00:02:55 <_ingsoc> _ingsoc has quit 00:04:54 c0rw1n has joined #bitcoin-wizards 00:08:01 jtimon has quit 00:15:02 jtimon has joined #bitcoin-wizards 00:21:38 tromp_ has joined #bitcoin-wizards 00:27:15 roidster has joined #bitcoin-wizards 00:27:22 roidster is now known as Guest16109 01:20:50 orperelman has joined #bitcoin-wizards 01:23:41 salsa has joined #bitcoin-wizards 01:27:08 c0rw1n has quit 01:27:34 fractastical has quit 01:27:41 stonecoldpat has quit 01:37:22 fractastical has joined #bitcoin-wizards 01:58:45 c0rw1n has joined #bitcoin-wizards 02:03:17 jtimon has quit 02:34:51 <[\\\]> [\\\] has quit 03:00:14 go1111111 has quit 03:16:36 go1111111 has joined #bitcoin-wizards 03:22:50 c--O-O has quit 03:23:59 mike4 has joined #bitcoin-wizards 03:37:55 <[\\\]> [\\\] has joined #bitcoin-wizards 03:39:00 go1111111 has quit 03:39:09 go1111111 has joined #bitcoin-wizards 04:19:09 mike4 is now known as c--O-O 04:19:29 c--O-O has quit 04:19:29 c--O-O has joined #bitcoin-wizards 04:19:29 c--O-O has quit 04:19:29 c--O-O has joined #bitcoin-wizards 04:55:11 nessence has joined #bitcoin-wizards 04:59:04 tromp_ has quit 04:59:19 fractastical has quit 04:59:39 tromp_ has joined #bitcoin-wizards 05:04:11 tromp_ has quit 05:06:09 crucif0rm has joined #bitcoin-wizards 05:23:39 orperelman has quit 05:27:26 c0rw1n has quit 05:30:38 adam3us has joined #bitcoin-wizards 05:31:50 c0rw1n has joined #bitcoin-wizards 06:07:22 justanotheruser has joined #bitcoin-wizards 06:07:26 justanotheruser has quit 06:07:26 justanotheruser has joined #bitcoin-wizards 06:07:30 justanotheruser has quit 06:07:38 fractastical has joined #bitcoin-wizards 06:08:40 justanotheruser has joined #bitcoin-wizards 06:08:47 justanotheruser has quit 06:10:01 justanotheruser has joined #bitcoin-wizards 06:10:08 justanotheruser has quit 06:11:18 justanotheruser has joined #bitcoin-wizards 06:11:24 justanotheruser has quit 06:12:08 justanotheruser has joined #bitcoin-wizards 06:12:15 justanotheruser has quit 06:13:00 justanotheruser has joined #bitcoin-wizards 06:13:06 justanotheruser has quit 06:13:56 justanotheruser has joined #bitcoin-wizards 06:14:02 justanotheruser has quit 06:15:09 justanotheruser has joined #bitcoin-wizards 06:15:15 justanotheruser has quit 06:16:25 justanotheruser has joined #bitcoin-wizards 06:16:31 justanotheruser has quit 06:17:18 justanotheruser has joined #bitcoin-wizards 06:17:25 justanotheruser has quit 06:18:08 justanotheruser has joined #bitcoin-wizards 06:22:50 Guest16109 has quit 06:23:32 breesy has joined #bitcoin-wizards 06:38:38 c0rw1n has quit 07:03:20 adam3us has quit 07:08:43 fractastical has quit 07:17:59 RoboTeddy has quit 07:21:14 fractastical has joined #bitcoin-wizards 07:36:15 RoboTeddy has joined #bitcoin-wizards 07:37:06 RoboTeddy has quit 07:37:40 RoboTeddy has joined #bitcoin-wizards 08:00:46 c0rw1n has joined #bitcoin-wizards 08:05:17 justanotheruser has quit 08:24:00 justanotheruser has joined #bitcoin-wizards 08:24:09 justanotheruser has quit 08:24:25 YOURWORSTENEMY has joined #bitcoin-wizards 08:24:59 justanotheruser has joined #bitcoin-wizards 08:25:09 justanotheruser has quit 08:26:04 justanotheruser has joined #bitcoin-wizards 08:26:11 justanotheruser has quit 08:47:24 OneFixt has quit 08:47:41 OneFixt has joined #bitcoin-wizards 09:07:46 breesy has quit 09:14:52 breesy has joined #bitcoin-wizards 09:48:51 nsh has joined #bitcoin-wizards 10:09:27 hnz has quit 10:10:38 orperelman has joined #bitcoin-wizards 10:12:42 hnz has joined #bitcoin-wizards 10:16:34 RoboTeddy has quit 10:17:36 RoboTeddy has joined #bitcoin-wizards 10:20:46 