sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
d9b4bef9 has quit [Remote host closed the connection]
dvknv has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
deusexbeer has quit [Quit: Konversation terminated!]
Aaronvan_ has quit [Remote host closed the connection]
dvknv has joined #bitcoin-wizards
TheoStorm has quit [Quit: Leaving]
AaronvanW has joined #bitcoin-wizards
dougsland has quit [Ping timeout: 240 seconds]
AaronvanW has quit [Ping timeout: 276 seconds]
dvknv has quit [Remote host closed the connection]
dvknv has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 244 seconds]
Guest38458 has quit [Ping timeout: 260 seconds]
deusexbeer has joined #bitcoin-wizards
son0p has quit [Quit: leaving]
rusty has joined #bitcoin-wizards
Kaizen_ has joined #bitcoin-wizards
Guest38458 has joined #bitcoin-wizards
Kaizen_ has quit [Ping timeout: 265 seconds]
nuncanada has quit [Ping timeout: 272 seconds]
freewil has quit [Quit: Leaving.]
Noldorin has joined #bitcoin-wizards
freewil has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
Krellan has quit [Ping timeout: 272 seconds]
AaronvanW has quit [Ping timeout: 268 seconds]
gribble has quit [Remote host closed the connection]
johntramp has quit [Changing host]
johntramp has joined #bitcoin-wizards
gribble has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
Noldorin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 244 seconds]
toaster has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 272 seconds]
jtimon has joined #bitcoin-wizards
toaster has quit [Quit: Leaving.]
toaster has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 276 seconds]
toaster has quit [Quit: Leaving.]
Aesthetic has quit [Ping timeout: 272 seconds]
Krellan has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 276 seconds]
Guest38458 has quit [Ping timeout: 256 seconds]
toaster has joined #bitcoin-wizards
Kaizen_ has joined #bitcoin-wizards
Kaizen_ has quit [Ping timeout: 240 seconds]
fletom has quit [Ping timeout: 260 seconds]
tromp has joined #bitcoin-wizards
jeanlucas has quit [Quit: Connection closed for inactivity]
tromp has quit [Ping timeout: 244 seconds]
fletom has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
MarcoFalke has quit [Ping timeout: 268 seconds]
MarcoFalke has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 260 seconds]
AaronvanW has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
SopaXorzTaker has joined #bitcoin-wizards
elichai2 has joined #bitcoin-wizards
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
Logicwax has joined #bitcoin-wizards
Traino has joined #bitcoin-wizards
Traino has quit [Client Quit]
Traino has joined #bitcoin-wizards
Traino has quit [Client Quit]
Traino has joined #bitcoin-wizards
Traino has quit [Remote host closed the connection]
TheoStorm has joined #bitcoin-wizards
Traino has joined #bitcoin-wizards
Traino has quit [Remote host closed the connection]
Traino has joined #bitcoin-wizards
Traino has quit [Client Quit]
TheoStorm has quit [Ping timeout: 260 seconds]
Traino has joined #bitcoin-wizards
thrmo has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
toaster has quit [Quit: Leaving.]
toaster has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 240 seconds]
math_ has quit [Remote host closed the connection]
TheoStorm has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
tombusby has quit [Ping timeout: 250 seconds]
intcat has quit [Ping timeout: 250 seconds]
tombusby has joined #bitcoin-wizards
CheckDavid has joined #bitcoin-wizards
intcat has joined #bitcoin-wizards
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 260 seconds]
Traino has quit [Remote host closed the connection]
Traino has joined #bitcoin-wizards
belcher_ has joined #bitcoin-wizards
dvknv has quit [Remote host closed the connection]
bildramer has joined #bitcoin-wizards
deusexbeer has quit [Quit: Konversation terminated!]
deusexbeer has joined #bitcoin-wizards
dougsland has joined #bitcoin-wizards
dougsland has quit [Ping timeout: 276 seconds]
shesek has quit [Ping timeout: 272 seconds]
shesek has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
Traino has quit [Remote host closed the connection]
abcbc has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
<RubenSomsen>
andytoshi: I was going through blind schnorr sigs again today, and there's one part that seemed broken to me. I am probably just misunderstanding something... Using the example from Jonas' slides ( https://nickler.ninja/slides/2018-bob.pdf ) can't the blind signer check every signature on the blockchain, calculate c - c' = alpha and s'- s = beta and check if R' == R + alpha*G + beta*P? If true, the blind signature
<RubenSomsen>
is now linked to the unblinded signature;;
<RubenSomsen>
nickler: I guess I should tag you too :)
<andytoshi>
RubenSomsen: because every single signature ever will satisfy that equation
<RubenSomsen>
andytoshi: but only signer P knows k*G = R
<andytoshi>
RubenSomsen: implement this in sage and see what happens when you try to distinguish sigs with it
<andytoshi>
that is, i can give you a random c', you choose R and s', then go pick whatever sig you want to extract alpha/beta
<RubenSomsen>
andytoshi: Really? Haha OK, I'll look into it. Thanks for pointing me in the right direction.
