sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
PaulCapestany has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
PaulCapestany has joined #bitcoin-wizards
vicenteH` has quit [Ping timeout: 240 seconds]
dgenr8 has quit [Quit: Leaving]
deusexbeer has quit [Ping timeout: 240 seconds]
Dizzle has joined #bitcoin-wizards
adiabat has quit [Quit: WeeChat 1.4]
adiabat has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
jb55 has joined #bitcoin-wizards
deusexbeer has joined #bitcoin-wizards
Ylbam has quit [Quit: Connection closed for inactivity]
jb55 has quit [Ping timeout: 240 seconds]
Dizzle has quit [Remote host closed the connection]
Dizzle has joined #bitcoin-wizards
Noldorin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
Chris_Stewart_5 has joined #bitcoin-wizards
meshcollider has quit [Quit: Connection closed for inactivity]
<rusty>
sipa: writing wallet today, if someone tells you to pay to a BIP173 address, which passes segwit_addr_decode, bu with witver > 0, we should accept and set it as a scriptpubkey OP_<version> + addr? Or should we refuse, and require an upgrade?
Dizzle has quit [Remote host closed the connection]
Dizzle has joined #bitcoin-wizards
<sipa>
rusty: i think you should accept
<rusty>
sipa: right. Just wanted to make absolutely sure, since we've had the debate before over not actually encoding a scriptpubkey.
<sipa>
rusty: yes, bip173 is just segwit outputs, but it does include all segwit outputs
<rusty>
sipa: excellent, thanks for confirmation!
<sipa>
otherwise you're introducing yet more classes of support, with unclarity which software can send to which
<rusty>
sipa: well, in future behavour will change wrt invalid addresses. eg. today we do length check on witver == 0. Tomorrow we might on witver == 1. But that corner case seems OK.
<sipa>
rusty: yeah, but i don't expect to continue that practice
<sipa>
as in, a future witness version may define v1 len32 to have some meaning, but leave all other v1 lengths undefined/anyonecanspend
<rusty>
Ah, YA upgrade mechanism then...
<sipa>
haha
<sipa>
it's a bit of a waste that v0 only permits len 20 and 32; that's kinda wasteful use of version space
Chris_Stewart_5 has quit [Ping timeout: 248 seconds]
<rusty>
You could sacrifice 1 bit of security and get a new semantic for a 255-bits of data :) That's another 15 versions...
<sipa>
?
rusty has quit [Ping timeout: 255 seconds]
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
[7] has quit [Ping timeout: 258 seconds]
TheSeven has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 258 seconds]
TheSeven has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
meZee has quit [Ping timeout: 258 seconds]
meZee has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 248 seconds]
chjj has quit [Ping timeout: 248 seconds]
chjj has joined #bitcoin-wizards
chjj has quit [Ping timeout: 248 seconds]
dongcarl has joined #bitcoin-wizards
<dongcarl>
Hi all. Looking at BIP32+39 and trying to understand. Wondering why HMAC-SHA512 was used as the PRNG instead of simply SHA512.
<dongcarl>
Specifically in the mnemonic + passphrase -> seed process
<sipa>
HMAC protect against some attacks that practical hash functions dont (in partocilar, length extension attacks)
<sipa>
in the case od BIP32 these don't really apply though
<sipa>
*of
CubicEarth has quit []
<dongcarl>
sipa: Gotcha.
<sipa>
dongcarl: in general, overdesigning and relying on well-known constructions is a good thing
<sipa>
performance isn't particularly critical here
<sipa>
there are worse examples... see RFC6979 for example, which uses HMAC-SHA256 repeatedly to generate a single random nonce (i think it needs over a dozen SHA256 compressions to generate a single nonce)
* dongcarl
facepalms
<sipa>
in any case, for BIP32 you can blame me :)
<dongcarl>
sipa: Haha it's good, I'm new to cryptography so just trying to understand design decisions, as I know they can depend on very minute details
<sipa>
so in short, there would probably not be any issue with using just SHA512
<dongcarl>
I remember trying to choose cipher suites for StrongSwan, and they used HMAC-SHA256 as default PRNG as well
<sipa>
but that doesn't mean that for a standard designed to protect potentially millions or more, a more conservative choice isn't better
<dongcarl>
sipa: right, but "overdesigning and relying on well-known constructions is a good thing"
<dongcarl>
Perfect. Thanks.