RoboTeddy has quit 10:21:14 RoboTeddy has joined #bitcoin-wizards 10:29:51 mappum has joined #bitcoin-wizards 10:42:14 mappum has quit 10:42:21 orperelman has quit 10:49:23 Emcy has joined #bitcoin-wizards 10:49:23 Emcy has quit 10:49:23 Emcy has joined #bitcoin-wizards 10:52:39 fractastical has quit 10:55:32 spin123456 has joined #bitcoin-wizards 10:55:32 spinza has quit 11:10:48 YOURWORSTENEMY has quit 11:17:43 RoboTeddy has quit 11:21:52 c0rw1n has quit 11:33:51 jtimon has joined #bitcoin-wizards 11:37:38 go1111111 has quit 11:53:55 c0rw1n has joined #bitcoin-wizards 12:15:09 <_ingsoc> _ingsoc has joined #bitcoin-wizards 12:16:20 c0rw1n has quit 13:14:39 MoALTz has quit 13:16:04 nessence has quit 13:16:34 nessence has joined #bitcoin-wizards 13:17:11 nessence has quit 13:18:01 nessence has joined #bitcoin-wizards 13:20:26 MoALTz has joined #bitcoin-wizards 13:22:03 rdymac has quit 13:27:09 rdymac has joined #bitcoin-wizards 13:34:33 Ursium has quit 13:34:43 MoALTz has quit 13:37:40 MoALTz has joined #bitcoin-wizards 13:46:32 MoALTz has quit 13:59:54 tromp_ has joined #bitcoin-wizards 14:03:56 breesy has quit 14:04:17 tromp_ has quit 14:04:49 Ursium has joined #bitcoin-wizards 14:04:52 tromp_ has joined #bitcoin-wizards 14:06:35 Ursium_ has joined #bitcoin-wizards 14:09:26 tromp_ has quit 14:09:41 Ursium has quit 14:12:01 Ursium_ has quit 14:24:32 jtimon has quit 14:24:49 Ursium has joined #bitcoin-wizards 14:28:14 jtimon has joined #bitcoin-wizards 14:28:16 adam3us has joined #bitcoin-wizards 14:31:57 <_ingsoc> _ingsoc has quit 14:34:03 <_ingsoc> _ingsoc has joined #bitcoin-wizards 14:41:57 nessence has quit 14:42:27 nessence has joined #bitcoin-wizards 14:45:20 nessence has quit 14:53:58 tt_away has joined #bitcoin-wizards 14:54:14 tt_away is now known as tacotime_ 14:57:54 Alanius has quit 15:00:24 Alanius has joined #bitcoin-wizards 15:09:57 Alanius has quit 15:12:11 orperelman has joined #bitcoin-wizards 15:17:40 Alanius has joined #bitcoin-wizards 15:18:54 roidster has joined #bitcoin-wizards 15:27:17 gavinandresen has joined #bitcoin-wizards 15:43:45 c0rw1n has joined #bitcoin-wizards 15:53:09 nessence has joined #bitcoin-wizards 15:57:16 nessence has quit 16:03:12 azariah4 has quit 16:04:33 azariah4 has joined #bitcoin-wizards 16:23:36 orperelman has quit 16:28:02 adam3us has quit 16:34:57 <_ingsoc> _ingsoc has quit 16:35:31 <_ingsoc> _ingsoc has joined #bitcoin-wizards 16:53:16 nOgAnOo has quit 16:59:52 rdymac has quit 17:02:09 rdymac has joined #bitcoin-wizards 17:02:46 MoALTz has joined #bitcoin-wizards 17:05:38 K1773R has quit 17:08:33 Guest81255 has joined #bitcoin-wizards 17:11:01 K1773R has joined #bitcoin-wizards 17:17:46 Alanius has quit 17:31:41 Alanius has joined #bitcoin-wizards 17:44:58 vertcoin is planning to "implement zerocoin" 17:44:59 https://bitcointalk.org/index.php?topic=404364.msg5019536#msg5019536 17:45:07 i am trying to figure out what that actually means, if it means anything 17:45:53 s/zerocoin/zerocash/ per http://www.reddit.com/r/vertcoin/comments/1xcnne/i_am_the_developer_of_vertcoin_here_to_explain_to/cfa6fcc 17:46:14 we're still waiting on the specification of zerocash though, aren't we? 17:59:42 Ursium has quit 18:01:35 nOgAnOo has joined #bitcoin-wizards 18:06:54 Ursium has joined #bitcoin-wizards 18:09:35 idk what zerocash is supposed to be, but the other comments on that reddit link suggest this guy has no idea what he's talking about 18:10:10 zerocash == zerocoin altcoin, no? 18:14:26 zerocash is what the new design based on the GGPR ZKP instead of the RSA accumulator is called. 