BingoBoingo: ty trinque
phf: asciilifeform: https://zeptobars.com/en/read/baikal-t1-mips-Imagination-Technologies-P5600-Warrior
ben_vulpes: http://btcbase.org/log/2017-03-01#1620306 << to round the thread out, i also enjoy veen's company tremendously
a111: Logged on 2017-03-01 00:10 ben_vulpes: not the pipes necessarily, but the garden; dog; wife; child; engines of my own...
ben_vulpes: whoa pretty phf
ben_vulpes: > we love microchips - that's why we boil them in acid
ben_vulpes: http://trilema.com/2017/towards-a-better-hash-function/#comment-121460 << bug in screw examples?
mircea_popescu: ima look into it.
shinohai: http://archive.is/Twxkq <<< CoinDesk gets new CEO, still no plans to publish newsworthy articles however.
deedbot: http://phuctor.nosuchlabs.com/gpgkey/2C3FC522334163C0B6CF55BAF32AF6EB7DB80ECA003153CA2D167C84C9B4DC42 << Recent Phuctorings. - Phuctored: 1137...2399 divides RSA Moduli belonging to '18.104.22.168 (ssh-rsa key from 22.214.171.124 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown CN)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/B079AB36D0E866779596469C3FAEBEF7B8C64D767B5C70392CA63F69F82FA1EC << Recent Phuctorings. - Phuctored: 1090...3007 divides RSA Moduli belonging to '126.96.36.199 (ssh-rsa key from 188.8.131.52 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown CN)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/2C3FC522334163C0B6CF55BAF32AF6EB7DB80ECA003153CA2D167C84C9B4DC42 << Recent Phuctorings. - Phuctored: 1090...3007 divides RSA Moduli belonging to '184.108.40.206 (ssh-rsa key from 220.127.116.11 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown CN)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/B079AB36D0E866779596469C3FAEBEF7B8C64D767B5C70392CA63F69F82FA1EC << Recent Phuctorings. - Phuctored: 1177...2589 divides RSA Moduli belonging to '18.104.22.168 (ssh-rsa key from 22.214.171.124 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown CN)
mircea_popescu: where did they get this "ceo" from, was he the previous VP of ceosunlimitedbocavistatexas.tripod.com ?
mircea_popescu likes reading the foundation reports.
shinohai: Previous ceo wasn't bringing in enough shillbux.
mircea_popescu: wow check it out, a quarter of the baikal chip's unused.
mircea_popescu: this looks entirely very promising. where's my winnings alf ?
asciilifeform: actually this is a mega-snoar, looks like the makers used 100% western toolchain, even macrocells
asciilifeform: even so i'd buy one
asciilifeform: (but fat chance of finding!)
asciilifeform: oh hey lol they licensed the core!
mircea_popescu: there's nothing "Western" about pn np pn stranding.
mircea_popescu: but in other western technologies, http://68.media.tumblr.com/d10a3976994cae7727aeb3127572ad86/tumblr_mmbrdcBrgU1rgefeko1_1280.jpg
mircea_popescu: no this is how it goes.
asciilifeform: in yet-other western tech, https://archive.is/YcSdC << 'A mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems... ... A source familiar with the case at Apple told Ars that the compromised firmware affected servers in Apple's design lab, and not active Siri servers. The firmware, according to the source, was downloaded directly from Supermicro's
asciilifeform: ...Supermicro's support site—and that firmware is still hosted there.'
asciilifeform: re upstack -- i actually have here an earlier mips from imagination co. -- it is notbad.jpg (tested back in the day as potential pogo replacement)
asciilifeform: from shinohai's link , 'Microsoft, Intel, banks form Enterprise Ethereum blockchain alliance'
mircea_popescu: eh fiss.
shinohai: What could possibly go wrong?
mircea_popescu: they've been doing this whole "add logos to a printed page" thing for years now, it did 0.
asciilifeform: https://zeptobars.com/en/read/Espressif-ESP8266-wifi-serial-rs232-ESP8089-IoT << oh hey
asciilifeform: this d00d never rests
asciilifeform: 1000s of die pr0nz
mircea_popescu: he's pretty cool isn't he.
mircea_popescu: someone invite him over!
asciilifeform: so far mircea_popescu is the people-bringin' champ
asciilifeform: ( asciilifeform batting 0 / N to date )
mircea_popescu: i don't have an email!
asciilifeform: maybe hanbot ?
deedbot: http://phuctor.nosuchlabs.com/gpgkey/FE6946A3BC2C63FF4316CD566875F2A65BCBFCF5FF6BB420A3F08B6FBA5EE0A0 << Recent Phuctorings. - Phuctored: 1351...3347 divides RSA Moduli belonging to '126.96.36.199 (ssh-rsa key from 188.8.131.52 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (mail.mnl-latvia.lv. LV 099)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/FE6946A3BC2C63FF4316CD566875F2A65BCBFCF5FF6BB420A3F08B6FBA5EE0A0 << Recent Phuctorings. - Phuctored: 1614...4133 divides RSA Moduli belonging to '184.108.40.206 (ssh-rsa key from 220.127.116.11 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (mail.mnl-latvia.lv. LV 099)
asciilifeform: mircea_popescu, mod6 , et al : meanwhile, http://nosuchlabs.com/pub/with_cache_yet_moar.txt
mircea_popescu: sorry alf i'm busy chatting up this engineering 19yo.
asciilifeform: (subj can wait for eons, really, it's a running log of crapolade timer)
mircea_popescu: well thanks for the highlight then :D\
mircea_popescu: !!rate omraphantom 1 kinkster engineer teenager or something.
mircea_popescu: !!v 83F8592A75BE0CEAA1DDE5BDE9B3DB2F8C280413A0E2F5DC82A45684A4D0DF34
deedbot: mircea_popescu rated omraphantom 1 << kinkster engineer teenager or something.
