Author: Rijndael 2022-11-30 22:09:33
Published on: 2022-11-30T22:09:33+00:00
The article delves into the bisection protocol that is used in smart contracts through MATT covenants. This protocol ensures that both parties involved in a transaction provide correct data for a computation step. If one party provides incorrect information, the other can take all the money. It is important to note that this protocol only works if the hash function is collision-free and the computation is deterministic. Script can verify the single step of the operation, which is simple. While the article acknowledges that there are some things missing in the protocol, such as bonds to incentivize cooperation, computing omitted FSM steps, adding additional transitions at every step, and contracting consecutive "forced" steps into a single step, the code and scripts of the protocol are independent of the actual execution and can be precomputed before the initial covenant is created.In a message to Salvatore Ingala, Rijndael asked a question regarding the challenge protocol and execution trace encoding. Rijndael stated that Alice posts a commitment to an execution trace of f(x)=y, x, and y. Bob disagrees with y, so starts the challenge protocol. The dispute protocol finds the leftmost step in Alice and Bob's execution traces that differ, and then rewards the coins to the participant who's "after-value" is computed by the step's operation applied to the "before value". However, if the participants each present valid steps but with different operations, there is still the question of who wins.To ensure that before the challenge protocol starts, the execution trace that Alice posts is for the right computation and not a different computation that yields a favorable result for her, Rijndael asks if there is something to ensure that. Salvatore explains in his response that the bisection's Merkle tree never ends up on-chain and only results in a longer chain of transactions during a challenge. The actual computation trace (and corresponding Merkle tree) is only computed by the parties when they execute the computation. Salvatore provides an example of a simpler game using a protocol that includes a fraud proof to clarify the relationship between the covenant and the bisection protocol. He also details a sample execution of the protocol. The article concludes by noting that while each leaf in the protocol is doing the same operation (doubling a number), arbitrary computations can be decomposed into simple elementary functions.
Updated on: 2023-06-16T03:04:06.776126+00:00