sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Murch has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
pinheadmz has quit [Quit: pinheadmz]
pinheadmz has joined #bitcoin-wizards
alferz has joined #bitcoin-wizards
mint_ has quit [Quit: Leaving]
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
zekk has joined #bitcoin-wizards
altona has joined #bitcoin-wizards
alferz has quit [Ping timeout: 240 seconds]
borlando has joined #bitcoin-wizards
borland has joined #bitcoin-wizards
borlando has quit [Read error: Connection reset by peer]
<waxwing>
re: "security proofs don't actually prove something is secure - more accurately they teach you under exactly what sets of assumptions something is secure" : the recent zcash thing (at least going from the blog) illustrates the unfortunate reality that even somehow doesn't cut it, security proofs seem to be flawed sometimes
<waxwing>
but i guess it really depends on how complex it is, among other things.
<waxwing>
even *that* somehow ... etc , sorry
<sipa>
waxwing: i should have added "even flawless security proofs" :)
rusty has joined #bitcoin-wizards
borland has quit [Quit: Quit]
AaronvanW has quit [Remote host closed the connection]
zekk has quit [Ping timeout: 252 seconds]
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
<gmaxwell>
waxwing: the zcash stuff before didn't have a security proof at all, IIRC.
<gmaxwell>
waxwing: also, my understanding is that the snark stuff in general is not provable under typical security models, because they make security assumptions which are non-falsifyable.
DeanGuss has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
zekk has joined #bitcoin-wizards
zekk has quit [Ping timeout: 268 seconds]
AaronvanW has joined #bitcoin-wizards
zekk has joined #bitcoin-wizards
zekk has quit [Remote host closed the connection]
zekk has joined #bitcoin-wizards
pinheadmz has quit [Quit: pinheadmz]
TheoStorm has quit [Quit: Leaving]
Murch has quit [Quit: Snoozing.]
AaronvanW has quit [Ping timeout: 250 seconds]
zekk has quit [Ping timeout: 250 seconds]
comedy has joined #bitcoin-wizards
altona has quit []
Murch has joined #bitcoin-wizards
comedy has quit [Quit: comedy]
comedy has joined #bitcoin-wizards
<comedy>
🙂
zekk has joined #bitcoin-wizards
Belkaar has quit [Ping timeout: 245 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
zekk has quit [Ping timeout: 252 seconds]
comedy has quit [Quit: comedy]
riclas has quit [Ping timeout: 268 seconds]
harrymm has joined #bitcoin-wizards
<Madars>
there are impossibility results in the standard model (e.g. Gentry-Wichs), but we do have SNARKs in random-oracle model which, while non-falsifiable, is widely accepted (the tightest Schnorr reductions, Bulletproofs, etc all rely on it)
_whitelogger has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
racoonslug has quit [Quit: Connection closed for inactivity]
comedy has joined #bitcoin-wizards
<gmaxwell>
Madars: thanks, indeed. RO model is happily accepted in the world of pratical cryptosystems.
comedy has quit [Ping timeout: 246 seconds]
drexl has quit [Quit: drexl]
pinheadmz has joined #bitcoin-wizards
zekk has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
rusty has quit [Ping timeout: 245 seconds]
Murch has joined #bitcoin-wizards
Murch has quit [Client Quit]
pinheadmz has quit [Ping timeout: 250 seconds]
zekk has quit [Ping timeout: 252 seconds]
rh0nj has quit [Remote host closed the connection]
rh0nj has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
pinheadmz has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 268 seconds]
instagibbs has quit [Ping timeout: 245 seconds]
rusty2 is now known as rusty
pinheadmz has quit [Ping timeout: 240 seconds]
ddustin has joined #bitcoin-wizards
rusty has quit [Quit: Leaving.]
rusty has joined #bitcoin-wizards
ghost43 has quit [Ping timeout: 256 seconds]
ddustin_ has joined #bitcoin-wizards
ddustin has quit [Ping timeout: 250 seconds]
ghost43 has joined #bitcoin-wizards
tombusby has quit [Ping timeout: 256 seconds]
zekk has joined #bitcoin-wizards
tombusby has joined #bitcoin-wizards
rusty has quit [Quit: Leaving.]
