Posts by waxwing@x0f.org
(DIR) Post #ASM9moN4O1J9mjF8Jk by waxwing@x0f.org
2023-02-02T15:57:27Z
0 likes, 0 repeats
The market will find balance in this: block space is tremendously valuable, over time that will be seen with a lot of demand; immutable 'transcription' will be very expensive, for whatever purpose whether simple money transfer or something more complex; tradeoffs using little data on chain with slightly-less-than-100%-immutability of record off chain will probably be more common, but, again, the market will figure that out. Full blocks and backlog will cause "champaign" to be popped :)(2/n)
(DIR) Post #ASM9moruXLyhKNflOC by waxwing@x0f.org
2023-02-02T16:04:03Z
0 likes, 0 repeats
(Btw ... who remembers that only a month ago the debate was all about whether we need to add tail emission to bitcoin because of no fees and miner death spiral or something? 😆 ).Side note: no, taproot did not open a backdoor to more block size. Segwit did that, 6 years ago. A 3.7MB block was mined (with 1 tx) about a month after activation back in 2017. Taproot removed a limit on witness inside a tx (input) because of a sighashing change, it didn't change the resource limit per block.(3/n)
(DIR) Post #ASM9mpZ9wYZZUVuIng by waxwing@x0f.org
2023-02-02T16:12:54Z
0 likes, 1 repeats
So, why *I* am unhappy about the Ordinals project: it confirms in people's mind, a terrible cognitive error.If there's one thing I always have tried to get across to people in the various talks, podcasts whatever I've given over the years it's this: satoshis *do not exist*. There is no serial number attached to them; they do not exist in code. It's like asking 'where are the inches on this 15 inch stick'. Utxos exist, sats (or bitcoins), don't. Abstract? Yes, but in a sense, critical.(4/n).
(DIR) Post #ASM9myzitAAWjVP8xE by waxwing@x0f.org
2023-02-02T16:15:40Z
0 likes, 0 repeats
Critical because: it's why bitcoin has what I call "intrinsic fungibility", even if it has actually really poor practical fungibility.Each utxo you receive as a payment does *not* have a fixed history tracing back to a block in which it was mined. It was created ex nihilo; its creation was only limited by permission (owner(s) of inputs authorizing) and by a consensus non-inflation rule. There *is* history but it's fuzzy - it fans out backwards (multiple inputs) in each historical tx. (5/n)
(DIR) Post #ASM9n6bCcDJAJlzfqS by waxwing@x0f.org
2023-02-02T16:19:03Z
0 likes, 0 repeats
That last fact is a direct consequence of the fact that satoshis do not have watermarks/serial numbers. Years ago an academic in the UK published a paper trying to argue for something like Ordinals - i.e. FIFO on satoshis:https://www.cl.cam.ac.uk/~rja14/Papers/making-bitcoin-legal.pdfSo the gist is, if you *choose* to apply an arbitrary rule (FIFO or LIFO) to a mapping from ins to outs in a tx, *then* suddenly that instrinsic fungibility is "lost", in that every utxo you receive has a precise history. (6/n)
(DIR) Post #ASM9nG1Pa8cXXfKERk by waxwing@x0f.org
2023-02-02T16:21:41Z
0 likes, 0 repeats
This is not just a *bad* idea; it's also stupid. For ordinary payments, it creates an arbitrary choice of *which* input from Alice, that paid Bob in output 1, is "the" input that paid him, and so allows a fixed tracing through history of something that is not, actually, fixed by protocol. But it creates even more nonsense in say, coinjoin, where Alice is paying Alice, but her output is considered to have come from Bob or Carol.So we come to the point - it's really complete drivel, but.. (7/n)
(DIR) Post #ASM9nOehTwnkJplinQ by waxwing@x0f.org
2023-02-02T16:24:32Z
0 likes, 0 repeats
... it's *precisely* the kind of drivel that the state actors want to hear. It tells them that we can perfectly identify the origin of money, so we can block and control all we want. The Ordinals project, even if its creator perfectly understands that the assignation of serial numbers is arbitrary and ex-protocol, is, if it becomes popular, going to embed in the minds of politicians and other idiots, that we can perfectly trace the history of your bitcoins.But ... it can't be prevented. (8/8?)
(DIR) Post #ASPyVh4PxJr7M5zepU by waxwing@x0f.org
2023-02-04T13:45:06Z
0 likes, 0 repeats
New principle:The only(?) reason to support non-trivial consensus changes in Bitcoin, from now on, is if it supports the ability to create off-chain protocols for payments, such that we will need far less consensus changes in the future.(I did a discussion panel on @nvk 's podcast earlier, just been released, made me think about it again ... in that discussion we didn't talk enough about the off-chain part imo).https://bitcoin.review/podcast/episode-21/#bitcoin
(DIR) Post #ASPyVoRMYPMwDHma48 by waxwing@x0f.org
2023-02-04T13:48:37Z
0 likes, 0 repeats
It's just a thought, but it's interesting - for example it might be a justification to do a covenants soft fork (and maybe then people would understand the motivation better, I don't like focusing on stuff like vaults (yeah super useful but that's somehow not "central" enough) or congestion control.Having a guiding principle like this for any future changes might be good (especially with that reflexive part - supporting *less* future changes).
