00:01:54 andytoshi has quit 00:02:44 Muis_ has joined #bitcoin-wizards 00:04:19 petertodd: So the current alternative you mentioned many times :) is the trusted third-party. That is something like a (logical/trust) network of web wallets? 00:05:50 Muis has quit 00:06:26 arbart: off-chain tx's? it's a third-party, although the nature of the trust involved depends on how you do it 00:09:03 Actually, I just realized, the third parties wouldn't have to trust each other... just trust the math of the bitcoin-nanopayment? 00:10:27 Sure, but getting acceptance for that is a social problem. 00:12:02 Heh, totally. My thought was the probailistic payments might not be accepted by the average joe, but perhaps it could work for bitcoin banks to settle with each other without needing to exchange records to settle balances (without them all being separate bitcoin txs), 00:13:37 micropayment channels are better for that. 00:14:37 But what are the existing ideas? https://npmjs.org/package/bitcoin-nanopayment is now the closest one I know thanks to visiting here just now :) 00:14:46 arbart: ah, yeah if you're talking banks u-payments work well. Or ripple actually. 00:15:18 I think it needs to work with bitcoin. Inflation proof. 00:17:01 petertodd: I meant bank as a concept, even if it were a computer algorithm running somewhere. 00:17:23 arbart: inflation proofing third-party balances is pretty easy actually - you can always have the bank prove your balance is backed by real bitcoins 00:19:25 MoALTz_ has joined #bitcoin-wizards 00:21:53 MoALTz has quit 00:22:50 So is there anyone you've heard developing an open bitcoin bank API / system, meant so anyone (the world) can run an off-chain tx thingies to enable micro-transactions, and enabling a distributed nature of such (to allow people in different countries to implement them however works there), thus using something like probabilistic payments or something to settle bitcoin transfers across the 'banks' in a trustless manner? :) all 00:23:29 arbart: None that I've heard of - doing all that is a tonne of work and tricky to monetize. 00:23:59 Small-value payments just aren't worth much... and improvements in blockchian tech, or just the community accepting less decentralization, could easily make all or effort in vain. 00:25:14 DougieBot5000 has quit 00:25:29 Yes, well why i was wondering the state of the art, or I guess opinion on where it is at, in third party ideas, or native bitcoin protocol, or what :) 00:25:37 jtimon has joined #bitcoin-wizards 00:25:55 arbart: basically state of the art re: what we know can be done is way, way ahead of what people actually do 00:25:57 oh, and they aren't worth much each, but together they are more useful/powerful 00:26:33 e.g. proving balances are backed by real bitcoins is pretty easy, yet no-one's bothered AFAIK even though there's all kinds of bitcoin funds popping up 00:26:43 Well my mission is to discover all the boundries right now and then find which one I am best suited to help poke at :) 00:27:01 oh interesting point 00:27:37 well, try writing one of these prove-a-balance schemes! it's reasonably easy, and would be a nice thing for us to be able to show as an example 00:27:49 wallet42 has quit 00:28:06 wallet42 has joined #bitcoin-wizards 00:29:55 I can't argue any of that! That's an awesome idea then, thanks :) 00:31:22 np 00:32:20 What were you thinking then, a whole system? As simple as an rpc call in bitcoind that is something like signs some proof message with the public key? (is that a good way to do it) Or what level of 'system' were you thinking? 00:33:04 mappum has joined #bitcoin-wizards 00:34:32 Oh, and thank you for the summary of the state of the art then :) Your tree-chain idea though is quite interesting and will plague my thoughts for some time to come I'm sure. 00:35:46 haha, mine too! 00:36:30 arbart: doesn't have to be fancy, just something that has some python or whatever functions that takes a list of balances, commits them to a txout, can spit out short proofs, and finally can verify those proofs is enough 00:36:46 that'd implement everything a cold-storage bitcoin investment fund would need 00:38:21 mappum has quit 00:41:31 I know C (enough ++ boost pain that I groked the original Satoshi client) and Java. 00:41:48 Should I be learning python? 00:42:36 arbart: the python bitcoin libraries aren't great, python-bitcoinlib is one I've done some work on, a javascript implementation of this would probably be more useful to a wider audience 00:44:14 In that case, scarily enough I might take a look at the javascript avenue then :) 00:44:33 nsh has quit 00:44:53 arbart: heh! 00:45:27 wallet42 has quit 00:48:13 nsh has joined #bitcoin-wizards 00:48:33 nsh has quit 00:48:33 nsh has joined #bitcoin-wizards 00:53:44 rdymac has quit 00:56:07 rdymac has joined #bitcoin-wizards 00:56:44 TD has quit 01:02:35 petertodd: In your list of requirements, I don't understand the 'commits them to a txout'. By that is it suggested the proof is a transaction that is output (just not published to network, but passed by hand / posted on /investors website)? 01:03:52 arbart: by "commit" I mean the txout is of some form that makes it impossible to make fraudulent proofs for a second merkle tree 01:05:23 Oh I see, to actually transfer the bitcoins as part of the proof process? 01:05:41 exactly! otherwise it's just a merkle tree 01:07:27 dlidstrom has quit 01:08:19 dlidstrom has joined #bitcoin-wizards 01:10:57 petertodd: Would you vomit, if I used supernode as a library to do this? 01:11:19 dunno what supernode is 01:12:03 A BSD licensed java implementatation, not made by google. 01:12:15 ah, yeah, I dunno much about java anything 01:12:19 is anyone going to the financial crypto conf in march? 01:12:21 do what you want :) 01:12:23 BlueMatt: I am 01:12:29 * BlueMatt is pondering going... 