Author: Rusty Russell 2016-08-10 02:03:46
Published on: 2016-08-10T02:03:46+00:00
In a mailing list thread, Rusty Russell and Joseph Poon discuss the need for a "filter hint" to avoid an excessive amount of outsourced work. The proposed solution involves pre-computing HMAC by the outsourcer. The outsourcer takes the txid, HMAC(txid+salt1) and encrypts the blob, gives the 32-byte hmac and blob to the watcher, who adds the 32-byte hmac and the blob to a key-value store and when it receives a new block, they HMAC(txid+salt1) all transactions and compare against the key-value store. Russell suggests inserting some randomness in the tx (OP_RETURN? Different addresses each time?) and extracting the input signature from the witness, which is unguessable, as a filter. Poon likes the idea of using one's own input sig as the key for the encrypted blob too, and if Alice is outsourcing Bob's Commitment broadcasts, a hash of her input signature is a solid way to derive a key as well without malleability concerns. However, this rests on the assumption that there are no unknown malleability issues on signatures.
Updated on: 2023-05-24T00:14:41.634032+00:00