mircea_popescu: hey BingoBoingo were you in georgia ?
asciilifeform: iirc BingoBoingo is normally found in missouri
mircea_popescu: o was he ?
asciilifeform: aha, unless recently moved
asciilifeform: hello omraphantom
asciilifeform: mircea_popescu: friend of yours from meatspace ?
mircea_popescu: showed up asking questions.
pete_dushenski just invited zeptobars over :)
mircea_popescu: whoss ah the chip pornographer ? nice.
pete_dushenski: lol yup
pete_dushenski: probably a slightly older kinkster engineer than omraphantom
omraphantom: i'm not reallly an engineer yet lol
pete_dushenski: what's the attrition rate at your school ?
omraphantom: starting in spring spent to long on that souls searching wtf will do phase lol
omraphantom: i'm going to be 20 when i start now flm
omraphantom: no what not spring
omraphantom: when i can't think straight to gewt the seasons right >.<
shinohai waves to pete_dushenski
pete_dushenski: omraphantom: aha just getting rolling then. eh no rush to start eng school. a chunk of the guys here started but didn't even finish
pete_dushenski salutes back to shinohai!
omraphantom: i might start and end up pursuing a different degree
omraphantom: but for now i need to focus on the general education credits
pete_dushenski: you'd do worse than adding some #trilema logs to that general diet
omraphantom: well 4 year degree general credits are needed
omraphantom: but at the same time i'm not saying i won't be doing my course credits
pete_dushenski: sure. and where'd you hear about this channel ? we need some more market research metrics
thestringpuller: w/ind 20
omraphantom: i heard of it from mircea
pete_dushenski: o cool
omraphantom: they have a carpenter friend that was in my state i should meet apparently. i have a furniture blueprint just zero skills lol
pete_dushenski: speaking of wences, he was still pretending to be a person as recently as july 2015 (http://www.contravex.com/2015/07/21/wences-whacked-xapo-zapped/) though can't say i've heard a meaningful peep from him or about him since aside from 'swiss kyc blahblah' nothing-on-a-stick.
omraphantom: me bored with too much time = crazy idea written out with no way to make it real
pete_dushenski: omraphantom: i'm sure BingoBoingo can mentor you on carpentry but he's a couple states away in mo.
pete_dushenski: online learning though! it's the future.
omraphantom: i've looked into crypto recently i've been poking at this key stuff last couple days been learning a lot
pete_dushenski: speaking of learning, "Core exists as dictatorship and tyranny, upholding speech control, colluding to attack people with different views, has become the biggest threat of the long-term development of Bitcoin". ~bitmain miner guy (http://imgur.com/a/mhEEd)
danielpbarron: !!v 4BD380C65B267722D29CD0A765BAD340DEBF6ACDCE2B8F1337BA7FB9F6142FCF
deedbot: danielpbarron rated omraphantom 1 << euloran bundle maker
danielpbarron: !!v DAA04E744674D33C096C3D91D86C12CDCD4CA9DF3A57AEFCC966CE993734ADC4
deedbot: danielpbarron rated Aphex_ 1 << euloran bundle maker
ben_vulpes: mircea_popescu: tried again, with possibly adequate specificity this time!
danielpbarron: re: ratings above, both were very enthusiastic in performing some tasks for me in Eulora. very helpful, would hire again
shinohai: https://twitter.com/gnupg/status/836996411061387266 <<< in gnupg lulz
asciilifeform: '@aeliasen @gnupg for fingerprints collisions are not interesting. There is no known preimage attack for SHA1. Keep calm and use OpenPGP.' << lel
mircea_popescu: omraphantom yeah, turns out he's from missouri though ;/
mircea_popescu: ben_vulpes lessee!
mircea_popescu: right you are, i updarted it.
asciilifeform has been thinking very seriously about how to make http://trilema.com/2016/the-necessary-prerequisite-for-any-change-to-the-bitcoin-protocol correctly; and is quite bugged by the fact that ~verification~ is O(N)
asciilifeform: eventually (given death of moore's law, already long ago) the minimal practical time will exceed the block interval, and then mega-headache.
asciilifeform: in fact verification from-genesis is O(N^2) !
mircea_popescu: there is that.
asciilifeform: actually worse than N^2
mircea_popescu: however, if you already did the work, what is the problem ?
asciilifeform: if you already live on mars, there is no problem in flying to mars, yes.
mircea_popescu: but this is what the nodes ~are selling~. the o(n^e ness)
asciilifeform: but if standing up a brand-new node from scratch, with full verification (rather than dumb bitwise copy of existing node) takes a century...
mircea_popescu: so ?
asciilifeform: what's that
mircea_popescu: cost of doing business.
mircea_popescu: "mining a block takes a century" currently, it's no bug.
asciilifeform: an inevitable visaification, The Guild of The Three Nodes, etc, at t-->inf, is a downer.
asciilifeform: mining != verification.
mircea_popescu: understand, there's no way to at the same time give nodes marketable data AND make it so any redditard can just pop a node
mircea_popescu: these are strictly contradictory constraints.
asciilifeform: i posted one just the other day (granted it wasn't 'any redditard', but wotronic)
mircea_popescu: if it's valuable then not everyone can do it and vice-versa.
asciilifeform: anyone can bang on a keyboard, some folx still get paid for it, others -- not.
asciilifeform: circus bear -- can bang.
mircea_popescu: this is an entirely ridiculous misrepresentation of the issue
mircea_popescu: anyone can run current through wires. nmot what we're discussing.
mircea_popescu: turn on your livingroom lights, pretend you're "running a node". exactly the same as "bang on keyboard, pretend you're writing"
asciilifeform: as i currently understand it, mircea_popescu's algo had two major effects -- a) nodes have something valuable to sell b) all users are protocolically forced to retain all blocks
mircea_popescu: no, but all nodes are.
mircea_popescu: users are forced to nothing.
