proslogion: poelstra's new (draft, very draft) magnum opus in -wizards if you didn't notice yet (MW + stuff, it seems)
proslogion
waxwing: thanks for the info
waxwing
i'm finding it largely unintelligible at the moment, maybe a bit too early
proslogion realizes that English caligraphy is still useful
it would be even more useful if you could actually rely on him to use consistent/correct notation :)
heh "Proof. TODO TODO"
arubi
should've put "...proof need be 'elementary' only in a technical sense and could involve millions of steps, and thus be far too long..." :)
heh well I was looking for a different quote, the one I know is in not in english :P
waxwing
:) my favorite one in the paper so far is "Correctness and summability of the scheme are immediate" (written after a completely unintelligible algorithm) :)
arubi
hah, I'm having borromean ring sigs flashbacks already
waxwing
arubi: yeah but this one is before i sent him ~ 10 typo corrections :)
arubi
autocorrect for latex -- new startup
waxwing
it's just an early draft, so just messing, but i was rather keen to understand his add-on feature called "sinking signatures"
arubi
yea I saw that keyword but haven't seen it before. guess I have some reading to do
waxwing
well, it's his proposal, it's new
arubi
so it wasn't mentioned anywhere but in this draft?
waxwing
i guess not. it's proposed here.
arubi
ah okay. I thought I just missed some past stuff
proslogion
some of that is surprisingly elementary
waxwing
proslogion: what's e() ? i'm thinking this is a variant of schnorr aggregation, but there's no mention of that explicitly, and it's really hard to know for sure what some of the terms are.
proslogion
certainly
why he is talking about 'immediate'
waxwing
so you understand definition 5?
proslogion
CDH, not too bad :)
waxwing
because if you do i have several Qs
shall i begin? :)
proslogion
sorry i don't think i do after reading theorem 1
waxwing
yes, i was trying to get Theorem 1 to help me understand def. 5 but the notation is all over the place, so left with guessing.
first, the equation for s is wrong: s = {sk . H(x_i} from i=0..n first close paren missing, obvious, but is that a sum of the products sk . H(x_i) ?
then in the verify step, what is "p"? it's in the place of "s" from the definition 4
then it says "computes P as the sum of all elements of p" but doesn't define either p or P.
then doesn't define what e() refers to.
proslogion
waxwing: first yes
second, read the top paragraph of page 3
'p' should stands for 'public'
waxwing
if it means pk, he should use pk, as he put in the intro to the defn.
proslogion
nvm, andytoshi is taking qs on wizards
proslogion shrugs
waxwing
so it's bilinear-y things, i thought they were trying to avoid that.
proslogion shrugs again
proslogion
i believe greg said it's not really possible
my fault for putting the hope too high
waxwing
proslogion: the reason i burrowed into that is because i was hoping to figure out what purpose they were trying to achieve with it; it seems like you understand that proslogion ?
i guess the bit right at the end "possible to do full MW verif with only log^2 block data"
proslogion
waxwing: yeah, if you can do cross-block signature aggregation in this way, then all you ever need for initial block sync are all the coinbase coins, and the current UTXO set, then you can prove it goes from the coinbase right to the UTXO given to you
right
waxwing
so is it like, the signatures prove the block height they occurred in or something?
proslogion
you can run a full node, while only syncing as much as the UTXO set size, under a....considerably weaker(layman sense) security assumption :)
it proves that the miners didn't forge any tx that spends invalid coins in between
in short, think of that most utopic thing you want as a full node runner
waxwing
without that particular brand of moon math, you can still get aggregation within-block, right?