<andytoshi>
(alternately, you can do this algebraically; start from the fact that your blind sig (s', R') was valid and the fact that the blockchain sig (s, R) was valid, using the same key; and you'll see that R must satisfy the equation you describe when you define alpha to be the difference of s's and beta to be the difference of c's)
<RubenSomsen>
andytoshi: I'll chew on that for a while, thanks :)
jtimon has joined #bitcoin-wizards
shesek has quit [Ping timeout: 268 seconds]
abcbc has quit [Remote host closed the connection]
Traino has joined #bitcoin-wizards
brianhoffman has quit [Quit: brianhoffman]
timerskull has joined #bitcoin-wizards
Noldorin has joined #bitcoin-wizards
son0p has joined #bitcoin-wizards
michaelsdunn1 has joined #bitcoin-wizards
Kaizen_ has joined #bitcoin-wizards
stqism has quit [Quit: Like 3 fire emojis lit rn 🔥🔥🔥]
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
CheckDavid has quit [Quit: Connection closed for inactivity]
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
Noldorin has quit [Ping timeout: 256 seconds]
Traino has quit [Excess Flood]
Traino has joined #bitcoin-wizards
SopaXorzTaker has quit [Ping timeout: 256 seconds]
Guest38458 has joined #bitcoin-wizards
abcbc has joined #bitcoin-wizards
Krellan has quit [Ping timeout: 276 seconds]
Traino has quit [Ping timeout: 256 seconds]
p0nziph0ne has quit [Ping timeout: 260 seconds]
Kaizen_ has quit [Remote host closed the connection]
<RubenSomsen>
andytoshi: I have confirmed the math adds up, thanks again :)
<nsh>
<Crimer> darnit!
p0nziph0ne has joined #bitcoin-wizards
abcbc has quit [Remote host closed the connection]
abcbc has joined #bitcoin-wizards
<andytoshi>
if it helps, i have an old email i sent to matt green with exactly this 'attack', and he literally replied by forwarding his response to the last person who'd sent it in
<andytoshi>
along with "i didn't read your message that closely, please follow up if this isn't what you're talking about"
<andytoshi>
but it was :}
dougsland has joined #bitcoin-wizards
<nsh>
heh
TheoStorm has quit [Quit: Leaving]
dvknv has joined #bitcoin-wizards
Kaizen_ has joined #bitcoin-wizards
esotericnonsense has quit [Ping timeout: 256 seconds]
esotericnonsense has joined #bitcoin-wizards
Kaizen_ has quit [Remote host closed the connection]
abcbc has quit [Remote host closed the connection]
abcbc has joined #bitcoin-wizards
dvknv has quit [Remote host closed the connection]
son0p has quit [Quit: Lost terminal]
CheckDavid has joined #bitcoin-wizards
Krellan has joined #bitcoin-wizards
freewil has quit [Quit: Leaving.]
toaster has quit [Quit: Leaving.]
