log☇︎
212300+ entries in 0.13s
a111: Logged on 2017-02-28 13:11 mircea_popescu: practically speaking on current tech the bitcoin unit of account is probably something like 0.25
mircea_popescu: not sure that's necessary ; the true argument against "amounts" is that well... again, the 0.25 problem ; http://btcbase.org/log/2017-02-28#1619936 ☝︎
asciilifeform: one simple way to do this, is to dispense with amounts (as discussed in at least 2 old threads)
mircea_popescu: the ~same should be extended to amounts.
mircea_popescu: here's the idea : currently, you only know the pubkey for a bitcoin address once it spends ; before it spends you do not know its pubkey.
asciilifeform: which is , how would you have such a thing as a sanely-behaving balance to begin with
asciilifeform: that's more or less equivalent to my question
mircea_popescu: how did the tx verify ?
asciilifeform: i.e. that some output, somewhere, yielded moar coin than the sum of the inputs.
asciilifeform: that doesn't prove that monetary mass was not somehow added during noncoinbase ops
mircea_popescu: it suffices to prove that all outputs without an input are proper block rewards.
mircea_popescu: not necessarily in these terms.
asciilifeform: which means that i gotta be able to prove that monetary mass is what the mining curve says it is. and not something else.
mircea_popescu: (and -- suddenly have an incentive to, too! because if they don]'t.... fed)
asciilifeform: valid also means 'nobody gets to printolade'
asciilifeform: because if not , you have the fed.
asciilifeform: can third party calculate the monetary mass ?
mircea_popescu: the chain of beneficiaries can obv verify the balance, but "public" can not.
mircea_popescu: anyway, the idea is you verify balance when spent ; not before.
mircea_popescu: i think i always did.
asciilifeform: i suppose this is why mircea_popescu wanted the 2-input thing.
asciilifeform: esp. if everyone is in the habit of using all of the decimal places of P as an invoice id.
asciilifeform: if balances are visible -- anyone can see that addr A had a payment-P-shaped chunk subtracted from it at time T.
a111: Logged on 2016-10-20 20:37 asciilifeform: ('martian bank' being simply a naive abstraction of 'idealizes swiss bank', where money supply is constant, and i can send from account a1 can send to a2 if and only if i have the privkey for a1, and double-spend - impossible, etc.)
asciilifeform: ( http://btcbase.org/log/2016-10-20#1557335 thread , and elsewhere ) ☝︎
jhvh1: danielpbarron: The operation succeeded.
danielpbarron: !~later tell thestringpuller http://wotpaste.cascadianhacker.com/pastes/qo014/?raw=true
mircea_popescu: just fucks, no fuckers. tananana.
asciilifeform: well yes, this'd be implicit in ring sig.
mircea_popescu: the important point here is exactly this - that it should no longer be possible to meaningfully talk of "payer".
asciilifeform: so long as they are guaranteed to be distinct at every step in time
asciilifeform: ( i can't think of any reason why payee would care if payer A, or B, had supplied the agreed-upon amount )
asciilifeform: i guess this isn't one of the problems.
mircea_popescu: so what's the problem ?
asciilifeform: well not quite, we do store the pgp'd orders
asciilifeform: someone else can pay him same amt. and then to whom does he send the plutonium.
asciilifeform: the amts aren't secret, per the scheme, though
mircea_popescu: even something as simple as -- ammt made it, therefore paid is good enough really.
asciilifeform: (in so far as payee can be trusted to stfu forever)
asciilifeform: because that'd work
mircea_popescu: or yes i was about to say that.
asciilifeform: or does payee get told the secret over separate (say, rsa'd) channel
mircea_popescu: i dunno, say politically. if you decide to claim tomorrow that there never was such a thing as c3, how do i deal with it ?
asciilifeform: to revisit the smoke grenade -- how do you deal with the unopposability of having paid for something ?
mircea_popescu: asciilifeform anyway, as an entirely idle example : the set of numbers with mpfhf defined on it is actually a fine example in this vein. it ISNT an algebraic structure ; but an algorithmic structure.
asciilifeform: she's in the l0gz
asciilifeform: oh lol that chick
mircea_popescu: fucking art students wasting their life with http://jezebel.com/heres-a-woman-plopping-paint-eggs-out-of-her-vagina-1566693939
asciilifeform: i can never keep the 2 straight.
asciilifeform: it is very easy to 'zerocoin'erize.
asciilifeform: i dug for the can-guarantee-avg-case-np-hard? thing -- found zip.
asciilifeform: you will find that many 'wouldn't that be useful..' items are ~entirely absent in the public lit. and no prizes for guessing why.
mircea_popescu: anyway, the useful research in nonalgebraic sets is, at least to my (admittedly limited) knowledge entirely absent.
asciilifeform: dunno re mircea_popescu's planet, on mine, semiconductors sorta stopped, in 2009-ish, and aren't threatening to develop mega-improvement
mircea_popescu: matters not. technological improvement is technological improvement.
asciilifeform: there's computables and there's computables-and-doables. unfortunately distinct sets in practice.
