dear Andrew, >> Pieter Wuille in particular has stressed to me what a great feature of MW it >> is >> that everything looks the same, and that breaking this property should be >> taken >> very seriously.
But with every kernel having both a fee and a locktime (which defaults to the last confirmed block at the time of signing), things are pretty uniform already. > He also suggested the locktime should be cancellable and extendable by having > the would-be recipient reveal a key to the sender, but we didn't work out all > the details. If this works then we should be able to get the effect of a > relative lock-time, having indefinitely-open lightning channels, and so forth. > Exciting times. > > Therefore I revise my proposal again, to remove the explicit locktime, and > have only the fee. "I send the coins to a 3-of-3 multisig: my key, his key, and a third key that I generate with some RSA timelock puzzle. Then I give him the corresponding pubkey and SNARK-prove to him that the privkey is a solution to the timelock puzzle." This seems like quite a bit of complexity. What extra security assumptions are we relying on here? I don't see the downside of simply requiring a locktime on every kernel... regards, -John -- Mailing list: https://launchpad.net/~mimblewimble Post to : [email protected] Unsubscribe : https://launchpad.net/~mimblewimble More help : https://help.launchpad.net/ListHelp
