1 2013-07-26 03:55:12 <TheUni> any win32 devs around by any chance?
  2 2013-07-26 03:55:47 <sipa> llll
  3 2013-07-26 03:56:39 <TheUni> ?
  4 2013-07-26 04:58:11 <gavinandresen> You know what I hate? I hate undocumented behavior that makes you think your code has a bug. https://bugreports.qt-project.org/browse/QTBUG-24827  is the bug I've spent a couple days tracking down in the payment protocol code
  5 2013-07-26 05:01:43 <Luke-Jr> eww
  6 2013-07-26 05:02:06 <Luke-Jr> looks like they're not fixing it for 4.x :/
  7 2013-07-26 05:02:55 <Luke-Jr> I guess since it only affects Windows and Diapolo's been working on 5.x support, it's less of a problem for us
  8 2013-07-26 05:04:11 <gavinandresen> I'm just glad I never visited bitcoincore.org with IE on my test machine, because that would have cached the root cert and I would have been REALLY confused as to why the bug suddenly disappeared....
  9 2013-07-26 05:07:00 <phantomcircuit> gavinandresen, that is hilarious
 10 2013-07-26 05:08:58 <Luke-Jr> phantomcircuit: I bet it isn't to him if he spent days on it :/
 11 2013-07-26 05:12:06 <gavinandresen> Yeah, it'll be funny later. Most of the debugging time was spent trying (and failing, actually) to get a debuggable version of Qt/bitcoin-qt compiled on Windows
 12 2013-07-26 05:14:11 <Luke-Jr> gavinandresen: MingW's -ggdb seems to work in MSYS's gdb as long as it doesn't crash
 13 2013-07-26 05:14:23 <Luke-Jr> I also build with -O0, which might help more
 14 2013-07-26 05:15:03 <Luke-Jr> Ctrl-C won't work, though - there's some Win API to send a debug interrupt
 15 2013-07-26 05:15:19 <Luke-Jr> (Ctrl-C won't work to break into GDB, that is)
 16 2013-07-26 05:15:37 <gavinandresen> My brain is too full to remember crap like that these days....
 17 2013-07-26 05:20:14 <petertodd> "untrusted root is checked with microsoft on demand whether it should be trusted or not" <- what an excellent way to ensure you can update the CA's as required... scary
 18 2013-07-26 05:21:18 <petertodd> sure they can bug updates anyway, but something like that is particularly annoying to disable
 19 2013-07-26 05:25:11 <phantomcircuit> gavinandresen, early up or late to sleep
 20 2013-07-26 05:25:38 <gavinandresen> phantomcircuit: I'm in Australia, it is 5:20pm here
 21 2013-07-26 05:25:42 <phantomcircuit> oh
 22 2013-07-26 05:27:06 <phantomcircuit> gavinandresen, are there meeting minutes available for foundation director votes
 23 2013-07-26 05:27:14 <phantomcircuit> (they should be)
 24 2013-07-26 05:27:27 <petertodd> phantomcircuit: next meeting coming up?
 25 2013-07-26 05:28:00 <phantomcircuit> petertodd, i want to know who voted to empower patrick murck to write tone deaf press releases
 26 2013-07-26 05:28:13 <petertodd> phantomcircuit: example?
 27 2013-07-26 05:28:24 <gavinandresen> phantomcircuit: I think Jon talked about that in his interview with Lets Talk Bitcoin.  I missed the last meeting
 28 2013-07-26 05:28:53 <phantomcircuit> petertodd, http://www.scribd.com/doc/154799860/Bitcoin-Foundation-Comments-on-Liberty-Reserve-Special-Measures-NPRM
 29 2013-07-26 05:29:02 <gavinandresen> Foundation board meetings are much less interesting than people imagine
 30 2013-07-26 05:29:27 <phantomcircuit> gavinandresen, im sure they are
 31 2013-07-26 05:29:29 <gavinandresen> .... and most meetings we don't vote on anything
 32 2013-07-26 05:29:47 <petertodd> gavinandresen: the volcanic lair sure has a lot of beige carpet :(
 33 2013-07-26 05:29:58 <petertodd> phantomcircuit: what do you think is tone deaf?
