sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
dnaleor has joined #bitcoin-wizards
dnaleor has quit [Remote host closed the connection]
Noldorin has joined #bitcoin-wizards
go1111111 has quit [Ping timeout: 248 seconds]
daszorz has quit [Ping timeout: 240 seconds]
rusty has joined #bitcoin-wizards
coup has quit [Quit: Like 3 fire emojis lit rn 🔥🔥🔥]
coup has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
juscamarena_ has joined #bitcoin-wizards
rmwb has quit [Remote host closed the connection]
rmwb has joined #bitcoin-wizards
rmwb has quit [Remote host closed the connection]
rmwb has joined #bitcoin-wizards
tloriato has joined #bitcoin-wizards
<sipa>
hi
<tloriato>
hello!
<sipa>
we're pretty close to writing up a proposal
<sipa>
for aggregated signatures
<tloriato>
i feel like everytime i have a doubt about bitcoin development you are here to help me, thanks buddy, for real
<tloriato>
that's incredible
<sipa>
there are two somewhat independent problems to solve here
<tloriato>
i'm in first year of cs college myself, so i'm still trying to catch up on things, but schnorr signatures might be one of the most important updates for bitcoin ( even more than LN, for me)
<tloriato>
alright, go ahead please, sorry
<sipa>
one is the question of how to reduce the number of signatures per input to 1
<waxwing>
sipa, you mean like a BIP for aggregated sigs? wouldn't it need a Schnorr BIP first or something?
<waxwing>
sorry ignore me, i interrupted
<sipa>
waxwing: yes, we'll probably write up two BIPs (one about the signature scheme itself), another about how to integrate it into opcodes etc
<sipa>
and the other problem is how to reduce the number of signatures across multiple inputs to one
<sipa>
for the first there are many solutions (if you accept complicated negotiations and proof protocols between the participants in a single input)
Dizzle has joined #bitcoin-wizards
<andytoshi>
waxwing: to be clear: "aggregated sigs" and "schnorr" are the same thing. "schnorr signature" is not a super well-defined concept. aggregate signatures are a specific thing (that could be termed a 'schnorr signature', or rather a generalization of 'schnorr signature' to multiple signers) which has all the algebraic properties that our hearts desire from schnorr
<sipa>
right, aggregated signature just means "a construction that allows multiple signers to jointly produce a single signature"
<waxwing>
andytoshi, i'm surprised you put it like that .. the schnorr signature was patented after all :)
<sipa>
schnorr signatures do permit this, but some serious caveats that actually make it (when used naively) insecure for the across-inputs case
<tloriato>
waxwing: it expired in 2008
<andytoshi>
waxwing: right, sure, there is a specific thing called a "schnorr signature" which was patented (tho it still did not specify e.g. what groups or hash function to use) and that thing was crappy
<sipa>
however, it turns out there is a generalization of Schnorr signature for multiple parties that remains secure under very wide assumptions, called Bellare-Neven from 2006
<andytoshi>
later there was a generalization by bellare-neven (which is what we're calling "aggregated signatures") which is also a specific thing
<sipa>
in particular, the issue is that it remains secure even when all but one participant can choose their public keys in function of other participants
<andytoshi>
but when we say "schnorr signature" in casual conversation this might refer to schnorr's scheme, schnorr's scheme + a pubkey commitment, bellare-neven, etc., sometmise i even use that term to refer to rangeproofs or ring signatures
<waxwing>
tloriato, sure i know :) andytoshi i'm curious now, given that details like hash function and group weren't defined, in what sense was it crappy? i'm guessing you mean it doesn't consider pubkey commitment then.
<andytoshi>
as a result we're trying to avoid using the term in anything we propose, to avoid confusion
<waxwing>
hmm yes i can see how you'd end up in that situation now, thanks.
