sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
tromp has joined #bitcoin-wizards
CheckDavid has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
rusty has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
farmerwampum_ has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 260 seconds]
farmerwampum has quit [Ping timeout: 260 seconds]
farmerwampum_ is now known as farmerwampum
tromp has quit [Ping timeout: 260 seconds]
Belkaar has quit [Ping timeout: 260 seconds]
Belkaar_ has joined #bitcoin-wizards
son0p has quit [Quit: leaving]
bildramer has joined #bitcoin-wizards
bildramer1 has quit [Ping timeout: 276 seconds]
thrmo has quit [Ping timeout: 268 seconds]
midnightmagic has quit [Read error: Connection reset by peer]
rusty has quit [Ping timeout: 244 seconds]
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
triazo_ is now known as trizao
trizao is now known as triazo
tromp has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
tromp has quit [Ping timeout: 244 seconds]
AaronvanW has quit [Ping timeout: 260 seconds]
thrmo has joined #bitcoin-wizards
Krellan has quit [Ping timeout: 265 seconds]
CheckDavid has quit [Quit: Connection closed for inactivity]
Krellan has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 240 seconds]
midnightmagic has joined #bitcoin-wizards
Krellan has quit [Ping timeout: 265 seconds]
TheoStorm has joined #bitcoin-wizards
Krellan has joined #bitcoin-wizards
thrmo has quit [Quit: Waiting for .007]
TheoStorm has quit [Ping timeout: 240 seconds]
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
michael29 has joined #bitcoin-wizards
michael29 has left #bitcoin-wizards [#bitcoin-wizards]
tromp has joined #bitcoin-wizards
iddo has quit [Remote host closed the connection]
tromp has quit [Ping timeout: 264 seconds]
Krellan has quit [Ping timeout: 265 seconds]
Krellan has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
rusty has quit [Ping timeout: 240 seconds]
AaronvanW has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
SopaXorzTaker has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
SopaXT has joined #bitcoin-wizards
CheckDavid has joined #bitcoin-wizards
SopaXorzTaker has quit [Ping timeout: 260 seconds]
SopaXT is now known as SopaXorzTaker
Krellan has quit [Read error: Connection reset by peer]
SopaXT has joined #bitcoin-wizards
SopaXorzTaker has quit [Disconnected by services]
SopaXT is now known as SopaXorzTaker
Krellan has joined #bitcoin-wizards
vcorem has joined #bitcoin-wizards
RubenSomsen has quit [Quit: Connection closed for inactivity]
Krellan has quit [Ping timeout: 265 seconds]
Krellan has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
vcorem has quit [Ping timeout: 240 seconds]
gnusha has quit [Ping timeout: 276 seconds]
jrayhawk has quit [Ping timeout: 264 seconds]
SopaXorzTaker has quit [Remote host closed the connection]
SopaXorzTaker has joined #bitcoin-wizards
vcorem has joined #bitcoin-wizards
kanzure has quit [Ping timeout: 268 seconds]
Krellan has quit [Ping timeout: 265 seconds]
Krellan has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
adiabat has quit [Ping timeout: 268 seconds]
adiabat has joined #bitcoin-wizards
kanzure has joined #bitcoin-wizards
jrayhawk has joined #bitcoin-wizards
CheckDavid has quit [Quit: Connection closed for inactivity]
AaronvanW has quit [Remote host closed the connection]
SopaXorzTaker has quit [Remote host closed the connection]
SopaXorzTaker has joined #bitcoin-wizards
nuncanada has joined #bitcoin-wizards
nuncanada has quit [Remote host closed the connection]
arubi has quit [Ping timeout: 250 seconds]
SopaXorzTaker has quit [Read error: Connection reset by peer]
SopaXorzTaker has joined #bitcoin-wizards
arubi has joined #bitcoin-wizards
d9b4bef9 has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
Krellan has quit [Read error: Connection reset by peer]
p0nziph0ne has quit [Quit: Leaving]
Krellan has joined #bitcoin-wizards
veleiro has joined #bitcoin-wizards
arubi has quit [Remote host closed the connection]
arubi has joined #bitcoin-wizards
veleiro` has joined #bitcoin-wizards
veleiro has quit [Ping timeout: 240 seconds]
veleiro` has quit [Ping timeout: 240 seconds]
veleiro` has joined #bitcoin-wizards
Giszmo has quit [Ping timeout: 260 seconds]