18:15:23 (in particualr, it deserves the 'cash' name because its truly an anonymous ecash— the coins can spend their entire lives anonymous, including merging, splitting, and having arbritary value) 18:16:14 ok 18:16:39 what complexities for spending/verifying does it have? 18:16:49 somebody posted on bct a transcription of a matt green talk about it. http://0bin.net/paste/pJZ1Pk0qajZCxoYe#n+S+MhRf12Ru3EbBSPwNp542Nz+1JU/3L467AktQIu4= 18:17:00 (i moved it from pastebin to 0bin because pastebin was blocking my tor exit) 18:17:38 i'm only partway through it, it doesn't look nearly technical enough to answer any of our questions.. 18:21:36 sipa: it's the GGPR based ZKP meaning that the verifying complexity is very low... on the order of ~8 related pairing operations to verify a proof. a couple ms per transaction *(subject to some limitations, only being able to do 2 inputs/2 outputs at a time, just due to using a single canned program to verify) 18:22:02 proving (spending) is substantially more complex but they were talking about numbers in the 30 seconds range, so not completely unreasonable. 18:22:26 that comes close to being practical indeed 18:22:36 does it still have the crs problems? 18:22:51 Yep... the system needs a trusted initilization. 18:24:00 Coins in the system are just H(pubkey||H(value||nonce)) (or equal).. like the hash of a UTXO entry with a nonce. 18:25:15 To spend a coin you verify a proof that the coin you're spending is in a coins tree, and reveal its pubkey; You also provide the new coins you are creating (just their hashes), and verify that the values add up. You do this all under the ZKP system. 18:26:02 So under the ZKP you run a bunch of hash operations to verify the hash tree, verify the outputs, and two additions and three comparisons or something like that; so no much is done under the zkp. 18:26:32 The blockchain then adds the pubkey you spend to a search tree of coins that have been spent already, so you can't spend it again. 18:26:49 ok, nice. i guess that's what matt green means when he talks about "optimizing these proofs", just minimizing the amount that he actually has to zkp 18:26:55 pubkey is used to sign the transaction, etc. 18:27:45 well not just that, they've apparently implemented sha256 directly, by hand, as an arithemetic circuit over whatever field this thing is using (some 200 bit prime field)... in order to make the hash function proving as fast as possible. 18:28:20 it's a quite simple system, similar to petertodds MMR thinking; but you do the operations under ZKP. 18:28:31 (which makes it private, and also makes the proofs quite compact) 18:29:08 there is actually a bunch of yet unsolved implementation complexity remaining in turning it into a real system. 18:29:32 define "quite compact" ? 18:30:00 For example, if I pay you a zerocash coin— how the @#@$# do you know I did? I have to give you the nonce/value... or you have to given me the nonce/value so I can watch for it. Or we need a private messageing channel of some kind. 18:30:48 that's not really a problem, i think 18:31:00 just make it payment-protocol-only 18:32:44 sipa: 230 bytes for 80 bit security IIRC, I think 128 bit security makes them about 320 bytes. (this is just the proof, you'd also need to enumerate the pubkeys in use and the new coins you're creating— of course. 18:34:08 make 288 for 128. They're 8 G1 field elements and 1 G2 field element, they used a specially constructed curve where the G2 elements have a compact representation (instead of being 3000 bits long as is typical for pairing crypto G2 elements). 