<andytoshi>
waxwing: yes. and it looks tantalizingly like it'd give easy multisigs but actually it doesn't
<sipa>
it gives easy multisigs under the assumption that all public keys are certified
<andytoshi>
(i have also used "schorr signatures" to refer to many different multisignature schemes, some of which are broken)
<andytoshi>
right
<sipa>
as in: there is some magic involved that makes you believe that all participants actually have the keys they claim to have
<sipa>
and in a blockchain setting, that assumption can't exist
akrmn has quit [Ping timeout: 248 seconds]
<sipa>
the verifiers (=every full node) can't know who has which public key - that's exactly the problem it's trying to solve
<waxwing>
well i can only earnestly wish you guys luck in shifting the language here :)
<sipa>
anyway, Bellare-Neven is a trivial extension of Schnorr
<waxwing>
this is the part where i say a schnorr sig is just a zkpok of the private key and then run away before gmaxwell finds me :)
StopAndDecrypt has quit [Remote host closed the connection]
blockchain has joined #bitcoin-wizards
<andytoshi>
heh, that is usually but not always what i mean by the term
<waxwing>
(just jk about how it isn't if the pubkey isn't fixed in advance, i.e. the stuff you were already mentioning)
StopAndDecrypt has joined #bitcoin-wizards
<waxwing>
hmm although it's in the weeds, it is kinda interesting since if a learner goes to wikipedia to read about Schnorr signatures they aren't going to see mention of this issue iirc
Ylbam has quit [Quit: Connection closed for inactivity]
<sipa>
well the problem is really one of setting assumptions
<sipa>
this idea that with schnorr you can "just" add up multiple signatures and you get a valid signature for the sum of the public key is true, but the normal schnorr security proof in no extends to that
Chris_Stewart_5 has quit [Ping timeout: 248 seconds]
ftknox has joined #bitcoin-wizards
ariard has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
ghost43 has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 240 seconds]
meshcollider has quit [Quit: Connection closed for inactivity]
nicolagreco has quit [Quit: Connection closed for inactivity]
nakaluna has quit [Quit: Leaving]
PaulCape_ has quit [Quit: .]
pavle_ has joined #bitcoin-wizards
Murch has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
ftknox has quit [Ping timeout: 248 seconds]
Murch has quit [Quit: Plugging out.]
PaulCapestany has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 246 seconds]
thrmo has joined #bitcoin-wizards
oleganza has joined #bitcoin-wizards
oleganza has quit [Client Quit]
pavle_ has quit [Quit: Leaving]
rmwb has joined #bitcoin-wizards
leonidaz0r has quit [Ping timeout: 240 seconds]
leonidaz0r has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 250 seconds]
daszorz has quit [Read error: Connection reset by peer]
JackH has quit [Ping timeout: 240 seconds]
jb55 has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
jb55 has quit [Ping timeout: 248 seconds]
rmwb has quit [Ping timeout: 240 seconds]
JackH has joined #bitcoin-wizards
bitri has joined #bitcoin-wizards
BashCo has quit [Remote host closed the connection]
BashCo has joined #bitcoin-wizards
jb55 has joined #bitcoin-wizards
bitri has quit [Ping timeout: 252 seconds]
BashCo has quit [Ping timeout: 248 seconds]
CheckDavid has joined #bitcoin-wizards
deusexbeer has quit [Quit: Konversation terminated!]
dnaleor has quit [Quit: Leaving]
rmwb has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
laurentmt has quit [Quit: laurentmt]
deusexbeer has joined #bitcoin-wizards
jb55 has quit [Ping timeout: 248 seconds]
rmwb has quit [Ping timeout: 255 seconds]
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 240 seconds]
PaulCapestany has quit [Read error: Connection reset by peer]
dnaleor has joined #bitcoin-wizards
pavle_ has joined #bitcoin-wizards
roidster has joined #bitcoin-wizards
roidster is now known as Guest60291
PaulCapestany has joined #bitcoin-wizards
docdrow has joined #bitcoin-wizards
ftknox has joined #bitcoin-wizards
Ylbam has joined #bitcoin-wizards
Guest10 has joined #bitcoin-wizards
Guest10 has quit [Client Quit]
pavle_ has quit [Quit: Leaving]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
oleganza has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
worstadmin has joined #bitcoin-wizards
Giszmo1 has quit [Quit: Leaving.]
