Author: Adam Back 2013-05-16 11:32:22
Published on: 2013-05-16T11:32:22+00:00
In this email, Gregory Maxwell discusses the concealment of transactions and quadratic costs in evaluating a private clique's claims. Adam Back contributes his opinions on coin size and verification cost being linear and not quadratic, and offers a tweak to keep committed coin sizes small. He suggests that temporary privacy can be maintained, but peers have technical means to react and defend themselves using longer committed chains if dishonest mining is detected on a significant scale. The seed idea is to make identities public only once they're buried a bit and an aggressive "spend lots of times in committed form" approach will keep dishonest mining in check. Adam also suggests replacing blind-sender, auth-tag, tx-commit with blind-sender, auth-tag, encrypted-tx-commit. To reveal, recipients must simply send the public key per hop, which is ~3x smaller and fixed-size committed coin spends are possible, but public key crypto is probably needed which drops the verification efficiency of standard transactions.
Updated on: 2023-06-06T17:00:11.061468+00:00