18:34:51 this is in the GGPR12 paper? ben-sasson cites a GGPR13 paper, is that the same one? 18:36:53 andytoshi: well the original GGPR paper was a 2012 one, but it's been enhanced a number of times. 18:37:12 the later papers make it more efficient but fundimentally the same. 18:37:28 ok, i'm sure i can track it down. i'm paper-backlogged at least 2 months right now anway 18:38:05 MoALTz has quit 18:38:28 I call the approach 'quadratic span/arithemetic circuts proven by verifying encrypted polynomial evaluation via pairing crypto with CRS keys' GGPR12 ... the paper is not super transparent in any case. 18:39:56 sipa: if you're interested in performance, this paper http://eprint.iacr.org/2013/879.pdf has a ton of performance info. It's talking about vntinyram which is an implementation of a general purpose computer as the circuit being verified (instead of something specialized like a bunch of hash operations). The proving times are irrelevant to zerocash, but the verifying times should be exactly the same— since its the same verification. 18:41:42 (the advantage of verifying a general purpose computer is that the program is an input, so you can use a single circuit for all tasks, and thus only have to do the CRS thing once.... also branchy programs are much more efficiently implemented that way than as a direct circuit. Alas, a bunch of hash operations is not very efficient to implement that way— a hand coded circuit for the hash is like 1000x less complex to prove than one ... 18:41:42 ... running in tinyram) 18:42:45 have you read the tinyram paper? do you get the impression that we could build it from the paper even tho they have not released source? 18:44:10 i think we could make a modified tinyram which had hash opcodes which baked to handwritten circuits. 18:45:15 hmm 18:45:37 i think handwritten circuits might break the verification model, unless you can prove them independently 18:45:52 should be surmountable at least 18:46:42 but this crs stuff really kills me. matt green says several times in this talk "we just need to find somebody we trust", but ofc that person also needs to be willing to be tortured to death because everybody knows he has money-printing keying material 18:47:24 andytoshi: it's probably easier to find someone who agrees to be just killed (instead of being potentially tortured to death) 18:48:33 find someone who's currently dying and release the public hashes when they're dead? 18:48:49 maybe someone who's already signed up for euthanasia 18:49:21 it's not a question of brain-forgetting. it's a question of definitely destroying the digital traces 18:49:33 it could be ceremonialized 18:49:42 "dead brainwallet" sounds secure enough to me 18:50:53 anyway all the best to this altcoin fellow. he will run into some pretty thorny problems but hopefully we can learn something from it 18:52:01 * nsh nods 18:55:09 while we are talking about snarking coins tho, last we talked about a snarkcoin it was suggested to snark-prove VALID(old chainstate, new chainstate, chainstate diff, [zk] transactions). there is redundancy there b/c the diff + old chainstate implies the new chainstate 18:55:32 ... gmaxwell said, while we're being redundant also snark-prove the chainstate at blockheight/2 18:55:44 then a new user can validate back to the genesis in logarithmic time 18:56:06 this also has the neat effect of encouraging all miners to be archival nodes 18:57:11 so two birds with one stone there. but i'm not clear on whether there are incentives then for miners to keep old blocks secret to try to exclude people from mining 18:57:28 