 34 2013-07-26 05:29:59 <phantomcircuit> i just want to specifically know the vote on this issue
 35 2013-07-26 05:30:10 <gavinandresen> which issue?
 36 2013-07-26 05:31:07 <phantomcircuit> gavinandresen, murck issuing press releases and filling comments with fincen on behalf of the foundation
 37 2013-07-26 05:31:15 <phantomcircuit> he needs specific authorization to do that
 38 2013-07-26 05:32:19 <phantomcircuit> petertodd, while he is reasonably careful to draw a distinction between liberty reserve and virtual currency in general (indeed that is the entire purpose of the letter)
 39 2013-07-26 05:32:24 <petertodd> phantomcircuit: sounds to me like things I'd expect head counsel to do
 40 2013-07-26 05:32:46 <gavinandresen> mmm, board doesn't micro-manage press releases or responding to legal crap
 41 2013-07-26 05:32:56 <phantomcircuit> petertodd, none the less it draws a connection which was not necessarily preciously in the minds of regulators
 42 2013-07-26 05:32:58 <gavinandresen> ... this is off-topic for #bitcoin-dev, though.
 43 2013-07-26 05:33:19 <petertodd> phantomcircuit: I'm not seeing any big issue here, and agree with gavin
 44 2013-07-26 05:33:36 <phantomcircuit> petertodd, it's not just the one thing
 45 2013-07-26 05:33:39 <phantomcircuit> it's everything
 46 2013-07-26 05:33:49 <gavinandresen> phantomcircuit: Patrick is pretty plugged in to what the regulators are thinking, he's been spending lots of time in DC
 47 2013-07-26 05:34:45 <petertodd> indeed, anyway legal is a different world than what we do
 48 2013-07-26 05:34:49 <phantomcircuit> gavinandresen, the vast majority of the regulators here are in various state offices
 49 2013-07-26 05:34:53 <phantomcircuit> not washington dc
 50 2013-07-26 05:34:57 <gavinandresen> Not different enough....
 51 2013-07-26 05:34:58 <petertodd> note how even jdillon took patricks advice for wording: https://github.com/pmlaw/The-Bitcoin-Foundation-Legal-Repo/pull/4#issuecomment-20581453
 52 2013-07-26 05:35:44 <gavinandresen> phantomcircuit: are you a Foundation member?  All this is discussed in the member forums a fair bit
 53 2013-07-26 05:36:02 <phantomcircuit> gavinandresen, sure
 54 2013-07-26 05:36:53 <phantomcircuit> gavinandresen, i looked but didn't find anything discussing this
 55 2013-07-26 05:36:58 <phantomcircuit> maybe i didn't look hard enough
 56 2013-07-26 05:37:02 <petertodd> gavinandresen: different==don't assume we understand the language
 57 2013-07-26 05:37:24 <phantomcircuit> the best example is the response to the CA DFI C&D
 58 2013-07-26 05:37:34 <phantomcircuit> that letter warranted nothing more than a blanket denial
 59 2013-07-26 05:38:09 <phantomcircuit> it was nothing more than a response to arron greenspan suing everybody
 60 2013-07-26 05:38:51 <fanquake> gavinandresen If you don't mind me asking, how are you liking it over here? Your up in North QLD right?
 61 2013-07-26 05:39:35 <gavinandresen> fanquake: yes, Mission Beach. We spent five months here four years ago, and liked it so much we decided to do it again
 62 2013-07-26 05:40:01 <gavinandresen> Saw two cassowaries today (parent and chick)...
 63 2013-07-26 05:40:22 <petertodd> phantomcircuit: patricks letter reads like a targetted denial to me...
 64 2013-07-26 05:40:35 <petertodd> phantomcircuit: targetted blanket denial I guess you could say
 65 2013-07-26 05:41:00 <fanquake> gavinandresen cool. QLD's pretty great, only been once though. How's the rain?