01:12:50 BlueMatt: amiller is booked, and adam back said he was thinking of it 01:12:58 shit, now I have to go 01:13:02 BlueMatt: hehe 01:13:03 "commits them to a txout" sounds like "hash 'them' including a hashof a txout" I'm glad to hear I'm not the only one who gets confused when I hear that abstract data is "just simply" '"¿¡commited!?'" to other abstract data. I'm definitely not one of the math guys here, but I miss definitions quite often... 01:13:04 * BlueMatt ponders where to get funding from 01:13:21 BlueMatt: I'd offer to share a room except I already cheaped out on a single :P 01:13:27 damn 01:13:32 maybe adam3us would 01:13:55 petertodd: Just wondering if that would limit the usefulness to the community much, not sure how people feel on that. I certainly don't like it due to oracle at least. 01:14:04 BlueMatt: what'd airfare be for you? you can get the student rates for the conf itself right? 01:14:24 yea, I could get student rates I'd think 01:14:42 arbart: like I said, a javacsript implementation is probably most useful because it can go on a website to show people 01:15:08 arbart: beyond that, python is probably best, although python btc libs suck 01:15:49 what js lib would you recommend, when I searched it looked the only one wanted node. Are there any that will run in a browser and do what I need? 01:16:12 BlueMatt: well work out the total cost, decent chance someone could make it happen 01:16:32 jtimon: thanks for that btw, helps me understand my lack of understanding :) 01:16:38 arbart: I assume whatever kyle drake is using for coinpunk would work? 01:17:04 jtimon: correct, we need a -wizards glossery 01:17:57 python libs https://github.com/monetizeio/python-bitcoin didn't got my hands into it yet, but it's maaku's forking from jgarzik, maybe too focused on commited utxo's 01:18:29 petertodd: now...where to get $2k 01:18:31 petertodd a glosary would be definitely a good thing 01:18:32 jtimon: I prefer my 'pythonize' branch at https://github.com/petertodd/python-bitcoinlib myself, but I am a little biased... 01:18:44 jtimon: yup, and spellcheck in my irc client... 01:18:58 BlueMatt: that's what it is for you? 01:19:06 petertodd: Awesome, thanks for the pointer to coinpunk. 01:19:18 petertodd: well, incl the hotel +/- sharing a room...the flight is ~700 01:19:31 arbart: kyle seems pretty competent, so whatever he uses is probably good :P 01:19:33 oh, sorry, +500 for the conf...dur 01:19:59 BlueMatt: I managed my hotel for like ~$200, but I really cheaped out 01:20:10 I wish I could cheap out in miami :/ 01:20:11 well, when I don't understand you is more often because you use foreign terms like I live in your head than because you misspell 01:20:11 BlueMatt: of course, if you get desperate, ask, and we can swap bookings :) 01:20:27 I'll be lucky to get hotel alone for under $1000 01:20:28 petertodd: heh, well I suppose I could look harder at finding a real hotel instead of the conf one..... 01:20:42 BlueMatt: oh, the conf one is insane, IIRC mine was $40 a night 01:20:50 yea, thought so 01:21:01 single room, shared kitchen/bath - kinda a hostel 01:21:12 problem is they seem to be booking out :( 01:21:29 petertodd: yea, I had it on my calendar to figure it out by I forgot until today 01:21:34 BlueMatt, RE fin crypto, trying to get core devs there 01:21:44 Barbados, March 3-7, IIRC 01:21:48 yep 01:21:56 While I'm a math guy, so I really should learn python, however, one idea I have I have would actually need javascript in browser able to generate transactions, so I guess coinpunk it is :) 01:22:19 jgarzik: you're gonna make this conf go from academia to bitcoin-central :P 01:22:40 hey, I didn't start it 01:22:43 arbart: python is the one true language :) but yeah, in-browser is great for demos for people 01:23:11 jgarzik: of course, the actual bitcoin part is like one day out of seven 01:23:24 the foundation is a big sponsor... 01:23:26 indeed 01:23:45 * jgarzik would probably only come in for the bitcoin part 01:23:57 too many confs. if you go to them all, there's no time for real work. 01:24:14 BlueMatt: dunno I'd say "big" - they're sponsoring a one-day workshop, dunno what that means in terms of the whole thing 01:24:37 jgarzik: no kidding, it's getting to the point where it's almost once every week it seems 01:24:40 petertodd: well...they have the largest logo, so that means they have no sponsors, really 01:25:04 BlueMatt: oh yeah? lol, the location is a bit suspect 01:25:11 another foundation, small sponsor, but funds free software more than PR, get listed can't lose anything http://foundation.freicoin.org/#/donations, sorry for the spam... 01:25:45 jtimon: huh? 01:27:51 Luke-Jr was continuing this "the foundation is a big sponsor..." but yeah, sorry for the offtopic (if you're developing complementary currency-related free software [I think you are] then you should definitely get listed there to get 10% matched donations) 01:29:07 BlueMatt: you should prove your worthyness by writing up a quick app to do a SIGHASH_ANYONECANPAY fund for you to go :) 01:30:10 petertodd: that also requires the donors to be "worthy" :P 01:32:07 perrier has quit 01:33:04 arbart, look into bitcoinjs-lib, vbuterin's fork is the most maintained one 01:33:05 Luke-Jr: the better the app is, the less worthy the donors need to be! 01:33:05 and it works well in the browser with browserify 01:33:05 petertodd: oh app :D 01:33:05 (browserify compiles code with nodejs module system to a single js file with all the dependencies) 01:33:05 perrier_ has joined #bitcoin-wizards 01:34:22 shesek: thank you very much! 01:34:49 arbart, you welcome 01:35:05 I've been using it quite heavily myself for bitrated, so feel free to ping me if you need any help 01:45:18 mr_burde_ has joined #bitcoin-wizards 01:45:50 mr_burdell has quit 01:47:31 andytoshi has joined #bitcoin-wizards 01:48:11 shesek: thanks, its not unlikely I'll have to take you up on that offer :) 01:48:47 cool, I'll be glad to help if I can :) 01:52:12 you can also check the code at https://github.com/shesek/bitrated/ to see some examples of using it (its written in coffeescript, though) and how the browserify compilation step works (bin/build-static.sh, or server/assets.coffee for a nodejs server that compiles on-the-fly) 01:53:22 shesek, RE bitcoinjs-lib, BitPay's fork of bitcoinjs-server (the node.js fork) is the most maintained 01:53:33 in case you are on server, rather than client/browser 01:53:49 https://github.com/bitpay/bitcore 01:54:06 oh really? that's great to know, last time I looked at bitcoinjs-server it seemed completely unusable :\ 01:54:26 I ended up using bitcoind with a thin nodejs layer to serve the public api 01:54:42 shesek, creaky and old. both bitcoinjs-lib and bitcoinjs-server were 2 years old. no p2sh, no multisig, ... 