dvknv has joined #bitcoin-wizards
enemabandit has joined #bitcoin-wizards
enemabandit has quit [Remote host closed the connection]
Krellan has quit [Remote host closed the connection]
TheoStorm has joined #bitcoin-wizards
dvknv has quit [Remote host closed the connection]
shesek has quit [Ping timeout: 268 seconds]
herzmeister[m] has quit [*.net *.split]
Jeremy_Rand[m] has quit [*.net *.split]
Taek42 has quit [*.net *.split]
kisspunch has quit [*.net *.split]
nsh has quit [*.net *.split]
GAit has quit [*.net *.split]
ensign has quit [*.net *.split]
kisspunch has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
Taek has joined #bitcoin-wizards
herzmeister[m] has joined #bitcoin-wizards
Jeremy_Rand[m] has joined #bitcoin-wizards
GAit is now known as Guest70578
Jeremy_Rand[m] has quit [*.net *.split]
gazab1 has quit [*.net *.split]
Herka has quit [*.net *.split]
nejon has quit [*.net *.split]
dlb76 has quit [*.net *.split]
Guest75200 has quit [*.net *.split]
Emzy has quit [*.net *.split]
Emzy has joined #bitcoin-wizards
gazab1 has joined #bitcoin-wizards
nejon has joined #bitcoin-wizards
Jeremy_Rand[m] has joined #bitcoin-wizards
Herka has joined #bitcoin-wizards
Guest75200 has joined #bitcoin-wizards
dlb76 has joined #bitcoin-wizards
Herka has quit [Client Quit]
ensign has joined #bitcoin-wizards
nsh has joined #bitcoin-wizards
belcher_ has quit [Ping timeout: 265 seconds]
toaster has joined #bitcoin-wizards
Kaizen__ has joined #bitcoin-wizards
Kaizen__ has quit [Ping timeout: 265 seconds]
TheoStorm has quit [Ping timeout: 240 seconds]
belcher_ has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
toaster1 has joined #bitcoin-wizards
tooth29 has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
azdrianz[m] has quit [*.net *.split]
betawaffle has quit [*.net *.split]
napo1eon has quit [*.net *.split]
dbarrett has quit [*.net *.split]
aguycalled has quit [*.net *.split]
helo has quit [*.net *.split]
helo has joined #bitcoin-wizards
helo has joined #bitcoin-wizards
helo has quit [Changing host]
napo1eon has joined #bitcoin-wizards
betawaffle has joined #bitcoin-wizards
toaster has quit [Ping timeout: 252 seconds]
dbarrett has joined #bitcoin-wizards
azdrianz[m] has joined #bitcoin-wizards
dbarrett has joined #bitcoin-wizards
dbarrett has quit [Changing host]
aguycalled has joined #bitcoin-wizards
thom_ has quit [*.net *.split]
gwillen has quit [*.net *.split]
dEBRUYNE has quit [*.net *.split]
marcoagner has quit [*.net *.split]
phantomcircuit has quit [*.net *.split]
fluffypony has quit [*.net *.split]
baikal_ has quit [*.net *.split]
stevenroose has quit [*.net *.split]
meshcollider has quit [*.net *.split]
stiell has quit [*.net *.split]
molz has quit [*.net *.split]
gwollon has joined #bitcoin-wizards
thom has joined #bitcoin-wizards
gwollon has joined #bitcoin-wizards
gwollon has quit [Changing host]
dEBRUYNE_ has joined #bitcoin-wizards
marcoagner has joined #bitcoin-wizards
Guest73368 has joined #bitcoin-wizards
baikal has joined #bitcoin-wizards
stiell has joined #bitcoin-wizards
Guest73368 has quit [Changing host]
Guest73368 has joined #bitcoin-wizards
stiell has quit [Changing host]
stiell has joined #bitcoin-wizards
TheoStorm has quit [Quit: Leaving]
CheckDavid has quit [Quit: Connection closed for inactivity]
stevenroose has joined #bitcoin-wizards
phantomcircuit has joined #bitcoin-wizards
molz has joined #bitcoin-wizards
meshcollider has joined #bitcoin-wizards
ryanofsky has quit [Ping timeout: 256 seconds]
ryanofsky has joined #bitcoin-wizards
rusty has quit [Read error: Connection reset by peer]
rusty has joined #bitcoin-wizards
LeMiner has joined #bitcoin-wizards
dougsland has quit [Ping timeout: 240 seconds]
toaster1 has quit [Ping timeout: 240 seconds]
jl2012_ has joined #bitcoin-wizards
nikuhodai_ has joined #bitcoin-wizards
IGHOR_ has joined #bitcoin-wizards
petertod1 has joined #bitcoin-wizards
dlb76_ has joined #bitcoin-wizards
mrd0ll4r_ has joined #bitcoin-wizards
Guest38458 is now known as tin_
dlb76 has quit [*.net *.split]
d9b4bef9 has quit [*.net *.split]
mrd0ll4r has quit [*.net *.split]
IGHOR has quit [*.net *.split]
Giszmo has quit [*.net *.split]
nikuhodai has quit [*.net *.split]
jl2012 has quit [*.net *.split]
chjj has quit [*.net *.split]
Hunger- has quit [*.net *.split]
mrd0ll4r_ is now known as mrd0ll4r
petertodd has quit [*.net *.split]
nikuhodai_ is now known as nikuhodai
jl2012_ is now known as jl2012
d9b4bef9 has joined #bitcoin-wizards
LeMiner has quit [Read error: Connection reset by peer]
chjj has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
gwollon is now known as gwillen
dlb76_ is now known as dlb76
dlb76 has quit [Changing host]
dlb76 has joined #bitcoin-wizards
<gmaxwell>
andytoshi: Are you aware of a signature scheme which preserves addition of messages? E.g. say you have Pub1, Msg1, Sig1 and Pub2, Msg2, Sig2, does a scheme exists where you can take those and compute Sig3 which is valid for Pub1 + Pub2, Msg1 xor Msg2 (or other addition operator)?