 66 2013-07-26 05:41:30 <gavinandresen> fanquake: a lot more rain this time than when we were here last, but the sunny days are glorious
 67 2013-07-26 05:42:30 <phantomcircuit> petertodd, it went quite beyond that though, indeed he goes to the point of denying that a bitcoin exchange is a money transmitter under CA law
 68 2013-07-26 05:42:51 <fanquake> gavinandresen Make sure you spend those sunny days outside :p
 69 2013-07-26 05:43:04 <gavinandresen> phantomcircuit: response to that letter from members and others has been overwhelmingly positive
 70 2013-07-26 05:43:09 <phantomcircuit> petertodd, an opinion he has previously voiced
 71 2013-07-26 05:43:24 <phantomcircuit> which i feel is not only wrong but dangerous
 72 2013-07-26 05:43:25 <bitnumus> hey, dont suppose anyone has data for block confirmation times?
 73 2013-07-26 05:43:39 <petertodd> phantomcircuit: why?
 74 2013-07-26 05:43:42 <phantomcircuit> gavinandresen, you've got an echo chamber going on
 75 2013-07-26 05:44:07 <petertodd> phantomcircuit: common in legal stuff to deny everything initially
 76 2013-07-26 05:44:07 <phantomcircuit> real attorneys who have reviewed that letter were not amused
 77 2013-07-26 05:44:29 <gavinandresen> okey dokey....
 78 2013-07-26 05:45:02 <Luke-Jr> the only letter that concerned me was the one giving an opinion which led to the logical conclusion that Bitcoin transactions were inherently unsafe to do ever..
 79 2013-07-26 05:45:13 <gavinandresen> ACTION is not going to be lured into a pointless argument about what constitutes a "real attorney"
 80 2013-07-26 05:45:20 <Luke-Jr> on the topic of whether to return accidentally lost coins or not
 81 2013-07-26 05:45:42 <phantomcircuit> petertodd, while that is a fairly common tactic, i do not believe that is what is happening there, as far as i can tell he quite honestly believes that interpretation to be correct
 82 2013-07-26 05:45:51 <bitnumus> transactions are taking too long to confirm, too often
 83 2013-07-26 05:45:58 <Luke-Jr> (although some of the others did sound more adversial than they had to be..)
 84 2013-07-26 05:46:00 <bitnumus> bank transfers are faster, this is getting frustrating.
 85 2013-07-26 05:46:11 <Luke-Jr> bitnumus: so add more fees
 86 2013-07-26 05:46:17 <bitnumus> doesnt matter
 87 2013-07-26 05:46:21 <bitnumus> if a block isnt mined des it
 88 2013-07-26 05:46:25 <phantomcircuit> petertodd, https://bitcoinfoundation.org/blog/?p=152
 89 2013-07-26 05:46:36 <bitnumus> yesterday there were like 3 60min blocks in a row
 90 2013-07-26 05:46:41 <petertodd> Luke-Jr: that letter sounded like a perfect example of how technology can easily outpace legal theory. Heck, I just wrote a design for a crypto-coin where the only way to create coins is to commit fraud the other day, what does that even mean legally?
 91 2013-07-26 05:46:42 <bitnumus> useless.
 92 2013-07-26 05:46:55 <Luke-Jr> petertodd: O.o
 93 2013-07-26 05:47:06 <phantomcircuit> petertodd, good luck convincing state regulators that bitcoin exchanges aren't money transmitters when FINCEN has said quite clearly that they are
 94 2013-07-26 05:47:32 <phantomcircuit> petertodd, is mr murck going to personally defend anybody who relies on his statement of fact?
 95 2013-07-26 05:47:36 <petertodd> Luke-Jr: It's simple: you do non-interactive probabalistic auditing of tx's in the block, and getting away with fraud is effectively a proof-of-work algorithm, setting the inflation rate.
 96 2013-07-26 05:47:36 <phantomcircuit> im thinking no
 97 2013-07-26 05:47:46 <gavinandresen> wait, who just said that programmers shouldn't assume lawyers speak the same language?
 98 2013-07-26 05:48:03 <petertodd> gavinandresen: me
 99 2013-07-26 05:48:17 <gavinandresen> cool.  phantomcircuit: listen to petertodd
100 2013-07-26 05:48:43 <gavinandresen> I, personally, don't know nuthin about the difference between state and federal legal definitions.