01:55:05 shesek, we need all that, so we picked up maint on the node.js stuff 01:55:21 shesek, _most_ is compatible with the browser, but there are a few replacements still needed 01:56:34 have you looked into vbutertin work on bitcoinjs-lib? he got it to a pretty stable state, added new features, and made it compatible as a nodejs modules 01:57:11 yes 01:57:14 mr_burdell has joined #bitcoin-wizards 01:57:21 it wasn't complete enough when we looked at it 01:57:50 at the time, coinpunk was in bitpay's office, hacking out code to run in browser 01:58:29 mr_burde_ has quit 01:59:04 oh, cool, I didn't know coinpunk was related to you 01:59:20 you just gave them some work space, or is coinpunk a bitpay project? 01:59:58 he worked for us briefly 02:00:33 What's the node.js stuff for? accessing the blockchain? 02:01:55 that, and for handling keys/addresses/transactions/signatures server-side 02:02:44 No current alternative if I want browswer js to parse the blockchain for what I'm doing? 02:04:28 how would that work? you would load the entire blockchain client side? 02:04:29 the client-side libraries allows you to create keys/addresses, construct/sign transactions and all that 02:04:29 communicating with the Bitcoin network/blockchain requires running something on the server that's capable of doing that 02:04:32 I ended up writing https://github.com/shesek/bitcoin-webapi that exposes some minimal APIs that I needed (loading unspent inputs and broadcasting transactions) on top of bitcoind with sipa's #2802 02:04:49 (address index with searchrawtransaction, https://github.com/bitcoin/bitcoin/pull/2802) 02:10:10 Ok, I understand then. Your coffee script stuff looks pretty cool actually. 02:11:20 its a nifty little language that can give some people a serious productivity boost, but its not for everyone :) 02:12:27 bitrated's source is still a bit messy, but its somewhat organized and commented, so it should give you a good start 02:17:57 arbart has quit 02:18:55 arbart has joined #bitcoin-wizards 02:57:03 gavinandresen has quit 04:02:02 justanotheruser has quit 04:03:37 justanotheruser has joined #bitcoin-wizards 04:04:30 justanotheruser1 has joined #bitcoin-wizards 04:08:05 justanotheruser has quit 04:52:09 justanotheruser1 has quit 04:52:09 justanotheruser1 has joined #bitcoin-wizards 04:52:13 justanotheruser1 is now known as justanotheruser 05:54:08 justanotheruser has quit 05:55:18 justanotheruser has joined #bitcoin-wizards 05:55:58 jtimon has quit 06:11:02 justanotheruser has quit 06:15:20 roidster_ has joined #bitcoin-wizards 06:17:13 roidster has quit 06:20:27 justanotheruser1 has joined #bitcoin-wizards 06:21:50 justanotheruser2 has joined #bitcoin-wizards 06:25:00 justanotheruser1 has quit 06:25:03 justanotheruser2 has quit 06:25:04 justanotheruser2 has joined #bitcoin-wizards 06:25:23 wallet42 has joined #bitcoin-wizards 06:32:41 justanotheruser2 is now known as justanotheruser 06:33:35 justanotheruser has quit 06:34:16 justanotheruser has joined #bitcoin-wizards 06:36:35 skinnkavaj has quit 06:36:59 skinnkavaj has joined #bitcoin-wizards 07:01:34 TD has joined #bitcoin-wizards 07:06:15 skinnkavaj has quit 07:06:52 skinnkavaj has joined #bitcoin-wizards 07:16:13 mappum has joined #bitcoin-wizards 07:26:50 <_ingsoc> _ingsoc has joined #bitcoin-wizards 07:44:48 <_ingsoc> _ingsoc has quit 07:45:13 <_ingsoc> _ingsoc has joined #bitcoin-wizards 08:02:13 roidster_ has quit 08:17:48 spinza has quit 08:17:49 spin123456 has joined #bitcoin-wizards 08:52:24 TD has quit 08:53:40 jcrubino has joined #bitcoin-wizards 08:55:01 TD has joined #bitcoin-wizards 09:01:48 mappum has quit 09:06:01 RoboTeddy has quit 09:07:18 wumpus has quit 09:07:35 TD has quit 09:15:39 justanotheruser has quit 09:16:10 justanotheruser has joined #bitcoin-wizards 09:18:04 <_ingsoc> _ingsoc has quit 09:25:45 adam3us1 has quit 09:25:50 adam3us has quit 09:26:01 adam3us has joined #bitcoin-wizards 09:30:47 adam3us1 has joined #bitcoin-wizards 09:31:40 adam3us has quit 09:33:53 adam3us has joined #bitcoin-wizards 09:34:21 RoboTeddy has joined #bitcoin-wizards 09:40:53 OneFixt has quit 09:43:20 skinnkavaj has quit 09:43:52 skinnkavaj has joined #bitcoin-wizards 09:52:31 orperelman has joined #bitcoin-wizards 10:08:17 hnz has quit 10:12:24 hnz has joined #bitcoin-wizards 10:53:45 HobGoblin has joined #bitcoin-wizards 10:54:07 HobGoblin is now known as Guest53151 10:54:58 Guest53151 has quit 10:54:58 Guest53151 has joined #bitcoin-wizards 10:56:02 UukGoblin has quit 10:59:10 orperelman has quit 10:59:24 Guest53151 is now known as UukGoblin 10:59:29 orperelman has joined #bitcoin-wizards 11:00:09 jtimon has joined #bitcoin-wizards 11:03:00 OneFixt has joined #bitcoin-wizards 11:03:27 adam3us has quit 11:14:33 adam3us has joined #bitcoin-wizards 11:14:51 <_ingsoc> _ingsoc has joined #bitcoin-wizards 11:15:08 <_ingsoc> _ingsoc has quit 11:15:31 <_ingsoc> _ingsoc has joined #bitcoin-wizards 11:15:57 adam3us1 has quit 11:21:39 adam3us1 has joined #bitcoin-wizards 11:23:49 dlidstrom has quit 11:25:25 adam3us has quit 11:28:58 adam3us has joined #bitcoin-wizards 11:44:27 wrabbit has quit 11:45:19 wrabbit has joined #bitcoin-wizards 11:53:39 Muis_ is now known as Muis 12:03:22 adam3us has quit 12:06:41 rdymac has quit 12:12:07 rdymac has joined #bitcoin-wizards 12:28:12 RBRubicon has joined #bitcoin-wizards 12:31:12 wumpus has joined #bitcoin-wizards 12:31:13 wumpus has quit 12:31:13 wumpus has joined #bitcoin-wizards 12:31:54 wallet42 has quit 13:10:46 wallet42 has joined #bitcoin-wizards 13:17:05 wallet42 has quit 13:42:42 ielo has joined #bitcoin-wizards 13:42:43 typex has quit 13:43:29 bobke has quit 13:43:30 forrestv has quit 13:43:37 bobke has joined #bitcoin-wizards 13:43:50 nOgAnOo has quit 13:44:12 Fistful_of_Coins has quit 13:44:19 gribble has quit 13:44:32 gmaxwell has quit 13:44:37 ielo has quit 13:44:37 ielo has joined #bitcoin-wizards 13:44:56 Fistful_of_Coins has joined #bitcoin-wizards 13:45:07 maaku_ has joined #bitcoin-wizards 13:45:17 rdymac has quit 13:45:20 ioi has joined #bitcoin-wizards 13:45:30 gmaxwell has joined #bitcoin-wizards 13:45:53 ielo is now known as lumos 13:46:01 gmaxwell is now known as Guest31376 13:46:01 maaku has quit 13:48:44 gribble has joined #bitcoin-wizards 13:49:07 rdymac has joined #bitcoin-wizards 13:49:17 typex has joined #bitcoin-wizards 13:49:56 rdymac has quit 13:50:31 adam3us has joined #bitcoin-wizards 13:51:55 lumos has quit 13:53:33 adam3us1 has quit 13:54:36 wallet42 has joined #bitcoin-wizards 13:58:12 wallet42 has quit 13:59:29 wallet42 has joined #bitcoin-wizards 14:00:11 Guest31376 has quit 14:00:11 Guest31376 has joined #bitcoin-wizards 14:00:23 Guest31376 is now known as gmaxwell 14:00:23 wallet42 has quit 14:02:37 rdymac has joined #bitcoin-wizards 14:02:55 rdymac has quit 14:07:31 forrestv has joined #bitcoin-wizards 14:15:11 RBRubicon has quit 14:15:45 RBRubicon has joined #bitcoin-wizards 14:16:37 nOgAnOo has joined #bitcoin-wizards 14:16:46 nOgAnOo has quit 14:17:07 rdymac has joined #bitcoin-wizards 14:29:40 nOgAnOo has joined #bitcoin-wizards 14:35:17 orperelman has quit 14:36:59 rdymac has quit 14:38:37 rdymac has joined #bitcoin-wizards 14:39:25 rdymac has quit 14:43:39 justanotheruser has quit 14:44:07 rdymac has joined #bitcoin-wizards 14:45:07 justanotheruser has joined #bitcoin-wizards 14:47:09 rdymac has quit 14:54:07 rdymac has joined #bitcoin-wizards 14:57:07 rdymac has quit 15:03:07 rdymac has joined #bitcoin-wizards 15:03:26 rdymac has quit 15:04:07 rdymac has joined #bitcoin-wizards 15:04:25 rdymac has quit 15:07:07 rdymac has joined #bitcoin-wizards 15:08:25 rdymac has quit 15:14:11 wallet42 has joined #bitcoin-wizards 15:16:21 justanotheruser1 has joined #bitcoin-wizards 15:16:23 justanotheruser has quit 15:18:49 wallet42 has quit 15:20:27 wallet42 has joined #bitcoin-wizards 15:24:06 gavinandresen has joined #bitcoin-wizards 15:25:43 rdymac has joined #bitcoin-wizards 15:27:43 rdymac has quit 15:27:55 realazthat has quit 15:31:56 Ursium has joined #bitcoin-wizards 15:37:02 jps has joined #bitcoin-wizards 15:38:29 wallet42 has quit 15:41:22 wallet421 has joined #bitcoin-wizards 15:41:22 wallet421 is now known as wallet42 15:45:03 rdymac has joined #bitcoin-wizards 15:46:19 rdymac has quit 15:46:26 realazthat has joined #bitcoin-wizards 15:46:26 realazthat has quit 15:46:26 realazthat has joined #bitcoin-wizards 15:53:04 roidster has joined #bitcoin-wizards 15:54:08 nanotube has quit 15:57:14 wallet42 has quit 16:00:00 wallet42 has joined #bitcoin-wizards 16:00:07 rdymac has joined #bitcoin-wizards 16:00:11 nanotube has joined #bitcoin-wizards 16:04:14 rdymac has quit 16:08:00 wallet42 has quit 16:08:55 DougieBot5000 has joined #bitcoin-wizards 16:18:45 jps has quit 16:18:58 jps has joined #bitcoin-wizards 16:20:07 rdymac has joined #bitcoin-wizards 16:20:53 wallet42 has joined #bitcoin-wizards 16:22:33 wallet42 has quit 16:28:44 rdymac has quit 16:33:07 rdymac has joined #bitcoin-wizards 16:48:45 skinnkavaj has quit 16:50:55 Ursium has quit 16:56:04 tacotime_ has joined #bitcoin-wizards 16:58:30 jtimon has quit 17:09:26 jtimon has joined #bitcoin-wizards 17:21:59 justanotheruser1 has quit 17:21:59 justanotheruser1 has joined #bitcoin-wizards 17:22:08 justanotheruser1 is now known as justanotheruser 17:22:26 wallet42 has joined #bitcoin-wizards 17:26:21 justanotheruser1 has joined #bitcoin-wizards 17:26:32 justanotheruser has quit 17:27:08 justanotheruser has joined #bitcoin-wizards 17:27:19 justanotheruser has quit 17:27:20 justanotheruser has joined #bitcoin-wizards 17:30:32 jgarzik is now known as home_jg 17:31:00 justanotheruser1 has quit 17:37:23 skinnkavaj has joined #bitcoin-wizards 17:37:30 skinnkavaj has quit 17:37:30 skinnkavaj has joined #bitcoin-wizards 17:46:55 jcrubino has quit 17:58:37 imsaguy has joined #bitcoin-wizards 17:58:54 All you people don't get bitcoin. 17:58:56 imsaguy has left #bitcoin-wizards 17:59:18 0_o 17:59:26 <_ingsoc> xD 17:59:28 wallet42 has quit 17:59:33 <_ingsoc> Okay then. 17:59:41 thanks 17:59:49 jcrubino has joined #bitcoin-wizards 18:00:50 spin123456 has quit 18:01:12 spinza has joined #bitcoin-wizards 18:15:05 He's mocking me because I told him most people in #bitcoin* probably don't understand bitcoin. 18:16:37 RBRubicon has quit 18:16:39 ah 18:17:58 we're way more knowledgeable over here in wizards 18:18:03 what's a blockchain? 18:18:05 i just met yet a few more unexpected people who are pursuing bitcoin research 18:18:51 especially a pretty famous programming-languages person who apparently is about to publish a type-theory altcoin proposal 18:19:14 yay 18:19:33 * nsh premines some functorcoins 18:19:44 LOL 18:20:11 it was weird, he was explaining the linear type system that it will use 18:20:22 i said, cool, do you have any particular motivating example in mind 18:20:25 he was like no not at all. 18:20:29 hahaha 18:20:52 but in a cryptocurrency. 18:21:14 "welcome. you'll fit right in here." 18:21:25 the screaming robot of cryptocurrencies. 18:21:27 hahaha 18:22:22 Linear type systems are the internal language of closed symmetric monoidal categories, much in the same way that simply typed lambda calculus is the language of Cartesian closed categories. More precisely, one may construct functors between the category of linear type systems and the category of closed symmetric monoidal categories.