asciilifeform: users who want to verify blocks
asciilifeform: that is to say, all sane people
mircea_popescu: this is nodes.
asciilifeform: gotta store.
asciilifeform: what is 'user' distinct from 'node operator' ?
asciilifeform: a goxhead ?
mircea_popescu: "users who verify blocks" = nodes ; " monkeys who shave and drive cars " = people
mircea_popescu: user in general is "tx author".
asciilifeform: tx author who has no node of his own == shaved monkey
mircea_popescu: besides the point.
asciilifeform: O(N^2) verification of each incoming block, is even worse of a 'heat death' rate than of traditional bitcoin
asciilifeform: (which is closer to O(NlogN)
mircea_popescu: he who knows a secret key is a bitcoin user ; he who can say if ia signed transaction is valid or invalid is a bitcoin node ; he who can include a bitcoin transaction in a block is a bitcoin miner.
mircea_popescu: asciilifeform there is that.
asciilifeform: convergence to handful of massive google-like datacenters for ~nodes~ -- not miners, but also nodes -- is inherently usgistic imho.
asciilifeform: this is an open problem, because 'miners don't need the blocks' is also imho intolerable.
mircea_popescu: im not saying it's closed by any means.
asciilifeform: it needs a fundamental breakthrough, i suspect.
mircea_popescu: yeah well...
asciilifeform: didn't mircea_popescu find a new chocolate icecream shop! he oughta go there, eat some, come back with theorem.
mircea_popescu: im gonna be off in a minute, fucking a new slut.
asciilifeform: maybe as good!
mircea_popescu: not usually.
asciilifeform: but before he does:
mircea_popescu: half the reason i'm a shitty scientist : unlike the good ones, i get laid.
asciilifeform: say the miner has to find a string in an old block , as part of mining, that fits a nonce-derived pattern.
asciilifeform: for sake of argument, an F, such that a substring S of old block B makes F(nonce + B) = true.
asciilifeform: this is verifiable in O(1)
asciilifeform: but requires access to all old blocks, to search for.
mircea_popescu: why ? statistically, only to a fraction.
mircea_popescu: you gave away your wife.
asciilifeform: depending on how you make F, he does need to examine all blocks.
mircea_popescu: this can not be guaranteed.
asciilifeform: (and even then may turn up short, and have to go back for a new nonce)
mircea_popescu: yes, but moreover he'll just keep a few blocks and go for new nonces more often
asciilifeform: it can be made as painful as the hashing is to begin with
asciilifeform: in the same way.
mircea_popescu: in which case it is also no longer distinct.
asciilifeform: how's that
mircea_popescu: cuz it'll be == the hashing if it's as hard as the hashing.
mircea_popescu: you can't turn out your wife without being married to a whore, alfie.
mircea_popescu: either you cheat or you don't.
asciilifeform: the cheat -- works. say your hash is a keccak that eats 512b blocks and produces 512b block.
asciilifeform: the nonce is Q. miner has to now find an old block that , treated with the above walk, contains F(Q). and point to the block # and the requisite offset .
mircea_popescu: cheaper to spin the nonces.
asciilifeform: open problem. betcha one can find the pill for this.,
mircea_popescu: i dunno. the further you go prng-away from the "quote the nth line in the log", the closer you getr to "my solution to mining is mining+mining"
asciilifeform: (for instance, can demand that the miner find a Q that depends only on the parts of the block he cannot easily spin.)
asciilifeform: O(N^2) verification suxxx.
mircea_popescu: i have no argument with that.
asciilifeform: gotta find a finesse around it.
asciilifeform: or you get an algae globe
mircea_popescu: but just because we're all going to die it does not follow we should go around on stilts and weird beak masks either
asciilifeform: or whatever that toy is called
asciilifeform: the one that blooms for a bit, and dies.
asciilifeform adjusts beak mask.
mircea_popescu: if you ever get kicked out of engineering tower should prolly try out the arts, become draughtsman
asciilifeform goes into the pit, bbl.
asciilifeform: ooook try this on for size : suppose fixed-width TX (as discussed earlier.) T(N) is the Nth tx, T(0) is the first tx in genesis block, etc. Tmax is the last tx in the currentheightblock.
asciilifeform: T(N) is an O(1) fetch, as spoken of earlier.
asciilifeform: say every new block , to be valid, must contain a tx-sized slot (not covered by the nonce hash, but see below) that is computed as follows:
asciilifeform: T( nonce mod Tmax ) xor T ( H(nonce) mod Tmax ) xor T ( H(H(nonce)) mod Tmax ).
asciilifeform: there is no way to practically compute this value without having a copy of the blockchain. and it also ends up being luby-transformable into any one of the 3 old tx if you have the other 2. a kind of perpetual redundancy in the storage .
asciilifeform: this also entirely annihilates the possibility that a future enemy could monkey with contents of old blocks by finding hash collisions.
asciilifeform: theoretically it also means that a tx, as time goes to infinity, will have infinite number of confirmations...
asciilifeform: (statistically speaking, any sequence of blocks, will eventually end up luby-coded into future blocks ! )
asciilifeform: in above example, the 'arity' of the xor is 3. and mircea_popescu will probably answer, when he comes back , that evil miner will waltz the nonce until the 3 necessary tx are the ones that fit in his pocket. but arity doesn't have to be 3.
deedbot: http://trilema.com/2017/the-story-of-the-scared-slut/ << Trilema - The Story of the scared slut.
asciilifeform: what remains is to compute the minimal arity for the attack to be impractical. and prove said fact.
asciilifeform: (either this, or simply replace 'nonce' in the equation, with a Z, that is equal to a hash over the ~transactions in the candidate block~, considerably more painful to waltz than the nonce )
asciilifeform: now challenge for the reader !
asciilifeform: suppose that tx's (recall, fixed width) position in the block, is also kept inside it. (e.g., tx # 100 will start with a 16bit field containing 0x0064 .)
