tmsr - Search: from:asciilifeform

101400+ entries in 0.022s

asciilifeform: plz

asciilifeform: *remind me of how

asciilifeform: reminds me of how one breaks shamir's ring

asciilifeform: because the signing process likewise took in all of'em

asciilifeform: it'd work, naturally, if the algo actually ~needed~ all of the pubkeys

asciilifeform: not necessarily

asciilifeform: well yes, it'll eat linearly moar cycles, to verify

asciilifeform: ah

asciilifeform: mircea_popescu: even supposing that you had this, if you actually needed all pubkeys in use to-date to verify a sig... it'll be painful

asciilifeform: now let's say we have this primitive. how do you make, out of it, a bitcoinlike

asciilifeform: 'all for one an' one for all'

asciilifeform: by owner of a particular K strictly ?

asciilifeform: how, hypothetically, would S be produced

asciilifeform: ^ ?

asciilifeform: as i understand, what mircea_popescu would like is : V(K1, S)=false, V(K2, S)=false, .... BUT V(K1,K2,..,KN, S) = true

asciilifeform: let's try to at least put it on paper, what would be this squared circle

asciilifeform: aha, looks like we're on same page

asciilifeform: reviewing definition of ring sig : some process , whereby a signature S can be verified against keys K1, K2, ... KN , but without revealing which K had produced it

asciilifeform: mircea_popescu: describe, for my education, how Proper ring signature differs from shamir's

asciilifeform: tru!!

asciilifeform: (or unless you want to make blocks ~very~ compact)

asciilifeform: mircea_popescu: it doesn't have to be capped at 2, either, unless you use casks and want to leave room for dozen+ hop stages

asciilifeform: for folx tuned in : it also makes the cask thing possible, but the latter is wholly separate, optional algo, it is possible to use traditional mempools with this scheme

asciilifeform: mircea_popescu: fixed-width tx buys us this algo. but not only it. for instance, an adult tx's unique index can be quite short : blknum_txoffset. this in turn saves space elsewhere, for all time.

asciilifeform: quite the opposite.

asciilifeform: (and he cannot even begin to work on a block until he knows Z and goes, fetches the required old tx ! no other miner has any incentive to help him do this.)

asciilifeform: as far as i can see, this solves. Z depends on previous block, and the xor'd output is ~covered~ by the hash (and nonce) of the currently-worked-on block. so miner cannot craft his Z, he is forced to suck it up.

asciilifeform bbl.

asciilifeform: ( Z from here-on in this gedankenexperiment is simply a value that determines which 3 -- if arity==3 -- old tx's get xor'd )

asciilifeform: .... another pill against 'waltzers' : Z depends on the ~previous~ block. ☟︎

asciilifeform: what is the complexity of actually fetching the Nth tx , if you can also make use of the T(...)xorT(...)xorT(...) in every block.

asciilifeform: and we have the luby transform above.

asciilifeform: suppose that tx's (recall, fixed width) position in the block, is also kept inside it. (e.g., tx # 100 will start with a 16bit field containing 0x0064 .)

asciilifeform: now challenge for the reader !

asciilifeform: (either this, or simply replace 'nonce' in the equation, with a Z, that is equal to a hash over the ~transactions in the candidate block~, considerably more painful to waltz than the nonce )

asciilifeform: what remains is to compute the minimal arity for the attack to be impractical. and prove said fact.

asciilifeform: in above example, the 'arity' of the xor is 3. and mircea_popescu will probably answer, when he comes back , that evil miner will waltz the nonce until the 3 necessary tx are the ones that fit in his pocket. but arity doesn't have to be 3.

asciilifeform: (statistically speaking, any sequence of blocks, will eventually end up luby-coded into future blocks ! )

asciilifeform: theoretically it also means that a tx, as time goes to infinity, will have infinite number of confirmations...

asciilifeform: this also entirely annihilates the possibility that a future enemy could monkey with contents of old blocks by finding hash collisions.

asciilifeform: there is no way to practically compute this value without having a copy of the blockchain. and it also ends up being luby-transformable into any one of the 3 old tx if you have the other 2. a kind of perpetual redundancy in the storage . ☟︎

asciilifeform: T( nonce mod Tmax ) xor T ( H(nonce) mod Tmax ) xor T ( H(H(nonce)) mod Tmax ).