zekk has quit [Ping timeout: 252 seconds]
pinheadmz has joined #bitcoin-wizards
pinheadmz has quit [Quit: pinheadmz]
ddustin_ has quit [Remote host closed the connection]
ddustin has joined #bitcoin-wizards
ddustin has quit [Ping timeout: 240 seconds]
zekk has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
zekk has quit [Ping timeout: 252 seconds]
zekk has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 240 seconds]
zekk has quit [Ping timeout: 250 seconds]
zekk has joined #bitcoin-wizards
zekk has quit [Ping timeout: 252 seconds]
rusty has quit [Quit: Leaving.]
ddustin has joined #bitcoin-wizards
bildramer has joined #bitcoin-wizards
bildramer1 has quit [Ping timeout: 240 seconds]
zekk has joined #bitcoin-wizards
pinheadmz has joined #bitcoin-wizards
Jackielove4u has quit [Quit: Connection closed for inactivity]
zekk has quit [Ping timeout: 250 seconds]
Jackielove4u has joined #bitcoin-wizards
zekk has joined #bitcoin-wizards
midnightmagic has quit [Ping timeout: 264 seconds]
pinheadmz has quit [Quit: pinheadmz]
zekk has quit [Ping timeout: 252 seconds]
bildramer1 has joined #bitcoin-wizards
bildramer has quit [Ping timeout: 250 seconds]
enemabandit has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
midnightmagic has joined #bitcoin-wizards
nephyrin has quit [Ping timeout: 250 seconds]
nephyrin has joined #bitcoin-wizards
nephyrin has quit [Ping timeout: 250 seconds]
Murch has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
nephyrin has joined #bitcoin-wizards
zekk has joined #bitcoin-wizards
setpill has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
midnightmagic has quit [Ping timeout: 264 seconds]
zekk has quit [Ping timeout: 252 seconds]
ddustin has quit [Remote host closed the connection]
ddustin has joined #bitcoin-wizards
tiagotrs has joined #bitcoin-wizards
ddustin has quit [Ping timeout: 268 seconds]
nephyrin has quit [Ping timeout: 250 seconds]
nephyrin has joined #bitcoin-wizards
midnightmagic has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
Zenton has joined #bitcoin-wizards
phwalkr has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 272 seconds]
zekk has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 246 seconds]
zekk has quit [Ping timeout: 252 seconds]
rusty has quit [Quit: Leaving.]
rusty has joined #bitcoin-wizards
rusty has quit [Quit: Leaving.]
TheoStorm has joined #bitcoin-wizards
zekk has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
shesek has quit [Ping timeout: 240 seconds]
spinza has joined #bitcoin-wizards
zekk has quit [Remote host closed the connection]
zekk has joined #bitcoin-wizards
zekk has quit [Remote host closed the connection]
zekk has joined #bitcoin-wizards
zekk has quit [Remote host closed the connection]
zekk has joined #bitcoin-wizards
zekk has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
drexl has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
spinza has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 250 seconds]
riclas has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
brianhoffman has quit [Ping timeout: 240 seconds]
TheoStorm has quit [Quit: Leaving]
Zenton has quit [Ping timeout: 240 seconds]
instagibbs has joined #bitcoin-wizards
IGHOR has quit [Ping timeout: 268 seconds]
Zenton has joined #bitcoin-wizards
tiagotrs has quit [Ping timeout: 268 seconds]
tiagotrs has joined #bitcoin-wizards
tiagotrs has quit [Ping timeout: 240 seconds]
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 246 seconds]
Guyver2 has joined #bitcoin-wizards
* vfP56jSe
writes down RO in the list of things he needs to read about
ddustin has joined #bitcoin-wizards
pinheadmz has joined #bitcoin-wizards
pinheadmz has quit [Client Quit]
pinheadmz has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
sv9t has quit [Ping timeout: 250 seconds]
michaelsdunn1 has joined #bitcoin-wizards
sv9t has joined #bitcoin-wizards
setpill has quit [Quit: o/]
jtimon has joined #bitcoin-wizards
Murch has joined #bitcoin-wizards
IGHOR has joined #bitcoin-wizards
afk11 has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
Murch has joined #bitcoin-wizards
enemabandit has quit [Ping timeout: 246 seconds]
CryptoDavid has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
dgenr8 has quit [Ping timeout: 245 seconds]
pinheadmz has quit [Ping timeout: 272 seconds]
pinheadmz has joined #bitcoin-wizards
Murch has joined #bitcoin-wizards
Murch has quit [Client Quit]
Murch has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
Murch has joined #bitcoin-wizards
Murch has quit [Client Quit]
Murch has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
gambpang has joined #bitcoin-wizards
Zenton has quit [Ping timeout: 240 seconds]
Murch has joined #bitcoin-wizards
michaelsdunn1 has quit []
Belkaar has quit [Read error: Connection reset by peer]
gambpang has quit [Quit: leaving]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
pinheadmz has quit [Quit: pinheadmz]
<vfP56jSe>
The only place in Schnorr where we need a RNG is for generating a's right? And those aren't that bad because we can use hash of inputs as seed?
