public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Peter Todd <pete@petertodd•org>
To: Bryan Bishop <kanzure@gmail•com>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: [bitcoin-dev] Single-use-Seal Implementation
Date: Mon, 12 Aug 2019 10:40:23 -0400	[thread overview]
Message-ID: <20190812144023.4mixitkcsrvpb7i6@petertodd.org> (raw)
In-Reply-To: <CABaSBawe_oF_zoso2RQBX+7OWDoCwC7T2MeKSX9fYRUQaY_xmg@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1852 bytes --]

On Wed, Aug 07, 2019 at 08:48:06AM -0500, Bryan Bishop via bitcoin-dev wrote:
> Single-use seals
> ================
> 
> This proposal may have inadvertedly demonstrated a practical way to implement
> Peter Todd's single-use seals concept [4]. I am hesitant to say so, though,
> because I think he would ask for a more sophisticated way to verify seal
> closure.

I'm not sure what you're getting at here; single-use-seals are really boring
and simple. To recap, they're akin to a pubkey that has the "magical" property
that it can only be signed once. This of course is impossible with math alone,
but can be implemented with beyond-math mechanisms like trust or PoW (physics).

Thus you have a globally unique seal, which can be closed over a message,
producing a witness attesting to the fact that the seal was closed over that
message. A single-use-seal protocol is secure if it is impossible (in your
chosen security model) to trick the validation function into thinking a single
seal was closed over two different messages.

The obvious implementation with Bitcoin is to define the seal to be a specified
txout, and the witness to be a transaction (and lite client proof) that spends
that txout in a transation with an OP_RETURN output committing to the hash of
the message as the first output. A fancier implementation could use a
pay-to-pubkey-style commitment (RGB¹ uses something along these lines).


For applications requiring a chain of single-use-seals, you can easily keep two
txouts for seals in your wallet, and alternate them as the chain is extended.


Do you mean to say there didn't previously exist a practical way to implement
them? Or that you've found another way? I'm curious what you mean here.


1) https://github.com/rgb-org/spec

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

  parent reply	other threads:[~2019-08-12 14:40 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-07 13:48 [bitcoin-dev] Bitcoin vaults with anti-theft recovery/clawback mechanisms Bryan Bishop
2019-08-07 20:32 ` Bryan Bishop
2019-08-07 21:19   ` Dustin Dettmer
2019-08-08  2:09     ` Sergio Demian Lerner
2019-08-08  3:03       ` ZmnSCPxj
2019-08-08  0:27 ` ZmnSCPxj
2019-08-08  1:16   ` Bryan Bishop
2019-08-12 14:40 ` Peter Todd [this message]
2019-08-12 15:01 ` Peter Todd
2019-08-13  2:09   ` Bryan Bishop
2019-08-13 14:15     ` Peter Todd
2019-08-13  2:44 ` Praveen Baratam

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190812144023.4mixitkcsrvpb7i6@petertodd.org \
    --to=pete@petertodd$(echo .)org \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=kanzure@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox