On Tue, Mar 07, 2017 at 02:51:57PM -0500, John Tromp wrote:
>
> One comparison in each case; kernel.locktime >= blockindex
>
> So the costs are small, but better avoided altogether I agree.
>
> Can you elaborate on how to prove that the third privkey is indeed
> equal to base^{2^largenumber} ?
>You could use garbled circuits http://people.xiph.org/~greg/simple_verifyable_execution.txt (the literature has more efficient constructions according to Ethan, he said to look up "garbled gadgets"), or SNARKs, or something to prove the statement. In zero-knowledge of p and q you prove the following statement: n = p*q; pubkey = xG where x = base^(2^largenumber mod (p-1)(q-1)) which I don't think is likely to be a huge circuit. -- Andrew Poelstra Mathematics Department, Blockstream Email: apoelstra at wpsoftware.net Web: https://www.wpsoftware.net/andrew "A goose alone, I suppose, can know the loneliness of geese who can never find their peace, whether north or south or west or east" --Joanna Newsom
signature.asc
Description: PGP signature
-- Mailing list: https://launchpad.net/~mimblewimble Post to : mimblewimble@lists.launchpad.net Unsubscribe : https://launchpad.net/~mimblewimble More help : https://help.launchpad.net/ListHelp
