sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
sipa has joined #bitcoin-wizards
jcorgan has quit [Ping timeout: 264 seconds]
<adlai>
bsm117532: i discussed "solv[ing] this damn problem" (well, not quite this one, but its parent problem) with sipa irl at milan. his reaction was similar. paying bitcoins to store data which is not output sizes or spending conditions is quite an interesting game and i suggest you keep playing, but carefully.
<sipa>
how to solve the PKI problem:
<sipa>
1. Fail
<sipa>
2. Go to 1
<adlai>
iirc, our conversation went roughly thus: me: "the blockchain eventually becomes the most backed-up data on earth, so it should be treated as the most expensive datastore" sipa: "pruning" me: "s/blockchain/utxo set/" sipa: "[let's change topic]"
<sipa>
i don't see how using the blockchain helps in any way; publishing data doesn't make it trusted
<adlai>
sipa: please correct me if i misremember this?
<sipa>
adlai: i don't remember, but it totally sounds like a conversation we could have had
<sipa>
there are useful-but-still-incentive-incompatible ways to use a blockchain
<sipa>
this one isn't even useful, as far as i can see
<adlai>
ok, thank you! btw i agree re:pki... that data is boring and typically is supposed to have expiry dates.
Belkaar has quit [Ping timeout: 248 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Aaronvan_ has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 248 seconds]
<bsm117532>
sipa: a PKI system needs several of the same properties as bitcoin. Namely: censorship resistance for public broadcast of revocation events.
<bsm117532>
I know of no comparable system.
<bsm117532>
If you have a censorship resistant public broadcast, it's fundamentally a new tool for PKI
Belkaar has quit [Read error: Connection reset by peer]
<bsm117532>
Anyway, this doesn't necessarily have to be an element in a BIP70 replacement
adrao has quit [Ping timeout: 265 seconds]
<sipa>
yes, using a blockchain for revocation is useful (but still incentive incompatible)
<sipa>
but that's only a tiny part of solving the PKI problem
<bsm117532>
It's the huge unsolved part, and why CA's don't work: you can't reliably distribute certs (CA's keep getting compromised) and you can't reliably revoke (crl's are unreliable and easy to DDoS).
<bsm117532>
Why do you claim it's incentive incompatible?
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
<sipa>
it conflicts with the chain's use as a financial transfer system, threatening its value, which indirectly threatens its security (if BTC has no value, its chain provides zero security)
<bsm117532>
It's only a financial transfer system if you can determine where you're sending funds.
<sipa>
?
<bsm117532>
If you have no idea who the receiver is, it's not very useful...
<sipa>
you're on their website
<sipa>
they're sending you email
<sipa>
you're scanning their QR code IRL
<sipa>
you're accessing their NFC POS system
<bsm117532>
I know how to hijack all of them
<bsm117532>
Because there's no good PKI solution
<sipa>
none of these things need a PKI
<sipa>
or at least, not in addition to being able to access them
<bsm117532>
Website needs PKI in the cert. SMTP is easy to falsify the sender. Mobile phone malware can display the wrong QR. etc.
<sipa>
yes ,sure
<sipa>
if you're *on their website* you're already trusting the site
<sipa>
i'm not saying PKI is solved
<sipa>
i'm saying it's a much deeper problem, and doesn't have much to do with bitcoin
<sipa>
but claiming that BTC can't work without solving PKI is a bit ridiculous
<bsm117532>
Would you use bitcoin without HTTPS?
<sipa>
no
<bsm117532>
so...
<sipa>
what is your point?
<sipa>
BTC has no value because PKI isn't solved?
<bsm117532>
HTTPS is a PKI solution that is fundamentally required in order to transfer bitcoin on the web.
<sipa>
can i buu your BTC? I'll offer $1 per BTC
<sipa>
please.
<sipa>
yes, PKI needs improvement
<bsm117532>
In any financial system you need hard and fast answers to: who, when, and how much. Bitcoin gets 2 of the three.
<sipa>
but it's (a) a boring problem (b) using blockchain to "fix" PKI is not a solution and (c) BTC is useful and valuable without PKI being solved
<bsm117532>
Can I come back to your "incentive incompatible" claim? If exchanges used spent pubkeys to sign off-chain messages indicating addresses, how would that be incentive incompatible?
<sipa>
Revoking keys using a chain requires publishing.
<sipa>
You can't do that offchain.
<sipa>
(or you lose the censorshio resistance)
<bsm117532>
Yes, you have to do it on chain. First spend reveals a pubkey, second spend revokes it.
