On Tue, Mar 07, 2017 at 02:18:53PM -0500, John Tromp wrote:
> dear Andrew,
>
> >> Pieter Wuille in particular has stressed to me what a great feature of MW
> >> it is
> >> that everything looks the same, and that breaking this property should be
> >> taken
> >> very seriously.
>
> But with ever
On Tue, Mar 07, 2017 at 02:51:57PM -0500, John Tromp wrote:
>
> One comparison in each case; kernel.locktime >= blockindex
>
> So the costs are small, but better avoided altogether I agree.
>
> Can you elaborate on how to prove that the third privkey is indeed
> equal to base^{2^largenumber} ?
>
> The people constructing the locktimes are depending on the security of the
> zero-knowledge proof (which could be as simple as just hashes being random
> oracles) and the security of the timelock puzzles (RSA problem being hard).
>
>> I don't see the downside of simply requiring a locktime on eve
On Tue, Mar 07, 2017 at 02:18:53PM -0500, John Tromp wrote:
> > He also suggested the locktime should be cancellable and extendable by
> > having
> > the would-be recipient reveal a key to the sender, but we didn't work out
> > all
> > the details. If this works then we should be able to get the
dear Andrew,
>> Pieter Wuille in particular has stressed to me what a great feature of MW it
>> is
>> that everything looks the same, and that breaking this property should be
>> taken
>> very seriously.
But with every kernel having both a fee and a locktime (which defaults
to the last confirme
On Fri, Feb 03, 2017 at 10:42:14PM +, Andrew Poelstra wrote:
>
> Pieter Wuille in particular has stressed to me what a great feature of MW it
> is
> that everything looks the same, and that breaking this property should be
> taken
> very seriously.
>
In this line of thinking, I gave a prese
A while ago I had a chat with Andrew in
https://gitter.im/grin_community/Lobby where he helped explain multi
signature transactions to me, and I thought it might benefit others as
well to explain the atomic swap below in more detail.
So the setting is that Igno holds some coins on the MW altchain,
In the vein of "scriptless scripting", it's worth noting that the signature
challenge e = `H(key || nonce || message)` can itself be considered a hash
whose preimage needs to be revealed to produce a valid signature.
Two parties can produce a multisignature by having one present his pubkey/nonce
I recently described how to do hash-preimage challenges in MimbleWimble by
adding
the ability to sign hashes and consensus-requiring the preimage to be revealed
for
this signature to be considered valid [1]. This was met by concerns about
additional
complexity, trying to use features before the
9 matches
Mail list logo