mircea_popescu: this item definitely counts for your grand list of trb-isms. on the strength of that, "computable", i ask no more.
mircea_popescu: it is computable and this is good enough for me.
asciilifeform: mircea_popescu: would be interesting to tally the avg case cost of not committing this error.
mircea_popescu: re the above line : all rings are right out, basically.
asciilifeform: mircea_popescu: how's that. the seekrit, is blown, neh
mircea_popescu: asciilifeform that is ok.
mircea_popescu: actually i suspect it can be proven that in any ordered set with two operations which admit distinct id operators / are commutative this property can't exist.
asciilifeform: say, today, k3, k4, k7, ... , k9 sign. tomorrow, k7, k21, k3, ... , k333. next day, k42, k3, ... whatever. now 'you can't verify that no subgroup...' ~within~ the algo, but someone who has the whole list and notices that only k3 recurrs...
mircea_popescu: it's ~worth nothing that "hurr durr, riong signatures" when i can degraqde it by trying subgroups until i hit yours.
mircea_popescu: there's a very directly computable homomorphism, the item being you know, the algebraic ring.
mircea_popescu: that's where it fails, "but it can't be verified that any subgroup didn't own I5."
asciilifeform: ^ where my contention was, you can factor out the signer using multiple sets of shamirized sigs
a111: Logged on 2016-08-30 17:29 asciilifeform: davout: 'ring signatures' are not the promised 'invisibility cloak', but more of a smoke grenade.
asciilifeform: all i recall is old thread, http://btcbase.org/log/2016-08-30#1532069 ☝︎
jhvh1: thestringpuller: The operation succeeded.
thestringpuller: !~later tell danielpbarron http://wotpaste.cascadianhacker.com/pastes/VG61w/?raw=true
asciilifeform: (it nominally solved this problem)
asciilifeform: (recall the zero-whatvrs, how many of those alts by now.)
asciilifeform: and the charlatans -- since; and quite vigorously
asciilifeform: and yeah this is the squared-circle from couplaedaysago
mircea_popescu: (i've been thinking about this thing ever since fluffypony first spoke in channel, but hey. i';ve nothing meaningful to show for it.)
asciilifeform: the good noose : i don't know a proof that you ~can't~ do this...
mircea_popescu: now -- this is the fantasy.
mircea_popescu: for the needs of this contortion, K3, K4, K9, K11 is a subgroup of K3, K4, K7, K9
mircea_popescu: ie, if K3 owns input I5, and if K3 signs I5, then it can be verified that the ring composed of K3, K4, K7, K9 a) signed I5, and b) owned I5 to sign it ; but it can't be verified that any subgroup didn't own I5.
mircea_popescu: Let there be private keys K1...Kn. Let there be uxto associated with these, I1..Im so that any one I is associated with one and only one K. let there be a function S, so that the verification function V(Kx, S(Iy)) is always false, or uncomputable, or whatever whereas V(K1..Kn, S(Iy)) is always true if and only if the K Iy is associated to signed it.
asciilifeform: what's the spendability condition ?
asciilifeform: mircea_popescu: let's suppose you had ring signature, we have edge of the sword. how does the hilt work ? i.e. you have an output, that is spendable, but you want it spendable by ~you~, not by 1,001 randomly-selected pubkeys.
shinohai: To be fair, trilema is a big place.
mircea_popescu: it would be fine if the security actually grew through being snowed in (ie, 0 difficulty to separate them on block 1, and growing from there each block, for all txn)
mircea_popescu: verify the right one signed*
mircea_popescu: whereby you can verify one signed, but to find out which requires unwinding the whole graph.
mircea_popescu: anyway. to get back to the discussion, maybe something in the vein of blum's scheme may be applied to the ring problem
asciilifeform: metoo, i was quite convinced that i lost a set of l0gz to bitrot
mircea_popescu: shit it was on trilema
asciilifeform: but evidently not with asciilifeform , because it dun turn up there
a111: Logged on 2016-02-06 16:44 mircea_popescu: asciilifeform "- He says current block ciphers suck. Why? It doesn't really become clear from the discussion, which seems to be between two people who have heard a little bit about cryptography, and are trying to outdo each other in what little knowledge they have."
a111: Logged on 2016-02-06 02:49 mircea_popescu: actually the 4 color map thing is in my head just as good if not better than knapsack
mircea_popescu: i'm so fucking frustrated. no mention of hamiltonian cycles, no mention of blum who came up with it, nothing. what the fuck miserable idiot am i, can't reference anything properly.
asciilifeform: the thread.
asciilifeform: mircea_popescu: i think i found it : http://btcbase.org/log/2016-02-05#1396876 ☝︎
BingoBoingo: <mircea_popescu> 19yo female, bb. that's not occuring. << Frequent occurence. Typical hardware store is full of 19 year old girls. Even in the lumber section. Pinterest is a thing apparently.
asciilifeform: (at least, of the public material!)
asciilifeform: incidentally ~all of the material is circa 1970s.