Author: ZmnSCPxj 2019-01-24 10:03:25
Published on: 2019-01-24T10:03:25+00:00
In a recent discussion on the bitcoin-dev mailing list, ZmnSCPxj addressed concerns about a revealed private key for time-locked funds that could create a race to spend. It was suggested that if Bitcoin had implemented RBF (Replace By Fee) properly, such races could be won by bidding up fees. The race would then be won by whoever mines the highest-fee transaction. However, it is still unlikely for the staker to win unless they have significant mining hashpower, which would put the Bitcoin layer at risk anyway.ZmnSCPxj also discussed using fixed R values to prevent multiple signatures but questioned how to derive these values in a way that is unique for each blockheight and can still be used to create signatures or verify them. One possibility is to use standard hierarchical derivation and require the staking pubkey to be revealed as `staking_pubkey = P + hash(P || parent_R) * G`. To sign for a specific blockheight, one must use their public key and the specific R value obtained from hierarchical derivation from parent_R and the blockheight as an index.
Updated on: 2023-06-13T16:42:34.288102+00:00