In the vein of "scriptless scripting", it's worth noting that the signature
challenge e = `H(key || nonce || message)` can itself be considered a hash
whose preimage needs to be revealed to produce a valid signature.
Two parties can produce a multisignature by having one present his pubkey/nonce
half to the other, and the other replying with the hash `e` rather than her
pubkey/nonce half.
In this case the first party is doing a totally blind signature, so it's
critical that his key not be reused!
If the hash preimage is SNARK-proven to have certain properties you can also
get ZKCP or really any script application out of this.
~M
--
Mailing list: https://launchpad.net/~mimblewimble
Post to : mimblewimble@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mimblewimble
More help : https://help.launchpad.net/ListHelp