asciilifeform: say every new block , to be valid, must contain a tx-sized slot (not covered by the nonce hash, but see below) that is computed as follows:

asciilifeform: T(N) is an O(1) fetch, as spoken of earlier.

asciilifeform: ooook try this on for size : suppose fixed-width TX (as discussed earlier.) T(N) is the Nth tx, T(0) is the first tx in genesis block, etc. Tmax is the last tx in the currentheightblock. ☟︎

asciilifeform goes into the pit, bbl.

asciilifeform adjusts beak mask.

asciilifeform: the one that blooms for a bit, and dies.

asciilifeform: or whatever that toy is called

asciilifeform: or you get an algae globe

asciilifeform: gotta find a finesse around it.

asciilifeform: O(N^2) verification suxxx.

asciilifeform: (for instance, can demand that the miner find a Q that depends only on the parts of the block he cannot easily spin.)

asciilifeform: .

asciilifeform: open problem. betcha one can find the pill for this.,

asciilifeform: the nonce is Q. miner has to now find an old block that , treated with the above walk, contains F(Q). and point to the block # and the requisite offset .

asciilifeform: the cheat -- works. say your hash is a keccak that eats 512b blocks and produces 512b block.

asciilifeform: how's that

asciilifeform: in the same way.

asciilifeform: it can be made as painful as the hashing is to begin with

asciilifeform: (and even then may turn up short, and have to go back for a new nonce)

asciilifeform: depending on how you make F, he does need to examine all blocks.

asciilifeform: but requires access to all old blocks, to search for.

asciilifeform: this is verifiable in O(1)

asciilifeform: for sake of argument, an F, such that a substring S of old block B makes F(nonce + B) = true.

asciilifeform: say the miner has to find a string in an old block , as part of mining, that fits a nonce-derived pattern.

asciilifeform: but before he does:

asciilifeform: maybe as good!

asciilifeform: didn't mircea_popescu find a new chocolate icecream shop! he oughta go there, eat some, come back with theorem.

asciilifeform: it needs a fundamental breakthrough, i suspect.

asciilifeform: this is an open problem, because 'miners don't need the blocks' is also imho intolerable.

asciilifeform: convergence to handful of massive google-like datacenters for ~nodes~ -- not miners, but also nodes -- is inherently usgistic imho.

asciilifeform: )

asciilifeform: (which is closer to O(NlogN)

asciilifeform: O(N^2) verification of each incoming block, is even worse of a 'heat death' rate than of traditional bitcoin

asciilifeform: tx author who has no node of his own == shaved monkey

asciilifeform: a goxhead ?

asciilifeform: what is 'user' distinct from 'node operator' ?

asciilifeform: gotta store.

asciilifeform: that is to say, all sane people

asciilifeform: users who want to verify blocks

asciilifeform: as i currently understand it, mircea_popescu's algo had two major effects -- a) nodes have something valuable to sell b) all users are protocolically forced to retain all blocks

asciilifeform: circus bear -- can bang.

asciilifeform: anyone can bang on a keyboard, some folx still get paid for it, others -- not.

asciilifeform: i posted one just the other day (granted it wasn't 'any redditard', but wotronic)

asciilifeform: mining != verification.

asciilifeform: an inevitable visaification, The Guild of The Three Nodes, etc, at t-->inf, is a downer.

asciilifeform: what's that

asciilifeform: but if standing up a brand-new node from scratch, with full verification (rather than dumb bitwise copy of existing node) takes a century...

asciilifeform: if you already live on mars, there is no problem in flying to mars, yes.

asciilifeform: actually worse than N^2

asciilifeform: in fact verification from-genesis is O(N^2) !

asciilifeform: eventually (given death of moore's law, already long ago) the minimal practical time will exceed the block interval, and then mega-headache.

asciilifeform has been thinking very seriously about how to make http://trilema.com/2016/the-necessary-prerequisite-for-any-change-to-the-bitcoin-protocol correctly; and is quite bugged by the fact that ~verification~ is O(N)

asciilifeform: '@aeliasen @gnupg for fingerprints collisions are not interesting. There is no known preimage attack for SHA1. Keep calm and use OpenPGP.' << lel

asciilifeform: mircea_popescu: friend of yours from meatspace ?

asciilifeform: hello omraphantom

asciilifeform: aha, unless recently moved

asciilifeform: iirc BingoBoingo is normally found in missouri

asciilifeform: (subj can wait for eons, really, it's a running log of crapolade timer)