[7] 18:22:27 -- http://en.wikipedia.org/wiki/Substructural_type_system#Linear_type_systems 18:22:44 should be fun... 18:23:50 linear logic is good for modeling resources 18:24:01 for example from one quarter, you can derive two dimes and a nickel 18:24:07 also from one quarter, you can derive five nickels 18:24:22 but that doesn't mean you can take a quarter and derive six nickels and two dimes 18:24:44 kinda like typing with accountancy baked in 18:24:50 Hmm. 18:24:56 you could probably express all the conservation rules about no inflation etc using linear logic (though i think it would be overkill) 18:25:01 What's the real world application? 18:25:12 well take ethereum scripts for example 18:25:23 maybe you'd like to be able to typecheck them and prove they don't leak value somehow 18:25:31 Ah 18:28:08 So like proof-carrying code? 18:29:23 i think so (but i'm really not sure) 18:29:43 amiller: I don't know why that really matters inside a cryptocurrency. We shouldn't have code in a cryptocurrency, we should have wittnesses for code other people ran. 18:30:10 i told him about snarks and pinocchiocoin, he knew about pcp proofs 18:31:08 You can think of that stuff just as a performance optimization. 18:31:22 then sure 18:32:14 so when the witnesses about code that other people ran, are about values that are of global importance, like a monetary supply, then applying this sort of conservation logic would be relevant 18:32:50 Well, sure I think it's good to create things using tools for soundness, but there isn't any reason to leave them in inside the witness. 18:33:25 You can provide withness for executed code without executing the code yourself to verify it? 18:33:31 type data is precisely the sort of thing you can omit in a witness when extracting it from an execution trace, even before you go the route of converting the execution trace into a snark. 18:34:10 jcrubino has quit 18:34:12 I'm unfamiliar with a lot of this "proofs" stuff used for ZRC etc 18:34:21 tacotime_: Yes, thats what a snark is, a proof that code was fairthfully executed which is logarithmic in the length of the exeuction (or smaller, with cryptographic assumptions they can be constant size in the security parameter) 18:34:31 Ah, I see. 18:35:45 tacotime_: thank you for acting incredulous about that. i wish more people here would explicitly mention how mind-boggling this is :P 18:36:25 once you accept the existence of voodoo magic, it's a relatively trivial corollary 18:36:38 PCP theorem proves that any execution in NP is provable with arbitrary soundness compactly, though PCP doesn't directly give a pratical way to go about doing it. 18:37:07 Hahaha. Well, I never used to hang out here so a lot of this stuff is novel to me. I only sat around bitcointalk and the issues over there regarding what they want in altchains is apparently very different. 18:38:12 *are 18:38:23 gmaxwell: is there a nice paper summarizing the pcp theorem's history and proof? wiki sorta says "it's smeared over 30 years of history, good luck friend" 18:38:23 this stuff is at the front of theoretical cryptography, it should be novel to pretty everyone, it's pretty exciting we have a reason to discuss it at all (which is why even the cryptographers working on it are like, oh this is practical, it's even relevant for bitcoin) 18:38:41 andytoshi, hah. 18:38:55 http://courses.cs.washington.edu/courses/cse533/05au/pcp-history.pdf 18:38:59 Thanks 18:39:05 Well I don't think proving in zero knoweldge is _that_ remarkable, that the proofs can be sublinear in size is somewhat remarkable. 18:40:03 amiller: thanks! gmaxwell: the sublinearity is weird, it feels like skirting P=NP in the same way as quantum entanglement skirts "can't send signals faster than time" 18:40:19 hehmm 18:40:33 that is, there is no actual violation, but it seems like -something- in the platonic realm must be violating it 18:40:50 https://eprint.iacr.org/2012/215.pdf this is the big theoretical result that made SNARKs a hot topic 18:41:00 it's underlying TinyRAM and Pinocchio etc 18:41:24 some of its paragraphs are possible to read... 18:41:39 andytoshi, i had similar intuitive feelings, but hadn't made that analogy. thanks 18:41:44 Thats the GGPR'12 paper. Meh. well, it's not the only thing that made it a hot topic. 18:42:17 hrm, what's the best thing preceding it? 18:42:23 andytoshi: well it can be useful to think about what you give up in both cases. SNARKS in sublinear size 'only' have computational soundness. 18:42:35 proofs for muggles maybe 18:43:05 no proofs for muggles is interactive 18:43:17 Really the major breakthrough that allows sublinear is bootstrapping, which I think was mostly really inspired by the FHE work. 18:43:32 I can tell already that I will never understand that paper. But that's what proves the sublinear size and makes 288 byte SNARKs possible? 18:43:55 You can make it non-interative with fiat shamir IIRC, most interactive things can be. 18:44:46 tacotime_: the GGPR'12 technique is constant size proofs. There are a couple of high level ideas that can help you intutively understand why sublinear proofs are possible. 18:45:28 fiat-shamir is also really cool philosophically. it's like you summon a random oracle to do the interactive proof with you and publish the transcript 18:47:58 tacotime_: imagine you have a system which can prove the validity of two operations: executing a single instruction AND verifying a proof that the prior state for that instruction. If the proof verficiation is randomized/probablistic, then its not surprising that the proof size can be proportional to security rather than execution size... and then you nest these operations and get a constant size proof. (bootstrapping approach). ... 18:48:04 ... Efficient systems don't work directly in this way, but its an intutive way to see the possiblity. 