asciilifeform: and we have the luby transform above.
asciilifeform: what is the complexity of actually fetching the Nth tx , if you can also make use of the T(...)xorT(...)xorT(...) in every block.
asciilifeform: .... another pill against 'waltzers' : Z depends on the ~previous~ block.
asciilifeform: ( Z from here-on in this gedankenexperiment is simply a value that determines which 3 -- if arity==3 -- old tx's get xor'd )
asciilifeform: as far as i can see, this solves. Z depends on previous block, and the xor'd output is ~covered~ by the hash (and nonce) of the currently-worked-on block. so miner cannot craft his Z, he is forced to suck it up.
asciilifeform: (and he cannot even begin to work on a block until he knows Z and goes, fetches the required old tx ! no other miner has any incentive to help him do this.)
asciilifeform: quite the opposite.
mircea_popescu: asciilifeform you know that's not a half bad idea
mircea_popescu: lubby coding. better than simple hashing for this purpose. deifnitely.
asciilifeform: mircea_popescu: fixed-width tx buys us this algo. but not only it. for instance, an adult tx's unique index can be quite short : blknum_txoffset. this in turn saves space elsewhere, for all time.
asciilifeform: for folx tuned in : it also makes the cask thing possible, but the latter is wholly separate, optional algo, it is possible to use traditional mempools with this scheme
mircea_popescu: yeah. fixed width tx has some serious advantages.
mircea_popescu: "all txn are 2 in 2 out" fixed width txn seems nailed down at this point. i can't see how an argument would work that'd offset the evident gains.
mircea_popescu: i would still love to see, for what it's work, PROPER ring signatures.
asciilifeform: mircea_popescu: it doesn't have to be capped at 2, either, unless you use casks and want to leave room for dozen+ hop stages
asciilifeform: (or unless you want to make blocks ~very~ compact)
mircea_popescu: it's capped at 2 because 0 1 infinity. why 3 ?
asciilifeform: mircea_popescu: describe, for my education, how Proper ring signature differs from shamir's
mircea_popescu: first nondegenerate case.
mircea_popescu: asciilifeform this is an "idea" item not a technological object, so bear with me. a "ring signature" is a set of signatures with a) arbitrary cardinality n which has the property that b) while it can be verified the correct signature was offered it c) can't be established wich signature that is.
asciilifeform: reviewing definition of ring sig : some process , whereby a signature S can be verified against keys K1, K2, ... KN , but without revealing which K had produced it
asciilifeform: aha, looks like we're on same page
mircea_popescu: once stated the pipedream portion is pretty painfully obvious ; but nevertheless, maybe ?
asciilifeform: let's try to at least put it on paper, what would be this squared circle
BingoBoingo: <mircea_popescu> hey BingoBoingo were you in georgia ? << That's thestringpuller
BingoBoingo: <asciilifeform> iirc BingoBoingo is normally found in missouri << Southern Illinois
asciilifeform: as i understand, what mircea_popescu would like is : V(K1, S)=false, V(K2, S)=false, .... BUT V(K1,K2,..,KN, S) = true
asciilifeform: ^ ?
mircea_popescu: pretty much.
asciilifeform: how, hypothetically, would S be produced
asciilifeform: by owner of a particular K strictly ?
mircea_popescu: it's worse than that, by any owner of any k in the list.
mircea_popescu: otherwise you leak bits.
asciilifeform: 'all for one an' one for all'
mircea_popescu: to be more rigurous :
asciilifeform: now let's say we have this primitive. how do you make, out of it, a bitcoinlike
mircea_popescu: V(K1, S1)=false, V(K2, S1)=false, .... BUT V(K1,K2,..,KN, S1) = true if and only if K1 signed S1 ; similarily with k2 and s2 all the way to n
mircea_popescu: it's not enough with a plain S.
BingoBoingo: <omraphantom> me bored with too much time = crazy idea written out with no way to make it real << Go to lumber yard, buy wood. Go to hardware store buy tools. Make things until you start making things of complexity necessary to carry skills into building crazy things
mircea_popescu: 19yo female, bb. that's not occuring.
asciilifeform: mircea_popescu: even supposing that you had this, if you actually needed all pubkeys in use to-date to verify a sig... it'll be painful
mircea_popescu: N would be small though. 2-12 ish sort of item
mircea_popescu: in FACT, the MORE sigs it uses in a ring, the more expensive the tx fee should be.
asciilifeform: well yes, it'll eat linearly moar cycles, to verify
mircea_popescu: asciilifeform re-reading i am pretty much convinced that the requirement that a) signatures are produced pairwise nevertheless b) no pairwise verification function exists yet c) verification works on a group of them is batshit insanity. might as well ask for a 5 smaller than 4.
asciilifeform: not necessarily
mircea_popescu: tsk. not algebraically either. how the fuck would V(all) work so it's not decomposed into Vi(each)
asciilifeform: it'd work, naturally, if the algo actually ~needed~ all of the pubkeys
mircea_popescu: (note that the decomposition needn't be Vs but will likely be a homomorphism, which POSSIBLY tyakes us straight to the hardest code known to man, the see-or-pick homomorphisms)
asciilifeform: because the signing process likewise took in all of'em
asciilifeform: reminds me of how one breaks shamir's ring
mircea_popescu: i forget wtf that is called, we discussed it.
asciilifeform: *remind me of how
mircea_popescu: asciilifeform there's this scheme whereby i create a graph, A and a homomorphism of it A'. you get ot see A', and may challenge me
mircea_popescu: either i must show you A, or else an A - A' relation.
asciilifeform: graph isomerism zkp ?
mircea_popescu: well, deciding whether two given graphs are homomorphic is > np.
