Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, July 2, 2019 5:30 PM, Tamas Blummer <tamas.blum...@gmail.com> wrote:
> Hello ZmnSCPxj,
>
> > On Jul 2, 2019, at 10:12, ZmnSCPxj zmnsc...@protonmail.com wrote:
> > As a counterargument, I observe that committing to the advertisement on the
> > UTXO is similar to committing to a SCRIPT on a UTXO.
> > And I observe the Graftroot idea, wherein we commit to a public key on the
> > UTXO, and admit a SCRIPT that is signed by the public key as a SCRIPT that
> > unlocks the UTXO for spending.
> > By analogy, in my "advertising" scheme, instead of committing the
> > advertisement on the UTXO, I can instead commit a public key (for example,
> > the hash of the "advertiser pubkey" is used to tweak the onchain public
> > key).
> > Then we use this advertiser pubkey to admit advertisements on the
> > advertising network.
> > This advertiser pubkey is used to sign an "advertisement chain", which is a
> > merklized singly-linked list whose contents are the actual advertisements,
> > each node being signed using the advertiser pubkey.
> > To ensure that the advertiser does not sign multiple versions of this
> > chain, we can have the signing nonce be derived from the height of the
> > advertchain, such that signing the same height multiple times leads to
> > private key revelation.
>
> The advertiser would thereby put the funds of the HODLer on risk of his
> misbehavior, which means the HODLer would have to trust the advertizing
> service.
No it would not :)
Onchain, the locked UTXO would be a 2-of-2 MuSig / 2p-ECDSA of the HODLer and
the advertising broker.
The HODLer and advertising broker perform a (mostly-offchain) ritual that
ensures that the HODLer gets a `nLockTime` transaction spending from this UTXO
and paying it back to the HODLer, and that the advertising broker pays for rent
of this UTXO, prior to the UTXO actually appearing onchain.
The UTXO requires both cooperation of HODLer and advertising broker in order to
spend, and the HODLer only cares that it gets an `nLockTime` transaction and
will no longer cooperate / will permanently delete its share of the key after
getting this.
The MuSig / 2p-ECDSA pubkey used will then be tweaked (by addition in MuSig, by
multiplication in 2p-ECDSA; the HOLDer need not even learn it, the advertising
broker can tweak its pubkey in the Bitcoin-level transaction beforehand) to
commit to a hash of the "Advertising pubkey".
Thus I say the UTXO "commits to the advertising pubkey", not "pays to the
advertising pubkey".
Indeed, the pubkey of the advertising broker used on the Bitcoin blockchain can
be very different from the advertising pubkey used on the advertchain.
This "Advertising pubkey" is the pubkey used in the advertchain.
The actual money on Bitcoin cannot be spent by the broker unilaterally.
However, what advertisement it will commit to on the advertchain, can be
controlled unilaterally by the advertising broker.
That is the entire point: the HODLer rents out the UTXO to the advertising
broker, relinquishes control over the advertchain, but retaining (eventual)
control over the actual Bitcoins.
The advertising broker then has sole control of the advertchain, and can rent
it out for smaller timeframes to actual service/product providers.
Regards,
ZmnSCPxj
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