101 2013-07-26 05:48:55 <Luke-Jr> really, none of us here are lawyers <.<
102 2013-07-26 05:49:28 <phantomcircuit> haha
103 2013-07-26 05:49:29 <phantomcircuit> ok
104 2013-07-26 05:49:50 <phantomcircuit> sure i'll just ignore the attorney offering legal advice to the entire world which is at best questionable
105 2013-07-26 05:49:59 <phantomcircuit> why not
106 2013-07-26 05:50:14 <gavinandresen> find an attorney you trust and then follow their advice.
107 2013-07-26 05:50:17 <petertodd> phantomcircuit: "I am not your lawyer, this is not legal advice." <- every lawyer ever
108 2013-07-26 05:50:25 <gavinandresen> ... and hope you trusted the right attorney.
109 2013-07-26 05:50:29 <phantomcircuit> petertodd, except mr murck
110 2013-07-26 05:50:50 <petertodd> of course, attornies tend to give you answers that are "You probably shouldn't do that." for just about everything...
111 2013-07-26 05:50:53 <phantomcircuit> petertodd, i have yet to see him say that anywhere
112 2013-07-26 05:51:07 <gavinandresen> the c&d response wasn't written by mr. murck, by the way.
113 2013-07-26 05:51:25 <gavinandresen> ... and I know you have some bad history with him, so....
114 2013-07-26 05:51:44 <phantomcircuit> only in the most vague way
115 2013-07-26 05:51:59 <phantomcircuit> the biggest thing i got out of that interaction was that he has no idea what he's doing...
116 2013-07-26 05:52:19 <midnightmagic> petertodd: My lawyer doesn't say that. He says things more in the form of warnings and estimations of risk.
117 2013-07-26 05:52:34 <phantomcircuit> midnightmagic, hey you have a good lawyer :)
118 2013-07-26 05:52:40 <bitnumus> ;;tblb 1hr 4min
119 2013-07-26 05:52:40 <gribble> Error: '1hr' is not a valid positive integer.
120 2013-07-26 05:52:47 <bitnumus> how does that command work again :P
121 2013-07-26 05:53:05 <petertodd> midnightmagic: good for him, life is about risk and unknowns anyway
122 2013-07-26 05:53:16 <petertodd> midnightmagic: but my other hobby is cave explorations so...
123 2013-07-26 05:53:16 <phantomcircuit> gavinandresen, if you'd like to go that route then you might want to look at my analysis of coinlab prior to their decision to just sue
124 2013-07-26 05:53:48 <midnightmagic> lol petertodd: Okay admit it, you're Ted.
125 2013-07-26 05:54:42 <petertodd> midnightmagic: yeah... because I actually do that stuff, I hate reading scary stories about it...
126 2013-07-26 05:55:20 <bitnumus> The expected time between blocks taking 1 hour, 6 minutes, and 0 seconds to generate is 1 week, 0 days, 17 hours, 13 minutes, and 46 seconds
127 2013-07-26 05:55:22 <midnightmagic> phantomcircuit: ah thanks, i'll tell him that. he's a criminal defence attorney usually but he likes talking to me because I bring him weird things to think about.
128 2013-07-26 05:55:29 <bitnumus> this has happened like 4 times over the past 2days
129 2013-07-26 05:55:33 <bitnumus> very unlucky ?
130 2013-07-26 05:55:38 <petertodd> bitnumus: yes, try litecoin
131 2013-07-26 05:55:42 <midnightmagic> petertodd: :) good heavens don't tell the lurkers your deepest darkest fears man. :)
132 2013-07-26 05:56:07 <bitnumus> petertodd, that sucks also
133 2013-07-26 05:56:14 <petertodd> midnightmagic: heh, literally deepest...
134 2013-07-26 05:56:20 <midnightmagic> hehe
135 2013-07-26 05:57:11 <petertodd> bitnumus: inputs.io/easywallet
136 2013-07-26 05:58:09 <phantomcircuit> gavinandresen, is there any chance you'd be willing to part with clearcoin.com?