mircea_popescu: and there was a scheme proposed whereby you either show the graphs or the relation ; op keeps challenging you ; each correct response increases the probabiling of truth by a factor of 2
mircea_popescu: i derrided it for being impractical but i can't fucking find the discussion
mircea_popescu: was last year iirc
mircea_popescu: oh oh oh! it was hamiltonians!
mircea_popescu: !# "hamiltonian"
asciilifeform: can't seem to find ~this~, either
mircea_popescu: what the fuck i hallucinated math discussions.
asciilifeform: nono we had this
mircea_popescu: anyway. the encryption scheme is like this : you generate a large graph with a hamiltonian cycle ; and a homomorphic graph.
mircea_popescu: you may be challenged to either show the hamiltonian in the homomorphic graph, or else to show the homomorphism between the graphs.
asciilifeform: i actually worked with this notion last year, when investigating nonretarded (i.e. of provable complexity) block ciphering. and came to same realization that mircea_popescu is probably about to come to
mircea_popescu: yeah, it was part of that discussion.
mircea_popescu: pretty fucking frustrating.
asciilifeform: ( spoiler : can't prove the hardness of magicking ~your particular~ graph. )
mircea_popescu: that's separate.
mircea_popescu: heck, same stands for rsa.
asciilifeform: rsa doesn't pretend to a known complexity class tho.
asciilifeform: graph-circuit appeals because it -- does
mircea_popescu: where the fuck is that convo
a111: Logged on 2016-06-06 21:38 asciilifeform: particular case can be as simple as you like.
mircea_popescu: not evidently ;/
a111: Logged on 2016-02-10 20:10 mircea_popescu: basically showing that a+b < c is true or false for a, b, c in R is a harder-than-NP problem.
mircea_popescu: because we were doing a review of possibly weaponizable known problems
a111: Logged on 2016-03-20 17:10 mats: https://cs.stackexchange.com/questions/356/why-hasnt-there-been-an-encryption-algorithm-that-is-based-on-the-known-np-hard
asciilifeform: it keeps coming back
asciilifeform: i walked compendia of known np-hard/np-complete problems, and found that all of them had same hole
asciilifeform: i.e. no known algo for constructing a known problem--solution pair, using rng, of ~known~ average complexity.
asciilifeform: incidentally ~all of the material is circa 1970s.
asciilifeform: (at least, of the public material!)
BingoBoingo: <mircea_popescu> 19yo female, bb. that's not occuring. << Frequent occurence. Typical hardware store is full of 19 year old girls. Even in the lumber section. Pinterest is a thing apparently.
shinohai: Because 19yo females like wood.
a111: Logged on 2016-02-05 01:26 asciilifeform: mircea_popescu: played around with a few graph-theoretical approaches (in particular, max-clique problem)
asciilifeform: the thread.
mircea_popescu: i'm so fucking frustrated. no mention of hamiltonian cycles, no mention of blum who came up with it, nothing. what the fuck miserable idiot am i, can't reference anything properly.
a111: Logged on 2016-02-06 02:49 mircea_popescu: actually the 4 color map thing is in my head just as good if not better than knapsack
a111: Logged on 2016-02-06 16:44 mircea_popescu: asciilifeform "- He says current block ciphers suck. Why? It doesn't really become clear from the discussion, which seems to be between two people who have heard a little bit about cryptography, and are trying to outdo each other in what little knowledge they have."
BingoBoingo: shinohai: Seriously go, observe
mircea_popescu: this seems very close, but not actually it wtf.
BingoBoingo: Wait, shinohai aren't you in Georgia!
mircea_popescu: asciilifeform it seems it's lost. sad.
asciilifeform: maybe it was a pm convo
asciilifeform: but evidently not with asciilifeform , because it dun turn up there
mircea_popescu: shit it was on trilema
mircea_popescu: hallelujah i was getting pretty depressed.
asciilifeform: metoo, i was quite convinced that i lost a set of l0gz to bitrot
asciilifeform: (and on raid5 no less)
mircea_popescu: anyway. to get back to the discussion, maybe something in the vein of blum's scheme may be applied to the ring problem
mircea_popescu: whereby you can verify one signed, but to find out which requires unwinding the whole graph.
mircea_popescu: verify the right one signed*
mircea_popescu: it would be fine if the security actually grew through being snowed in (ie, 0 difficulty to separate them on block 1, and growing from there each block, for all txn)
shinohai hopes mircea_popescu writes an article "In which I became lost in my own museum"
mircea_popescu: shinohai consider i'm not even 40 yet l/
shinohai: To be fair, trilema is a big place.
mircea_popescu: but why be fair.
BingoBoingo: For Pig-Elliot!
asciilifeform: mircea_popescu: let's suppose you had ring signature, we have edge of the sword. how does the hilt work ? i.e. you have an output, that is spendable, but you want it spendable by ~you~, not by 1,001 randomly-selected pubkeys.
asciilifeform: what's the spendability condition ?
mircea_popescu: let me restate because i'm not sure it's clear.
mircea_popescu: Let there be private keys K1...Kn. Let there be uxto associated with these, I1..Im so that any one I is associated with one and only one K. let there be a function S, so that the verification function V(Kx, S(Iy)) is always false, or uncomputable, or whatever whereas V(K1..Kn, S(Iy)) is always true if and only if the K Iy is associated to signed it.
mircea_popescu: ie, if K3 owns input I5, and if K3 signs I5, then it can be verified that the ring composed of K3, K4, K7, K9 a) signed I5, and b) owned I5 to sign it ; but it can't be verified that any subgroup didn't own I5.
mircea_popescu: for the needs of this contortion, K3, K4, K9, K11 is a subgroup of K3, K4, K7, K9
mircea_popescu: now -- this is the fantasy.
asciilifeform: oook i getit
asciilifeform: the good noose : i don't know a proof that you ~can't~ do this...
mircea_popescu: yeah me either
mircea_popescu: (i've been thinking about this thing ever since fluffypony first spoke in channel, but hey. i';ve nothing meaningful to show for it.)
