sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
thrmo has joined #bitcoin-wizards
sammi` has quit [Quit: Lost terminal]
pavle_ has joined #bitcoin-wizards
maaku has quit [Quit: Lost terminal]
maaku has joined #bitcoin-wizards
pavle_ has quit [Quit: Leaving]
itsme_ has joined #bitcoin-wizards
dabura667 has joined #bitcoin-wizards
vicenteH has quit [Ping timeout: 248 seconds]
oleganza has quit [Quit: oleganza]
Murch has quit [Quit: Snoozing.]
hdevalence has quit [Quit: hdevalence]
dnaleor has quit [Quit: Leaving]
Muis has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
Belkaar has quit [Ping timeout: 240 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 268 seconds]
Cory has quit [Ping timeout: 255 seconds]
packetsmurf has joined #bitcoin-wizards
coinsmurf has quit [Ping timeout: 248 seconds]
Ylbam has quit [Quit: Connection closed for inactivity]
coinsmurf has joined #bitcoin-wizards
packetsmurf has quit [Ping timeout: 268 seconds]
coinsmurf has quit [Ping timeout: 248 seconds]
coinsmurf has joined #bitcoin-wizards
RubenSomsen has joined #bitcoin-wizards
Cory has joined #bitcoin-wizards
dnaleor has quit [Quit: Leaving]
dnaleor has joined #bitcoin-wizards
dnaleor has quit [Client Quit]
intcat has quit [Ping timeout: 248 seconds]
intcat has joined #bitcoin-wizards
Guest83 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
legogris has quit [Remote host closed the connection]
legogris has joined #bitcoin-wizards
execute has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 258 seconds]
TheSeven has joined #bitcoin-wizards
anon616 has quit [Remote host closed the connection]
anon616 has joined #bitcoin-wizards
RubenSomsen has quit [Quit: Leaving]
anon616 has left #bitcoin-wizards [#bitcoin-wizards]
anon616 has joined #bitcoin-wizards
anon616 has quit [Remote host closed the connection]
rusty has quit [Ping timeout: 250 seconds]
interne7y has joined #bitcoin-wizards
anon616 has joined #bitcoin-wizards
Guest21184 has quit [Changing host]
Guest21184 has joined #bitcoin-wizards
Guest21184 has joined #bitcoin-wizards
Guest21184 is now known as blarney
satwo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Ylbam has joined #bitcoin-wizards
Cory has quit [Read error: Connection reset by peer]
interne7y has quit [Remote host closed the connection]
d_t has quit [Ping timeout: 248 seconds]
Cory has joined #bitcoin-wizards
<waxwing>
so for the inner product proof, let's say c = <a,b>, prover needs to send the Ls and Rs so like log (n) times (L, R) and also c ... is that it or am i missing something?
<waxwing>
oh and also P right
<waxwing>
ah but of course you have to send the a' and b' values for the final step right. so is it just [L], [R] (lists) and a', b' (single values) .. but also P ?
<waxwing>
ok i think i get it, "P" is external to the proof, so that's why it's 2*log(n) points, for the L and R vals, + 2 scalars (a', b')
d_t has joined #bitcoin-wizards
dabura667 has quit [Ping timeout: 248 seconds]
jtimon has quit [Ping timeout: 248 seconds]
dabura667 has joined #bitcoin-wizards
oleganza has quit [Quit: oleganza]
d_t has quit [Ping timeout: 248 seconds]
Fugazi has quit [Remote host closed the connection]
<d4de>
How do we know if `H` is an irreducible polynomial?
<waxwing>
d4de, H is a point on the elliptic curve (secp256k1)
<sipa>
H is a point, not a polynomial
<sipa>
and we know it is a generator because every point in secp256k1 is a generator
<sipa>
(its cofactor is 1)
<d4de>
I'm confused, but G is the generating polynomial of the finite field of which addition is carried on
<d4de>
right?
<sipa>
no
dnaleor has quit [Ping timeout: 248 seconds]
<sipa>
there is a finite field, which is just Z modulo a big prime
<sipa>
which is used for the _coordinates_ of points
<sipa>
then there is an elliptic curve with equation y^2 = x^3 + 7 over that field
<sipa>
that elliptic curve defines a mathematical cyclic group
<sipa>
every point in that group happens to be a generator of the group
<d4de>
addition/multiplications are defined modulo p?