18:48:13 as for SNARKs being "'only' computationally sound", that seems to be strongly analogous to the quantum-entanglement scenario wherein your "faster than light correlation" can only be verified by communicating slower than light 18:48:29 andytoshi: thats why I pointed it out. 18:48:41 gmaxwell: yeah, i realize that. but i'm that slow :) 18:49:03 jcrubino has joined #bitcoin-wizards 18:49:05 (slow is pretty damn relative here) 18:49:12 realize that now* 18:49:57 amiller: yea, fiat shamir is insanely useful. I'm not sure why its not more widely known. It doesn't help that the original papers on it are a bit opaque. 18:50:47 the original paper pretends to be about the smart-card scheme, it's really not obvious that there is anything generally useful in there at all until you read it :( 18:51:40 "The heuristic was originally presented without a proof of security; later, Pointcheval and Stern [2] proved its security against chosen message attacks in the random oracle model, that is, under the assumption that random oracles exist. In the case that random oracles don't exist, the Fiat–Shamir heuristic has been proven insecure by Goldwasser and Kalai.[3] The Fiat–Shamir heuristic thus demonstrates a major application of random oracles." - http:/ 18:51:40 /en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic 18:51:50 yea, that article is useless. 18:51:52 * nsh frowns at irc client 18:53:01 kinda provocative that you could have some empirical security difference that implies the existence or not of random oracles 18:53:47 Is there a text book somewhere for this sort of stuff? 18:54:32 gmaxwell, if you were to design a concatenative merklized scripting language (joyscript), what would be important to take into account so that in the future it is "good for snark" 18:54:47 imsaguy has joined #bitcoin-wizards 18:54:48 ? 18:54:50 Basically it says you can take an interactive protocol and make it non-interactive by commiting to your state with a random oracle, then using the random oracle to play the counterparty in the interactive protcol. If the interactive protocol has the right properties then you can instantiate the system with a hash function in the place of the random oracle and make a secure conversion. 18:55:07 jtimon: you want to be able to easily bound the time-to-execute for scripts 18:55:32 for a concatenative language maybe that is as easy as computing a tree height 18:56:19 andytoshi: only if you can describe an efficient arithemetic circuit for evaluating the concatenative language such that execution = tree height. This seems unlikely to me. 18:58:25 rdymac has quit 18:59:42 wouldn't those problems be solved with the instruction counter? 19:00:36 Okay, I think it's starting to make sense. We have algorithm A, with non-arbitrary input I and output O. The proof takes input I_ro from a random oracle (hash function) and produces output O_ro using A(I_ro). We can then prove the execution of A(I) for some non-arbitrary input I. 19:00:57 btw, maaku, I don't think your message got to the concatenative group maybe you had to enter the tahoo group after all 19:01:00 http://groups.yahoo.com/neo/groups/concatenative/conversations/messages 19:01:29 With some small amount of bytes using SNARK, because the proof is logarithmic in size? 19:01:43 jtimon: current constructions for snarks require costly preprocessing which is program generic but specific to the machine beging evaluated and specific to the length of execution. 19:01:51 Shibe_tabsa has joined #bitcoin-wizards 19:02:15 RBRubicon has joined #bitcoin-wizards 19:03:06 Is that the overall gist of what's going on? 19:03:24 My background is in biochem, so sometimes I'm a little slow for CS stuff, forgive me. 19:04:12 gmaxwell I don't think I understood that, but I'm asking with the hope that those costly executions become cheaper in the future somehow 19:04:37 rdymac has joined #bitcoin-wizards 19:04:51 tacotime_: I'm not sure I followed what you were saying clearly enough there to agree or disagree. Another way to look at it is that program validation and program execution are not the same problem. Imagine making a transcript of a program execution— you write down every instruction that gets run and then the state (memory, registers, etc) along the way. 19:05:09 The result is a transcript— or sometimes called a witness— of the execution. 19:05:43 jtimon: the other problem is that the preprocessing step has a security parameter which can be used for forging. this is a serious problem when there is one guy (the coin creator say) who is doing the preproccessing step, but it'd kill the scheme if everybody was doing their own preprocessing 19:05:47 If I give you such a transcript I can ask you if its valid, to tell if its valid you walk through the instructions and then check that the instructions match the rules e.g. that an ADD instruction updates the state in the right way. 19:06:01 Right. 19:06:19 for those who are interested in this joyscript thing, this is the message that maaku (tried to?) send to the concatenative mailing list http://pastebin.com/5ScNX7vy 19:06:29 tacotime_: what all of this stuff is based on is that there exist ways of encoding the transcript so that if you only check a tiny portion of it, that you can become very confident that the whole transcript was faithful. 19:06:45 go1111111 has quit 19:06:48 andytoshi, I see, like zerocoin's trapdoor 19:06:56 yeah exactly 19:07:01 Given some non-arbitary input? 19:07:06 orperelman has joined #bitcoin-wizards 19:07:10 i had some vague ideas about using a variant of FHE to obtain the security parameter from a random oracle in a zk way (so provable nobody knows it) but i ran into serious conceptual problems when i tried to make these ideas concrete 19:07:59 for any input. well technically what you do is provide the inputs and 'outputs' as inputs and then the whole program just decides to accept (inputs agreed with the program) or not... e.g. convert it into a decision problem. 