(DIR) Post #ASPyVuwQNpmSNMMTJY by waxwing@x0f.org
2023-02-04T13:57:27Z
0 likes, 0 repeats
A much more "out-there" example:a single bilinear pairings operation (like, check e(a,b) =? e(c,d)) could enable a huge amount of "lift the hard work off chain" (think, zk rollups concept, but def. not limited to that). Yeah I know this is pie in the sky for now, given it's entirely different crypto, *and* it's also very expensive, and in verification (so impacts all nodes). But even so, would love to have it investigated. It fits the above principle.
(DIR) Post #ASVKZhKG7KLU5WW824 by waxwing@x0f.org
2023-02-08T00:19:42Z
1 likes, 1 repeats
Video of my presentation from btc++ in Mexico City in December:https://www.youtube.com/watch?v=khmLiM9xhwkabout "Steganographic Decentralized Market-based Coinjoin" (well, and a bit of philosophizing about bitcoin at the start!)Thanks to organizers, was a great conf (and actually good job with the recording!)#bitcoin #coinjoin
(DIR) Post #ASVQC4sRVAR9uFcuVU by waxwing@x0f.org
2023-02-09T14:31:07Z
0 likes, 0 repeats
@giacomozucco @n1ckler Thanks, two very interesting angles to look into there .. btw the ElementsProject link seems to have a typo, doesn't resolve.I will definitely read this stuff though and get back to you, cheers.
(DIR) Post #ASVclUlYRECbmi3kp6 by waxwing@x0f.org
2023-02-09T16:51:58Z
0 likes, 0 repeats
@giacomozucco On the submarine swap part: my fundamental issue with it, is that with script-based swaps, the atomicity is between an off chain payment, and a *version of the tx I don't actually want* (i.e. one in which preimages are revealed on chain, breaking the stega- or just privacy part). Now sure we can overlay that, as in CoinSwap designs, but that requires sig negotiation a second time, so it's *those* second signatures that are actually what I want to pay for. Adaptors fix that.
(DIR) Post #ASW36IswP5a9pI668e by waxwing@x0f.org
2023-02-09T16:59:07Z
0 likes, 0 repeats
@giacomozucco On CISA: my "no" was a bit misleading I guess, it was a mix of 'it doesn't really help' and 'I'm not getting into this right now'.For the former, it needs a ton of unpacking, but: I am assuming no change in witness discount (so say 15% at the asymptote as per nickler). Here, 15% isn't much but it *is* enough to incentivize behaviour perhaps, right? Except: coordination costs - especially at the asymptote! - are very nontrivial.So then we start imagining a world with ...
(DIR) Post #ASW36JYltZ2hv1fVL6 by waxwing@x0f.org
2023-02-09T17:01:47Z
0 likes, 0 repeats
@giacomozucco .. very large "tx batching" coinjoins because of 10-15% discount (and we just handwave coordination). These coinjoins don't have a privacy property ..Except! They do, because of subset sum being exponentially hard.Except! That's a worst case for the snooper, there will in reality very often be radically sub exponential ways of disentangling.Except! Look at wabisabi/ @nothingmuch work on denominations...Etc etc.Only one substantive point left:
(DIR) Post #ASW36KGNHRvA6G4KIq by waxwing@x0f.org
2023-02-09T17:04:36Z
0 likes, 0 repeats
@giacomozucco @nothingmuch .. , which is the part of what you said that I didn't know: discussing changes to witness discount. I'm not sure if it alters any of the above (maybe?) and I also don't have much sense of why or how it would change with CISA. It's obvious to me that the witness discount as a concept was rational, but I don't know what number it should be, or if it should be changed in future (I'm kind of against further changes to it, but then again CISA is a massive change!).
(DIR) Post #ASW36KtMwT743CJT5E by waxwing@x0f.org
2023-02-09T17:08:41Z
0 likes, 0 repeats
@giacomozucco @nothingmuch I think the important part of that talk for myself, was ironing out the concept of 'many party atomicity', because that fits particularly with the Joinmarket philosophy of "random actor is central coordinator"; the fact that you can get that "all get paid if 1 party does X" seems like it could be very important. I even tried to write a formal paper proving the security of that, but I got stuck on one point (ZK is weird, here) and haven't quite finished it.
(DIR) Post #ASbpqcW7dxH9kkGYfg by waxwing@x0f.org
2023-02-12T16:46:48Z
0 likes, 0 repeats
@giacomozucco @nothingmuch Sorry, late response but: "incentivize utxo set reduction", imo it's not *just* pedantry to say: that's putting the cart before the horse. The discount is intended to reflect the lower overall cost, to the network, of witness data cf other (e.g. outputs) data. Logically yes that does incentivize utxo set reduction, but I guess that's not the only thing it does. What you want is for price to reflect cost.But from a common sense perspective, I get your point.
(DIR) Post #ASgExlLOUxACduaerA by waxwing@x0f.org
2023-02-05T16:58:38Z
0 likes, 1 repeats
Tor is such a fascinating hybrid of cryptography and ... not cryptography 😆 "The introduction point passes your details (secret string and rendezvous address) on to the Onion Service, which runs multiple verification processes to decide whether you're trustworthy or not."Where do I get my tor blue checkmark?#tor #cryptography
(DIR) Post #ASgFV3pulVyBYGkAz2 by waxwing@x0f.org
2023-02-09T14:38:36Z
1 likes, 0 repeats
Set up nostr, still clearly not a perfect setup, but it basically works. Put my pubkey in my profile here ( npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7 )#nostr