<sipa>
yes, that conflicts with the use of the chain for financial purposes
<bsm117532>
Clearly pushing this as a PKI solution beyond bitcoin transfers would be a big incentive incompatibility, I think...
<bsm117532>
But it's exactly for the purpose of transfering bitcoin!
<sipa>
god
sipa has left #bitcoin-wizards [#bitcoin-wizards]
<bsm117532>
We need a BIP70 replacement to keep sipa in the room.
Belkaar has quit [Read error: Connection reset by peer]
<maaku>
bsm117532: it's easier to discuss an actual proposal. maybe make a strawman replacement for payment protocol?
* bsm117532
wrote a BIP describing this. It got lost in a failed startup.
<bsm117532>
I'm loath to write it again. But I'm not seeing better ideas.
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
<bsm117532>
But I wasn't thinking of the issues sipa was mentioning (refund addresses, receipts).
<bsm117532>
Also it seems to me that BIP70 fell largely on the notion of "identifying" bitcoin users, which is not my intent.
<bsm117532>
My only intent was to make absolutely goddamn sure that if I intend to send bitcoin to coinbase, I actually send it to fucking coinbase and not somewhere else.
meshcollider has quit [Quit: Connection closed for inactivity]
TheoStorm has quit [Ping timeout: 265 seconds]
<maaku>
"identifying bitcoin users"? I'm not really sure what you mean
Chris_Stewart_5 has quit [Ping timeout: 256 seconds]
<maaku>
bsm117532: regarding your intent in any case, I think you're looking at the wrong tool
<maaku>
any payment protocol is not going to tackle the communication channel problem. it's out of scope and layer violating
<maaku>
ASSUME a trusted channel, what should a payment protocol look like?
<maaku>
that was more my question from before
<maaku>
whether bitcoin outputs (spent or unspent) work as secure anchors for a trusted identity is an interesting question and worth working on a proposal for too, but it is a different problem
TheoStorm has joined #bitcoin-wizards
<kanzure>
maaku: was bip70 meant to work offline? what about the lightning one?
Aaronvan_ has quit [Ping timeout: 265 seconds]
<kanzure>
maaku: for online interaction the problem reduces to negotiating network connection information. and then receipts and other messages can fly around if you want.
<bsm117532>
maaku: you can't assume a trusted channel without key exchange. And if you have key exchange you don't need a trusted channel (because you can sign/encrypt messages over any channel)
<bsm117532>
maaku: I'm referring mostly to petertodd's objections to BIP75
Chris_Stewart_5 has joined #bitcoin-wizards
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 260 seconds]
Belkaar has quit [Read error: Connection reset by peer]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Emcy has quit [Ping timeout: 256 seconds]
Olufunmilayo has quit [Quit: Olufunmilayo]
Chris_Stewart_5 has quit [Ping timeout: 265 seconds]
coinsmurf has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 260 seconds]
TheoStorm has joined #bitcoin-wizards
samm__ is now known as samm_
Xantanium has joined #bitcoin-wizards
Xantanium2 has quit [Ping timeout: 260 seconds]
TheoStorm has quit [Ping timeout: 248 seconds]
TheoStorm has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 260 seconds]
ynakasone has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 265 seconds]
Xantanium has quit [Ping timeout: 265 seconds]
Xantanium has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 240 seconds]
ynakasone has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 268 seconds]
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 255 seconds]
TheoStorm has quit [Ping timeout: 260 seconds]
ynakasone has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
<maaku>
bsm117532: that's non-pragmatic objection I think. you need a secure channel to setup a secure channel, yes. but you need a secure channel once and then you can remember the root key
<maaku>
not to mention things like web of trust
TheoStorm has quit [Ping timeout: 260 seconds]
rusty has quit [Ping timeout: 240 seconds]
TheoStorm has joined #bitcoin-wizards
mikez__ has quit [Ping timeout: 265 seconds]
TheoStorm has quit [Ping timeout: 245 seconds]
TheoStorm has joined #bitcoin-wizards
setpill has joined #bitcoin-wizards
Guest7379 has quit [Quit: ZNC 1.6.6 - http://znc.in]
da2ce7 has joined #bitcoin-wizards
Krellan has quit [Ping timeout: 276 seconds]
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
kenshi84 has quit [Read error: Connection reset by peer]
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakason_ has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 260 seconds]
esotericnonsense has joined #bitcoin-wizards
ynakason_ has quit [Remote host closed the connection]
vicenteH has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 268 seconds]
rusty has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
ynakasone has joined #bitcoin-wizards
ynakasone has quit [Remote host closed the connection]
ynakasone has joined #bitcoin-wizards
otoburb_ has joined #bitcoin-wizards
vdo_ has joined #bitcoin-wizards
pmodin has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 268 seconds]
spinza has quit [*.net *.split]
otoburb has quit [*.net *.split]
modin has quit [*.net *.split]
vdo has quit [*.net *.split]
pmodin is now known as modin
vdo_ has quit [Ping timeout: 240 seconds]
Belkaar has quit [Ping timeout: 260 seconds]
spinza has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
vdo has joined #bitcoin-wizards
vdo has joined #bitcoin-wizards
vdo has quit [Changing host]
AaronvanW has joined #bitcoin-wizards
rusty has quit [Ping timeout: 256 seconds]
Aaronvan_ has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 256 seconds]
thrmo has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
<bsm117532>
maaku: remembering the root key doesn't allow either party to rotate their keys. You need a censorship resistant public broadcast to have key rotation.