asciilifeform: and yeah this is the squared-circle from couplaedaysago
asciilifeform: the crackpots have been at it since before chaum,
asciilifeform: and the charlatans -- since; and quite vigorously
asciilifeform: (recall the zero-whatvrs, how many of those alts by now.)
asciilifeform: can anybody remind me of how shamir&rivest's original algo fails
asciilifeform: (it nominally solved this problem)
thestringpuller: !~later tell danielpbarron http://wotpaste.cascadianhacker.com/pastes/VG61w/?raw=true
jhvh1: thestringpuller: The operation succeeded.
a111: Logged on 2016-08-30 17:29 asciilifeform: davout: 'ring signatures' are not the promised 'invisibility cloak', but more of a smoke grenade.
asciilifeform: ^ where my contention was, you can factor out the signer using multiple sets of shamirized sigs
asciilifeform: by process of elimination .
mircea_popescu: that's where it fails, "but it can't be verified that any subgroup didn't own I5."
mircea_popescu: there's a very directly computable homomorphism, the item being you know, the algebraic ring.
mircea_popescu: it's ~worth nothing that "hurr durr, riong signatures" when i can degraqde it by trying subgroups until i hit yours.
asciilifeform: say, today, k3, k4, k7, ... , k9 sign. tomorrow, k7, k21, k3, ... , k333. next day, k42, k3, ... whatever. now 'you can't verify that no subgroup...' ~within~ the algo, but someone who has the whole list and notices that only k3 recurrs...
asciilifeform: if he has half a brain -- knows which k.
mircea_popescu: actually i suspect it can be proven that in any ordered set with two operations which admit distinct id operators / are commutative this property can't exist.
mircea_popescu: asciilifeform that is ok.
asciilifeform: mircea_popescu: how's that. the seekrit, is blown, neh
mircea_popescu: re the above line : all rings are right out, basically.
asciilifeform: i suspect so
mircea_popescu: asciilifeform operator error.
asciilifeform: mircea_popescu: would be interesting to tally the avg case cost of not committing this error.
asciilifeform: (of guarantee of not committing it)
mircea_popescu: it is computable and this is good enough for me.
mircea_popescu: this item definitely counts for your grand list of trb-isms. on the strength of that, "computable", i ask no more.
asciilifeform: there's computables and there's computables-and-doables. unfortunately distinct sets in practice.
asciilifeform: (if you need a jupiter-sized machine, it isn't very hotstuff algo-wise)
mircea_popescu: matters not. technological improvement is technological improvement.
asciilifeform: dunno re mircea_popescu's planet, on mine, semiconductors sorta stopped, in 2009-ish, and aren't threatening to develop mega-improvement
mircea_popescu: anyway, the useful research in nonalgebraic sets is, at least to my (admittedly limited) knowledge entirely absent.
asciilifeform: you will find that many 'wouldn't that be useful..' items are ~entirely absent in the public lit. and no prizes for guessing why.
asciilifeform: i dug for the can-guarantee-avg-case-np-hard? thing -- found zip.
mircea_popescu: anyway, lattices. psshhh.
mircea_popescu: give me a non-algebraic set with interesting operations instead.
asciilifeform: ( asciilifeform also has pretty strong bias against mechanically-complicated crypto. )
asciilifeform: it is very easy to 'zerocoin'erize.
asciilifeform: (or was it zcashulation ? )
asciilifeform: i can never keep the 2 straight.
mircea_popescu: fucking art students wasting their life with http://jezebel.com/heres-a-woman-plopping-paint-eggs-out-of-her-vagina-1566693939
asciilifeform: oh lol that chick
asciilifeform: she's in the l0gz
mircea_popescu: asciilifeform anyway, as an entirely idle example : the set of numbers with mpfhf defined on it is actually a fine example in this vein. it ISNT an algebraic structure ; but an algorithmic structure.
asciilifeform: to revisit the smoke grenade -- how do you deal with the unopposability of having paid for something ?
mircea_popescu: i dunno, say politically. if you decide to claim tomorrow that there never was such a thing as c3, how do i deal with it ?
asciilifeform: or does payee get told the secret over separate (say, rsa'd) channel
mircea_popescu: or yes i was about to say that.
asciilifeform: because that'd work
asciilifeform: (in so far as payee can be trusted to stfu forever)
mircea_popescu: even something as simple as -- ammt made it, therefore paid is good enough really.
asciilifeform: the amts aren't secret, per the scheme, though
asciilifeform: someone else can pay him same amt. and then to whom does he send the plutonium.
mircea_popescu: same way fuckgoats works neh.
asciilifeform: well not quite, we do store the pgp'd orders
mircea_popescu: so what's the problem ?
mircea_popescu: as long as right amt showed up -- right amt showed up, proceed.
asciilifeform: i guess this isn't one of the problems.
asciilifeform: ( i can't think of any reason why payee would care if payer A, or B, had supplied the agreed-upon amount )
asciilifeform: so long as they are guaranteed to be distinct at every step in time
mircea_popescu: the important point here is exactly this - that it should no longer be possible to meaningfully talk of "payer".
mircea_popescu: just payments. no payers. fuck usg.
asciilifeform: well yes, this'd be implicit in ring sig.
mircea_popescu: just fucks, no fuckers. tananana.
asciilifeform: !#s martian bank
danielpbarron: !~later tell thestringpuller http://wotpaste.cascadianhacker.com/pastes/qo014/?raw=true
jhvh1: danielpbarron: The operation succeeded.
a111: Logged on 2016-10-20 20:37 asciilifeform: ('martian bank' being simply a naive abstraction of 'idealizes swiss bank', where money supply is constant, and i can send from account a1 can send to a2 if and only if i have the privkey for a1, and double-spend - impossible, etc.)
asciilifeform: mircea_popescu: btw 'no payers, only payments' is probably impossible with public balances existing in any sense.