137 2013-07-26 06:02:14 <TD> good morning
138 2013-07-26 06:03:31 <petertodd> evening
139 2013-07-26 06:09:23 <petertodd> TD: what was alp's original script-based oracle proposal he talked to you about?
140 2013-07-26 06:09:59 <TD> honestly i sort of lost track of exactly what he was planning to do. originally he was just going to implement the scheme i proposed on the wiki. then he came up with a much more restricted expression language, then he wrote the forum post which i only skimmed
141 2013-07-26 06:10:07 <TD> i'm hoping he will just figure it out and produce something useful
142 2013-07-26 06:10:38 <petertodd> Ah, I was hoping he'd come up with another script way to do it - I pointed him to the nonce-based way.
143 2013-07-26 06:12:36 <bitnumus> so a 1hour 6min block, now its 20minutes already
144 2013-07-26 06:12:47 <bitnumus> how to calculate the probability of this? or is that what tblb does?
145 2013-07-26 06:12:55 <petertodd> bitnumus: give it up, sometimes you get unlucky
146 2013-07-26 06:13:07 <bitnumus> no...
147 2013-07-26 06:13:13 <bitnumus> https://iwilcox.me.uk/v/block-interval-distribution
148 2013-07-26 06:13:24 <TD> well, i suggested he use javascript for the expression language
149 2013-07-26 06:13:26 <bitnumus> i want to know :)
150 2013-07-26 06:13:57 <iwilcox> That graph is old, but I'll make a new one soon.
151 2013-07-26 06:14:48 <bitnumus> do a 1week one to make sure i'm not tripping
152 2013-07-26 06:14:58 <petertodd> TD: yeah, I was encouraging him to stick to binary true-false stuff first
153 2013-07-26 06:15:18 <petertodd> ACTION wishes bitcoin had "checksig-of-data" opcodes
154 2013-07-26 06:16:06 <TD> yeah. it was kind of a bogus decision to not split it into OP_SIGHASH and OP_CHECKSIG
155 2013-07-26 06:16:17 <TD> oh well. hindsight is 20:20. the fact there's a scripting language at all is pretty amazing
156 2013-07-26 06:16:23 <petertodd> indeed
157 2013-07-26 06:16:25 <TD> so i can forgive satoshi for not getting it quite right the first time
158 2013-07-26 06:16:56 <TD> i guess in the long run, we may end up moving towards a system based on functional encryption instead, or something equally star-trek
159 2013-07-26 06:17:14 <TD> my gut feeling is that script, even if it was more featureful, would have a limited lifespan before being replaced by something fundamentally better
160 2013-07-26 06:17:18 <petertodd> I'm trying to steer tiernolan to actually implementing op_depth or something, at least to give him a sense of how hard the problem is for all the designs he comes up with
161 2013-07-26 06:17:34 <TD> an FE based script upgrade is nice because you don't even need to upgrade any miners or clients
162 2013-07-26 06:17:37 <TD> not even a soft fork
163 2013-07-26 06:18:02 <petertodd> heh, on the other hand, it's magic...
164 2013-07-26 06:18:17 <petertodd> how close are we to functioning functional enc libraries?
165 2013-07-26 06:18:44 <TD> well, there are functioning ABE libraries. but then the policy is public. that's the same as script, of course
166 2013-07-26 06:18:45 <nsh> enc?
167 2013-07-26 06:18:59 <TD> the ABE library i saw only supported relatively simple boolean formulas
168 2013-07-26 06:19:22 <TD> but there are papers which extended ABE to arbitrary circuits, and now there's a paper that claims to have cracked the Holy Grail of full FE with an obfuscated circuit as the policy
169 2013-07-26 06:19:38 <TD> (with a succinct ciphertext size, no less)
170 2013-07-26 06:19:43 <TD> but i doubt it's implementable just yet
171 2013-07-26 06:20:02 <petertodd> huh, what's the strategy to use that with existing signature/pubkeys?
