sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Yogh has quit [Ping timeout: 248 seconds]
boing has joined #bitcoin-wizards
ratbanebo has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
ratbanebo has quit [Ping timeout: 248 seconds]
Yogh has joined #bitcoin-wizards
ratbanebo has joined #bitcoin-wizards
rmwb_ has joined #bitcoin-wizards
rmwb_ has quit [Remote host closed the connection]
dnaleor has quit [Quit: Leaving]
ratbanebo has quit [Ping timeout: 248 seconds]
rmwb has quit [Ping timeout: 240 seconds]
Noldorin has quit [Remote host closed the connection]
Noldorin has joined #bitcoin-wizards
pro has quit [Quit: Leaving]
rmwb has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
packetsmurf has joined #bitcoin-wizards
coinsmurf has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has quit [Ping timeout: 260 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Pr0t3us has quit [Quit: Leaving]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 248 seconds]
ratbanebo has joined #bitcoin-wizards
proxii has joined #bitcoin-wizards
Dyaheon has quit [Ping timeout: 240 seconds]
ratbanebo has quit [Ping timeout: 248 seconds]
Dyaheon has joined #bitcoin-wizards
proxii has quit [Quit: Leaving.]
Belkaar has quit [Ping timeout: 255 seconds]
proxii has joined #bitcoin-wizards
ratbanebo has joined #bitcoin-wizards
proxii has quit [Client Quit]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
Ruben has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
ratbanebo has quit [Ping timeout: 240 seconds]
rmwb has quit [Remote host closed the connection]
DrOlmer has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
dabura667 has joined #bitcoin-wizards
dabura667 has quit [Remote host closed the connection]
rmwb has joined #bitcoin-wizards
rmwb has quit [Remote host closed the connection]
rmwb has joined #bitcoin-wizards
ratbanebo has joined #bitcoin-wizards
ratbanebo has quit [Ping timeout: 240 seconds]
ratbanebo has joined #bitcoin-wizards
ratbanebo has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
ratbanebo has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
ratbanebo has quit [Ping timeout: 260 seconds]
proxii has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 248 seconds]
PRab has joined #bitcoin-wizards
ratbanebo has joined #bitcoin-wizards
proxii has quit [Quit: Leaving.]
tromp has joined #bitcoin-wizards
ratbanebo has quit [Ping timeout: 248 seconds]
legogris has quit [Remote host closed the connection]
bildramer has quit [Quit: alway rember happy day]
legogris has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 252 seconds]
proxii has joined #bitcoin-wizards
TheSeven has joined #bitcoin-wizards
dabura667 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 248 seconds]
d9b4bef9 has quit [Remote host closed the connection]
PRab_ has joined #bitcoin-wizards
RubenSomsen has joined #bitcoin-wizards
praxeology1 has joined #bitcoin-wizards
da2ce7 has quit [Ping timeout: 248 seconds]
ratbanebo has joined #bitcoin-wizards
LeMiner has joined #bitcoin-wizards
adiabat has quit [Ping timeout: 246 seconds]
molz has quit [Ping timeout: 248 seconds]
jonasschnelli has quit [Ping timeout: 248 seconds]
meshcollider has quit [Quit: Connection closed for inactivity]
tromp has quit [Remote host closed the connection]
packetsmurf has joined #bitcoin-wizards
bildramer has joined #bitcoin-wizards
coinsmurf has quit [Ping timeout: 255 seconds]
deusexbeer has quit [Ping timeout: 240 seconds]
<bsm117532>
It's unclear to me whether there is an actual proposal there...but it's a nice review of mixing techniques.
deusexbeer has joined #bitcoin-wizards
<waxwing>
right; the presentation may not explicitly make a recommendation (haven't read it all yet but he's presenting it in paris this w/e), but i know nopara is working on a chaumian style coinjoin setup.
shesek has quit [Ping timeout: 248 seconds]
<waxwing>
well, iirc the github repo goes into that (it's a doc rather than code)
AaronvanW has quit []
<bsm117532>
I gather. Looking forward to the Paris presentations.
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
<JackH>
It does imply he is going to add multiple mixing techniques and add them together to form something new (a new BIP?)
Aaronvan_ has joined #bitcoin-wizards
<JackH>
I am personally looking forward to Dandelion, its straightforward and does something very important IMO
<waxwing>
gist seems to be that they rolled their own hash function and it was not collision resistant.
tromp has quit [Remote host closed the connection]
<waxwing>
lol "We used the lyrics to the [80's hit single "push it to the limit"](https://en.wikipedia.org/wiki/Scarface_(Push_It_to_the_Limit) in the colliding messages to demonstrate that we fully collide the internal state of curl and thus giving us arbitrary control over most of the message."
laurentmt has quit [Quit: laurentmt]
<bsm117532>
Aaaaarrrggghhh I tried to warn people away from that joke project as it overlaps a lot with my braids research.
