sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
cassier has quit []
bstarr has joined #bitcoin-wizards
proofofkeags has quit [Remote host closed the connection]
proofofkeags has joined #bitcoin-wizards
mryandao has quit [Remote host closed the connection]
proofofkeags has quit [Ping timeout: 256 seconds]
surja795 has joined #bitcoin-wizards
mryandao has joined #bitcoin-wizards
AaronvanW has quit []
proofofkeags has joined #bitcoin-wizards
TheoStorm has quit [Remote host closed the connection]
EmmyNoether has quit [Ping timeout: 260 seconds]
EmmyNoether has joined #bitcoin-wizards
AbramAdelmo has joined #bitcoin-wizards
EmmyNoether has quit [Ping timeout: 272 seconds]
EmmyNoether has joined #bitcoin-wizards
bitdex has joined #bitcoin-wizards
Belkaar_ has quit [Ping timeout: 256 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 272 seconds]
AbramAdelmo has quit [Remote host closed the connection]
shush has quit [Remote host closed the connection]
bstarr has quit []
AbramAdelmo has joined #bitcoin-wizards
AbramAdelmo_ has joined #bitcoin-wizards
AbramAdelmo_ has quit [Remote host closed the connection]
AbramAdelmo has quit [Ping timeout: 240 seconds]
shush has joined #bitcoin-wizards
shush has quit [Remote host closed the connection]
shush has joined #bitcoin-wizards
Xing`1 has joined #bitcoin-wizards
shush has quit [Ping timeout: 260 seconds]
surja795 has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
surja795 has joined #bitcoin-wizards
tromp has quit [Ping timeout: 260 seconds]
surja795 has quit [Ping timeout: 260 seconds]
shush has joined #bitcoin-wizards
shush has quit [Ping timeout: 240 seconds]
EmmyNoether has quit [Ping timeout: 256 seconds]
EmmyNoether has joined #bitcoin-wizards
jnewbery has quit [Ping timeout: 272 seconds]
proofofkeags has quit [Remote host closed the connection]
proofofkeags has joined #bitcoin-wizards
proofofkeags has quit [Ping timeout: 256 seconds]
fiatjaf has quit [Ping timeout: 240 seconds]
fiatjaf has joined #bitcoin-wizards
AbramAdelmo has joined #bitcoin-wizards
AbramAdelmo has quit [Ping timeout: 260 seconds]
jnewbery has joined #bitcoin-wizards
ppisati has quit [Quit: leaving]
ppisati has joined #bitcoin-wizards
CryptoDavid has quit [Quit: Connection closed for inactivity]
proofofkeags has joined #bitcoin-wizards
proofofkeags has quit [Ping timeout: 246 seconds]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 272 seconds]
AbramAdelmo has joined #bitcoin-wizards
AbramAdelmo has quit [Ping timeout: 240 seconds]
Xing`1 has quit []
AbramAdelmo has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
AbramAdelmo has quit [Ping timeout: 256 seconds]
Greedi has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
AbramAdelmo has joined #bitcoin-wizards
AbramAdelmo has quit [Read error: No route to host]
Dean_Guss has quit [Remote host closed the connection]
DeanWeen has joined #bitcoin-wizards
EmmyNoether has quit [Ping timeout: 260 seconds]
fajro has quit []
rotarydialer has quit [Ping timeout: 260 seconds]
EmmyNoether has joined #bitcoin-wizards
proofofkeags has joined #bitcoin-wizards
rotarydialer has joined #bitcoin-wizards
proofofkeags has quit [Ping timeout: 264 seconds]
kierra has joined #bitcoin-wizards
kierra is now known as Guest67738
AaronvanW has joined #bitcoin-wizards
luke-jr has quit [Ping timeout: 260 seconds]
Iriez has quit [Remote host closed the connection]
luke-jr has joined #bitcoin-wizards
sipa has quit [Remote host closed the connection]
Iriez has joined #bitcoin-wizards
sipa has joined #bitcoin-wizards
<yanmaani>
Why couldn't bitcoin have used cryptography to prevent double-spends?