justanotheruser has joined #bitcoin-wizards 18:57:28 justanotheruser has quit 18:57:28 justanotheruser has joined #bitcoin-wizards 18:57:49 probably not, information wants to be free so you'd need 100% of the miners to collude to manage this. 18:58:31 justanotheruser1 has joined #bitcoin-wizards 18:58:36 justanotheruser has quit 18:58:39 justanotheruser1 has quit 18:59:27 justanotheruser has joined #bitcoin-wizards 19:05:24 well torturned isn't really quite the risk, since if the 'trusted' party destroys the secret data then there is no issue. 19:05:53 but you're talking about a key that yields unbounded undetectable inflation. How can you really trust that they deleted it? 19:06:00 point is the torturer might not believe that it's been destroyed, that's the risk for the secret holder 19:06:08 yes 19:06:14 first time a crypto problem has been solved by the creative application of an electromagnetic pulse weapon? 19:06:20 that would be pretty fun 19:06:38 you'd still have to get the CRS out though 19:07:08 hard to isolate the system so that the CRS can emerge but no covert channels for the bad-data to escape 19:07:17 there will be some point where you need to trust something by fiat, no? you can't really be sure, say, the RNG hasn't been tampered with 19:07:46 or that there is no hidden copy of the secret 19:07:57 have anyone who wants to have randonmess sent it 19:08:23 make a giant document with a list of "name: " strings 19:09:25 add a randomly generated (r,s) signature, deterministically from what goes before 19:09:27 fractastical has joined #bitcoin-wizards 19:09:36 fractastical has quit 19:09:45 wait, just randomly i guess 19:10:04 now have a trusted computer generate a private key to sign it using that signature (ecdsa self-signing feature) 19:10:33 ^ how do you trust that computer for not having been tampered with? 19:11:16 (dat compiler attack in Reflections in trusting trust ) 19:11:48 depends on what you mean by tampering... if that includes a covert EM transmitter that sends the private key somewhere, sure 19:12:04 hey, they do exist :/ 19:13:15 maybe put the computer in a faraday cage at the time it crunhes, then EMP blast it from the inside 19:14:02 won't prevent tampering with the computing/RNG/whatevr, but at least the secret would be safe 19:15:08 ooh maybe simpler with shamir secret sharing the key? so that no-one has it full 19:16:40 michagogo|cloud has quit 19:16:58 michagogo|cloud has joined #bitcoin-wizards 19:16:58 michagogo|cloud has quit 19:16:58 michagogo|cloud has joined #bitcoin-wizards 19:18:48 nsh: yea, I though an RF shielded bunker which you then explode would be fun. 19:19:04 indeed :) 19:19:30 But even for that you'd want to implement the thing under multiparty computation and have the bunker just be one part of it— due to it being basically impossible to avoid having a leak of some kind. 19:19:55 right, forgetting-in-depth 19:20:05 justanotheruser has quit 19:20:48 doing it via MPC is I think still just pure theory wank. it would be a much harder computation than has ever been done in any kind of mpc. 19:20:56 The proving keys are rather enormous too. 19:21:15 (like hundreds of megabytes) (these are keys you only need for signing, and they're universal for the system) 19:21:42 wow we need to upgrad the internet then 19:21:50 what? why? 19:22:00 connections throughput 19:22:05 for what? 19:22:09 this would be a one-time thing not requiring networking necessary 19:22:12 *necessarily 19:22:17 keys that take up hundredes of megs? 19:22:35 (gah catastrophic amont of typos) 19:22:35 ::sigh:: you've misunderstood, darnit, and I tried to hard to be clear above. 