<bsm117532>
I wish more people would try practical attacks against all these altcoins.
<sipa>
proof-of-obfuscation
<bsm117532>
"Absence of evidence is not evidence of absence" however when people don't see these things going down in flames, your average investor assumes the contrapositive and throws his money at it.
<bsm117532>
Long story short: let's build something that's even MORE bandwidth intensive and storage intensive than bitcoin. Let's introduce a new consensus algorithm involving a monte-carlo simulation (which is very CPU intensive). Then, let's sell this as a solution for low-bandwidth, low-cpu IoT devices.
<waxwing>
'say hello to my little friend ... differential cryptanalysis!'
<bsm117532>
If I could short these things, I'd place a bounty on many altcoins. Especially the S2X altcoin.
<waxwing>
wait - consensus using a monte carlo simulation?!
<bsm117532>
waxwing: yes. They use a directed acyclic graph instead of a chain, with an extremely arbitrary "scoring" assigned to parents. Then they perform a MC simulation over the graph to decide the chain tip.
<bsm117532>
It's very not-obvious to me that this converges, and I think both myself and Taek have come up with graph scenarios that would destroy it.
<waxwing>
can't decide if meme: using ternary instead of binary, or using a MC-simulation for consensus.
<waxwing>
well obviously the latter, the first one is just eccentric, the second one is galactic level craziness :)
<bsm117532>
Hey if everyone is using the same random seed, they will all agree right?
<sipa>
INB4: centralized broadcast of signed random seedsa
Murch has quit [Quit: Plugging out.]
<waxwing>
sipa, there's that "a" again. be careful, you might trigger an event :)
<bsm117532>
TYPO TRIGGERS CRYPTOCURRENCY CRASH! NEWS AT 11.
<sipa>
waxwing: i'm sure that's what lead to IoT being misinterpreted as IoTa
<Taek>
I'm glad someone took the time to cryptoanalyze that hash function. Hopefully it serves as a good lesson to some that you shouldn't trust projects who are writing their own cryptography
* sipa
hides in a corner
<kanzure>
libsecp256k1's security argument was not "trust us"
<waxwing>
ahem, "abstinence only cryptography" ;)
<waxwing>
as usual soundbites don't catch it. here the issue is, i believe, how ludicrously hard it is to write a good cryptographic hash function.
<waxwing>
well, from the above ^ i guess that's just one issue, but it's clearly the headline one.
tromp has quit [Remote host closed the connection]
<sipa>
waxwing: i believe it is easy to write a cryptographic hash function
tromp has joined #bitcoin-wizards
<sipa>
i believe it is ludicrously hard to write one with competitive performance, though
Alina-malina has joined #bitcoin-wizards
<waxwing>
ok. that sounds reasonable. reminds me of a question that often floats through my brain, what exactly would you have to do to dl/ecdl scalar mult to make it fulfil reqmnts of a hash fn?
Alina-malina has quit [Changing host]
Alina-malina has joined #bitcoin-wizards
<waxwing>
i only know the requirements as (coll. res, first and second preimage res.; maybe that's not the correct full defn?)
<sipa>
indistinguishability from a random function
<waxwing>
well apart from trivial stuff like fixed length digest
<waxwing>
right
<sipa>
which implies all the other things you list, iirc
<sipa>
there was a SHA3 proposal called ECOH, but it was very broken
RubenSomsen has quit [Ping timeout: 248 seconds]
RubenSomsen has joined #bitcoin-wizards
<bsm117532>
sipa: your "rolling UTXO commitments" proposal turns a sha512 into a EC point, which I'd argue is a hash function. waxwing does that satisfy your question?
tromp has quit [Remote host closed the connection]
<sipa>
bsm117532: it uses SHA512 however :)
<bsm117532>
details...
<sipa>
creating a hash function when you're allowed to use another hash function...
* bsm117532
thinks it's rather interesting to transform a hash output to an algebraic domain.
<bsm117532>
Don't really care that the hash function is required.
<waxwing>
so yeah that's interesting 'indistinguishable from random' is stronger than those mentioned properties. so i guess to use like ecc scalar mult you first off have to decide how to preprocess arbitrary length data to a group element. is that an issue? no idea.
<sipa>
something ECC + Elligator may work
<gmaxwell>
Taek: thats bullshit abstence only cryptography.
<bsm117532>
waxwing: that's exactly what sipa does with a sha512 output.
