API tools faq
paste
Advertisement
Guest User

Adam Back Cryptonote

a guest
Jun 30th, 2014
1,535
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.65 KB | None | 0 0
raw download clone embed print report
  1. dponticelli: rdponticelli has left #bitcoin-wizards
  2. 00:57:59 HM: HM is now known as HM2
  3. 01:26:12 irc.freenode.net: Disconnected from irc.freenode.net (Connection reset by peer)
  4. 01:42:58 asimov.freenode.net: topic is: This channel is not about Bitcoin today | "Bitcoin research, hardfork wishlist, ideas for the future - see also: https://en.bitcoin.it/wiki/Hardfork_Wishlist https://en.bitcoin.it/wiki/User:Gmaxwell/alt_ideas. This channel is logged at http://download.wpsoftware.net/bitcoin/wizards/. For questions about the logs talk to andytoshi."
  5. 01:42:58 asimov.freenode.net: Users on #bitcoin-wizards: andytoshi-logbot tromp___ rdymac sipa situation blumenkraft Luke-Jr mr_burdell antephialtic [\\\] jtimon MoALTz Krellan_ lnovy postpre TheSeven roidster artifexd jrmithdobbs adam3us waxwing Burrito NuKidOnTheBlock tacotime justusranvier Dyaheon kinlo helo Guest87860 Manfred_Karrer mappum Emcy EasyAt pajarillo UukGoblin c0rw1n_ p11 michagogo|cloud CodeShark harrow spinza c--O-O gavinandresen e4xit koval cajg shinybro nOgAnOo stonecoldpat
  6. 01:42:58 asimov.freenode.net: Users on #bitcoin-wizards: airbreather area flammit Snowleaksange jgarzik lechuga_ samson_ HM2 sl01 just[dead] larslarsen ageis shadders Ademan Muis ebfull poggy iddo trn Sorcier_FXK Hunger- ryan-c d34th keus tromp__ dogeplops emsid [-krypto-] Krellan dansmith_btc nikitab weex lianj nanotube Sangheili asoltys warren imsaguy jcorgan copumpkin BlueMatt kaptah wumpus zacm gribble gmaxwell so crucif0rm petertodd heakins @ChanServ comboy Ryan52 hno mmozeiko Alanius
  7. 01:42:58 asimov.freenode.net: Users on #bitcoin-wizards: tucenaber rs0 a5m0 azariah4 pigeons forrestv amiller matrixfox realazthat epscy roasbeef Anduck phantomcircuit jron digitalmagus8 espes__ perrier_ Graet otoburb Fistful_of_Coins kanzure Edulix nezZario Logicwax bobke ewust sbp maaku optimator_ midnightmagic grzs mikalv cfields
  8. 02:52:21 amiller: i'm really glad i wrote my authenticated data structure paper so that i can feel justified in skipping massive details in writing this stuff up
  9. 02:58:13 amiller: i have a sketch of a writeup here: https://docs.google.com/document/d/12xl5eRtoE0uISUX188jnmGSb-bwG4yXByRBbdr2r97A/edit
  10. 02:58:57 amiller: it includes a security definition and pseudocode but i haven't finished the probability analysis, i think i've set it up so it's a straight shot though
  11. 04:09:43 just[dead]: just[dead] is now known as justanotheruser
  12. 04:51:27 [BNC]dansmith: [BNC]dansmith is now known as dansmith_btc
  13. 04:58:37 maaku: amiller: "Hash-Value Highway" prefers poetic meaning over reiteration
  14. 04:59:21 amiller: yeah, hash value highway is a way better name :x
  15. 06:28:29 kaptah: kaptah is now known as Guest62255
  16. 08:14:49 justanotheruser: Sorry if this is the wrong place to ask, but is Quarks PoW good for hashcash since it is somewhat more difficult to ASIC it, and (I assume) an ASIC would only be marginally more effecient?
  17. 08:16:29 gmaxwell: jesus not at all, an asic would be considerably more efficient, it would just have moderately higher NRE.
  18. 08:18:09 gmaxwell: justanotheruser: sha256 asics are primarily power density limited, packing around a bunch of distinct circuits should get nice density and— of course— power consumption.