jtimon has joined #bitcoin-wizards
ariard has quit [Ping timeout: 248 seconds]
oleganza has quit [Quit: oleganza]
oleganza has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 255 seconds]
rusty has quit [Ping timeout: 248 seconds]
devrandom has quit [Ping timeout: 240 seconds]
devrandom has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
jephalien has quit [Remote host closed the connection]
Giszmo has quit [Ping timeout: 248 seconds]
jephalien has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
thrmo has quit [Quit: Waiting for .007]
Murch has joined #bitcoin-wizards
jb55 has joined #bitcoin-wizards
intcat has quit [Remote host closed the connection]
intcat has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 240 seconds]
Giszmo has joined #bitcoin-wizards
dnaleor has quit [Quit: Leaving]
Aranjedeath has joined #bitcoin-wizards
dcousens has quit [Ping timeout: 248 seconds]
dcousens has joined #bitcoin-wizards
thrmo has joined #bitcoin-wizards
meshcollider has joined #bitcoin-wizards
hdevalence has joined #bitcoin-wizards
<hdevalence>
Hi, I'd like to benchmark group operations using secp256k1, but I'm not sure which of the existing benchmarks are the ones I'm looking for.
<hdevalence>
Is there a benchmark for variable-base scalar mult, for instance?
<sipa>
there is bench_internal
<sipa>
variable-base scalar mult is pretty much just an ECDSA verification
<hdevalence>
does secp have a multiscalar mult implementation?
<andytoshi>
#secp256k1 might be better for this ... but we're working on it, there is an open PR for it
<sipa>
not yet
<sipa>
but a PR was just opened today for that
<sipa>
also, #secp256k1
dnaleor has joined #bitcoin-wizards
oleganza has quit [Quit: oleganza]
maaku has joined #bitcoin-wizards
oleganza has joined #bitcoin-wizards
oleganza has quit [Client Quit]
oleganza has joined #bitcoin-wizards
rusty has quit [Quit: Leaving.]
rmwb has joined #bitcoin-wizards
oleganza has quit [Client Quit]
oleganza has joined #bitcoin-wizards
AlineGomes has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
Giszmo has joined #bitcoin-wizards
chjj has quit [Ping timeout: 248 seconds]
rmwb has quit [Ping timeout: 255 seconds]
Guest60291 has quit [Quit: ChatZilla 0.9.92 [SeaMonkey 2.40/20160120202951]]
worstadmin has quit [Quit: Connection closed for inactivity]
jb55 has quit [Ping timeout: 240 seconds]
jnewbery has quit [Quit: leaving]
jnewbery has joined #bitcoin-wizards
BCBot has quit [Ping timeout: 240 seconds]
thrmo has quit [Quit: Waiting for .007]
thrmo has joined #bitcoin-wizards
BCBot has joined #bitcoin-wizards
jb55 has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
rmwb has quit [Ping timeout: 255 seconds]
Giszmo has quit [Quit: Leaving.]
thrmo has quit [Quit: Waiting for .007]
thrmo has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 258 seconds]
Giszmo has quit [Ping timeout: 268 seconds]
ghost43 has quit [Ping timeout: 248 seconds]
andytosh1 has joined #bitcoin-wizards
spinza has quit [Ping timeout: 250 seconds]
andytoshi has quit [Ping timeout: 250 seconds]
Cory has quit [Ping timeout: 250 seconds]
ghost43 has joined #bitcoin-wizards
PaulCapestany has quit [Quit: .]
coup has quit [Ping timeout: 260 seconds]
koshii has quit [Ping timeout: 260 seconds]
boreddanman has quit [Quit: Page closed]
Pasha has joined #bitcoin-wizards
PaulCapestany has joined #bitcoin-wizards
Belkaar has quit [Ping timeout: 260 seconds]
execute has quit [Ping timeout: 240 seconds]
coup has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
koshii has joined #bitcoin-wizards
Pasha is now known as Cory
meshcollider has quit [Quit: Connection closed for inactivity]
nephyrin has quit [Ping timeout: 255 seconds]
spinza has joined #bitcoin-wizards
rmwb has joined #bitcoin-wizards
rmwb has quit [Remote host closed the connection]
rmwb has joined #bitcoin-wizards
meshcollider has joined #bitcoin-wizards
ftknox has quit [Ping timeout: 255 seconds]
devrandom has quit [Read error: Connection reset by peer]
devrandom has joined #bitcoin-wizards
wxss has quit [Remote host closed the connection]
CheckDavid has quit [Quit: Connection closed for inactivity]
midnightmagic has quit [Ping timeout: 264 seconds]
wxss has joined #bitcoin-wizards
midnightmagic has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
hdevalence has quit [Quit: hdevalence]
vicenteH has quit [Ping timeout: 248 seconds]
devrandom has quit [Read error: Connection reset by peer]
devrandom has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]