<yanmaani>
Chaumian ecash works by breaking the anonymity if you make two signatures using the same key. Don't the primitives exist to force you to reveal your key by signing two transactions for the same UTXO?
proofofkeags has joined #bitcoin-wizards
AbramAdelmo has joined #bitcoin-wizards
jonatack has quit [Quit: jonatack]
AbramAdelmo has quit [Ping timeout: 240 seconds]
Guest67738 has quit [Ping timeout: 260 seconds]
AbramAdelmo has joined #bitcoin-wizards
mdunnio has joined #bitcoin-wizards
AbramAdelmo has quit [Ping timeout: 260 seconds]
proofofkeags has quit [Remote host closed the connection]
proofofkeags has joined #bitcoin-wizards
proofofk_ has joined #bitcoin-wizards
proofofk_ has quit [Read error: Connection reset by peer]
proofofkeags has quit [Read error: Connection reset by peer]
proofofk_ has joined #bitcoin-wizards
<jb55>
yanmaani: they could still double spend. what does it matter if the spend key is then revealed afterwards, the utxo is emptied. you still need some mechanism to come to consensus about the state of the ledger.
proofofk_ has quit [Remote host closed the connection]
proofofkeags has joined #bitcoin-wizards
veleiro has joined #bitcoin-wizards
ThunderChicken1 has joined #bitcoin-wizards
<yanmaani>
jb55: If they put the second transaction, then the miner would get the money
<yanmaani>
thus they couldn't keep it
<yanmaani>
miner sees txn 1: either include and keep txn fee or ignore
<yanmaani>
miner sees txn 1 + txn 2: either include 1 and keep txn fee, or include 2 and keep (larger) txn fee, or calculate private key and keep the whole transaction
morcos has quit [Remote host closed the connection]
morcos has joined #bitcoin-wizards
shush has joined #bitcoin-wizards
veleiro` has joined #bitcoin-wizards
veleiro has quit [Ping timeout: 258 seconds]
jonatack has joined #bitcoin-wizards
justanotheruser has quit [Ping timeout: 244 seconds]
proofofkeags has quit [Remote host closed the connection]
proofofkeags has joined #bitcoin-wizards
proofofkeags has quit [Read error: Connection reset by peer]
proofofk_ has joined #bitcoin-wizards
proofofk_ has quit [Remote host closed the connection]
proofofkeags has joined #bitcoin-wizards
AbramAdelmo has joined #bitcoin-wizards
<nothingmuch>
yanmaani: monero, zcash and zcoin do that, more or less... the main downside is that outputs that aren't double spent need to be kept forever, instead of a UTXO set that can contract, you keep a monotonically growing TXO set and a monotonically growing set of spends
<nothingmuch>
fwiw online e-cash with chaumian blind signatures isn't traceable, a double spend can be denied by a merchant by simply asking the issuer if a signature is still valid
<sipa>
ecash's double spend prevention isn't done through cryptography, but through a central server that maintains a list of spent coins
<sipa>
the cryptography is there to make sure the server does not know who those coins belong to
AbramAdelmo has quit [Ping timeout: 256 seconds]
<sipa>
the problem is that this approach is not auditable; if you add proofs for correct operation you effectively get zcash, i think
<yanmaani>
Then it's not chaumian joins
<yanmaani>
ecash*
<nothingmuch>
offline e-cash schemes are generally built on tracing, but that assumes the issuer can hold the double spender liable
<yanmaani>
But I recall this being a vulnerability though
<yanmaani>
"If you sign this twice in this manner, you reveal your key"
<yanmaani>
Am I missing something?
<yanmaani>
Wasn't this the problem with RSA?
<sipa>
no
<yanmaani>
Wasn't this how Sony leaked their keys?
<sipa>
no
<yanmaani>
They reused a nonce and then bad things happened?
<sipa>
they just didn't use a ransom nonce
<yanmaani>
And used it twice?
<yanmaani>
Or does the nonce have to be secret after signing as well?