<bsm117532>
And the web of trust is an utter failure. There's no reason I should trust the people you trust.
SopaXorzTaker has joined #bitcoin-wizards
mnkk has quit [Ping timeout: 256 seconds]
mnkk has joined #bitcoin-wizards
str4d has quit [Ping timeout: 240 seconds]
Chris_Stewart_5 has quit [Quit: WeeChat 1.4]
mnkk has quit [Ping timeout: 245 seconds]
mnkk has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 256 seconds]
douglas__ has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
kenshi84 has joined #bitcoin-wizards
btcdrak has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 276 seconds]
kabaum has quit [Ping timeout: 260 seconds]
TheoStorm has joined #bitcoin-wizards
ynakasone has joined #bitcoin-wizards
kabaum has joined #bitcoin-wizards
Aaronvan_ has quit [Remote host closed the connection]
ynakasone has quit [Ping timeout: 265 seconds]
AaronvanW has joined #bitcoin-wizards
intcat has quit [Remote host closed the connection]
AaronvanW has quit [Ping timeout: 240 seconds]
intcat has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 240 seconds]
<fluffypony>
bsm117532: yes you should, the people I trust are awesome
<fluffypony>
I think WoTs can work if they're qualitative and not quantitative
<fluffypony>
ie. *why* do I trust Bob, not what is Bob's cumulative trust score
adrao has joined #bitcoin-wizards
otoburb_ has quit [Quit: leaving]
otoburb has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
Emcy has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
Belkaar has quit [Read error: Connection reset by peer]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
TheoStorm has quit [Ping timeout: 268 seconds]
d9b4bef9 has quit [Remote host closed the connection]
AaronvanW has quit [Remote host closed the connection]
Belkaar has quit [Read error: Connection reset by peer]
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 260 seconds]
TheoStorm has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
AaronvanW has joined #bitcoin-wizards
jcorgan has joined #bitcoin-wizards
<kanzure>
fluffypony: how do you represent a why? and if it's qualitative then how does someone unrelated use the WoT? do they read all the whys?
<kanzure>
sybils can create a lot of why text, you know.
<fluffypony>
kanzure: I was thinking that asking is the most qualitative
<fluffypony>
so if I want to know if I should trust Bob, and you trust Bob, then I should ask you why you trust him
<kanzure>
after you ask and agree, you flip a trust bit in your local WoT wallet?
Belkaar has quit [Read error: Connection reset by peer]
<fluffypony>
I'd only flip that bit after successfully dealing with Bob
<fluffypony>
then someone can ask me why I trust Bob
<kanzure>
i think this is going to limit what other systems can do with your WoT
<fluffypony>
well then maybe it's down to the threat model, right
<fluffypony>
like if I'm using the WoT to get an accurate timestamp this is largely unecessary
<fluffypony>
but if I want to know if I can perform a $10 000 BTC trade then it's perfect
<blazon>
does it look like a proper usage of op_return
<kanzure>
blazon: who is a virtualchain
<andytoshi>
a hash per transaction? no.
<kanzure>
fluffypony: do you see applications integrating with that WoT to do trust automation things? i had assumed that was the primary interest in WoT stuff that folks had.
<blazon>
hash per transaction in virtual chain, and a hash per block in parent chain
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
<kanzure>
blazon: you should use opentimestamps if you want to aggregate hashes into a merkle tree in bitcoin
<kanzure>
and/or you should gut opentimestamps.