asciilifeform: if balances are visible -- anyone can see that addr A had a payment-P-shaped chunk subtracted from it at time T.
asciilifeform: esp. if everyone is in the habit of using all of the decimal places of P as an invoice id.
asciilifeform: i suppose this is why mircea_popescu wanted the 2-input thing.
mircea_popescu: i don't see public balances are useful.
mircea_popescu: tx verification is good enough.
asciilifeform: how do you verify without public balances ?
asciilifeform: now you also want homomorphic arithmetic, looks like
mircea_popescu: i think i always did.
asciilifeform: 'we're squaring circles, may as well make perpetuum mobile and immortality'
mircea_popescu: anyway, the idea is you verify balance when spent ; not before.
mircea_popescu: the chain of beneficiaries can obv verify the balance, but "public" can not.
asciilifeform: can third party calculate the monetary mass ?
asciilifeform: because if not , you have the fed.
mircea_popescu: can only verify blockchain.
mircea_popescu: no, because public can verify all blocks are valid.
asciilifeform: valid also means 'nobody gets to printolade'
mircea_popescu: (and -- suddenly have an incentive to, too! because if they don]'t.... fed)
asciilifeform: which means that i gotta be able to prove that monetary mass is what the mining curve says it is. and not something else.
mircea_popescu: not necessarily in these terms.
mircea_popescu: it suffices to prove that all outputs without an input are proper block rewards.
asciilifeform: that doesn't prove that monetary mass was not somehow added during noncoinbase ops
asciilifeform: i.e. that some output, somewhere, yielded moar coin than the sum of the inputs.
mircea_popescu: how did the tx verify ?
asciilifeform: that's more or less equivalent to my question
mircea_popescu: i guess.
asciilifeform: which is , how would you have such a thing as a sanely-behaving balance to begin with
mircea_popescu: here's the idea : currently, you only know the pubkey for a bitcoin address once it spends ; before it spends you do not know its pubkey.
mircea_popescu: the ~same should be extended to amounts.
asciilifeform: one simple way to do this, is to dispense with amounts (as discussed in at least 2 old threads)
asciilifeform: i.e. danielpbarron's vectors
asciilifeform: no moar coin breaking.
mircea_popescu: not sure that's necessary ; the true argument against "amounts" is that well... again, the 0.25 problem ; http://btcbase.org/log/2017-02-28#1619936
a111: Logged on 2017-02-28 13:11 mircea_popescu: practically speaking on current tech the bitcoin unit of account is probably something like 0.25
mircea_popescu: stop lying, txn = unit of account.
asciilifeform: think dubloons, rather than pieces-of-eight.
asciilifeform: amounts suck.
mircea_popescu: counterintuitively enough they actually do.
mircea_popescu: it is, cards on the table, more of a buried lie than ~anything else in the "protocol"
asciilifeform: it is one of the major leaks in the vacuum piping
asciilifeform: in that one party creates the sharp broken edge, but very other people have to live with the cost.
asciilifeform: ~100% of asciilifeform's line of thought re 'trbi', from this, to the casks thing, etc., was only 'how to plug the leaks'
asciilifeform: what are ~all~ of the places where A has the ecstasy, but B does the laundry, where A!=B
asciilifeform: oooh gotta revisit upstack, briefly, http://btcbase.org/log/2017-03-01#1620677 << ~this~ in particular cannot be done as written. else, the first relayer of a freshly mined block could simply steal the work that went into determining luby(Z) and get massive head start on making his own block, which he then relays instead of the plagiarized.
a111: Logged on 2017-03-01 19:51 asciilifeform: .... another pill against 'waltzers' : Z depends on the ~previous~ block.
mircea_popescu: !!up john_cocktail
deedbot: john_cocktail voiced for 30 minutes.
asciilifeform: (the fact that the original victim could, normally, relay his original faster than a typical plagiarist could hash, is immaterial, it is still a potential vuln)
asciilifeform: and actually now that i think about it, it'd be guaranteed-lethal
asciilifeform: the plagiarist can make a block with higher PoW than the victim, ~every time, since he isn't handicapped by having to compute L(Z)
asciilifeform: and reorg will favour him.
BingoBoingo: john_cocktail: Who is your daddy and what does he do?
mircea_popescu: that part wasn't included :p
asciilifeform: (so L ~must~ use current block.)
john_cocktail: i gave birth to myself
john_cocktail: so he is i
john_cocktail: but really, I've recently found myself reading the logs and wanted to stop by
john_cocktail: intelligent conversation about crypto isn't easy to find, on the internet or anywhere else
Framedragger: amen to that, mr. cocktail.
asciilifeform: welcome , john_cocktail
asciilifeform: mircea_popescu: the cure, i realized, is that ~some~ of the oldtx selected by Z must depend on value of prev block, so as to prevent waltzing of Z 'until all i need is the 10% i'm fraudulently storing instead of the 100%' .
asciilifeform: sorta how student might get to select a few exam questions from a pool, but there are others that are mandatory.
mircea_popescu: it;s not entirely certain this is needed, even.
mircea_popescu: anyway, the exact way to apply luby to it prolly can take more thinking. but hte idea certainly has merit.
asciilifeform: no, but it may be needed to get absolute certainty.
asciilifeform: the one thing that definitely cannot be permitted to be manipulable by a waltzer is the arity. (there'd be overwhelming incentive to waltz for minimal arity)
mircea_popescu: anyway, re ^ : romanian mythical-hero math professor (moisil) famously allowed students to pick questions.
mircea_popescu: "you can't know math PARTIALLY well."
asciilifeform: pretty much
asciilifeform had a prof who permitted students to bring 'all of the crib sheets and books you can carry on your miserable back, it won't help'
asciilifeform: 'bring whatever calculator, bring supercomputer if you like'
mircea_popescu: brin ?
asciilifeform: who else.
