[bitcoin-dev] Lamport scheme (not signature) to economize on L1

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: yurisvb@pm•me
To: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: [bitcoin-dev] Lamport scheme (not signature) to economize on L1
Date: Mon, 18 Dec 2023 01:37:23 +0000	[thread overview]
Message-ID: <nvbG12_Si7DVx9JbnnAvZbNdWk7hDQA23W1TXMkfYoU2iBA95Z1HzRnXgyiwFhDBmdi_rWL0dPllX1M9N9YZPDV47VgYADNd7CQA9CkAuX0=@pm.me> (raw)

[-- Attachment #1.1.1: Type: text/plain, Size: 1700 bytes --]

Dear colleagues,

After having mentioned it in a Twitter Space a few moments ago, I felt the need to share the idea with you even just as a draft. Utilizing Lamport Scheme (not signature) for better byte-efficiency in L1:

1.  Have signing keys consist of the current ECC key AND a Lamport chain;

2.  For signing of a transaction, broadcast a tuple consisting of 

1.  the plain transaction, 
2.  hash of the previous Lamport chain concatenated to the transaction
3.  commitment signed by ECC freezing its UTXO and promising that in a few blocks time the pre image of hash will be published.

4.  a and b (but not c) are buried in coinbase session of a block B1 by miner M1;
5.  If upon maturity, such pre-image is not broadcasted, signed commitment is buried in the next block and executed. As a consequence, frozen UTXO pays B1 for a and b being buried at M1's coinbase and miner M2 for burying it [the commitment] in a block B2 subsequent to maturity;
6.  If pre-image is broadcasted before maturity, it is buried in another block B2', pays for itself, pays M1 for burying a adn b at B1 and pays whatever else was determined in the plain transaction of item 2.a.

The whole point is that, in the typical use case in which pre-image of hash is, in fact, successfully broadcasted before maturity, commitment, the only ECC signature in this protocol is discarded, and only two Lamport hashes end up being buried at L1.

To push economy even further, we could implement a memory-hard hash like Argon2 to do the same entropy-processing trade-off already utilized for passwords, so we could have hashes of, say 12 bytes, making it 24 in total, down from 136 from ECC.

[-- Attachment #1.1.2.1: Type: text/html, Size: 3309 bytes --]

[-- Attachment #1.2: publickey - yurisvb@pm.me - 0x535F445D.asc --]
[-- Type: application/pgp-keys, Size: 1678 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 509 bytes --]

next             reply	other threads:[~2023-12-18  1:37 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-18  1:37 yurisvb [this message]
2023-12-18 12:29 ` Sergio Demian Lerner
2023-12-18 16:45 ` Nagaev Boris
     [not found]   ` <-lH1AcjRwuxfuqLPFOh_oga10Qm12fb7Se9imDeS5ft6CU3y8KTQa3tBP0twJJBFSHgj7FC8EIxvEser3oZdWvkeitRwERQl_cCdgAWtbTU=@pm.me>
     [not found]     ` <CAFC_Vt7B1oV0_uAwKe3NQLWE2jdQ_MF1W4fnVqkf8s=YHyfVyQ@mail.gmail.com>
2023-12-18 22:43       ` yurisvb
2023-12-19  0:45         ` Nagaev Boris
2023-12-19 14:07           ` yurisvb
2023-12-19 17:08             ` Nagaev Boris
2023-12-19 21:22               ` yurisvb
2023-12-20 21:33                 ` Nagaev Boris
2023-12-21 16:07                   ` yurisvb
2023-12-22  4:52                     ` G. Andrew Stone
2023-12-22 15:32                       ` yurisvb
2023-12-23  0:26                         ` yurisvb
2023-12-29  0:30                           ` yurisvb
2023-12-31 17:42                             ` yurisvb
2023-12-31 19:33 ` David A. Harding
2024-01-01 10:17   ` yurisvb
2024-01-01 18:57     ` David A. Harding
2024-01-05 18:02     ` yurisvb
2024-01-05 18:22       ` yurisvb
     [not found] <nvbG12=5FSi7DVx9JbnnAvZbNdWk7hDQA23W1TXMkfYoU2iBA95Z1HzRnXgyiwFhDBmdi=5FrWL0dPllX1M9N9YZPDV47VgYADNd7CQA9CkAuX0=3D@pm.me>
     [not found] ` <ue8nChOuMtyW=5FJM-WxikLpWUSn9I99UHI5ukFVfLOEmQtCo4noetzyVKercbrwjr=5FEqNotDsR1QZ0oijMu11TO2jpEjlJF71OjLlNoZ-00Y=3D@pm.me>
     [not found]   ` <CAFC=5FVt5PcqqcREJ67Jzcg=3DK+Agd02a9f5uSit8LwkYHshbvF7A@mail.gmail.com>
     [not found]     ` <HG9-9VDKRd3-0v0x9QP05=5FCjyk9Y3UW-94A1RHsT3xMQYmb7Y6sk9-wTUlqVZzm6ACigM7aM-B6NB-z6jVCCXhQIGEYkEcBKryzP587FlIo=3D@pm.me>
     [not found]       ` <CAFC=5FVt6vqZkeenfrsqSj4T3+4+L2KMam0o0FeWJ4VzBEWE=3DHfA@mail.gmail.com>
     [not found]         ` <I11FZ=5FZpfwpnQBh5hbBZMHsQt=5FcKwF9My49X4-MMRIYvaJEoIwta-GEaDNN1EtQxST4gQFAvqfOZElDvIpPrlAVknyN52IMnJKNy5kT8sUE=3D@pm.me>
     [not found]           ` <CAHUwRvuyhQDN5RF0ysMAJgWS2V7vv-3yHzKcLspk=5FHzQY=3Dtt2Q@mail.gmail.com>
     [not found]             ` <jGJvlLv4UL13U6aklzwkyRE4XRQtQSK-JZzpevPzyWQhQ4rU84I5fPDSdbtW7ehFzxkLtaOEenMMQAbHslH766qj9DGfb7QlwwXqjGsNRvU=3D@pm.me>
     [not found]               ` <nMFSEupHxGqdH2Z4kSNj-kufM4X=5F=5FUexnJOqC99-KlfT84adaDfPLm66vS6V8Ogphiogz1dvzFEVjM7QO=5Ft9PVR3VqNxZCIvD4C=5FSEtkDfc=3D@pm.me>

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='nvbG12_Si7DVx9JbnnAvZbNdWk7hDQA23W1TXMkfYoU2iBA95Z1HzRnXgyiwFhDBmdi_rWL0dPllX1M9N9YZPDV47VgYADNd7CQA9CkAuX0=@pm.me' \
    --to=yurisvb@pm$(echo .)me \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox