Re: [Mimblewimble] Treeless block and UTXO set validation

2017-07-27 Thread Merope Riddle
For some reason this message was sent to spam in Protonmail. May be why there are so few replies. Sums are not sufficient to validate the UTXO set. Anybody who owns two outputs summing to a commitment `C` can give a peer any pair of commitments `C1` and `C2` with valid rangeproofs such that `C1

Re: [Mimblewimble] Compact blocks

2017-03-07 Thread Merope Riddle
From: moaningmyr...@protonmail.com It should be sufficient for the output and its rangeproof to be separately committed to the chain to prevent ambiguity. Committing to rangeproofs, which are witness data and can be ignored (at a trust tradeoff), will reduce flexibility. This is a good point.

Re: [Mimblewimble] Compact blocks

2017-03-07 Thread Merope Riddle
Myrtle Warren said: > As far as I can tell, the specific construction of the output hash's preimage > has not been determined. If we move forward with this mechanism, it becomes > critically important that the hash covers the range proof itself. A situation > where the hash resolves ambiguously

Re: [Mimblewimble] Scriptless scripting and deniable swaps

2017-02-03 Thread Merope Riddle
In the vein of "scriptless scripting", it's worth noting that the signature challenge e = `H(key || nonce || message)` can itself be considered a hash whose preimage needs to be revealed to produce a valid signature. Two parties can produce a multisignature by having one present his pubkey/nonce