#bitcoin-wizards

/

      • thomasa__ has quit
      • thrmo_ is now known as thrmo
      • Krellan joined the channel
      • Emcy joined the channel
      • Dizzle has quit
      • Dizzle joined the channel
      • nsh
      • yoleaux
        Peter Hines: "Diagrams and Coherence Theorems in Cryptography and Cryptanalysis" - YouTube
      • nsh
        (yields a simple diagrammatic sanity check on [a class of] zk protocols)
      • thrmo has quit
      • AaronvanW has quit
      • Belkaar has quit
      • dougsland joined the channel
      • Belkaar joined the channel
      • Belkaar has quit
      • Belkaar joined the channel
      • luke-jr has quit
      • luke-jr joined the channel
      • dougsland has quit
      • Emcy joined the channel
      • rmwb joined the channel
      • Krellan joined the channel
      • rmwb has quit
      • rmwb joined the channel
      • luke-jr has quit
      • luke-jr joined the channel
      • luke-jr has quit
      • luke-jr joined the channel
      • Emcy has quit
      • Dizzle has quit
      • Dizzle joined the channel
      • Emcy joined the channel
      • Zenton has quit
      • Dizzle has quit
      • meshcollider_ joined the channel
      • Cory has quit
      • setpill joined the channel
      • Pasha joined the channel
      • Pasha is now known as Cory
      • PaulTroon joined the channel
      • Emcy joined the channel
      • PaulTroon_ joined the channel
      • Zenton joined the channel
      • PaulTroon_
        if using the eltoo update scheme for lightning, the settlement tx has to be conditional on release of a secret, but does the update tx also need it? I assume so.
      • PaulTroon has quit
      • SopaXorzTaker joined the channel
      • kenshi84 has quit
      • kenshi84 joined the channel
      • SopaXorzTaker has quit
      • jl2012
        there is a question about choice of G: https://crypto.stackexchange.com/questions/6042...
      • so G = 2G', where G' has a very small x-coordinate
      • meshcollider_ has quit
      • shesek joined the channel
      • shesek has quit
      • shesek joined the channel
      • thrmo joined the channel
      • thrmo has quit
      • thrmo joined the channel
      • SopaXorzTaker joined the channel
      • thrmo has quit
      • thrmo_ joined the channel
      • thrmo_ is now known as thrmo
      • AaronvanW joined the channel
      • Chris_Stewart_5 joined the channel
      • Krellan has quit
      • Krellan joined the channel
      • setpill has quit
      • balog has quit
      • Guyver2 joined the channel
      • thrmo_ joined the channel
      • thrmo has quit
      • AaronvanW has quit
      • AaronvanW joined the channel
      • waxwing
        right, the assumption is that it's the hash of something, but after investigating people couldn't find out what it was. note there's mathematical reasoning as to why the choice of G doesn't matter (see 'random self-reduction', average (randomly chosen) case is as hard as worst case)
      • at least, i'm pretty sure that reasoning applies here.
      • also w.r.t NUMS, what sipa said helps, if you want NUMS basepoint, just hash G somehow into what generates it, then the hash'd have to be broken for shenanigans to be possible
      • laurentmt joined the channel
      • rmwb has quit
      • andytoshi
        jl2012: FYI it is possible to batch-validate taproot and schnorr, with the result that each taproot commitment verification takes only one scalar-point multiply
      • laurentmt has quit
      • in fact there is code for this, which is not in the schnorr BIP because it's nonessential and we don't want review exhaustion :)
      • Chris_Stewart_5 joined the channel
      • AaronvanW has quit
      • dgenr8 has quit
      • dgenr8 joined the channel
      • Krellan has quit
      • Krellan joined the channel
      • thrmo_ is now known as thrmo
      • timerskull joined the channel
      • nickler
        PaulTroon_: any party can settle anytime, not sure what secret you're referring to
      • PaulTroon_
        @nickler : I just mean for a payment channel network like lightning the receiver has a secret they exchange and then that secret flows back through the network so relays get paid.
      • the preimage
      • dougsland joined the channel
      • I should ask on lightning-dev - forgot about that
      • douglas_ joined the channel
      • nickler
        PaulTroon_: eltoo is by and large independent of payment routing. The update tx even more so because it doesn't contain HTLC outputs.
      • PaulTroon_
        in the paper it was mentioned that HTLCs could be added to the settlement tx for multihop payments
      • nickler
        yes, but that doesn't mean the settlement tx is conditional on some secret. Spending the HTLC output requires a secret - same as in current lightning.
      • PaulTroon_
        I probably need to read through the ln paper again; but if both parties sign the update tx that spends to some settlement tx with an HTLC, then what happens if the payment is aborted? I wondering about if the update tx is valid but the linked settlment tx isn't
      • waxwing
        nsh, just watched the start, but that's quite an interesting way to look at key sharing; the parallelepiped thing is cool, and it immediately makes me wonder whether it generalises to more than 2 participants; e.g. for 3 participants can you construct the same thing in a 4 dimensional parallelepiped (whatever that's called, forgot)
      • nsh
        yup
      • also, slightly worrying it kinda provides a reduction from DLP and RSA to calculating commutation relations in a byzantine key exchange with no secrecy which may in principle be efficiently calculable
      • but not an immediate threat i think
      • nickler
        PaulTroon_: aborting a payment does not invalidate the settlement tx. But both parties will create new update and settlement txs which invalidates (in the lightning security model) the old settlement tx because the new update tx can spend the old one before the old settlement tx.
      • michaelsdunn1 joined the channel
      • rmwb joined the channel
      • PaulTroon_
        nickler: I must be missing something. It seems like if a malicious counter party commits the update for a failed payment, then there's no way to settle using the previous settlement TX with a revealed preimage.
      • nickler: perhaps if both parties have equal value locked up they screw themself
      • dougsland has quit
      • douglas_ has quit
      • Krellan has quit
      • AaronvanW joined the channel
      • nickler
        PaulTroon_: you don't need a preimage to spend an update tx with a settlement tx. As for the HTLCs, if you don't have the preimage you have to wait for the HTLC timeout.
      • rmwb has quit
      • p0nziph0ne joined the channel
      • bojimbo joined the channel
      • PaulTroon_
        nickler: ahh, thanks, I wasn't thinking about the refund aspect of the HTLC. So it's not a dead end in the case the preimage isn't provided.
      • rmwb joined the channel
      • douglas_ joined the channel
      • dougsland joined the channel
      • dougsland has quit
      • thrmo has quit
      • deusexbeer has quit
      • deusexbeer joined the channel
      • Krellan joined the channel
      • esotericnonsense has quit
      • _tin joined the channel
      • esotericnonsense joined the channel
      • esotericnonsense has quit
      • dnaleor joined the channel
      • esotericnonsense joined the channel
      • esotericnonsense has quit
      • esotericnonsense joined the channel
      • Krellan has quit
      • esotericnonsense has quit
      • esotericnonsense joined the channel
      • esotericnonsense has quit
      • esotericnonsense joined the channel
      • tombusby has quit
      • esotericnonsense has quit
      • dnaleor has quit
      • esotericnonsense joined the channel
      • bojimbo has quit
      • dnaleor joined the channel
      • Krellan joined the channel
      • dnaleor has quit
      • jb55 joined the channel
      • esotericnonsense has quit
      • esotericnonsense joined the channel
      • thrmo joined the channel