asciilifeform: but, upstack, conundrum is, if some of the oldtx depend on prevblock in a way that is known immediately when said block was mined -- it gives a head start to plagiarists ( per earlier observation -- folx who take a freshly-mined block and try to make ~replacement~ for it with higher PoW.) but if they are ~not~ immediately known, and depend in any way on waltzeable Z, then 'haha i'll waltz until it falls in my 10%'.
mircea_popescu: however forcing one to keep A PORTION of blockchain is not altogether a bad outcome ; it is better than the current "forces to keep nothing -- and they provably, as historical fact, DID NOT!" and through lubby ensures blockchain is never lost.
asciilifeform: so it seems to me that what remains is to up the arity -- find such arity that any attempt at such waltzing is guaranteed to be ~useless
asciilifeform: or this.
mircea_popescu: to make it perfectly clear -- the reason blockchain still exists today is not the 2015 miners.
asciilifeform: the snake, lost his legs, aha.
asciilifeform: didn't need'em.
danielpbarron: is it possible to do a lossless pruning on this lubby thing? say some chunk of data kept in an early blk.dat can be removed and the whole thing still verifies because the missing piece can be re-produced from data in more recent blk.dat ?
asciilifeform: danielpbarron: it is possible to make a hole through a man's torso , in such a way that he does not die. but not desirable.
mircea_popescu: deedbot to 1/3rd or such
mircea_popescu: i mean danielpbarron
asciilifeform: and yes you can compute the odds of a particular block B ending up wholly lubyized by a time T. however if you rely on the luby strings for your mining, you will be fucked timewise.
asciilifeform: if you want to competitively mine, you gotta have the blox in O(1) at your fingertip.
danielpbarron: if you don't care about mining though?
danielpbarron: and if you ever decided to mine, you could use what you have to make the rest
mircea_popescu: it still wouldn't be true pruning.
mircea_popescu: just... a sort of zipping
asciilifeform: mircea_popescu is right, i waas abouittosay
asciilifeform: it is simply compression
asciilifeform: you replace a block you know to have been fully lubyized with a 'if you want this, go and find'. BUT what, now you have an empty string there ..
asciilifeform: how does this save you any effort
asciilifeform: blocks are, recall, constant size, if you want O(1) block fetching (and as a verifying node, you certainly do) you win 0 by compressing.
asciilifeform: you still have a block-shaped hole occupying every slot.
asciilifeform: 'pruning' is for the birds, folx.
asciilifeform: it is a notion fundamentally incompatible with sanity.
mircea_popescu: asciilifeform without some kind of http://btcbase.org/log/2017-02-27#1619177 the situation is apperoximately one where naive idiots got their wish, and no bacteria exist.
a111: Logged on 2017-02-27 16:56 mircea_popescu: but the correct trb-i might just as well end up this situation where block reward is 1mn bitcoin, and it dies within 1mn blocks. so all mining does is produce ~ a lease ~ on a chunk of bitcoin. and the value of old bitcoin is monotonically decreasing over their lifetime.
mircea_popescu: lenin, as well as everyone else, can still be admired exactly as they were
mircea_popescu: and an apple costs a fortune.
asciilifeform: a nonfungible coin is not very interesting.
asciilifeform: ( i was convinced of this very quickly after coming up with my 'shitcoin' thing )
mircea_popescu: there is that.
mircea_popescu: incidentally, a non-amounts coin is by definition unfungible.
asciilifeform: well unless you also have the ring thing
mircea_popescu: you're starting to grok this.
danielpbarron: that's where quality comes in. perhaps you can mix old coins with new and the result is somewhere in the middle 'age' wise. and when coin's quality reaches 0 it stops existing
asciilifeform: that's kinda what we have now neh
asciilifeform: dust is 'quality reached 0'
mircea_popescu: not really. i can still send dust.
asciilifeform: not if per-kb fee makes it -ev neh
mircea_popescu: coin age baby.
mircea_popescu: mindblowingly, still a thing in 2017.
asciilifeform: miners could piss on coin age starting tonight, if they felt like it.
mircea_popescu: but they apparently don't.
asciilifeform: they don't, because apparently this 'bus' is ~empty
asciilifeform: ( asciilifeform freshly re-read mircea_popescu's 'empty airplanes' thing )
asciilifeform: it also helps that the current crop of miners is almost clinically retarded
mircea_popescu: not a bad piece if i do say so myself. but yes, perhaps that's what it is.
asciilifeform: but , upstack, when i think about trbi i go into 'bridge design' mode, where 'it gotta bear all of the tanks that could possibly physically fit, and then let's also assume that martians stack'em five layers deep '
asciilifeform: rather than the current '~nobody actually uses bitcoin' situation
asciilifeform: idea being, any 'ecological' problem, with, e.g., algorithmic complexities as t-->+inf, can seem insignificant -- but enemy can waltz it into an actual problem.
asciilifeform: in something short of 'ecological' timespans, even.
asciilifeform: ( witness the effects of the 900+kB of rubbish that usg is piping into each block today )
asciilifeform: mircea_popescu: incidentally i suspect that a regenesised fork would begin to gather steam long before http://btcbase.org/log/2017-03-02#1621006 .
a111: Logged on 2017-03-02 00:38 mircea_popescu: and an apple costs a fortune.
mircea_popescu: the principle of the thing.
asciilifeform: ( in meatspace this is also known as 'civilizational death' and happens regularly )
asciilifeform: explicit 'telomeres' are still mega-improvement over the old state of the art .
asciilifeform: this goes immediately back to mircea_popescu's koschei piece.
mircea_popescu: all the weird, pointless random shit on trilema that has nothing to do with anything!
mircea_popescu: anyway. laterz.
PeterL: while we are talking about things to stick in TRB-I, how about lowering the block size by an order of magnitude or so?
PeterL: decrease the total disk usage, and improve the txn fee market, win/win, right?