sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
gde331 has quit []
<sipa>
aj: haha, dutch doesn't have umlauts, though it does use the identically-looking trema symbol above vowels to indicate they're not part of a diphthong
<sipa>
unfortunately, ea and ae are not diphtongs
torax has joined #bitcoin-wizards
<waxwing>
aj, oh damn good point
<waxwing>
sipa, i simply postulate a spherical schnorr signature. the rest is left as an exercise for the reader.
<waxwing>
jokes aside, i don't think N is different from 3 there. the exact protocol suggested is horrible though (see note at the end about timing) for large numbers. but i'm not sure the exact protocol (the shuffle thing) is what's interesting.
<waxwing>
if i'm wrong about that let me know.
<gmaxwell>
instagibbs: it's still a nice design to put it explicitly, it lets you guage it independantly, so you could for example process higher diff headers strictly before low diff ones, etc. in some hashcash scheme where there wasn't a 'chain' its necessary.
<sipa>
instagibbs: i believe Flyclient also needs it, if anyone would want to implement that for bitcoin
BlueMatt has joined #bitcoin-wizards
<gmaxwell>
sipa: how does Flyclient differe from the log() size POW proofs we have in the sidechains whitepaper?
<sipa>
gmaxwell: it's conceptually very similar
<sipa>
the idea is that every (participating) block includes an MMR committing to all previous (participating) blocks
<gmaxwell>
so far thats essentially the same.
<sipa>
and then you select (fiat shamir like) a subset of blocks in the chain to reveal, and the verifier verifies that the MMRs are consistent with eachother (and due to being MMRs, effectively all branches are shared between them)
<sipa>
it's not low-hash based, though
<sipa>
afaik
<gmaxwell>
then how does it actually demonstrate the cumulative amount of work in the chain?
<sipa>
the low-hash based construction we had later led to NiPoPoW, which only has a security proof when the difficulty is constant
<gmaxwell>
Right, I'm aware.
<sipa>
iirc flyclient is secure even under varying difficulty
<sipa>
though i need to read the paper for details
<sipa>
iirc they have an optimal non-uniform sampling to show a certain amount of work with some security parameter
<gmaxwell>
I see, so if a span claims a lot of work, it's likely to be sampled.
<gmaxwell>
that seems kind of a dual of our design, in that we use the "apparent work" to select those samples for us.
Chris_Stewart_5 has joined #bitcoin-wizards
<sipa>
i think the MMR is also a merkle sum tree with cumulative difficulty
<gmaxwell>
right, makes sense, just to carry the data for sampling purposes.
<sipa>
right
<gmaxwell>
(I was about to say, I see that this would work but I think the consistency proofs would be big, but perhaps using a sum tree fixes that)
BlueMatt has quit [Read error: Connection reset by peer]
BlueMatt has joined #bitcoin-wizards
pinheadmz has quit [Quit: pinheadmz]
BlueMatt_ has joined #bitcoin-wizards
BlueMatt has quit [Ping timeout: 276 seconds]
BlueMatt has joined #bitcoin-wizards
BlueMatt_ has quit [Read error: Connection reset by peer]
Chris_Stewart_5 has quit [Ping timeout: 246 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 250 seconds]
CryptoDavid has quit [Quit: Connection closed for inactivity]
ccdle12 has quit [Remote host closed the connection]
DeanGuss has quit [Ping timeout: 256 seconds]
Hunger- has quit [Ping timeout: 258 seconds]
Belkaar_ has quit [Ping timeout: 258 seconds]
tromp has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
tromp has quit [Ping timeout: 240 seconds]
torax has quit []
pinheadmz has joined #bitcoin-wizards
DeanGuss has joined #bitcoin-wizards
Hunger- has joined #bitcoin-wizards
dgilmore1 has joined #bitcoin-wizards
kenshi84 has quit [Ping timeout: 268 seconds]
kenshi84 has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
pinheadmz has quit [Quit: pinheadmz]
ccdle12 has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
DeanGuss has quit [Remote host closed the connection]
DeanGuss has joined #bitcoin-wizards
ccdle12 has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
tromp has quit [Ping timeout: 259 seconds]
tromp_ has quit [Ping timeout: 258 seconds]
justanotheruser has quit [Ping timeout: 244 seconds]
ccdle12 has joined #bitcoin-wizards
dgilmore1 has quit []
Cotillion has joined #bitcoin-wizards
pinheadmz has joined #bitcoin-wizards
harrow has quit [Quit: Leaving]
simoen has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
jimmyrizzle has joined #bitcoin-wizards
jimmyrizzle has quit [Client Quit]
_whitelogger has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
simoen has quit [Ping timeout: 246 seconds]
enemabandit has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
setpill has joined #bitcoin-wizards
Aaronvan_ has joined #bitcoin-wizards
laptop500 has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 245 seconds]
jimmyrizzle has quit [Remote host closed the connection]
tromp has quit [Remote host closed the connection]
Guyver2 has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
PdeClown has joined #bitcoin-wizards
PdeClown has quit [Changing host]
PdeClown has joined #bitcoin-wizards
PdeClown has quit [Client Quit]
nanotube has quit [Ping timeout: 260 seconds]
Cotillion has quit []
wgolden has joined #bitcoin-wizards
TheoStorm has joined #bitcoin-wizards
elichai2 has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
<waxwing>
afaik he isn't able to make it properly work because there is a collusion risk, but the intent is that the server doesn't need liquidity and you can remove need for staggered timeouts.