  19. 08:18:24 gmaxwell: The need to design efficient circuits for several functions might make a monopoly more likely.
  20. 12:48:43 adam3us: btw bytecoin people answered my email... the ring sig is implemented in the coin bytecoin.org... not sure why they have no bct mentions under "cryptonote"
  21. 13:35:54 jgarzik: adam3us, I presume bytecoin.org != ByteCoin, the early forum denizen
  22. 13:36:00 jgarzik: ?
  23. 13:44:50 adam3us: jgarzik: i dont know. i asked them, not got 2nd reply yet. the crypto seems sane. it uses stealth address also (which people say bytecoin invented). the ring signature between coins of same amount is interesting, and they can still prevent double spend despite the sender ambiguity that creates.
  24. 13:46:13 adam3us: jgarzik: its using ec schnorr (EdDSA) also they simplified the smart-contract a lot, maybe to avoid linking via contract. i didnt understand what remains possible in their stripped down contract language.
  25. 13:47:58 jgarzik: (not directly related, but thought about it, reading bytecoin.org) It would be nice if there was some good academic study about block times versus orphans, as a blockchain scales up to higher transaction volumes.
  26. 13:48:20 jgarzik: I see all these alt-coins with smaller block time, seemingly with zero thought beyond "it's faster than bitcoin, and I'm impatient!"
  27. 13:49:09 jgarzik: off-the-cuff numbers in the past seem to indicate 60-120 seconds is the bare minimum to avoid staggering orphan rates at higher TX rates, but hey... it's an alt-coin. Let them shoot themselves in the foot, I guess.
  28. 13:50:14 Guest62255: Guest62255 is now known as kaptah
  29. 13:50:42 adam3us: jgarzik: the paper also mentions a different PoW, however the paper section is incomplete. i guess one could look at the code :/
  30. 13:51:27 jgarzik: Yeah, I gathered as much from the summary in the upper-left corner of bytecoin.org.
  31. 13:51:48 jgarzik: ByteCoin was a pretty smart fellow, so it's worth keeping on the radar
  32. 13:55:07 adam3us: jgarzik: ring sig on a same-valued coin set is kind of interesting and a new idea afaik. but then everyone has to aim to keep their change in similar valued amounts or there wont be any coins to mix with. eg you'd have to do like physical cash keep units in same power 2 denominations or something
  33. 13:55:55 jgarzik: adam3us, indeed -- though TBH I was thinking that storing coins in predictable denominations was a good idea, for another project I had in mind
  34. 13:56:36 jgarzik: adam3us, This $project would take its inputs (deposits), periodically defrag them into buckets, where each bucket only contains coins of a single value (==1, ==5, etc.)
  35. 13:57:32 jgarzik: adam3us, highly specific amounts inevitably act as sentinels, making tracking easier. Converging on commonly used values helped one hide in the noise, increasing privacy.
  36. 13:57:37 jgarzik: I hope.
  37. 13:57:59 jgarzik: "highly specific" meaning "coffee for 0.123132113" rather than "0.1"
  38. 14:00:10 adam3us: jgarzik: it does reduce linking slightly. but it has a cost - to store your coins in those power2 amounts takes space. unfortunatey the homomorphicaly encrypted coins get big 1kB per value due to the range proof. otherwise one could do that and lose the value sentinel issue. but unencrypted values are also 8bytes. so they're 128x bigger. i wonder how many 8byte (64bit) values you have to use incuding change rebalancing for typical bit
  39. 14:01:08 adam3us: jgarzik: of course there is already space taken by change amounts arising from use; but rebalancing your coins may take some new work (eg split $2 into 2x $1 or swap).
  40. 15:09:53 Luke-Jr: we were going to switch bitcoin to display base phi, right?
  41. 15:15:47 gavinandresen_: Luke-Jr: not until next phi-day
  42. 15:16:20 jgarzik: April 1 fast approaches... time to merge that tonal patch
  43. 15:26:11 Luke-Jr: I think I need to rebase it first
  44. 15:26:30 Luke-Jr: once the comma separaters get merged
  45. 16:16:02 phantomcircuit: heh who generated the contributors list for 0.9 ?
