Author: Dustin Dettmer 2019-01-22 16:33:23
Published on: 2019-01-22T16:33:23+00:00
The discussion on the bitcoin-dev mailing list revolves around a mechanism of using fixed R values to prevent multiple signatures and deriving unique R values for each blockheight that can be used to create signatures or verify. One possibility proposed is to derive R using standard hierarchical derivation and reveal the staking pubkey to the sidechain network as actually being staking_pubkey = P + hash(P || parent_R) * G (possibly with some trivial protection against Taproot). To sign for a blockheight, one must use their public key P and the specific R obtained from hierarchical derivation from parent_R and the blockheight as an index. The conversation also touches on the issue of a revealed private key for time-locked funds creating a race to spend and proposes solutions such as destroying or sending the funds somewhere specific.
Updated on: 2023-06-13T16:41:22.440555+00:00