Author: Rusty Russell 2015-11-20 01:35:46
Published on: 2015-11-20T01:35:46+00:00
Mats Jerratsch suggested using EC keys to achieve similar results without using SNARKS. By switching from preimage-hash verification to privatekey-publickey, the arithmetic operations inherited from the elliptic curve field can be used. Assuming two keypairs K1(Q, q) and K2(R, r), with a scalar p such that r = p * q and R = r * G = ( p * q ) * G = p * ( q * G ) = p * Q. The two private keys are related by p. However, there is currently no way to enforce a payment with a priv/pub key pair. A new operator OP_CHECKPRIVPUBKEYPAIR or similar that pops two items from the stack could be introduced or an OP_FFMUL to do multiply over a finite field and check the result, too. With the segregated witness proposal, introducing new opcodes is easy, so maybe someone would prefer open-coding it like this.
Updated on: 2023-05-23T21:29:52.208091+00:00