19:22:36 c0rw1n, still in the context of initiating the common-reference-string of a zerocash-like system 19:23:02 They're just an initilization parameter of the system. They're the same for everyone. It's just additional size for wallet software. 19:23:12 (a forget-then-forget action, heh...) 19:23:19 ok ok, i got it 19:23:38 (i'm not smart enough to talk here dammit, why do i keep doing that) 19:23:42 But it contributes to making it infeasable to use MPC to compute the initilization because just a lot (in MPC terms) of data is involved. 19:24:04 what affects the scaling of the keys most? 19:24:30 c0rw1n: psh. Nah, if I were really excillently explaining it, it would be clear to even an idiot... and I doubt you're an idiot in any case. :) 19:24:44 nsh: proving key scales with the size of the circuit being proven. 19:24:53 right 19:25:09 justanotheruser has joined #bitcoin-wizards 19:25:32 justanotheruser has quit 19:25:33 is there a determinate lower bound for CRS length/complexity? 19:25:38 verifying key is a constant size, about 2kb (+/- depending on what precomputation you do to speed up verifying). Proofs are a constant size (couple hundred bytes). 19:26:22 nsh: the proving keys are basically two (IIRC) field elements per arithemetic gate in the circuit or something like that. 19:26:37 justanotheruser has joined #bitcoin-wizards 19:26:57 so for zerocash it's bounded by the minimum length of the accumulator functions? 19:27:12 (which i guess are still subject to some improvement?) 19:27:26 s/length of/length of circuits for/ 19:27:30 Right, which is bounded by how big the hashfunction is in the arithemetic circuit representation, and also by how deep a hash tree you need to prove. 19:27:57 mm 19:28:21 e.g. the 2 in 2 out circuit you'd normally need for spending verifies membership two 64 deep hashtrees (the two inputs), plus a couple hashes to verify the outputs. 19:28:54 does that mean that a zerocash initialization has an implicit 'lifespan' in terms of the tree depth, or can that be prevented from growing indefinitely through use? 19:28:57 I suggested they consider reducing the depth to 33 or something like that and then providing the upper parts of the tree publically, this would reduce the anonymity set size to one in 8 billion coins, but would make the proving a lot faster. 19:29:09 ah, right, it bounds the total coins 19:29:26 (not transactions) 19:29:37 nsh: kinda. though they reason that 2^64 is close enough to infinite. I had suggested instead that they just support having more tree outside of the proof, that removes the limit and potentially lets the proof be smaller. 19:29:48 * nsh nods 19:29:56 (mildly inflating the proof sizes) 19:30:15 * c0rw1n goes learn moar math 19:30:31 i wonder if matt can get funding to have students simulate all these tweak ramifications 19:30:46 (or another academic) 19:31:01 Mozilla is funding him on some other stuff. 19:31:24 * nsh nods 19:33:20 the having part of the tree outside of the proof also fits nicely with petertodd's thoughts on spending old coins just requiring longer signatures for the MMR stuf. 19:34:06 is that thinking explained on the list or a thread somewhere? 19:38:42 Luke-Jr has quit 19:38:55 Luke-Jr has joined #bitcoin-wizards 19:40:44 someplace! 19:40:52 I wrote up some summary of it someplace. 