<sipa>
yes,it was a hardcoded constant
<sipa>
yes
<nothingmuch>
but this is just a property of proofs of knowledge, not of blind signatures
<yanmaani>
nothingmuch: This has nothing to do with blind sigs
<sipa>
ecash == blind sigs
<sipa>
that's what the whole scheme is based on
<yanmaani>
So there aren't any signature schemes which explode horribly if you use the same nonce and the same key twice, but work fine if you use a known nonce with one key once?
<nothingmuch>
there are
<sipa>
some hash based signatures have that property
<yanmaani>
Why aren't any such used in Bitcoin?
<yanmaani>
Wouldn't it solve the double-spending problem?
<sipa>
and i believw guy fawkes signature have that property by design
<yanmaani>
(You could still light your money on fire after handing it to the merchant, but that doesn't seem as bad...)
<sipa>
but that's not ecash
<yanmaani>
Yeah, I just vaguely remember some ecash scheme using that too
<nothingmuch>
the double spending problem is mainly to do with the order of the spends, that requires global consensus. if there's two merchants who both claim they were paid first, and no authority to make them hole, the double spender's key doesn't really help
<yanmaani>
nothingmuch: If the spender issues two spends using the same key, he's done a bad thing
<yanmaani>
If he can only pay one UTXO to one merchant, he can't double spend
nehan has quit [Quit: leaving]
<nothingmuch>
right, but then why use crypto to achieve that, it has the downside that you have those two monotonically growing sets
nehan has joined #bitcoin-wizards
<yanmaani>
no
pinheadm_ has joined #bitcoin-wizards
<yanmaani>
no monotonically growing sets
<sipa>
one issue with that is that it would break rbf
<yanmaani>
yeah RBF would fly out of the window
<sipa>
or the ability to use stateless hardware wallets
<yanmaani>
but it would be a good way to break RBF
ghost43 has quit [Remote host closed the connection]
<yanmaani>
the current state of things with RBF is reasonable
<yanmaani>
it's only when RBF relies on a gentleman's agreement we have a problem
pinheadm_ has quit [Client Quit]
pinheadmz has quit [Read error: Connection reset by peer]
<nothingmuch>
if you don't keep all the old signatures, that are not linkable to their validity, how do you prove something is a double spend?
<sipa>
seems like a problem: you signed with the wrong fee... your coins are effectiely burned
<yanmaani>
nothingmuch: you don't, the miners do
ghost43 has joined #bitcoin-wizards
<yanmaani>
sipa: I thought of this, you could do timelock transactions
dongcarl has quit [Quit: Ping timeout (120 seconds)]
<yanmaani>
"Either this txn gets included in the coming 10 blocks and you get 1 XBT, or they're refunded to me"
rotarydialer has quit [Ping timeout: 256 seconds]
Logicwax has quit [Ping timeout: 256 seconds]
dongcarl has joined #bitcoin-wizards
fluffypony has quit [Ping timeout: 256 seconds]
<yanmaani>
Then you could just wait 10 blocks and retry
pinheadmz has joined #bitcoin-wizards
<sipa>
ugh, non-monotonic transactions :)
<yanmaani>
(you'd implement this with a pay-to-xpub scheme)
<sipa>
that's opening a new set of issues
<yanmaani>
yeah but look on the plus side:
<yanmaani>
when a merchant sees txn in mempool
<sipa>
there are no xpubs for such schemes
<yanmaani>
he knows that's his money
<yanmaani>
this'd be some segwitesque construct, or something that happened in the counterfactual universe where this was there from the start
<sipa>
wel, there was a paper on this topic a number of years back
<sipa>
fawkescoin
<yanmaani>
ahh, what conclusion did they get?
<sipa>
i don't remember
Logicwax has joined #bitcoin-wizards
<sipa>
they say it's practical, but don't rememember the detas
<sipa>
but academic "practical" does not mean much
<sipa>
it's a massively different design though, with very different tradeoffs, so it seems unlikely that bitcoin would migrate to it
<sipa>
but of course, anyone is free to build something based on it
<yanmaani>
hmm
<yanmaani>
well, at least it's been studied then
<yanmaani>
If you did that, would there be any need for a blockchain?
fluffypony has joined #bitcoin-wizards
<sipa>
yes, to force publication
<yanmaani>
Could you have some really flimsy construction like PoS?