172 2013-07-26 06:20:41 <TD> you do a regular send to pubkey as normal, and attach the private key encrypted under your arbitrary program (circuit). perhaps you could stuff that program into the tx as well, or just attach it out of band
173 2013-07-26 06:20:50 <TD> then you satisfy the program by feeding it the appropriate inputs and it spits out the private key
174 2013-07-26 06:21:10 <TD> at the moment they can compile pure functions written in C-like languages to circuits with some reasonable degree of efficiency
175 2013-07-26 06:21:13 <petertodd> right, so no consensus problem
176 2013-07-26 06:21:25 <TD> indeed. the network only knows that the program was satisfied, but not how or what the program actually was
177 2013-07-26 06:21:39 <Scrat> is this old news? http://software.intel.com/en-us/articles/intel-sha-extensions
178 2013-07-26 06:21:41 <TD> so it's a privacy upgrade as well. the downside is, you have to ensure the attached program doesn't get lost (if you don't embed it)
179 2013-07-26 06:21:50 <TD> Scrat: no. i was pointed to that only yesterday.
180 2013-07-26 06:21:53 <petertodd> yeah, but that's true of a lot of protocols we've come up too
181 2013-07-26 06:21:58 <petertodd> Scrat:it's uninteresting news
182 2013-07-26 06:23:23 <Scrat> yeah, even if it reaches gpu levels of efficiency (which it won't) it's still not good enough
183 2013-07-26 06:24:01 <petertodd> TD: so technically, you'd generally set the txout to be a 2-of-2 multisig actually, where one key can only be gotten by running the magic program
184 2013-07-26 06:24:21 <petertodd> (otherwise the sender can take the coins back, requiring an intermediate tx)
185 2013-07-26 06:24:59 <TD> that's true.
186 2013-07-26 06:25:33 <TD> although then you've introduced a new problem, which is that the program can't impose interesting multi-ownership criteria again
187 2013-07-26 06:25:43 <TD> (unless every possible owner has the other private key)
188 2013-07-26 06:26:30 <petertodd> indeed, or it's a <magic-key> OP_CHECKSIG 1 <key>...<key> m OP_CHECKMULTISIG, which soon makes you wish for OP_MAST_EVAL anyway
189 2013-07-26 06:26:55 <TD> however. perhaps FE itself is the answer. the private key is invisible because it's encrypted into the FE circuit
190 2013-07-26 06:27:00 <TD> that's rather fundamental.
191 2013-07-26 06:27:26 <petertodd> well, can you use the FE circuit to create the pubkey, never revealing the private key to anyone? smells like RSA UFO's...
192 2013-07-26 06:27:37 <TD> so perhaps instead of the creator of the program generating a private key directly, the program itself derives a private key by hashing with some pseudo-random data, or something. although i'm not sure if you can create a program that is a pure function, without knowing what's inside it :)
193 2013-07-26 06:27:42 <TD> not sure
194 2013-07-26 06:27:50 <petertodd> sounds like magic...
195 2013-07-26 06:27:52 <TD> as it's a pure function, i guess not. that would imply randomness which implies state.
196 2013-07-26 06:28:00 <petertodd> heck, SCIP isn't even that magical
197 2013-07-26 06:28:01 <TD> hmm
198 2013-07-26 06:30:15 <petertodd> IMO there's probably enough value to OP_BLOCKHEIGHT and OP_PREVBLOCKHASH to want to implement them, but it'd make more sense to do it on litecoin first
199 2013-07-26 06:30:23 <TD> i suppose in practice it's not that restrictive. you already need to interact with the multi-owning parties to get a pubkey in all existing protocols anyway
200 2013-07-26 06:30:28 <TD> it rarely seems to be an issue.
201 2013-07-26 06:30:47 <petertodd> neither are likely to be easily implemented in FE's given the relatively large amount of data to prove them
202 2013-07-26 06:30:59 <petertodd> (for now)
203 2013-07-26 06:31:04 <Luke-Jr> http://eprint.iacr.org/2013/448 <-- local security issue with access to secure memory, across VM boundaries
204 2013-07-26 06:31:47 <petertodd> Luke-Jr: smartcards have advantages...
205 2013-07-26 06:32:39 <petertodd> never mind that they also have nasty issues with data withholding attacks...
