Author: Peter Todd 2017-11-14 10:07:28
Published on: 2017-11-14T10:07:28+00:00
Gregory Maxwell, a member of bitcoin-dev, discussed an approach that could be constructed without new cryptographic assumptions, be high-performance compared to alternatives, have no trusted setup, and not involve the creation of any forever-growing unprunable accumulators. He argued that all major alternative schemes failed multiple criteria in comparison. In response to the issue of unprunable accumulators, it was suggested that it would be feasible to use accumulator epochs. This would either make unspent coins in a previous epoch unspendable after some expiry time is reached or make use of a merkelized key-value scheme with transaction-provided proofs to shift the costs of maintaining the accumulator to wallets. The disadvantage of epoch schemes would be reduced k-anonymity set, but if Confidential Transactions proposals were correctly understood, they already had a significantly reduced k-anonymity set per transaction than Zcash theoretically could. Epoch size would be a tradeoff between state size and k-anonymity set size.
Updated on: 2023-06-12T22:09:28.654075+00:00