediate settle) then starts intercepting their shipments into the US endangering their many billion dollar business.
legogris has joined #bitcoin-wizards
<jeremyrubin>
gmaxwell: what if the witness is sorted and a merkle hashmap rather than a tree?
<jeremyrubin>
and then you allow unbalanced trees
<kanzure>
ya and if TSMC is no-go then you go after other stupid stuff like the carriers or whatever... and on and on.
<jeremyrubin>
with garbage branches
Guest10 has joined #bitcoin-wizards
<gmaxwell>
Taek: or start going after bitcoin echanges to seize the resulting coins... no end of the stupid people can get up to.
talmai has quit [Quit: mining]
<jeremyrubin>
does muck up the code a bit, but I think the hashmap part is semi-sane (more decoupled witness from txn structure)
<Taek>
my point was more that the current effort only solves things one garbage patent at a time
<gmaxwell>
and there are companies that will do enforcement for you and just spend all the money, they don't care if it's really profitable... best for them if the enforcement action is inefficient in fact.
<gmaxwell>
Taek: my proposal doesn't solve the patent at all, it leave it alone.
<jeremyrubin>
And allowing garbage branches is already allowed with the reserved commitment
<gmaxwell>
It specifically addresses the protocol disruption.
<Taek>
ah, right
<jeremyrubin>
actually sorting works fine if you key on the transactions being sorted to match the witnesses to transactions
edvorg has quit [Ping timeout: 240 seconds]
<jeremyrubin>
without an extra hash field
<gmaxwell>
jeremyrubin: there is match the witnesses.
<gmaxwell>
the witness commitment commits to the whole transactions not just the witnesses.
<gmaxwell>
and it doesn't work if the boost search works by changing the transactions out for other transactions.
<jeremyrubin>
(trying to avoid the O(n^2) mathing problem)
<jeremyrubin>
I'm still not sure I understand how replacing transactions works... isn't modifying at the bottom layer problematic for hashing overhead anyways?
<jeremyrubin>
I'm pretty sure that re-ordering makes much more sense than replace
<jeremyrubin>
\me repeals and replaces
* jeremyrubin
slash...
boing has quit [Read error: Connection reset by peer]
d9b4bef9 has quit [*.net *.split]
Creeper has quit [*.net *.split]
boing has joined #bitcoin-wizards
<gmaxwell>
I believe replacing is much easier to implement in the inner loop, and also harder to detect. But part of the problem is just guessing at what someone is doing.
atgreen has quit [Ping timeout: 240 seconds]
d9b4bef9 has joined #bitcoin-wizards
rgrant has joined #bitcoin-wizards
oneeman has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
oneeman has quit [Quit: Leaving]
<jeremyrubin>
Oh I see how replacing works
<jeremyrubin>
hm
_whitelogger has joined #bitcoin-wizards
TheSeven has quit [Disconnected by services]
[7] has joined #bitcoin-wizards
<jeremyrubin>
gmaxwell: I really don't like this, but here it goes anyways; committing to witness data in the following block would work. You can get around witness malleability by signing witness with a key in the coinbase TX.
<sipa>
jeremyrubin: well if you're going to redo segwit from scratch there are plenty of other options
<jeremyrubin>
So witnesses could be malleated only by the miner who mined the block only until the next block comes and commits to the witness
<jeremyrubin>
sipa: I think that it's fairly reasonable to consider that's what should be done
<sipa>
why?
<jeremyrubin>
Taek made some good points on list
<sipa>
ok, not going to look.there
<jeremyrubin>
ok, suit yourself :)
RubenSomsen has quit [Ping timeout: 240 seconds]
<jeremyrubin>
Also not committing to witnesses in the same block isn't exactly redoing segwit from scratch... almost all of the logic remains practically the same.
<jeremyrubin>
you just instead look for the signed commitment first (only to mitigate malleation of signatures), and wait till next block for the comitted version.
<sipa>
new softfork, new p2p extension, ...
<sipa>
doesn't seem worth it to me
<jeremyrubin>
well if you're a miner, it's $100M in new mining equiptment, so worth it you're willing to *if conspiricies are accurate* fund multiple dev teams and smear campaigns to try to stop it
<Taek>
was pointed out to me in #bitcoin-core-dev that nversion griding is still available to the hardware that got reversed, you just can't covertly do it anymore
<Taek>
but the covert part has been blown anyway
<jeremyrubin>
I don't think it's great that the covert part gets blown away...
<jeremyrubin>
what sucks is that it interferes with the obvious way to do software extensions
<jeremyrubin>
That seems to be the only point worth addressing
rgrant has left #bitcoin-wizards [#bitcoin-wizards]
danrobinson has joined #bitcoin-wizards
<gmaxwell>
21:51 < jeremyrubin> gmaxwell: I really don't like this, but here it goes anyways; committing to witness data in the following block would work. You can get around witness malleability by signing witness with a key in the coinbase TX.
