sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
tromp has joined #bitcoin-wizards
Belkaar has quit [Ping timeout: 272 seconds]
tromp has quit [Ping timeout: 246 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Chris_Stewart_5 has quit [Ping timeout: 252 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
deusexbeer has quit [Quit: Konversation terminated!]
Belkaar has quit [Ping timeout: 252 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Emcy has quit [Quit: Leaving]
Emcy has joined #bitcoin-wizards
Emcy has quit [Client Quit]
Emcy has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 252 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Cory has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 272 seconds]
JackH has quit [Ping timeout: 244 seconds]
JackH has joined #bitcoin-wizards
son0p has quit [Quit: Lost terminal]
Krellan has quit [Ping timeout: 250 seconds]
jb55 has quit [Quit: WeeChat 2.1]
Cory has quit [Ping timeout: 244 seconds]
Cory has joined #bitcoin-wizards
HoloIRCUser has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
HoloIRCUser has quit [Quit: HoloIRCUser]
HoloIRCUser has joined #bitcoin-wizards
tromp has quit [Ping timeout: 272 seconds]
<maaku>
instagibbs: MW doesn't have scriptPubKeys
<maaku>
andytoshi: I'm not sure I follow. are you saying you AES encrypt the blinding factor and put that in the txout instead?
<maaku>
of course only the recipient could do this, and so why put it in the tx at all?
_whitelogger has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 245 seconds]
HoloIRCUser2 has joined #bitcoin-wizards
HoloIRCUser has quit [Ping timeout: 252 seconds]
HoloIRCUser2 has quit [Read error: Connection reset by peer]
HoloIRCUser has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 252 seconds]
tromp has joined #bitcoin-wizards
HoloIRCUser has quit [Ping timeout: 252 seconds]
dcousens has joined #bitcoin-wizards
setpill has joined #bitcoin-wizards
deusexbeer has joined #bitcoin-wizards
setpill has quit [Ping timeout: 250 seconds]
setpill has joined #bitcoin-wizards
Zenton has joined #bitcoin-wizards
<maaku>
It seems with MW you knwo the outputs that are yours because you generated them, in an ideal sense, but in reality people do things like backup wallets and expect to recover future transactions
<maaku>
so you have to scan every single output. what I'm curious is if there's some other construction that could be made more efficient for this, while still allowing unexpected payments using scripted outputs
esotericnonsense has quit [Ping timeout: 272 seconds]
AaronvanW has quit [Read error: Connection timed out]
AaronvanW has joined #bitcoin-wizards
setpill has quit [Ping timeout: 240 seconds]
setpill has joined #bitcoin-wizards
enemabandit has joined #bitcoin-wizards
setpill has quit [Ping timeout: 240 seconds]
setpill has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
antanst has quit [Ping timeout: 246 seconds]
antanst has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
Chris_Stewart_5 has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 252 seconds]
<andytoshi>
maaku: essentially yes, you have a secret blinding key and everything in the txout is encrypted to yourself using that (it's not AES but it could be; it's xoring with the random stream that you used to generate the rangeproof in the first place)
<andytoshi>
and no, i'm not aware of any more efficient construction. with switch commitments you have a "free point" that you can make more directly recognizeable
<andytoshi>
in addition to the encryption, you could grind your rangeproofs or points so that the first byte or two was 0 when hashed alongside some secret.. this would let you eliminate the majority of outputs in 100s of ns each (and this check would be done before the ecdh)
<andytoshi>
so there are certainly hacks like that that make "scan everything" useable in practice
antanst_ has quit [Ping timeout: 272 seconds]
<instagibbs>
maaku, wasn't talking about MW, guess I missed the additional scrollback
setpill has quit [Ping timeout: 250 seconds]
setpill has joined #bitcoin-wizards
intcat has quit [Ping timeout: 250 seconds]
belcher_ has joined #bitcoin-wizards
intcat has joined #bitcoin-wizards
setpill has quit [Client Quit]
SopaXorzTaker has joined #bitcoin-wizards
samm__ has quit [Ping timeout: 240 seconds]
Deinogalerix21 has joined #bitcoin-wizards
samm_ has joined #bitcoin-wizards
Deinogalerix21 has quit [Quit: WeeChat 2.2]
d9b4bef9 has joined #bitcoin-wizards
narodnik has joined #bitcoin-wizards
wildermind has joined #bitcoin-wizards
Krellan has joined #bitcoin-wizards
p0nziph0ne has joined #bitcoin-wizards
TheoStorm has quit [Quit: Leaving]
thrmo has joined #bitcoin-wizards
enemabandit has quit [Ping timeout: 240 seconds]
thrmo_ has joined #bitcoin-wizards
thrmo has quit [Ping timeout: 250 seconds]
<maaku>
andytoshi: I was trying to work out your statement "oh, that does not include the ECDH. you'd need to use some symmetric key to actually get that performance."