<sipa>
otherwise the two recipients of the same coin would not be guaranteed to know they are being double spent
justanotheruser has joined #bitcoin-wizards
<yanmaani>
now that double-spending isnt a problem
rotarydialer has joined #bitcoin-wizards
<yanmaani>
yeah that's a good point
<yanmaani>
although strict ordering wouldn't be needed
<sipa>
double-spending isn't a problem once you have a chain
<yanmaani>
(I recognize that PoS is generally a fraud)
<yanmaani>
Sure but you have to wait X minutes
<yanmaani>
and there could be reorgs
<sipa>
sure
<yanmaani>
This would give you absolute guarantees
<yanmaani>
Or, not absolute - the sender could destroy it
<sipa>
i'm not convinced
<sipa>
without a consistent chain you have no guarantee that the recipient or a miner will have learned about the 2nd spend attempt
<yanmaani>
1) Wouldn't PoS be consistent enough?
<yanmaani>
2) Wouldn't a mempool suffice? It doesn't have to be extremely good
<yanmaani>
just OK-ish
<sipa>
either PoS works or it doesn't
<sipa>
it's not about consistent or not
<yanmaani>
PoS doesn't work because it can get reorged to hell and back
<sipa>
if it works it is, and if it doesn't it's not consistent at all
<sipa>
it's a question about incentives
<sipa>
that's one of the issues
<yanmaani>
Hmm. Has anyone tried to make a PoS sidechain of bitcoin?
<yanmaani>
You use the bitcoin main chain to decide randomness
<yanmaani>
you stake bitcoins, not native tokens
<sipa>
i have no idea, nothing noteworthy certainly though
<yanmaani>
etc
proofofkeags has quit [Remote host closed the connection]
AbramAdelmo has joined #bitcoin-wizards
veleiro`` has joined #bitcoin-wizards
AbramAdelmo has quit [Ping timeout: 246 seconds]
veleiro` has quit [Ping timeout: 246 seconds]
proofofkeags has joined #bitcoin-wizards
veleiro`` is now known as veleiro
veleiro has quit [Changing host]
veleiro has joined #bitcoin-wizards
laptop has joined #bitcoin-wizards
michaelfolkson has joined #bitcoin-wizards
b10c has joined #bitcoin-wizards
veleiro` has joined #bitcoin-wizards
veleiro has quit [Ping timeout: 265 seconds]
Dyaheon has quit [Ping timeout: 256 seconds]
laptop has quit [Quit: Leaving]
Dyaheon has joined #bitcoin-wizards
michaelf_ has joined #bitcoin-wizards
michaelfolkson has quit [Ping timeout: 246 seconds]
michaelf_ has quit [Client Quit]
michaelfolkson has joined #bitcoin-wizards
michaelf_ has joined #bitcoin-wizards
michaelfolkson has quit [Ping timeout: 265 seconds]
michaelf_ has quit [Client Quit]
michaelfolkson has joined #bitcoin-wizards
michaelf_ has joined #bitcoin-wizards
michaelfolkson has quit [Ping timeout: 244 seconds]
michaelf_ has quit [Client Quit]
michaelfolkson has joined #bitcoin-wizards
michaelfolkson is now known as michaelfolkson2
lederstrumpf has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
michaelfolkson2 is now known as michaelfolkson
AbramAdelmo has joined #bitcoin-wizards
AbramAdelmo has quit [Ping timeout: 256 seconds]
ThunderChicken1 has quit []
theStack has quit [Quit: Lost terminal]
AbramAdelmo has joined #bitcoin-wizards
AbramAdelmo has quit [Ping timeout: 258 seconds]
ecrist1 has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
b10c has quit [Quit: Leaving]
AbramAdelmo has joined #bitcoin-wizards
Kiminuo has joined #bitcoin-wizards
AbramAdelmo has quit [Ping timeout: 258 seconds]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 260 seconds]
madflavor has quit []
michaelfolkson has quit [Ping timeout: 256 seconds]
michaelfolkson has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
stoner19 has quit [Remote host closed the connection]