<gmaxwell>
If so, it could be used to eliminate quadratic bandwidth blowup in a dicemix like protocol in the common case.
TheoStorm has joined #bitcoin-wizards
Kaizen_ has joined #bitcoin-wizards
Kaizen_ has quit [Remote host closed the connection]
rusty has quit [Ping timeout: 265 seconds]
kallisteiros has joined #bitcoin-wizards
<nsh>
maybe with Pintsov-Vanstone sigs [due to confidential partial message recovery] with some message redundancy allowing composition by parity
<nsh>
(i have no idea what i'm talking about obviously)
Kaizen_ has quit [Remote host closed the connection]
luke-jr has joined #bitcoin-wizards
thrmo_ has quit [Quit: Waiting for .007]
dEBRUYNE_ has left #bitcoin-wizards ["Leaving"]
Giszmo has quit [Ping timeout: 252 seconds]
dEBRUYNE has joined #bitcoin-wizards
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
elichai2 has quit [Quit: Connection closed for inactivity]
Giszmo has joined #bitcoin-wizards
tooth29 has quit [Ping timeout: 268 seconds]
tooth29 has joined #bitcoin-wizards
WAhVdGsK1 has joined #bitcoin-wizards
abcbc has quit [Remote host closed the connection]
TheoStorm has quit [Quit: Leaving]
WAhVdGsK1 has quit [Quit: WAhVdGsK1]
michaelsdunn1 has quit [Remote host closed the connection]
dvknv has joined #bitcoin-wizards
WAhVdGsK1 has joined #bitcoin-wizards
dvknv has quit [Ping timeout: 252 seconds]
dvknv has joined #bitcoin-wizards
son0p has joined #bitcoin-wizards
belcher_ has quit [Quit: Leaving]
<WAhVdGsK1>
gmaxwell: I think BLS where messages, signatures, and pub keys are multiplied works for that, no signer coordination. But of course, pairings... I think the problem with ElGamal, or any of the other homomorphic schemes, is coordination on the r values. Maybe it's possible with one of them, but I don't see how, at least for ElGamal.
WAhVdGsK1 has quit [Quit: WAhVdGsK1]
<gmaxwell>
I was thinking of pairing, though I think this means that m1 then needs to be in the curve's field, which is a bit annoying.
<gmaxwell>
and if the message is larger than one, you probably need a different pubkey for each digit to prevent permuting them.
<sipa>
gmaxwell: it works for pairing
<sipa>
but it breaks the assumption that the message is hashed onto the curve
<sipa>
if you're doing arithmetic on it after the hashing
<sipa>
by "works" i guess i mean that the result will verify correctly; i'm doubtful that it's secure
<sipa>
specifically, BLS is normally: hash the message onto the curve, and then multiply the resulting point with the private key
<gmaxwell>
Right and the 'hash' is the identity function in that case, which I agree seems suspect!
<sipa>
well... you could define the hash function onto the curve for messages as "chop the message into 32-byte groups, hash each onto the curve, and sum the resulting points"
<sipa>
now you have a scheme that lets you produce signatures for concatenation of messages by summing the signatures
<sipa>
(again, very doubtful this is secure)
Kaizen__ has joined #bitcoin-wizards
<gmaxwell>
Right, but what I was going for was elimiating the n^2 communication in the inner step of a dicemix like protocol. You compute your share of the polynomial, sign it, send it to the next guy, who adds his, and then adds his signature. :P
<sipa>
ah, yes.
<sipa>
my hobby: forgetting the end goal
WAhVdGsK1 has joined #bitcoin-wizards
<gmaxwell>
In particular, for moderate N like... all the bandwidth is in that N^2. So, for example, if you replace the polynomial with IBLT, you end up with something massively scalable except for the n^2 broadcast. (the n^2 key agreement is one time setup that can be amortized across any number of messages).
<WAhVdGsK1>
lol
Kaizen__ has quit [Ping timeout: 276 seconds]
<WAhVdGsK1>
Are there any public key schemes where the "message" isn't assumed to be a hash of a longer message? Ie. one that operates on arbitrary length bitstreams or "public key block ciphers" that can be combined under some mode?