206 2013-07-26 06:32:41 <TD> well, FE is not quite the same thing as provable computation
207 2013-07-26 06:32:53 <TD> this is the one i mean - http://eprint.iacr.org/2013/451.pdf
208 2013-07-26 06:33:11 <TD> they claim the ciphertexts are small(ish)
209 2013-07-26 06:33:15 <petertodd> ah, that's even less useful :)
210 2013-07-26 06:33:18 <TD> not sure if that includes the program though. probably not.
211 2013-07-26 06:33:25 <phantomcircuit> TD, relative to what...
212 2013-07-26 06:33:38 <TD> they mean the ciphertext is proportional to the size of what you encrypt.
213 2013-07-26 06:33:48 <TD> and not, for example, proportional in size to the program that controls the decryption
214 2013-07-26 06:34:11 <TD> and NIZK is used the ciphertext size and encryption time can be considered small in a practical sense"
215 2013-07-26 06:34:11 <TD> "In fact, if the right combination of public key encryption
216 2013-07-26 06:34:26 <petertodd> ok, so essentially a circuit in this context can do things like compute "valid signature from pubkeys a,b,c and that meets threshold"?
217 2013-07-26 06:34:34 <petertodd> *compute things like
218 2013-07-26 06:34:55 <TD> yes. in theory it can do anything you could express in a restricted subset of C, one that doesn't have any memory or IO :)
219 2013-07-26 06:35:13 <TD> any arbitrary function, more or less
220 2013-07-26 06:35:42 <TD> at the moment you actually would have to provide a complete ECDSA implementation to do that, which is by the standards of modern crypto a very large function.
221 2013-07-26 06:35:54 <TD> but they're working on improving its efficiency for the case of embedded crypto primitives specifically
222 2013-07-26 06:36:18 <petertodd> quite literally a digital circuit is the model then
223 2013-07-26 06:36:18 <TD> i have all kinds of use cases in mind for this new field of cryptography
224 2013-07-26 06:36:31 <TD> yeah. that's why it's called a circuit. you compile a program down to NOT, AND, OR, XOR gates
225 2013-07-26 06:36:38 <TD> with "wires" between them
226 2013-07-26 06:36:42 <TD> represented as tables of keys.
227 2013-07-26 06:36:46 <petertodd> I can see the application to oracle stuff for sure, among other things
228 2013-07-26 06:36:48 <TD> + lots of tricks of course. XOR gates can be made free.
229 2013-07-26 06:37:14 <TD> one idea i had the other day ..... why does end-to-end crypto suck? because of identity. people operate in terms of faces, names, a handful of personal attributes like rough age, where in the world someone is from, etc
230 2013-07-26 06:37:19 <TD> computers use long random numbers.
231 2013-07-26 06:37:34 <TD> jumping that enormous gap and falling into it, is why the web of trust kind of sucks
232 2013-07-26 06:37:57 <petertodd> heh, so you want a set of trusted oracles for those attributes, and then you can encrypt to someone with the attributes
233 2013-07-26 06:38:03 <TD> now consider the e-Passports everyone is being issued with. it's a certificate that contains "things that people recognize" like names, faces, dates of birth, etc
234 2013-07-26 06:38:18 <petertodd> er, maybe better to say trusted PKI
235 2013-07-26 06:38:52 <TD> so you could grab that data with an NFC smartphone, run it through a provable computation that takes the cert chain as input along with a public key, verifies the chain and then spits out a subset of your passport data+key+proof
236 2013-07-26 06:39:08 <nsh> .w 653/4
237 2013-07-26 06:39:09 <TD> upload that to a keyserver and now anyone can do a facebook style search to locate your key, and have a very strong assurance they're encrypting to the person they think they are
238 2013-07-26 06:39:15 <TD> (modulo having your passport stolen)
239 2013-07-26 06:39:43 <TD> even governments would find that hard to attack, because if they inserted a fake record into the database, the real user could upload a duplicate using their real passport and you'd observe that the system was broken
240 2013-07-26 06:40:04 <TD> and yes - you can go even further. the Eigenfaces algorithm is a pure function of an input image. so you can theoretically include a face recognition algorithm into your functional encryption key.