chjj has joined #bitcoin-wizards
onabreak has quit [Ping timeout: 260 seconds]
Guyver2 has joined #bitcoin-wizards
Guyver2 has quit [Read error: Connection reset by peer]
Guyver2 has joined #bitcoin-wizards
nona has joined #bitcoin-wizards
nona has quit [Remote host closed the connection]
BashCo has quit [Ping timeout: 248 seconds]
dongcarl has quit [Quit: leaving]
BashCo has joined #bitcoin-wizards
meshcollider has joined #bitcoin-wizards
TheSeven has quit [Read error: Connection reset by peer]
TheSeven has joined #bitcoin-wizards
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
Ylbam has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
CheckDavid has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 258 seconds]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 248 seconds]
tromp has joined #bitcoin-wizards
bsm117532 has quit [Ping timeout: 240 seconds]
tromp has quit [Remote host closed the connection]
meshcollider has quit [Quit: Connection closed for inactivity]
tromp has joined #bitcoin-wizards
DrOlmer has joined #bitcoin-wizards
meshcollider has joined #bitcoin-wizards
bsm117532 has joined #bitcoin-wizards
mn3monic has joined #bitcoin-wizards
mn3monic has joined #bitcoin-wizards
mn3monic has quit [Changing host]
AaronvanW has quit [Ping timeout: 258 seconds]
CheckDavid has quit [Quit: Connection closed for inactivity]
bildramer has joined #bitcoin-wizards
onabreak has joined #bitcoin-wizards
vicenteH has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
Guyver2 has quit [Remote host closed the connection]
dnaleor has joined #bitcoin-wizards
Cory has quit [Remote host closed the connection]
Cory has joined #bitcoin-wizards
smk has joined #bitcoin-wizards
Terr has quit [Ping timeout: 255 seconds]
Cory has quit [Remote host closed the connection]
Cory has joined #bitcoin-wizards
Cory has quit [Remote host closed the connection]
dnaleor has quit [Quit: Leaving]
smk has quit [Ping timeout: 260 seconds]
Cory has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
Cory has quit [Remote host closed the connection]
Cory has joined #bitcoin-wizards
Cory has quit [Remote host closed the connection]
Noldorin has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
Guest64992 has joined #bitcoin-wizards
meshcollider has quit [Quit: Connection closed for inactivity]
daszorz has quit [Read error: Connection reset by peer]
daszorz has joined #bitcoin-wizards
rusty has quit [Read error: Connection reset by peer]
rusty1 has joined #bitcoin-wizards
daszorz has quit [Read error: Connection reset by peer]
rusty1 has quit [Ping timeout: 240 seconds]
rafal has joined #bitcoin-wizards
<rafal>
quick question; lets put Script on the table. the transaction is valid if !=0 is left on top of the stack and no errors. what prevents the injected 'response' - second part of the script presented by the spender to drop all the previous instructions and leave 1 on top of the stack
<rafal>
is the the 'to be verified' part appended or how does it look like
<sipa>
first the scriptSig is executed
<sipa>
the resulting stack is then copied
<sipa>
then the scriptPubKey is executed (which is not under control of the spender), with that previous stack as initial state
<sipa>
the result of *that* has to be true
<rafal>
ok let me check ou these opcodes brb
<sipa>
#bitcoin is probably a better place, though
<rafal>
why?:)
<rafal>
I'm a dev I'm not looking for tutorials
<rafal>
are the 'scriptPubKey' and 'scriptSig' 'routines' mandatory, would you call them as such?
<rafal>
I've just developed my own forth-based language with some nice features looking how bitcoin does some things
<sipa>
explaining the basics of bitcoin's scripting system is certainly off topic here, though
<rafal>
got it
<rafal>
feeling lazy got a flue
<rafal>
if these 'routines' are mandatory feels like a very constrained environment
<sipa>
what do you mean by routines
<sipa>
ah
<sipa>
the scriptPubKey is really the "conditions for spending" that go into each transaction output
<sipa>
the scriptSig is the input for those, to prove authority to spend
<sipa>
they are mandatory yes - without it, every output would be spendable by anyone
CubicEarth has quit []
<rafal>
kindly thank you sipa for your time. By tomorrow I shall be at an scientific-level regarding this language and be a better conversation partner regarding potential alternatives /proposals;d
<sipa>
cool!
Yogh has joined #bitcoin-wizards
meshcollider has joined #bitcoin-wizards
airbreather has quit [Ping timeout: 246 seconds]
jb55 has quit [Ping timeout: 248 seconds]
jb55 has joined #bitcoin-wizards
jb55 has quit [Ping timeout: 240 seconds]
Guyver2 has joined #bitcoin-wizards
jb55 has joined #bitcoin-wizards
jb55 has quit [Ping timeout: 240 seconds]
vicenteH has quit [Ping timeout: 248 seconds]
vicenteH has joined #bitcoin-wizards
metric has quit []
onabreak has quit [*.net *.split]
metric has joined #bitcoin-wizards
onabreak has joined #bitcoin-wizards
dgenr8 has joined #bitcoin-wizards
mn3monic has quit [Ping timeout: 248 seconds]
jb55 has joined #bitcoin-wizards
airbreather has joined #bitcoin-wizards
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]