Krellan_ has quit [Ping timeout: 240 seconds]
michaelsdunn1 has joined #bitcoin-wizards
shesek has quit [Ping timeout: 246 seconds]
afk11 has quit [Quit: Leaving]
enemabandit has joined #bitcoin-wizards
pinheadmz has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
Murch has quit [Quit: Snoozing.]
<gmaxwell>
vfP56jSe: yes, the hash of the entire input could be used as a randomizer for batch validation.
enemabandit has quit [Ping timeout: 240 seconds]
AaronvanW has quit [Ping timeout: 245 seconds]
jtimon has quit [Ping timeout: 246 seconds]
Murch has joined #bitcoin-wizards
DeanGuss has quit [Ping timeout: 256 seconds]
* nsh
wonders what part of the algorithm uses randomisation
<gmaxwell>
11:54:42 < vfP56jSe> So this way, we get the benefit of 1. Being able to sum the relevant scalars like "(-y*r1-w*r2)*C" 2. Use a
<gmaxwell>
"multi-exponentiation" algorithm to calculate the sum of EC multiplications like "r1*A + (-x*r1)*B + (-y*r1-w*r2)*C + r2*D +
<gmaxwell>
(-v*r2)*E"?
pinheadmz has quit [Quit: pinheadmz]
<sipa>
nsh: take the equations for verifying a single signature each, multiply each by a random scalar, add them together into a single equation
<nsh>
ah
<gmaxwell>
The signal signature equations look like R_n = s_n G + e_n P_n
pinheadmz has joined #bitcoin-wizards
<gmaxwell>
If you don't randomize but just combine them (stick a Sigma of n on each term), then it's possible to cheat by adding additional false equations that cancel out the other false equations.
<gmaxwell>
Randomization makes that infeasable.
<nsh>
so the randomness frustrates 'padding' out a bad signature for want of a better term
<nsh>
or wrapping maybe
<nsh>
i suppose cancelling is fine
<gmaxwell>
right, like you have some R != sG + eP (its false) now you add another false signature that is just the negation of the first false signature... canceling it out. but combined they'd verify.
pinheadmz has quit [Client Quit]
<gmaxwell>
If you seperately randomize each equation, they can't cancel anymore unless you successfully predicted the randomization.
<nsh>
gotcha, ty
<gmaxwell>
And if the randomization is either secret or derrived from a hash of all the inputs (a fiat shamir transform), you can't predict it.
* nsh
nods
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shesek has joined #bitcoin-wizards
rusty has quit [Quit: Leaving.]
Murch has quit [Quit: Snoozing.]
Murch has joined #bitcoin-wizards
Emcy has quit [Ping timeout: 246 seconds]
Murch has quit [Quit: Snoozing.]
Emcy has joined #bitcoin-wizards
Emcy has quit [Remote host closed the connection]
Emcy has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
* vfP56jSe
nods, but is a bit late
AaronvanW has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 245 seconds]
[0xME] has joined #bitcoin-wizards
Krellan has joined #bitcoin-wizards
elichai2 has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
zekk has joined #bitcoin-wizards
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
spinza has joined #bitcoin-wizards
Murch has joined #bitcoin-wizards
zekk has quit []
jimmysong has quit [Read error: Connection reset by peer]
jimmysong__ has quit [Read error: Connection reset by peer]
jimmysong has joined #bitcoin-wizards
jimmysong_ has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
TX1683 has quit [Read error: Connection reset by peer]
ddustin_ has joined #bitcoin-wizards
michaels_ has joined #bitcoin-wizards
go1111111 has quit [Quit: Leaving]
michaels_ has quit [Client Quit]
ddustin has quit [Ping timeout: 244 seconds]
Cory has quit [Ping timeout: 272 seconds]
rh0nj has quit [Remote host closed the connection]