241 2013-07-26 06:40:06 <petertodd> indeed, which is why governments wouldn't ever allow that to be implemented...
242 2013-07-26 06:40:15 <petertodd> ha, that would be awesome
243 2013-07-26 06:40:19 <TD> then encrypt any data to a face. not very useful given that you broadcast your face everywhere you go :)
244 2013-07-26 06:40:26 <TD> but neat to think about
245 2013-07-26 06:40:31 <TD> ah, well, the fun thing is - governments can't stop it
246 2013-07-26 06:40:33 <petertodd> I'll encrypt my data to my... never mind
247 2013-07-26 06:40:35 <TD> they already issued the certs
248 2013-07-26 06:40:42 <TD> i mean, they could stop it by imprisoning anyone who used it
249 2013-07-26 06:40:48 <TD> but they'd have to write an explicit law to forbid it
250 2013-07-26 06:41:38 <petertodd> that's the thing though, they can just issue stacks of these duplicates, and maintain a secret database of the ones that are real or not
251 2013-07-26 06:41:58 <petertodd> not a problem from their point of view
252 2013-07-26 06:42:02 <TD> well, yeah, so it's a DoS at that point. if you see two entries in the database with different public keys, and one isn't signed by the other, then you stop
253 2013-07-26 06:42:35 <TD> also
254 2013-07-26 06:42:35 <TD> governments tend to act through laws rather than weird dos attacks though.
255 2013-07-26 06:42:39 <petertodd> yeah... I mean, it's nice to force their hand, but it's also good to recognize they have the option
256 2013-07-26 06:42:41 <TD> you don't necessarily need a keyserver
257 2013-07-26 06:42:56 <TD> generate the proof cert, and now broadcast it everywhere you go using bluetooth low energy
258 2013-07-26 06:43:05 <petertodd> for instance police evidence systems often have "secure timestamps" that are delibrately designed in a way that "trusted administrators" can tamper with them
259 2013-07-26 06:43:07 <TD> if you walk into a room with someone, you can walk out and send them an encrypted message
260 2013-07-26 06:43:12 <TD> no user interaction or key swaps needed
261 2013-07-26 06:43:42 <TD> it doesn't help if you want to send someone a message because you saw them in a youtube video, but if you do viral spread of such databases, it might be useful
262 2013-07-26 06:43:45 <petertodd> yeah, we need more systems like that
263 2013-07-26 06:44:03 <petertodd> freenet people were talking about some yubikey scheme that sounded like that
264 2013-07-26 06:44:31 <petertodd> and they want freenet clients on android, which sounds like they're thinking of doing physical data transfer as part of the darknet
265 2013-07-26 06:47:25 <petertodd> hmm... can bluetooth do opportunistic phone-to-phone connections without significant battery life impact?
266 2013-07-26 06:47:53 <phantomcircuit> petertodd, any use of bluetooth at all has significant battery life impact :/
267 2013-07-26 06:48:43 <petertodd> phantomcircuit: too bad, I was hoping for a low-power tens of foot range beacon service - use it to transfer block headers
268 2013-07-26 06:49:50 <nsh> lol
269 2013-07-26 06:50:00 <nsh> morsecoin
270 2013-07-26 06:50:29 <petertodd> it's one of those beautiful ideas that's sadly not as useful as it should be :)
271 2013-07-26 06:51:22 <phantomcircuit> petertodd, heh
272 2013-07-26 06:51:23 <petertodd> I'll bet you there is enough population density in most countries to get width/100km/hr latencies if everyone had such gadgets on their phones
273 2013-07-26 06:52:00 <TD> bluetooth 4 (a.k.a. low energy) is not normal bluetooth
274 2013-07-26 06:52:14 <petertodd> interesting...
275 2013-07-26 06:52:15 <TD> support for it was just announced yesterday in android. i think iphone supported it for a while
276 2013-07-26 06:52:22 <phantomcircuit> iirc gmaxwell had a plan to broadcast blockchain info over ham radio
277 2013-07-26 06:52:27 <iwilcox> Bluetooth is pretty efficient to leave on, but guzzles battery when actually used, so if you're moving any significant data Wifi usually works out cheaper in battery life