<nsh>
i guess it was relative to "but we got trial-rewinding down to 3.5 nanoseconds"
<maaku>
so to be clear, for CT you would have to finish the ECDH to get the blinding factor. for MW you generate the blinding factor by whatever means and try it, and that's significantly faster than ECDH?
narodnik has quit [Remote host closed the connection]
narodnik has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
narodnik has quit [Remote host closed the connection]
Guest79908 has quit [Quit: WeeChat 1.0.1]
GAit has joined #bitcoin-wizards
<andytoshi>
maaku: yes
<andytoshi>
with old-school rangeproofs it was like 8ms to try the ECDH key, so the tens of microseconds that you need to compute it wasn't really too important (and scanning every output was completely impractical)
<andytoshi>
with bulletproofs, once you have a nonce somehow, you can do a preliminary check in less than 3.5 microseconds, which is practical for every output even in bitcoin (if you're willing to spend an hour or so, e.g during wallet restore)
<andytoshi>
but then "tens of microseconsd to do a ECDH" makes it impractical again
schmidty has quit [Ping timeout: 245 seconds]
Zenton has quit [Ping timeout: 272 seconds]
<maaku>
andytoshi: ok thanks. just wanted to make sure we're on the same page (we are)
<andytoshi>
excellent
<maaku>
"symmetric key" threw me into thinking you were talking about CT-land with senders AES-encrypting nonces, which of course would work but with terrible privacy properties
<maaku>
but you just meant how the nonces are generated inside the MW wallet
<andytoshi>
ah yep
<andytoshi>
i've considered doing AES-encrypted nonces from sender to receiver .. the issue is not so much privacy as it is key management .. you need to somehow share a key between every pair of transactors and there's just no practical way to do this without DH
<maaku>
yup
<maaku>
my musing above, before this tangent, was whether there is some homomorphism that can be exploited to make an index of outputs for block though, to get better than linear scanning time
<maaku>
but at 3.5ns that's not necessary
AaronvanW has joined #bitcoin-wizards
<maaku>
actually it would be good for SPV clients though
<maaku>
client-side block filtering for MW wallets
<andytoshi>
3.5 µs, not ns .. but yeah
<andytoshi>
for individual blocks it's definitely performant enough even for very weak machines
Belkaar has quit [Ping timeout: 245 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
douglas_ has joined #bitcoin-wizards
grubles_ is now known as grubles
jb55 has joined #bitcoin-wizards
<wildermind>
does bitcoin core node has the option of blacklisting some other nodes ? is it done manually meaning, using the CLI/list or, programatically meaning that some behavior will lead to blacklisting? Also, what does the node do when it's low on peers? could anyone point me to a resource? I did read ALL the docs regarding the p2p in bitcoin.org
<belcher_>
#bitcoin is a better channel for questions like that wildermind
<wildermind>
belcher_: ok ty
SopaXorzTaker has quit [Remote host closed the connection]
<ECH>
maaku: So I took the plunge.
<ECH>
I tried to write up an overview of CT after our convo.
<ECH>
Would you be interested in taking a look at it?
<ECH>
Only part I got confused at was the part when you said that the Confidential Transaction Output is "{Pedersen commitment, ecdh nonce, scriptPubKey}"
<maaku>
sure I can take a look at it
<ECH>
I'm not sure what the ecdh nonce refers to. Is that the blinding key? Or is that the random number multiplied with the blinding key?
<maaku>
or you can post to this channel and others can review too
<ECH>
lol okay.
<maaku>
it is (blinding factor) * (sender's ephemeral secret) * G
<ECH>
Got it.
<maaku>
er, (nonce) * (sender's ephemeral secret) * G
<maaku>
which multiplied by the receiver's secret blinding key (and hashed) is the blinding factor
<maaku>
sorry. In the CT source we called it "nonce" which is a terrible name.
<ECH>
Yea...
<ECH>
I get it confused with like mining nonce's
<maaku>
it's a partial-ECDH protocol transcript
<ECH>
Okay let me edit it and I'll post it for review.
Chris_Stewart_5 has joined #bitcoin-wizards
<maaku>
especially bad because nonce means "number used once" and it's not even a number.. it's an EC point
<ECH>
lol
<ECH>
okay will post in a few hours after lunch and what not.
<ECH>
I'm still unsure about the ecdh nonce part. But I feel like I was able to convey the general key concepts. I didn't go into the nitty gritty math details though.
grubles has joined #bitcoin-wizards
newbie is now known as newbie--
ryanofsky has quit [Remote host closed the connection]
ryanofsky_ has joined #bitcoin-wizards
ryanofsky_ is now known as ryanofsky
antanst_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]