<gmaxwell>
that would solve it at the disadvantage of basically defeating the existance of full nodes.
<gmaxwell>
since anyone could give you blocks with damaged witnesses and you couldn't validate the block.
<gmaxwell>
until the next block, which does you no good if you're trying to mine.
<danrobinson>
but can't you just reject the block then and blacklist the sender? then if you get the block with the undamaged witness from someone else, you'll be able to validate it
<danrobinson>
I guess I never really understood why the witness commitment is necessary at all
<gmaxwell>
at a cost of basically an unbounded dos attack that lets someone force you to reprocess the whole block over and over agains as many times as they can offer it to you.
<gmaxwell>
and (if there is no commitment) without being able to have a durable history of what happened.
<danrobinson>
they can already do that with transactions, right? is it just that blocks are bigger? this is a significantly worse DoS than any that are possible in Bitcoin Core now? (i mean, i take your word for it)
benten has joined #bitcoin-wizards
<danrobinson>
this just feels like a p2p-layer problem (though I say that as someone who has essentially no experience with the p2p layer). if you found a reliable source for block witnesses, you could only listen to them (for witnesses) until they either give you a bad witness or fail to give you a witness for a block you see
oleganza has quit [Quit: oleganza]
<sipa>
danrobinson: yes, in order to make bitcoin core spend the (very significant) effort of trying to validate a block, the attacker must produce valid PoW
<sipa>
by having blocks commit to all data needed for validation, you guarantee that every valid PoW can only be used once
<sipa>
by removing the direct commitmemt, anyone could take a valid block, invalidate the witness, amd send it to us
<sipa>
for no cost
<danrobinson>
fair enough. although using the block PoW for just DoS prevention is kinda overkill—maybe you could just require a separate smaller fixed-difficulty hashcash for the witness commitment, roughly proportional to the work of validating a block. and leaving out the commitment would solve not only this but the whole silly objection about the complexity of putting data in the coinbase for SWSF. but i get that that
<danrobinson>
would be arguably more complex and less secure, and i don't mean to be second-guessing basic parts of segwit at this point
<sipa>
fixed-difficulty is pointless
<sipa>
you can't predict how hard that will be in the fiture
juscamarena has quit [Remote host closed the connection]
Wikiscratch has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
Rudde has quit [Ping timeout: 268 seconds]
Rudde has joined #bitcoin-wizards
<danrobinson>
this wouldn't have to be hard-coded into the protocol at all, though
<danrobinson>
it could be a node policy
<sipa>
right, fair enough
<sipa>
still, i don't see how it's superior to committing to witnesses
<sipa>
which gives a natural solution without extra policy
juscamarena has joined #bitcoin-wizards
<danrobinson>
well i think you've heard the objection that putting commitments in the coinbase is not a natural solution, but putting that aside
<sipa>
that's not the most elegant way of doing it for sure, but the best we can do without a hard fork
<danrobinson>
well except for leaving the commitment out entirely
<sipa>
"using nuclear power is ugly, let's abolish electricity entirely"
<danrobinson>
haha
<gmaxwell>
go look at zcash they ignorantly tried to implement segwit without a commitment and were full of vulnerabilities as a result and had to back it out.
<gmaxwell>
And thats even before getting into the point that being able to get the actual witness is important for auditablity.. which keys actually authorized a transaction?
smartcontracts1 has quit [Ping timeout: 264 seconds]
<danrobinson>
oh really? i hadn't seen that re zcash
andrew4 has quit [Ping timeout: 256 seconds]
<gmaxwell>
Also it's a requirement for any kind of compact fraud proof for an invalid spend.
<danrobinson>
fair enough, good reasons
andrew4 has joined #bitcoin-wizards
smartcontracts1 has joined #bitcoin-wizards
danrobinson has quit [Quit: danrobinson]
rmwb has quit [Remote host closed the connection]
rmwb has joined #bitcoin-wizards
shesek has quit [Ping timeout: 240 seconds]
BashCo has quit [Remote host closed the connection]
MoALTz has joined #bitcoin-wizards
kenshi84 has joined #bitcoin-wizards
juscamarena has quit [Ping timeout: 260 seconds]
juscamarena has joined #bitcoin-wizards
CubicEarthh has quit []
shesek has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
wasi has joined #bitcoin-wizards
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Guest10 has joined #bitcoin-wizards
edvorg has joined #bitcoin-wizards
edvorg has quit [Read error: Connection reset by peer]
pedrovian_ has joined #bitcoin-wizards
pedrovian has quit [Ping timeout: 240 seconds]
Guest72065 has quit [Remote host closed the connection]
juscamarena has quit [Remote host closed the connection]
jtimon has joined #bitcoin-wizards
juscamarena has joined #bitcoin-wizards
Raccoon has quit [Ping timeout: 252 seconds]
<wallet42>
q about asicboost: which chunk is staying the same? first or second?
