This could could be a viable option. I think this is the right approach. Any downside to this and how much does this add to the blockweight if anything at all.
Anonymouse > On Jan 22, 2019, at 4:19 AM, ZmnSCPxj via bitcoin-dev > <bitcoin-dev@lists.linuxfoundation.org> wrote: > > Good Morning Matt, > >> ### ZmnSCPxj, >> >> I'm intrigued by this mechanism of using fixed R values to prevent multiple >> signatures, but how do we derive the R values in a way where they are > unique for each blockheight but still can be used to create signatures or > verify? > > One possibility is to derive `R` using standard hierarchical derivation. > Then require that the staking pubkey be revealed to the sidechain network as > actually being `staking_pubkey = P + hash(P || parent_R) * G` (possibly with > some trivial protection against Taproot). > To sign for a blockheight `h`, you must use your public key `P` and the > specific `R` we get from hierarchical derivation from `parent_R` and the > blockheight as index. > > > > Regards, > ZmnSCPxj > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