  46. 16:16:05 phantomcircuit: im listed twice
  47. 16:16:47 michagogo|cloud: phantomcircuit: Yeah, cfields is there twice too, both as his name and as theuni
  48. 16:17:00 michagogo|cloud: I think it's taken from git log or something
  49. 16:17:17 michagogo|cloud: I was in there twice too, as Micha and Michagogo
  50. 16:17:59 wumpus: if you don't want to be listed twice use consistent git credentials
  51. 16:19:20 phantomcircuit: wumpus, so much effort
  52. 16:20:22 Luke-Jr: lol
  53. 16:20:45 Luke-Jr: phantomcircuit: alternatively, use a slightly different email every time, then someone is bound to notice..
  54. 16:20:46 wumpus: (alternatively you could have signalled it before tagging final and I'd have manually removed the duplicate)
  55. 16:21:04 Luke-Jr: wumpus: cfields/theuni dupe was definitely reported before final :P
  56. 16:21:22 wumpus: Luke-Jr: not in a way that doesn't get lost...
  57. 16:22:10 wumpus: in any case if this is really such a big deal to anyone I'm happy to make you 'contributors list maintainer' for next release
  58. 16:25:10 jgarzik: wumpus, +1 hah
  59. 16:27:38 michagogo|cloud: 18:20:46 (alternatively you could have signalled it before tagging final and I'd have manually removed the duplicate) <-- like I did
  60. 16:27:56 michagogo|cloud: hence the "was"
  61. 16:28:35 wumpus: yesyes it's ok...
  62. 16:29:03 michagogo|cloud: Luke-Jr: maybe set your email address to, say, address+1@gmail.com and set up a commit hook to increment the number each time? :P
  63. 16:30:47 wumpus: you can feel so much more important with your name in the list zillions of times
  64. 16:48:24 phantomcircuit: wumpus, hehe
  65. 18:51:18 justanotheruser: gmaxwell: In that case, is hashcash pretty much not able to be made safe?
  66. 18:52:44 maaku: justanotheruser: safe against what? ASIC-friendliness makes hashcash safer
  67. 18:52:49 maaku: for bitcoin's use case at least
  68. 18:55:21 justanotheruser: maaku: DoS prevention
  69. 18:56:41 Luke-Jr: justanotheruser: how do you figure?
  70. 18:56:55 justanotheruser: Luke-Jr: because someone with an ASIC can spam easily
  71. 18:57:06 Luke-Jr: justanotheruser: only if your proof-of-work is too low
  72. 18:57:08 justanotheruser: Or even a GPU in some cases
  73. 18:57:47 Dyaheon: spam what exactly?
  74. 18:57:49 justanotheruser: Luke-Jr: Well if it's so high that it protects against ASICs then those with GPUs will need to wait days before sending a message
  75. 18:58:06 justanotheruser: *CPUs
  76. 18:59:13 justanotheruser: Dyaheon: perhaps email spam or any spam of that type. In my mind I'm thinking of Bitmessage
  77. 18:59:26 Dyaheon: ah right
  78. 19:05:23 Luke-Jr: justanotheruser: so have an ASIC
  79. 19:07:51 justanotheruser: Luke-Jr: heh, spending hundreds of dollars to email people
  80. 19:08:12 Luke-Jr: justanotheruser: they'll get cheaper
  81. 19:08:46 justanotheruser: Luke-Jr: I don't think that's the best solution
  82. 19:08:52 justanotheruser: PoS probably is
  83. 19:11:37 Luke-Jr: justanotheruser: chips currently have a HUGE markup because of bitcoin
  84. 19:12:45 justanotheruser: Luke-Jr: So maybe competition will make it work
  85. 19:13:06 justanotheruser: I still think PoS might be better, it is just tougher to implement and has some problems itself
  86. 19:13:30 Luke-Jr: PoS doesn't even make sense here
  87. 19:13:33 helo: ^
  88. 19:13:40 Luke-Jr: unless you just mean buying an email "stamp"
  89. 19:14:28 justanotheruser: Luke-Jr: Why not? You could have a certain coin/day (as opposed to coin days)
  90. 19:14:59 Luke-Jr: I'll just use the same coin(s) for every email I spam!