19:09:02 Okay. 19:09:04 and if anyone is more interested, I can forward what maaku has been discussing with an strong typed concatenative language expert (the guy who wrote that "why concatenative matters" article) [unless you maaku haave some objection to sharing it, which I doubt] 19:09:07 basically, you want it to be verifiable that you actually got the security parameter from the oracle -and- you only used it for a specific circuit (zk-snark preprocessing) and couldn't have used it in a circuit which reveals the parameter 19:09:31 but these two requirements conflict when you try to implement them in the 'obvious' ways it seems 19:11:40 that is, if you tie the parameter to a specific circuit it's hard to make it random (it's hard to make it at all actually). and conversely if you want to make it random it's hard to tie it to a circuit, but if you don't then it's trivial to replace the circuit with one that reveals it, defeating the whole exercise 19:14:53 andytoshi: why can't you just pick a ciphertext input to the circuit at random (e.g. because you don't know the decryption key)? 19:15:05 MoALTz_ has quit 19:15:28 MoALTz has joined #bitcoin-wizards 19:17:39 gmaxwell: to implement this "tie the input to the circuit" scheme, my thought was to make the key derivation depend on the circuit 19:18:11 but when you do this, it becomes hard (or rather outside the things i'm aware of being possible) to create a decryption key without an encryption key 19:19:06 the hope was, i could make the output-decryption key be "111111" or something which clearly has no input-encryption key. then i can put whatever i want as input and what the circuit sees will be random and unknown 19:20:18 but it seems implausible that just using 111111 will get me a valid decryption key, since my key derivation is so complicated 19:21:41 I still don't understand how the reencryption used in bootstrapping FHE can even work at all, so that sort of leaves me powerless to speculate about how you can get unknown encrypted with known decryption key FHE. I think it would be very powerful and not just for this if its possible. 19:22:55 ditto. i have been trying to meet with brent waters, who has published several papers with craig gentry about FHE, because i'm trying to seduce him into supervising me. but he's been out of the country a lot this semester. whenever i get ahold of him i'll bring this up and maybe he can speculate more intelligently 19:24:38 one of the limitations in all this verifyable computing stuff compared to MPC is that you can't keep secrets from yourself. ... but MPC doesn't really get you security in an anonymous model. if you had what you want you could have a publically verifyable version of everything MPC can do. 19:25:02 For example, you could have a captcha POW coin. 19:25:21 justanotheruser has quit 19:25:29 justanotheruser has joined #bitcoin-wizards 19:25:29 justanotheruser has quit 19:25:29 justanotheruser has joined #bitcoin-wizards 19:27:15 yeah, and the mere fact that we could get so much magic out of this suggests its implausibility. but idk, maybe we can get all or partway there. i'd like to spend some time researching this. 19:30:48 probably 100% of what we've discussed in the last hour, if you asked me 18 months ago if any of it were possible, i'd have said not a chance. so i'm optimistic. 19:31:43 well, perhaps the existance of one way functions sort of suggests the possiblity of it. 19:32:59 my money is on their existence being ZFC-undecidable :P 19:33:53 halting-complete rather 19:36:48 RBRubicon has quit 19:43:01 dlidstrom has joined #bitcoin-wizards 19:44:25 go1111111 has joined #bitcoin-wizards 19:45:06 another problem i thought of is that the key-derivation scheme could be malleable. that is, you can tweak the circuit and this changes the key in some predictable way, so you can still steal information about the input this way. so i thought, the KDF should basically evaluate the circuit but attach to each gate a one-way function which is somehow specific to that gate. and then i started to think 19:45:07 it'd be very hard to preserve enough information through all this that i could decrypt the information in the end. 19:45:15 decrypt the actual output* 19:46:36 maybe you take the encryption key, run it though some shadow version of the circuit made of OWFs, then the output of that could be the trapdoor information needed to decrypt the output 19:51:23 RBRubicon has joined #bitcoin-wizards 19:56:38 RBRubicon has quit 20:01:33 orperelman has quit 20:13:58 orperelman has joined #bitcoin-wizards 20:32:37 forrestv has quit 20:32:38 forrestv has joined #bitcoin-wizards 20:36:45 orperelman has quit 20:40:34 orperelman has joined #bitcoin-wizards 20:42:05 dlidstrom has quit 20:44:27 dlidstrom has joined #bitcoin-wizards 20:46:49 <_ingsoc> _ingsoc has quit 20:47:39 hmm 20:49:30 RoboTeddy has quit 20:49:45 occurs to me that the dynamics of difficulty adjustment are much more complex now you have pools supporting multiple-coins leading to positive feedback from hopping driving instability 20:51:10 there was a significant first-mover advantage with bitcoin in that slushy liquid hashpower was not even a thing until it was relatively mature 20:51:27 to what extent that is balanced by lessons (theoretically) learned is another question 20:56:35 nsh: fickle hashpower utterly destroys alts with bitcoin's stock difficulty adjustment algorithm 20:56:51 * nsh nods 20:57:00 most adjustment algorithms used by alt devs are broken, on the other hand 20:57:15 * nsh looking at vertcoin, which seems to be an actual effort, at least 20:57:51 yasaii has joined #bitcoin-wizards 20:58:04 67 pages of trollcointalk thread is quite depressing though. wish there was a way to getting the 5-10 posts that are actually worth reading out 20:58:18 amiller: do you have contact details for th type theory language person? 