shesek has quit [Ping timeout: 256 seconds]
Giszmo has joined #bitcoin-wizards
vcorem has quit []
vcorem has joined #bitcoin-wizards
RubenSomsen has joined #bitcoin-wizards
SopaXT has joined #bitcoin-wizards
SopaXorzTaker has quit [Ping timeout: 240 seconds]
SopaXorzTaker has joined #bitcoin-wizards
SopaXT has quit [Ping timeout: 244 seconds]
tromp has quit [Remote host closed the connection]
veleiro` has quit [Ping timeout: 260 seconds]
elichai2 has joined #bitcoin-wizards
veleiro has joined #bitcoin-wizards
bsm117532 has quit [Ping timeout: 240 seconds]
CheckDavid has joined #bitcoin-wizards
veleiro has quit [Ping timeout: 256 seconds]
veleiro` has joined #bitcoin-wizards
SopaXorzTaker has quit [Read error: Connection reset by peer]
SopaXorzTaker has joined #bitcoin-wizards
bsm117532 has joined #bitcoin-wizards
vcorem has quit [Ping timeout: 260 seconds]
narodnik has joined #bitcoin-wizards
veleiro` is now known as veleiro
veleiro has quit [Changing host]
veleiro has joined #bitcoin-wizards
SopaXorzTaker has quit [Remote host closed the connection]
SopaXorzTaker has joined #bitcoin-wizards
roconnor has quit [Quit: Konversation terminated!]
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 264 seconds]
TheoStorm has quit [Quit: Leaving]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 264 seconds]
<arubi> hey, I wrote about a method for scriptless atomic swaps that I think is pretty neat. it uses cut-and-choose for trustlessness and transaction hash preimages for atomicity in disclosing discrete logs : https://github.com/fivepiece/coinswap_cnc (pdf and tex for your convenience). let me know what you think
<kanzure> oh i see, using a non-sighash hash of the transaction as part of the atomicity guarantee
<arubi> yep, publishing the sighash itself means publishing the non-sighash preimage
CheckDavid has quit [Quit: Connection closed for inactivity]
narodnik has quit [Ping timeout: 256 seconds]
<waxwing> kanzure, the neat thing is using NUMS on the fake values, i think :)
narodnik has joined #bitcoin-wizards
narodnik has quit [Ping timeout: 256 seconds]
<gmaxwell> arubi: VERY COOL
<arubi> glad you like it :)
tromp has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
<andytoshi> arubi: is the only script support needed multisigs + timelocks? do the two chains need to use the same signature algorithm? same curve?
<gmaxwell> They need to be immune to malleability. And you need to be able to do ecdh with their pubkeys, 'blind sign' a sighash.
<gmaxwell> I think thats mostly it.
<gmaxwell> I think it would be interesting to think through using schnorr multisig to get rid of the CMS.
<andytoshi> i think with a 2-of-2 schnorr multisig it should be no different from CMS, since each party will know the sig that hits the blockchain as well as their own partial signature
<andytoshi> and the counterparty's partial signature will be the difference between these
TheoStorm has joined #bitcoin-wizards
<arubi> ah was afk, I see you got the answer :)
polydin has quit [Ping timeout: 260 seconds]
thrmo has joined #bitcoin-wizards
<arubi> oh gmaxwell ecdh? is that something I'm assuming there?
<gmaxwell> arubi: not ecdh itself, but the pubkeys have to be in a dh group. You need it to be addive, cyclic, secure dl... e.g. I don't think you could just drop your protocol in with a hypothetical hash based signature blockchain on one side.
<arubi> ahh understood. I thought I was just not specifying somewhere where I did use "ecdh" as a building block. thanks
polydin has joined #bitcoin-wizards
TheoStorm has quit [Quit: Leaving]
<waxwing> i think the "half-scriptless" variant doesn't have the restriction of requiring anything of the other sig algo.
veleiro has quit [Ping timeout: 240 seconds]
SopaXorzTaker has quit [Remote host closed the connection]
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
<gmaxwell> arubi: Why does it even need the nums in the cut and choose, can't alice just send a commitment to n t,h1 pairs, and bob picks one and asks alice to open all the rest of them?
<arubi> gmaxwell, yea but then it'd be n choose one
<arubi> basically alice can cheat 1/n times
<gmaxwell> Right, I don't see where you're adding up the points-- you say bob choose j?
