Author: Peter Todd 2017-09-13 10:03:28
Published on: 2017-09-13T10:03:28+00:00
In a bitcoin-dev email thread, Gregory Maxwell posed the question of whether there is a solution to the problem that pool inputs are non-reorg safe without creating something like a maturity limit for shielded to unshielded. The issue is that CT signatures do not sign which pool input they're using. An implementation could have the exact CT pool input be something miners add; the CT transactions broadcast on the P2P network wouldn't actually need them. Wallets would pick the input at random. This reduces the reorg risk to double-spends. The best solution so far is to support unshielded coins in shielded space too and only transition out of the pool when paying to a legacy wallet. By allowing everyone to "use" CT, even unshielded outputs, it can be ensured that this isn't a problem. Note that the order in which outputs in the pool are spent can be deterministic and constraints can be placed on how miners could txids to make reorgs relatively safe.
Updated on: 2023-06-12T18:44:17.095293+00:00