20:58:25 mr_burdell has quit 20:58:32 that's someone I'd want to talk to about scripting extensions 20:58:33 yasaii has left #bitcoin-wizards 21:01:22 Emcy has joined #bitcoin-wizards 21:07:46 nsh: there's also this, which we spent considerable time crafting : https://github.com/freicoin/freicoin/commit/d82a66e10f413bc81889b48a498625829353d701 21:07:57 looking 21:08:27 i think gmaxwell would have preferred using bessel functions, but an FIR filter has worked fairly well so far 21:08:43 i recall gmaxwell demurring somewhat. but i guess it's held out pretty well? 21:08:59 right 21:10:12 it has made the problem go from catestrophic to merely annoying 21:11:39 I watched it for a while and it seemed fairly poorly controled, but I never looked at it before the change. 21:11:44 there is still a major hopping pool which regularly hits us when profitability creeps up, but only snags a couple of dozen blocks before the difficulty adjusts back up 21:12:25 mr_burdell has joined #bitcoin-wizards 21:12:32 I'd worry that if there were two of those it might be unstable. but apparently not in practice. 21:12:39 RBRubicon has joined #bitcoin-wizards 21:13:14 I don't think there's anyone else using the same filter, but there are mare than two using fast-acting filters 21:13:29 and that's what the coin hopping pools are doing, jumping back and forth 21:13:46 i'd be interesting in hearing ideas about a better filter 21:14:05 although I think there are some fundamental problems here that won't go away 21:14:13 e.g. there's only so much you can do to mitigate the damage 21:15:41 creating strategic behavior isn't so hot though. 21:18:56 RBRubicon has quit 21:19:13 a bunch of coins could probably dampen the effects of pools hopping with a profitability peg 21:19:16 perhaps 21:19:39 nsh: vertcoin looks like stock bitcoin difficulty adjustment (+ time traveller patch) 21:20:23 OneFixt_ has joined #bitcoin-wizards 21:20:26 nsh: well, you'd think profitability-seeking is, well, profitable. but it is not 21:20:33 (could be. haven't quite figured out what the NFactor scrypt difference is they're pimping) 21:20:50 due to coinbase maturity & distribution delays, they get the coins *after* dips in prices due to their activities 21:20:55 right 21:21:09 i doubt the pool operators have analyzed it very deeply 21:21:15 i've seen people model this, and it's almost always 10% or so worse than mining a single coin 21:21:20 * nsh nods 21:21:49 although there could be other strategies - e.g., mine the 2nd most profitable coin, in order to stay in frant of the bigger pool hopper 21:21:52 you could probably account for hysteresis to some degree but the uncertainty would eat into the profitability 21:22:14 right, but that's not robust with many players 21:24:10 it does show that you'd have to do some serious game theoretic analysis to figure out what optimal strategies are 21:24:13 RoboTeddy has joined #bitcoin-wizards 21:24:15 OneFixt has quit 21:24:19 RoboTeddy has quit 21:24:31 RoboTeddy has joined #bitcoin-wizards 21:24:46 * nsh nods 21:24:48 and even then, you're battling human psychology, because we know that even the guiding hand of the market has led people to an inefficient strategy in practice 21:25:13 i'm sure there's some law to the effect that people will always find a way to be more irrational than your models 21:25:18 so, in our case, we actually relied mostly on historical bitcoin data in the creation of our filter 21:25:27 * nsh nods 21:25:31 we figured it's better to design something which works well at that scale 21:25:52 than over-optimise to solve this particular problem, which by nature goes away if you are the chief coin (or MM against it) 21:26:05 right 21:26:24 maaku_, i don't want to say any more about it until i get his permission 21:26:26 maaku_, but i showed him your utxo engineering page 21:26:46 maaku_: I'm not sure that I would have used that data in design other than a validation test. The problem you need to engineer for here is a dynamic system problem so just some static data trace from bitcoin doesn't show you data from miners switching on and off in response to the difficulty. 21:27:09 amiller: well if you want you can show him this too: http://pastebin.com/5ScNX7vy 21:27:13 it's what I want his opinion on 21:27:19 and sounds like it might be related 21:27:44 gmaxwell: we used bitcoin, litecoin, and freicoin data 21:29:37 and a success metric of how close the chain would have stayed to 10 minute block times 21:31:09 interestingly the curves (various parameters vs simulated performance) remained the same for all three coins despite the different problems encountered by each. just noisier in the case of litecoin and freicoin 21:31:51 so we picked the fastest-acting values which were noise free, which by coincidence were also the best for bitcoin 21:36:14 how was noise-free defined? 21:37:52 maaku_: I'd think that what I'd want to do is use the bitcoin/litecoin blockchain and market data to derrivate parameters for a model of miner behavior. (e.g. how fast do miners add and remove hashpower when its (un)profitable.) and then calibrate the control system against the miner model. 21:38:27 mr_burdell has quit 21:38:34 mr_burdell has joined #bitcoin-wizards 21:44:59 orperelman has quit 21:46:22 orperelman has joined #bitcoin-wizards 21:53:08 nsh: 1000's of simulations run, results plotted, then eyeballed 21:53:22 right 21:53:24 so, tight grouping of data points 21:53:40 * nsh nods 21:53:58 unfortunately all this work is on another hard drive 21:54:03 or i'd dig up some of the graphs 21:55:17 no worries 21:57:17 Ursium has joined #bitcoin-wizards 21:58:00 freewil has joined #bitcoin-wizards 22:05:41 Ursium_ has joined #bitcoin-wizards 22:08:38 Ursium has quit 22:26:06 Ursium_ has quit 22:32:46 <[\\\]> [\\\] has joined #bitcoin-wizards 22:40:11 Ursium has joined #bitcoin-wizards 23:07:39 <[\\\]> [\\\] has quit 23:19:00 go1111111 has quit 23:20:02 jps has quit 23:31:28 notthemessiah has joined #bitcoin-wizards 23:40:48 adam3us1 has joined #bitcoin-wizards 23:42:12 DougieBot5000 has quit 23:46:23 jcrubino has quit 23:47:59 justanotheruser has quit 23:58:35 justanotheruser has joined #bitcoin-wizards 23:59:44 justanotheruser1 has joined #bitcoin-wizards