Dear colleagues, After having mentioned it in a Twitter Space a few moments ago, I felt the need to share the idea with you even just as a draft. Utilizing Lamport Scheme (not signature) for better byte-efficiency in L1:
1. Have signing keys consist of the current ECC key AND a Lamport chain;
2. For signing of a transaction, broadcast a tuple consisting of
1. the plain transaction,
2. hash of the previous Lamport chain concatenated to the transaction
3. commitment signed by ECC freezing its UTXO and promising that in a few
blocks time the pre image of hash will be published.
4. a and b (but not c) are buried in coinbase session of a block B1 by miner
M1;
5. If upon maturity, such pre-image is not broadcasted, signed commitment is
buried in the next block and executed. As a consequence, frozen UTXO pays B1
for a and b being buried at M1's coinbase and miner M2 for burying it [the
commitment] in a block B2 subsequent to maturity;
6. If pre-image is broadcasted before maturity, it is buried in another block
B2', pays for itself, pays M1 for burying a adn b at B1 and pays whatever else
was determined in the plain transaction of item 2.a.
The whole point is that, in the typical use case in which pre-image of hash is,
in fact, successfully broadcasted before maturity, commitment, the only ECC
signature in this protocol is discarded, and only two Lamport hashes end up
being buried at L1.
To push economy even further, we could implement a memory-hard hash like Argon2
to do the same entropy-processing trade-off already utilized for passwords, so
we could have hashes of, say 12 bytes, making it 24 in total, down from 136
from ECC.
publickey - yurisvb@pm.me - 0x535F445D.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