19:42:28 ah, lemme know if it turns up. got plenty to read in the meantime :) 19:47:58 c0rw1n has quit 20:20:02 c0rw1n has joined #bitcoin-wizards 20:25:06 c0rw1n_ has joined #bitcoin-wizards 20:25:09 rdymac has quit 20:27:06 rdymac_ has joined #bitcoin-wizards 20:27:06 rdymac_ is now known as rdymac 20:27:17 c0rw1n has quit 20:29:43 justanotheruser has quit 20:29:59 justanotheruser has joined #bitcoin-wizards 20:30:08 justanotheruser has quit 20:31:18 justanotheruser has joined #bitcoin-wizards 20:31:25 justanotheruser has quit 20:31:57 justanotheruser has joined #bitcoin-wizards 20:32:04 justanotheruser has quit 20:32:42 justanotheruser has joined #bitcoin-wizards 20:32:49 justanotheruser has quit 20:33:19 justanotheruser has joined #bitcoin-wizards 20:42:39 e4xit has quit 20:54:05 c0rw1n_ has quit 20:54:25 adam3us has joined #bitcoin-wizards 21:08:47 tromp has left #bitcoin-wizards 21:21:05 justanotheruser1 has joined #bitcoin-wizards 21:21:11 justanotheruser1 has quit 21:21:19 justanotheruser has quit 21:21:54 justanotheruser has joined #bitcoin-wizards 21:22:01 justanotheruser has quit 21:23:14 justanotheruser has joined #bitcoin-wizards 21:23:21 justanotheruser has quit 21:23:44 justanotheruser has joined #bitcoin-wizards 21:23:51 justanotheruser has quit 21:24:19 justanotheruser has joined #bitcoin-wizards 21:24:26 justanotheruser has quit 21:25:35 justanotheruser has joined #bitcoin-wizards 21:29:47 adam3us has quit 21:40:17 go1111111 has joined #bitcoin-wizards 21:53:50 justanotheruser has quit 21:53:59 justanotheruser has joined #bitcoin-wizards 21:54:05 justanotheruser has quit 21:55:03 justanotheruser has joined #bitcoin-wizards 21:55:11 justanotheruser has quit 21:56:11 justanotheruser has joined #bitcoin-wizards 21:56:18 justanotheruser has quit 21:57:56 justanotheruser has joined #bitcoin-wizards 22:02:40 justanotheruser has quit 22:08:49 jtimon has quit 22:12:09 <_ingsoc> _ingsoc has quit 22:14:08 <_ingsoc> _ingsoc has joined #bitcoin-wizards 22:15:22 justanotheruser has joined #bitcoin-wizards 22:15:29 justanotheruser has quit 22:15:55 justanotheruser has joined #bitcoin-wizards 22:16:02 justanotheruser has quit 22:16:32 justanotheruser has joined #bitcoin-wizards 22:16:39 justanotheruser has quit 22:17:41 justanotheruser has joined #bitcoin-wizards 22:17:48 justanotheruser has quit 22:18:58 justanotheruser has joined #bitcoin-wizards 22:19:04 * nsh pokes justanotheruser's client until it stops that 22:19:05 justanotheruser has quit 22:20:06 justanotheruser has joined #bitcoin-wizards 22:20:13 justanotheruser has quit 22:21:04 justanotheruser has joined #bitcoin-wizards 22:21:11 justanotheruser has quit 22:21:52 justanotheruser has joined #bitcoin-wizards 22:21:59 justanotheruser has quit 22:22:44 justanotheruser has joined #bitcoin-wizards 22:22:51 justanotheruser has quit 22:23:20 justanotheruser has joined #bitcoin-wizards 22:23:27 justanotheruser has quit 22:24:12 justanotheruser has joined #bitcoin-wizards 22:24:21 justanotheruser has quit 22:25:29 justanotheruser has joined #bitcoin-wizards 22:31:16 <[\\\]> [\\\] has quit 22:34:51 jcrubino has joined #bitcoin-wizards 22:39:03 justanotheruser has quit 22:41:18 Are multisig addresses just hashes of the concatenation of the public keys of potential signatories? 22:47:36 e4xit has joined #bitcoin-wizards 22:48:31 no 22:48:37 there are no 'multisig addresses' 22:48:54 there are P2SH addresses, which are the hash of a subscript 22:49:16 if that subscript is something that enforces signatures from multiple keys, it's a multisig destination 22:49:25 but you can't tell from just the address 22:49:30 (nor should you) 22:54:15 e4xit has quit 22:55:52 I see. So the subscript itself specifies that it requires multiple public keys signing in order to conduct a transaction. 22:59:08 indeed