Author: Satoshin 2019-01-22 14:58:25
Published on: 2019-01-22T14:58:25+00:00
In a recent thread on the bitcoin-dev mailing list, ZmnSCPxj proposed using fixed R values to prevent multiple signatures. In response to this, Matt asked how these R values could be derived in a way that is unique for each blockheight but still usable for creating signatures or verifying them. ZmnSCPxj suggested using standard hierarchical derivation and requiring the staking pubkey to be revealed as `staking_pubkey = P + hash(P || parent_R) * G`. To sign for a specific blockheight, one would need to use their public key `P` and the specific `R` value obtained from hierarchical derivation using `parent_R` and the blockheight as an index. The potential downside of this approach is unknown and it is unclear if it adds anything to the blockweight.
Updated on: 2023-06-13T16:40:08.085703+00:00