  91. 19:15:00 justanotheruser: If your stake expires, make a tx
  92. 19:15:46 justanotheruser: Luke-Jr: That is one of the problems, you'll somehow have to make the stake dwindle
  93. 19:15:49 phantomcircuit: justanotheruser, a very simple pow would work to largely eliminate spam
  94. 19:15:52 phantomcircuit: but nobody uses it
  95. 19:16:01 justanotheruser: phantomcircuit: bitmessage uses it
  96. 19:16:05 justanotheruser: and they got attacked by a GPU
  97. 19:16:13 phantomcircuit: nobody uses it on the email provider side
  98. 19:16:46 phantomcircuit: justanotheruser, the idea is that you pay someone else to do the pow for you
  99. 19:16:49 justanotheruser: phantomcircuit: nope. Maybe because for it to work in the long term, everyone would need to buy email ASICs
  100. 19:17:05 justanotheruser: phantomcircuit: Oh I see
  101. 19:17:12 phantomcircuit: which could be done on a sliding scale
  102. 19:17:22 phantomcircuit: spammers would pay 0.000000001 usd per email
  103. 19:17:29 phantomcircuit: for a harder pow
  104. 19:17:37 phantomcircuit: legitimate people would pay 0.01 usd per email
  105. 19:18:02 justanotheruser: I think psychologically, people don't want to pay for email.
  106. 19:18:11 phantomcircuit: it's much cleaner if instead of a pow you're actually exchanging money but that's hard to do at micro transaction scales
  107. 19:18:20 justanotheruser: I think it doesn't really matter to them, but they still don't want to do it
  108. 19:18:38 phantomcircuit: justanotheruser, i cant honestly imagine there is anybody who will care about paying a tiny tiny fee for "priority" email
  109. 19:20:00 justanotheruser: phantomcircuit: I can. In the beginning at least, those requiring you to pay to email them would probably be called assholes by those that didn't understand it
  110. 19:21:32 phantomcircuit: justanotheruser, that's not how it works
  111. 19:21:50 phantomcircuit: you simply include whether the email included a payment in the spam heuristics
  112. 19:22:34 justanotheruser: phantomcircuit: So people would assume their emails weren't flagged as spam and by default not include a payment?
  113. 19:23:06 phantomcircuit: except for people who wanted to almost guarantee their email was delivered
  114. 19:23:18 phantomcircuit: which i bet is a much larger % of people than you'd think
  115. 19:24:22 justanotheruser: phantomcircuit: I agree hashcash would help, not sure to what extent though
  116. 19:26:02 helo: * helo gets maybe 5 spam per year
  117. 19:26:31 Luke-Jr: * Luke-Jr wonders how many legit emails helo misses per year
  118. 19:26:32 helo: and my email address has been all over the net for ~10 years
  119. 19:27:20 justanotheruser: All my spam is from places I have an account on
  120. 19:27:53 helo: i've never noticed anything important in my spam folder, at least. gmail's spam detection is pretty good.
  121. 19:30:03 helo: looks like it catches about 10 spam per day
  122. 19:31:21 phantomcircuit: 10 o.o
  123. 19:31:24 phantomcircuit: i get like
  124. 19:31:33 phantomcircuit: 800 spam emails per day
  125. 19:47:09 jcorgan: i just realized i've had one email address for 20 years
  126. 19:48:44 Luke-Jr: lol
  127. 19:49:36 Luke-Jr: I'm only at 9 years :x
  128. 19:59:24 nsh_: nsh_ is now known as nsh
  129. 20:06:10 midnightmagic: * midnightmagic checks.
  130. 20:06:41 midnightmagic: boo, only 15 years here.
  131. 20:36:25 spin123456: spin123456 is now known as spinza
  132. 20:41:07 realazthat: realazthat is now known as rudeasthat
  133. 20:43:30 rudeasthat: rudeasthat is now known as realazthat
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!