<blazon>
kanzure, I was thinking a linear traversal using most recent txid, I guess you are suggesting a faster/non-linear traversal using opentimestamps, sure I will google around this feature never used it
JackH has quit [Quit: Leaving]
thrmo has quit [Quit: Waiting for .007]
<blazon>
kanzure: anyone using some similar approach in your knowledge ?
<fluffypony>
kanzure: yes, we can replace PoW with PoWoT and problem solved
<fluffypony>
:-P
<blazon>
PoWoT ?
<Varunram>
proof of WoT
<blazon>
T ?
SopaXorzTaker has quit [Remote host closed the connection]
JRob has joined #bitcoin-wizards
btcdrak has quit [Quit: Connection closed for inactivity]
<BlueMatt>
bsm117532: yo
<BlueMatt>
regarding p2pool-style pools, do you anticipate needing more than 252 outputs for the pool payouts?
<BlueMatt>
thats like 5kb of payouts
<BlueMatt>
err, sorry, 255
<BlueMatt>
with values like 8kb
setpill has quit [Quit: o/]
Belkaar has quit [Read error: Connection reset by peer]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
mnkk_ has joined #bitcoin-wizards
mnkk has quit [Ping timeout: 260 seconds]
Krellan has joined #bitcoin-wizards
gribble has quit [Read error: Connection reset by peer]
blazon has quit [Ping timeout: 260 seconds]
p0nziph0ne has joined #bitcoin-wizards
gribble has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 260 seconds]
Krellan has quit [Remote host closed the connection]
Chris_Stewart_5 has joined #bitcoin-wizards
adrao has quit [Quit: • IRcap • 8.72 •]
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
marcoagner has quit [Ping timeout: 256 seconds]
ynakasone has joined #bitcoin-wizards
vicenteH has quit [Ping timeout: 256 seconds]
ynakasone has quit [Ping timeout: 265 seconds]
SopaXorzTaker has joined #bitcoin-wizards
<maaku>
another "oops" -- the segwit commitment tree should have been (txid1 wit1 txid2 wit2 ... txidN witN)
<maaku>
so use cases which care about witness data but not the full block (e.g. sign to contract) could fetch less data
<gmaxwell>
but more data for anyone who cares about a proof of both or witnessless.
<gmaxwell>
different orderings were considered.
<maaku>
i don't think so...?
<maaku>
both would not include the txid since you're sending the information
<maaku>
witnessless you send the path through the main blcok-tx merkle tree
<maaku>
it would add 32 bytes if you wanted to fetch the witness for the nth transaction in the block without knowing or caring the contents of the tx or its hash.. but what use case would that be?
d9b4bef9 has joined #bitcoin-wizards
<maaku>
would have been especially better if segwit commitment was put in the terminal block and a power-of-2-plus-1 number of transactions limitation was emplaced
marcoagner has joined #bitcoin-wizards
ynakasone has joined #bitcoin-wizards
SopaXorzTaker has quit [Remote host closed the connection]
SopaXorzTaker has joined #bitcoin-wizards
ynakasone has quit [Ping timeout: 265 seconds]
<maaku>
does anyone have a link to a good writeup of SDL's proposal to have a power-of-2-plus-1 number of transactions so the final tx has a short proof?
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
<gmaxwell>
kanzure: oh good, that is much closer to the forwarding behavior I was proposing on some PR before dandelion came along, but they can analyize it.
rusty has quit [Ping timeout: 256 seconds]
<gmaxwell>
lemme summarize the forwarding logic in it
<gmaxwell>
At each epoch every node decides if it is going to be a diffuser or stem relayer. If it is a diffuser it will diffuse everything it gets. If it is a stem relayer it picks uniformly at random two outbound peers to be stem outputs. Every peer is randomly assigned to one of these outbound edges. When a transaction arrives flagged for stem-phase processing, it's passed along to the corresponding o
<gmaxwell>
utput. All the random selections are redone every epoch (paper seems to assume 10 minutes with synchronized clocks, probably in practice we'd use block reception I guess)
<gmaxwell>
When you send your own transactions, you use the same output every time (during the epoch)
<gmaxwell>
And of course, everyone has a timeout, and if a stem phase transaction you've seen vanishes, you diffuse it eventually yourself.
str4d has quit [Ping timeout: 265 seconds]
douglas__ has quit [Ping timeout: 276 seconds]
lukedashjr has joined #bitcoin-wizards
luke-jr has quit [Read error: Connection reset by peer]