<arubi> that's right
<arubi> although it could be chosen by both by some fair n side coin flip
<arubi> he chooses j from n guaranteed valid t,h1's. alice would've had to hit m other valid ones on the nums to evade bob detecting cheating
<gmaxwell> Right how is that not n choose 1? Alice flubs one pair, bob has her open all the nums ones. The one alice flubbed isn't one bob had her open. Then he happens to pick it.
<arubi> she doesn't know which are the nums in advance, so she'd have to avoid these whole m nums points for her cheating attempt
<arubi> if I'm missing something and it /is/ n choose one, then unfortunately this method is not usable :)
<arubi> oh but hmm, yea, why not have alice reveal the preimages for the i != j indexes... I think I'm beginning to see what you mean
<gmaxwell> Right. I don't think the nums adds anything.
<arubi> alright, awesome analysis. now to figure out a way to tweak it so it /is/ at the n+m choose n order :)
<waxwing> gmaxwell, if there are n reals and m fakes, and all the fakes pass, alice has to have made all the n reals be invalid for bob not to get what he wants
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
<arubi> waxwing, I think the thing here, alice doesn't broadcast until after bob made his choice of j. why shouldn't she just open all n+m except j, even the real ones?
Chris_Stewart_5 has joined #bitcoin-wizards
<arubi> and if that's the case, why bother with nums?
<arubi> so seems like it reverts to 'choose 1'? I'm still going over it :)
<waxwing> yes, i'm getting there now, it's bob that must take action with one j here.
<arubi> if we could keep the nums in, but have /any/ of the real's be a useful DL disclosure..
<arubi> pretty much what tumblebit does with the "hash OR hash OR hash..." yea
<waxwing> hmm ORs, interesting thought yeah. i was remembering the rsa quotient test but that was for a different thing.
Krellan has quit [Ping timeout: 240 seconds]
<waxwing> yes, i glossed over this before in tumblebit: the 1/(nCm) cheating probability is achieved only for the assertion that at least one signature is correctly formed; the rsa quotient test is what's used to get round that: with it, if you get a decryption key for one of the sigs, you get a decryption key for all of them, so if only one of them is valid, you're still safe.
Krellan has joined #bitcoin-wizards
<waxwing> been thinking about it, i don't think that kind of model can carry over here (all revealed by 1), due to the way it's set up. maybe there's another way.
Aaaaand has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
tromp has quit [Remote host closed the connection]
Aaaaand has quit [Remote host closed the connection]
Aaaaand has joined #bitcoin-wizards
<arubi> yea definitely going to try another way. in the mean time I added a warning reflecting the gist of what was said here on the repo, and I'll be adding it in the pdf itself too. back to the drawing board :)
CheckDavid has joined #bitcoin-wizards
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 264 seconds]
Aaaaand has quit [Ping timeout: 248 seconds]
vicenteH has quit [Read error: Connection reset by peer]
vicenteH has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
thrmo has quit [Ping timeout: 240 seconds]
<gmaxwell> arubi: what you need is a way that all the unused entries get combined so that you're good so long as any are good.
<gmaxwell> but I don't see how to get towards that without a more complicated kind of proof.
<gmaxwell> I think we can use a bulletproof here to get what you want. irritatingly segwit's sighasher actually makes it harder.
<gmaxwell> so say H1() is sha256(sha256(tx)). Then we could make H0 sha256(tx). Then I could give you T,H1 and prove to you that T == xG && H1 == sha256(x).
<gmaxwell> And you're good to go, no cut and choose needed.
<gmaxwell> And a bulletproof for that would be perfectly reasonable.
vicenteH has quit [Ping timeout: 244 seconds]
tromp has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
tromp has quit [Ping timeout: 240 seconds]
spinza has joined #bitcoin-wizards
son0p has joined #bitcoin-wizards
Krellan has quit [Read error: Connection reset by peer]
modin has quit [Ping timeout: 248 seconds]
AaronvanW has quit [Remote host closed the connection]
modin has joined #bitcoin-wizards
meshcollider has joined #bitcoin-wizards
<gmaxwell> sipa: I know we've pointed out before that the nested hashing could be useful for ZKP simplicity, but I think this is the first case where it has an obvious impact in an otherwise pratical protocol.
Chris_Stewart_5 has quit [Ping timeout: 248 seconds]
Krellan has joined #bitcoin-wizards
TheoStorm has quit [Quit: Leaving]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 244 seconds]