<gmaxwell>
wallet42: you need multiple first chunks (4 is a good number) which work with the same second chunk.
<gmaxwell>
Both 'change' in that you increment the nonce in the second chunk, and try each nonce with all the first chunks.
<wallet42>
could a soft-fork, requiring the 4 bytes version field to be exact the same as the 4 tail bytes from the merkle root be a mitigation? bip9 signaling would move to the coinbase tx version?
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<gmaxwell>
wallet42: no because you could grind to find a colliding root, then set the version to be that value. In the BIP I mention a stronger block--
<gmaxwell>
you take some hash of the first 64 bytes and require the lower 8 or 9 bits of the timestamp (which is in the second chunk) be equal to them.
<gmaxwell>
This would take the 4-way collision search now be against 40 bits instead of 32... which is a pretty big slowdown.
Raccoon has joined #bitcoin-wizards
<wallet42>
ok. another question. A theoretical version of BU does a hard fork to do "bigger blocks" and changes the ordering of the header fields at the same time. Would that be a litmus test for asicboost if it would be opposed?
rmwb has joined #bitcoin-wizards
belcher_ has quit [Ping timeout: 264 seconds]
maker has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 256 seconds]
Guest10 has joined #bitcoin-wizards
belcher_ has joined #bitcoin-wizards
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
belcher_ is now known as Guest38904
chjj has quit [Ping timeout: 260 seconds]
Dyaheon has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
sbp has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
RubenSomsen has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 240 seconds]
CubicEarthh has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
CubicEarthh has quit []
mountaingoat has quit [Ping timeout: 240 seconds]
benten has quit [Quit: . .. ..... .. ...]
Guest10 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
BashCo_ has joined #bitcoin-wizards
BashCo has quit [Ping timeout: 256 seconds]
talmai has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
atgreen has joined #bitcoin-wizards
davec has quit [Ping timeout: 240 seconds]
King_Rex has joined #bitcoin-wizards
mountaingoat has joined #bitcoin-wizards
alpalp has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 256 seconds]
Samdney has joined #bitcoin-wizards
talmai has quit [Ping timeout: 260 seconds]
pro has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
Davasny has joined #bitcoin-wizards
Davasny is now known as Guest95974
Chris_Stewart_5 has joined #bitcoin-wizards
<jeremyrubin>
gmaxwell: you missed the point of what I said
<jeremyrubin>
I am well aware of the DoS issues related with a solution that looks like that
<jeremyrubin>
But that solution specifically addresses them
<jeremyrubin>
The window in which malleated witnesses can be sent is ~10 minutes, after which the following block commits to the prior witness commitment
<jeremyrubin>
Furthermore, the witness is signed by the creator of said block. Witnesses are only relayed if they have a signature from the creator of the block.
atgreen has quit [Ping timeout: 246 seconds]
juscamarena has quit [Remote host closed the connection]
<jeremyrubin>
This enables easy fraud proofs should said miner abuse that. The coinbase TXN could then be soft forked to require a spend path that accepts such a fraud proof as a spending path.
juscamarena has joined #bitcoin-wizards
skeuomorf has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 240 seconds]
juscamarena has quit [Ping timeout: 268 seconds]
juscamarena has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
skeuomorf has quit [Ping timeout: 240 seconds]
prosody has quit [Ping timeout: 255 seconds]
CodeShark has quit [Ping timeout: 255 seconds]
mariorz has quit [Ping timeout: 255 seconds]
RubenSomsen has quit [Ping timeout: 240 seconds]
CodeShark has joined #bitcoin-wizards
prosody has joined #bitcoin-wizards
nicolagreco has quit [Ping timeout: 255 seconds]
mariorz has joined #bitcoin-wizards
skeuomorf has joined #bitcoin-wizards
sn0wmonster has quit [Ping timeout: 255 seconds]
cfields has quit [Ping timeout: 255 seconds]
cfields has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
bsm117532 has joined #bitcoin-wizards
lmatteis has joined #bitcoin-wizards
smartcontracts1 has quit [Ping timeout: 260 seconds]
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
bsm117532 has quit [Ping timeout: 240 seconds]
sn0wmonster has joined #bitcoin-wizards
smartcontracts1 has joined #bitcoin-wizards
abpa has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 256 seconds]
Firescar96 has quit [Ping timeout: 264 seconds]
rgrant has joined #bitcoin-wizards
bsm117532 has joined #bitcoin-wizards
mountaingoat has quit [Ping timeout: 240 seconds]
davec has joined #bitcoin-wizards
hashtag has quit [Ping timeout: 260 seconds]
hashtag has joined #bitcoin-wizards
hashtag has quit [Ping timeout: 260 seconds]
hashtag has joined #bitcoin-wizards
Firescar96 has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
n1ce has quit [Read error: Connection reset by peer]
smartcontracts1 has quit [Ping timeout: 260 seconds]