On 07/08/2019 00:33, ZmnSCPxj wrote: > Good morning all, > > It might be useful to remember that there exists pressure to pool > proof-of-work due to tiny non-linearities caused by Proximity Premium and > Variance Discount flaws. > Similarly, any non-linearity in any fidelity bond scheme exerts the same > pooling pressure. > Deliberately increasing the non-linearity to V^2 worsens the pooling > pressure, not lessens it. > > (I wonder if instead going the opposite way and doing V^0.999 might work > better; I have not figured all the implications of such a scheme and leave it > to the reader.) > >> Unfortunately, both described schemes fail the same way as >> 'require TXOs to be consolidated by the owner', by the fact that with >> muSig, shared ownership of TXO is possible, as explained by ZmnSCPxj in >> [1]. 2P-ECDSA is also possible, just more complex, so just saying 'ban >> musig for the bonds' is not the answer, I believe. > > If my understanding is correct, efforts to expand ECDSA to more than > two-party n-of-n "true" multisignatures already are ongoing. > > One might attempt to use transaction malleability as a protection, and > require that transactions that put up bond TXOs should spend from at least > one ***non***-SegWit output, so that the scheme as described fails (as the > funding txid is malleable after-the-fact). > > But the scheme as described only considers ways to securely aggregate > *within* the Bitcoin universe. > > I have recently learned of a spacce called the "real world", wherein > apparently there exist things as "contract law". > It seems to me this "contract law" is a half-baked implementation of Bitcoin > cryptographic smart contracts. > By what little I understand of this "contract law", it would be possible for > an aggregator to accept some amount of money, with a promise to return that > money in the future with some additional funds. > If the aggregator fails to uphold its promise, then some (admittedly > centralized) authority entity within the "real world" then imposes > punishments (apparently inspired by similar mechanisms in Lightning Network) > on the aggregator. > Such arrangements (accepting some money now with a promise to return the > money, plus some interest earned, in the future) apparently already exist in > this "real world", under the name of "time deposits". > > > Regards, > ZmnSCPxj >
Good morning all, Custodial solutions are much less worrying because they introduce so much counterparty risk. It's more risky to give bitcoins in custody than for fiat money because there's no lender of last resort. People using JoinMarket in a non-custodial way will always have a larger risk-adjusted return; The return for running a JoinMarket yield generator isn't that big anyway to start with. The non-custodial renting of TXO signatures is far more worrying. Also, as described in my other email (https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017218.html starting " Let's say the sybil attacker...") the superlinear V^2 term is essential to the resistance of the fidelity bond system to sybil attacks. All things considered the consolidation of makers due to renting TXOs is not as bad as sybil attacks. Consolidation of makers means that the privacy-relevant information is shared amongst fewer people than otherwise, but at least those people are independent (otherwise they'd merge together). In a sybil attack the privacy-relevant information is not shared at all, but entirely known by just one person which is much worse. CB _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