<gmaxwell>
saying "writing their own cryptography" is not the same as saying "inventing your own hash function"
<sipa>
or more generically, writing their own cryptography vs writing their own cryptography while consulting with experts in the field
<sipa>
:)
<waxwing>
gmaxwell, that's what i said. not so forcefully though, lol.
<waxwing>
well, plus i was quoting you to begin with, heh.
<gmaxwell>
Virtually nothing has been broken because someone implemented theiry own implementation of a standard algorithim, sometimes a sidechannel-- but the standard implementations you get elsewhere are very commonly sidechain vulnerable.
<waxwing>
bsm117532, right, i see, just vaguely wondering whether the preprocessing itself is a problem theoretically. but meh, way out of my intellectual comfort zone there.
<waxwing>
and yeah i was more wondering about how you make a hash function without a hash function :)
<Taek>
I got too excited. Mostly I am railing against projects that invent cryptography and assert their usefulness before pursueing even remotely rigours analysis or arguments for security
<bsm117532>
Taek: you should ICO that idea.
<waxwing>
well don't feel so bad, tons of thought leaders on twitter are also saying that the lesson is 'don't roll your own crypto' :)
<kanzure>
"thought leaders"?
<waxwing>
lol. i'm trying to be polite here :)
<bsm117532>
waxwing: The best way to invent a hash function is to use a hash function. It's ludicrously hard. Highly non-linear.
<waxwing>
bsm117532, you caught me, i'm writing up iota2 now :)
<sipa>
bsm117532: yes, hash functions that are too linear are easily breakdable :p
<gmaxwell>
Taek: sure, but state it better. The specific formulation you used gets used to argue against people implementing sha2 themselves or whatever, which is not a thing that should be argued against.
<waxwing>
i've got it! the monte-carlo consensus algorithm *is itself* the hash function!!
<gmaxwell>
(FWIW, I think the biggest problem with abstence only cryptography is that people think that if they use random crypto code they found on the internet they're good to go, and actually a lot of it is awful)
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
meshcollider has joined #bitcoin-wizards
thrmo has joined #bitcoin-wizards
dnaleor has quit [Quit: Leaving]
Chris_Stewart_5 has quit [Quit: WeeChat 1.4]
Chris_Stewart_5 has joined #bitcoin-wizards
momentropist has quit [Read error: Connection reset by peer]
momentropist has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 260 seconds]
coinsmurf has joined #bitcoin-wizards
packetsmurf has quit [Ping timeout: 240 seconds]
PaulCapestany has quit [Quit: .]
anon616 has quit [Remote host closed the connection]
dnaleor has joined #bitcoin-wizards
anon616 has joined #bitcoin-wizards
ratbanebo has quit [Ping timeout: 240 seconds]
daszorz has joined #bitcoin-wizards
daszorz has quit [Max SendQ exceeded]
daszorz has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
daszorz has quit [Read error: Connection reset by peer]
ratbanebo has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 246 seconds]
packetsmurf has joined #bitcoin-wizards
coinsmurf has quit [Ping timeout: 248 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
<bsm117532>
waxwing: *groan*
<bsm117532>
MOAR RANDOM inputs = MOAR RANDOM. In other news, I just rolled a die and got a 5. You may now use 5 in your hash function. It's provably random.
<bsm117532>
I'll even send you the dice I used.
arowser has quit [Quit: No Ping reply in 180 seconds.]
arowser has joined #bitcoin-wizards
<sipa>
which always results in a 5? very random, wow
DrOlmer has quit [Ping timeout: 240 seconds]
DrOlmer has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
<CryptAxe>
I think your dice is using a bad entropy source
boing_ has joined #bitcoin-wizards
tromp has quit [Ping timeout: 260 seconds]
boing has quit [Ping timeout: 240 seconds]
tromp has joined #bitcoin-wizards
dnaleor has quit [Ping timeout: 240 seconds]
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
<bsm117532>
I rolled it once, it gave a 5. It's super random.
<bsm117532>
Best you can get. Also, I'm going to ICO my dice.
dnaleor has joined #bitcoin-wizards
coinsmurf has joined #bitcoin-wizards
packetsmurf has quit [Ping timeout: 240 seconds]
RubenSomsen has quit [Ping timeout: 252 seconds]
ratbanebo has quit [Ping timeout: 240 seconds]
<sipa>
bsm117532: it'd totally random, just not very uniformly
<bsm117532>
sipa: stop it you hater. I'm inserting 5 into my ICO's consensus protocol. Prove me wrong.
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
ratbanebo has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
ratbanebo has quit [Read error: Connection reset by peer]