<andytoshi>
d4de: there is a group whose elements are elliptic curve points (and whose addition is some weird rational function of the coordinates) which is conceptually totally independent of the underlying field that the curve is defined over
<andytoshi>
so for the purpose of CT/CA you can think of the curvepoints as just abstract group elements
<andytoshi>
and forget about the field and the curve equation entirely
<d4de>
ah
<sipa>
d4de: addition/multiplication on _coordinates_ is indeed done modulo p
<sipa>
d4de: addition of elliptic curve points is weird
<andytoshi>
importantly the addition formula is _not_ coordinate-wise addition, it's some rational function (which is indeed computed mod p). you can find the exact formula on wikipedia if you're more comfortable knowing it
dnaleor has joined #bitcoin-wizards
dnaleor has quit [Remote host closed the connection]
d_t has joined #bitcoin-wizards
<arubi>
if we're on the subject.. what causes this weird thing where the three cube roots of 1 mod p added to each other are equal to n, and same with the three cube roots of 1 mod n, added to each other are equal to p. I can't explain this to myself
jadox has quit [Quit: Leaving]
<andytoshi>
well, you can just run through the addition formula and see that when a = 0, multiplying x by a cube root of 1 in the field is an automorphism (if A + B = C and you multiply each x-coord by lambda the equation's truth value will be preserved). you can see this in a non-enlightening way by just working out the formula
<andytoshi>
oops, beta, not lambda. here beta is a cube root of 1 in the field
<andytoshi>
then observe that in a prime-order group, _every_ automorphism needs to be "multiplication by lambda" for some lambda..
dnaleor has joined #bitcoin-wizards
<andytoshi>
and this automorphism is the identity if you do it thrice (since multiplying x by beta three times is just multiplying x by 1), so this lambda needs to be a cube root of 1 in the _group_ order as well
<andytoshi>
which creates this spooky effect where whenever you have a field with a nontrivial cube root of 1, and an elliptic curve of j-invariant 0 defined over that field, the integers mod the curve's order must also have a cube root of 1
<arubi>
okay, suddenly the way endomorphism works is a bit clearer now :), I'll try out some walking through the addition
worstadmin has joined #bitcoin-wizards
<andytoshi>
IIRC you need to use the fact that beta^2 = 1/beta and beta = 1/beta^2 to see that the addition works (this is why being a cube root of 1 is special and other numbers don't work)
wizkid057 has quit [Ping timeout: 268 seconds]
<arubi>
oh! I guess I was close, previously I tried walking through three equations :
<arubi>
k1*lambda + k1 = tweak1
<arubi>
k1/lambda + k1 = tweak2
<arubi>
tweak1/tweak2 = lambda
<arubi>
and tried to figure out how to use beta with the x coordinate for k1G
<kanzure>
d4de: still alive?
<d4de>
yes
wizkid057 has joined #bitcoin-wizards
RubenSomsen has quit [Ping timeout: 250 seconds]
dnaleor has quit [Quit: Leaving]
RubenSomsen has joined #bitcoin-wizards
meshcollider has quit [Quit: Connection closed for inactivity]
meshcollider has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 248 seconds]
d_t has quit [Ping timeout: 250 seconds]
dgenr8 has quit [Read error: Connection reset by peer]
dgenr8 has joined #bitcoin-wizards
dnaleor has joined #bitcoin-wizards
Aaronvan_ has quit [Ping timeout: 268 seconds]
rusty has joined #bitcoin-wizards
hdevalence has quit [Remote host closed the connection]
hdevalence has joined #bitcoin-wizards
vicenteH has joined #bitcoin-wizards
thrmo has joined #bitcoin-wizards
CheckDavid has joined #bitcoin-wizards
RubenSomsen has quit [Ping timeout: 248 seconds]
neha has quit [Ping timeout: 240 seconds]
rusty has quit [Read error: Connection reset by peer]
JackH has quit [Read error: Connection reset by peer]
JackH has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
spinza has joined #bitcoin-wizards
Fugazi has joined #bitcoin-wizards
Fugazi_ has quit [Ping timeout: 240 seconds]
rusty has joined #bitcoin-wizards
interne7y has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
Fugazi_ has joined #bitcoin-wizards
Fugazi has quit [Ping timeout: 248 seconds]
Chris_Stewart_5 has quit [Ping timeout: 268 seconds]