I think we need a new word for the specific kind of mental anguish I experience when I scroll through twitter and find that every long post (the ones I always gravitated to, because it usually correlated with someone having something to say) is in the "that's not X - it's Y" prose style that is so transparently LLM speak. It really is painful at this point and it's completely endemic. I know we have "slop" but I never really liked that, it's not the content (sometimes, the content is interesting), it's the style and emotional timbre. I put up with it when an LLM is giving me some useful info in my interaction with it, but please for the love of god, write your prose yourself, even if all the info is coming from that source.

I'm not really sure about this, but I think I'm in a slowly growing group of people who are gravitating to this thesis: between witness encryption (WE), functional encryption (FE) and indistinguishability obfuscation (iO), listed in increasing order of power and decreasing closeness to actual existence, there is a slowly clarifying path to bitcoin becoming practical. It's "practical" already, to be clear, especially with Lightning (confident in saying so, as I actually use it, unlike all the influencers on twitter). But that's quite limited. The potential future is one that's a lot more fun and a lot less about arguing with each other ... a bit like the very early days where for a lot of people Bitcoin felt very "the sky's the limit" in terms of introducing whacky new schemes and systems. A lot of that was kind of deluded, but at least it *was* fun, something that's a bit lacking "here" nowadays (yes you have it on nostr, sure, but nostr is not money!). If we even get the simplest of the 3, witness encryption, with enough generality, it could obviate the need for lots of arguments about op_codes and people will be able to build genuinely interesting offchain constructions where people can do things like super-low cost txs without any setup or collateral, or engage in bets or smart contracts etc. etc. .. with WE it's clunky because of the background onchain plumbing being a bit messier. With FE you can have the same things, or better, and it's a lot more streamlined, I think. But FE only exists in sort of toy form for now (so called "inner product functional encryption" is very elegant but extremely limited, afaict). As for iO, it allows you to do .. basically exactly anything (every existing crypto primitive can be done with iO, and others too), which is probably why it remains just a theory for now. #bitcoin #cryptography

For those of you who never saw it: This post from *1999* on the cypherpunks mailing list pretty much described bitcoin; it was, interestingly, in response to Adam Back saying that the most essential feauture of ecash was not blinding, but non-confiscatability/bearer (reflecting that, unlike many, Back knows what "cash" actually means!).

'Re: ecash means anonymous & untraceable (Re: Will this replace banking' - MARC

Note that the post uses 2 spaces after the period :)

Posting from Yakihonne. Do people see this? I'm having trouble seeing updates on Amethyst last few days. Posts and notifications don't seem to show up reliably (slow to show up, then disappear/reappear).

Oh, and in case you were wondering, isn't something like witness discount similar? The answer is a resounding no! Think about it - what the witness discount controls is *how much stuff can go into a block* and is therefore a *global* consensus rule. If miners break it they fork off. Here what the ZIP is discussing is having everyone sing kumbaya and agree what kinds of fees are fair, reasonable and keep good privacy and ddos resistance for everyone. It'll work fine, until it doesn't. View quoted note →

I discovered something quite remarkable today after seeing podcasts with Sean Bowe [1] describing the new tachyon system and then one today with Ying Tong [2] mentioning the fabled 'sandblasting attack' . It turns out that zcash put out a ZIP zips.z.cash/zip-0317 with what seems to me extraordinary content: it says not that there is some resource limit for blocks, but that individual transactions *should* be treated thusly: fee should be linear in number of ins/outs, but 2 outs should be treated like one (for a privacy reason), that certain types of transactions (their different shielded pools) should not be discriminated, and they disrecommend relay of transactions with other fees, and then give a long RECOMMENDED section to miners on how to construct blocks. This is totally nuts - the miner incentive is always to maximize fee revenue, and while it can be hard to work under that scenario sometimes, it's crazy to try to say things like randomize your candidate transactions and only take high paying txs in this ratio, or similar, as they do. Bear in mind that the sandblasting attack, which genuinely crippled the network afaik because they couldn't verify, in a normal node, as fast as the attacker could create transactions, happened because they had the insane idea of a flat fee for every individual transaction, no matter how big it was! (to be sure, they must have done that for better privacy, but it's an utterly broken concept). These are some of the very smartest cryptographers in the world, and I am not exaggerating for effect, there. How did they get such batshit insane ideas (or lack of ideas?) about how a permissionless p2p network works? [1] its on the recent Zero Knowledge podcast, look it up, [2] the recent BTCKVR podcast 'BitVM optimizations', around 35 minutes #cryptography #bitcoin #zcash