> The people constructing the locktimes are depending on the security of the
> zero-knowledge proof (which could be as simple as just hashes being random
> oracles) and the security of the timelock puzzles (RSA problem being hard).
>
>> I don't see the downside of simply requiring a locktime on every kernel...
>
> Extra identifying data which miners can identify and censor,
Locktimes will generally be at or a few blocks behind the current tip.
>additional data being stored in the chain forever,
True; 4 bytes extra per kernel.
> additional validation cost for users who
> aren't involved in the contract, permanent complexity of adding specific
> contract enforcement logic to consensus code.
One comparison in each case; kernel.locktime >= blockindex
So the costs are small, but better avoided altogether I agree.
Can you elaborate on how to prove that the third privkey is indeed
equal to base^{2^largenumber} ?
--
Mailing list: https://launchpad.net/~mimblewimble
Post to : mimblewimble@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mimblewimble
More help : https://help.launchpad.net/ListHelp
