Published on: 2013-05-16T14:51:09+00:00
In May 2013, Adam Back suggested the use of fixed size committed coin spends for better cryptography. The system involved using blind-sender, auth-tag, and encrypted-tx-commit with pub key P = xG, G = base point. To solve the issue of earlier committed spend chains forcing a reveal for someone later, K_i was used for different spends and included in the encrypted-tx-commit. The proposal aimed to improve the clarity of key derivation by suggesting the use of a KDF like IEEE P1363 KDF2 or PKCS#5 PBKDF2 with 1 iteration.Gregory Maxwell discussed the concealment of transactions and quadratic costs in evaluating a private clique's claims. Adam Back contributed his opinions on coin size, verification cost being linear, and offered a tweak to keep committed coin sizes small. He suggested that temporary privacy could be maintained, but peers have technical means to react and defend themselves if dishonest mining is detected. He proposed replacing tx-commit with encrypted-tx-commit to reduce the size of public keys required for each hop.In an email conversation, Gregory Maxwell proposed a coin spending system involving txouts that pay P2SH addresses with an OP_PUSH nonce. The recipient would be provided with the nonce out of band and when they spend the coins, they provide the script but not the nonce. This proposal aimed to make identities public only once they're buried a bit and bound the growth of proofs. The implementation had potential attacks on publication for 'tainted' transactions, but it was considered an interesting idea.Mike Hearn asked about Adamcoin and its similarity to Zerocoin. The key difference was that Zerocoin completely conceals the connection forever, while Adamcoin only conceals transactions from those not involved. The conversation highlighted the quadratic costs in evaluating a private clique's claims and the need to make identities public once they're buried a bit to mitigate this issue.Gavin and Gregory Maxwell discussed Adam Back's proposal to hide coins being spent on the Bitcoin network. The proposal involved using blinded payments, but there were complications such as anti-DOS issues and strange economic implications. The conversation also touched on the possibility of miner cartels trying to exclude transactions but concluded that it might not become a big issue.The writer proposed using committed transactions to improve Bitcoin scalability by reducing network bandwidth. They suggested using blind-sender, auth-tag, and tx-commit in the commitment to prevent non-blind double spends. The committed coins were not linkable to non-blind coins, giving users more control over policy. The writer also mentioned the possibility of adding tracing to privacy-preserving protocols.Caleb James DeLisle wrote about using bit-commitments based on deterministic one-way functions. These commitments ensured no non-blind double spends of committed coins until commitment reveal. The committed coins were not linkable to non-blind coins, putting policy control in the user's hands. The writer emphasized the need for more time to fully understand the implications of this proposal.Peter Todd expressed concerns about the vulnerability of Bitcoin protocol to 51% attacks. Adam Back argued that protocol voting is a vote per user policy preference, making it difficult for miners to impose arbitrary policies. He suggested that the blind commitment proposal could fix this issue by preventing even a 99% quorum from imposing policies. The feasibility of protocol voting attacks was considered an open question.An email exchange between Adam Back and Peter Todd discussed the vulnerability of protocols in the Bitcoin network. Todd raised concerns about the lack of chargebacks in Bitcoin, which could create issues in kidnap and ransom cases. The conversation predicted potential government actions and their impact on Bitcoin.In an email, Adam Back proposed a simple, efficient, and easy-to-implement symmetric key commitment protocol that could improve the Byzantine generals problem in Bitcoin. This commitment protocol would remove the need for honest nodes and enable transactions to be accepted without relying on CPU power. The approach was composable, and the network wouldn't learn the size of the transaction even though the spend grows each time.
Updated on: 2023-08-01T04:53:43.242782+00:00