From: Watson Ladd <wbl@uchicago•edu>
To: Gregory Maxwell <gmaxwell@gmail•com>
Cc: bitcoin-development@lists•sourceforge.net
Subject: Re: [Bitcoin-development] Fwd: Proposal for a new opcode
Date: Tue, 6 Mar 2012 18:42:41 -0600 [thread overview]
Message-ID: <CACsn0cm6wgPdNvVr6Q4yS+cGP-kpUJxtXsL1mZS502UTOx8t0g@mail.gmail.com> (raw)
In-Reply-To: <CAAS2fgSHsuhHOXXdAvgLZqF7ozLrzu-2wDikVxd0z6bPiCo+Hg@mail.gmail.com>
On Tue, Mar 6, 2012 at 6:05 PM, Gregory Maxwell <gmaxwell@gmail•com> wrote:
> On Fri, Mar 2, 2012 at 2:57 PM, Watson Ladd <wbl@uchicago•edu> wrote:
>> I am proposing a new opcode for the purposes of anonymous
>> transactions. This new opcode enables scripts to be given proof that
>> the receiver can carry out or has carried out a previous transaction.
>> I'm currently working on a paper that discusses using this opcode for
>> anonymous transactions.
>
> I believe I understand what the opcode does directly— it just
> validates an opaque signautre. I don't understand how it enables
> anonymous transactions.
>
> Can you spell this out for me?
One doesn't use this opcode as the sole thing to secure a transaction.
Instead this opcode prevents double spend attacks against
anonymization schemes. The idea is for Alice to give signatures to the
recipients of funds, all signatures being equivalent. To avoid this
from leading to a double-spend, we use a quorum method based on
showing earlier redemptions happened.
>
> In particular I don't see why it is not, from the perspective of the
> blockchain, isomorphic to a hash locked transaction. (This
> equivalence is more obvious when you think about how lamport
> signtures turn simple hashing into a one time signature).
Because you can't blind a lamport signature, it isn't. I'm searching
for a place to post the current draft: it's not ready for anything
official yet, but does seem to be of interest. Drop me a (offlist)line
if you have ideas about where I can put it.
Sincerely,
Watson Ladd
--
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
next prev parent reply other threads:[~2012-03-07 0:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CACsn0c=P1veYnmXe4E3qU0OC=Xr9Aw6Fy=6Zm0sUAaSBEDvpMA@mail.gmail.com>
2012-03-02 19:57 ` Watson Ladd
2012-03-03 17:55 ` Gavin Andresen
2012-03-05 14:14 ` [Bitcoin-development] " Michael Grønager
2012-03-07 0:05 ` [Bitcoin-development] Fwd: " Gregory Maxwell
2012-03-07 0:42 ` Watson Ladd [this message]
2012-03-21 19:54 ` Gregory Maxwell
[not found] ` <CACsn0cmfwuBpFTTMZ9psOoTKb3ovmAdb=VTSYQ7LJaf8+YzTUg@mail.gmail.com>
2012-03-21 22:02 ` [Bitcoin-development] " Watson Ladd
2012-03-22 0:49 ` Gregory Maxwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACsn0cm6wgPdNvVr6Q4yS+cGP-kpUJxtXsL1mZS502UTOx8t0g@mail.gmail.com \
--to=wbl@uchicago$(echo .)edu \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=gmaxwell@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox