Published on: 2021-12-18T03:49:15+00:00
In an email exchange, ZmnSCPxj discusses the use of musig keys for staking in a blockchain network. He explains that users can sign with different keys until they equivocate once, after which they must switch to the other keys. This mechanism allows for correcting signing mistakes. However, if a staker equivocates three times, they are disqualified. ZmnSCPxj also proposes a way to incentivize stakers to sign the "correct" statement in line with their peers. Only stakers who sign with the majority receive reward tokens for that slot. This creates an incentive for stakers to try to sign the correct statement, but it also means that stakers who equivocate to switch and get tokens would burn their collateral.The context explores the issue of punishing stakeholders for signing the wrong thing and making changes without risking funds. The author points out that a single equivocation can lead to unbounded equivocation by third parties, allowing for the complete rewriting of the signature chain. Additionally, the use of a musig key for staking means that if an individual equivocates three times, they are disqualified. The author is unsure about the practical implementation of this approach. While lying cannot be punished, stakers who sign with the majority receive reward tokens; however, stakers who equivocate to switch and obtain tokens would burn their collateral. This creates an incentive for stakers to try to sign the correct statement in line with their peers.ZmnSCPxj shares a post discussing how covenants like CTV can address the timeout/rollover issue and collusion issues on punishment in on-chain bitcoin signing oracles. The post also mentions a protocol that enables the creation of "branch-free" attestation chains where equivocation results in burned funds. Robin Linus has written a whitepaper providing further details on these concepts, which is linked in the post. The post emphasizes that bonds are more effective when the bonder cannot recover their funds, and with a covenant, the bonder can definitely lose funds. While an oracle can still lie, it must consistently lie and avoid equivocation. If an oracle signs an invalid sidechain block, it can still do so, but it is prevented from later denying this by signing an alternative valid sidechain block. If the oracle sticks to its initial decision, the sidechain ceases operation, resulting in the loss of funds for sidecoin holders while the bond remains secure.The post provides insights into how covenants like CTV can enhance on-chain bitcoin signing oracles by resolving the timeout/rollover issue and addressing collusion problems on punishment. The author also mentions a protocol that facilitates the creation of "branch-free" attestation chains where equivocation leads to burned funds. Furthermore, the post briefly touches on various applications of these chained attestations. To delve deeper into these concepts, the author includes a link to Robin Linus's whitepaper.
Updated on: 2023-08-02T05:15:37.006176+00:00