> A problem with the idea of using one-show signatures as double-spend > protection is that miner-claimable fidelity bonds don't work as well > against adversaries that are not just counterparties but also miners > themselves.
Hey David, The fidelity bonds in the Ark context are nothing but the vTXOs themselves, which in simple terms, have two possible closures: (1) a key-path collaborative closure with higher precedence and (2) a script-path closure with lower precedence. The key-path closure is a 2-of-2 between the rightful owner of the vTXO and the service provider. The script path closure, on the other hand, lets the service provider sweep funds after a relative lock time. The key-path closure has higher precedence over the script-path closure since it can be triggered immediately with a satisfying signature. If the service provider double-spends a transaction that enforces a one-time signature where Bob is the vendor, Bob can forge the service provider’s signature from the 2-of-2 and can immediately claim his previously-spent vTXO(s). If Alice (or the service provider) is a miner she won’t be able steal funds regardless, since she won’t be able co-sign from the Bob’s key. Best, Burak _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
