Author: Gleb Naumenko 2020-11-26 21:40:46
Published on: 2020-11-26T21:40:46+00:00
Stake Certificates have been proposed as a solution to channel jamming in the Bitcoin ecosystem. These certificates use UTXO ownership proofs called Stake Certificates and are valid for N blocks after proof generation. If the UTXO is spent during those N blocks, new proof can be generated from the same coins without invalidating the old proof. However, an attacker would have to pay an on-chain fee for this. To address this problem, there are some workaround ideas such as having epochs of 100 blocks or expanding the zero-knowledge part to proving that the coins were not yet spent.If spending a UTXO reveals all Stake Certificates generated from it, it would solve the above-mentioned problem but it would mean a retrospective privacy leak. Hence, it is important to prevent this. Malicious Sybil routing nodes failing payments causing other honest routing nodes to reduce the credit of an honest payment sender is another issue that both Stake Certificates and upfront payment schemes suffer from. This problem can be addressed by reducing the reputation of faulty links and routing nodes on the payment sender node or using "provable blaming". The proposed method of Stake Certificates requires commitment to a particular channel UTXO by embedding an ownership proof in the onion packet while sending an HTLC to the routing node. Bob verifies the identifier pointing unambiguously to an on-chain UTXO and the validity of the ownership proof before decrementing Alice's credit balance and relaying the HTLC to Carol. However, this naive protocol is a privacy nightmare since routing nodes can assign every HTLC they forward to the sender's UTXO. To preserve privacy, the scheme could rely on zero-knowledge proofs of UTXO ownership by avoiding pointing to a particular UTXO. The verifier should check that the staked UTXO is an element of the current UTXO set, the prover knows the witness script committed by the UTXO witness program, and the staked UTXO was not used to produce a different Stake Certificate which is currently in use.Stake Certificates, upfront payment schemes, and other potential solutions may be compared based on economic feasibility, integration and making good UX, and protocol design/implementation. Choosing a ZK system for Stake Certificates boils down to picking the right trade-offs of proving and verifying time and assumptions. Several questions remain unresolved, including whether credit spending should be gossiped across the entire network, which zero-knowledge system should be used for Stake Certificates, and what the best credit-to-value-transferred function and lifetime of Stake Certificates are. Stake-based protocols have the potential to solve Sybil challenges in the Bitcoin ecosystem. The next step is a discussion of Stake Certificates to choose a cryptosystem. While Stake Certificates may not be the best near-term solution due to complexity, the zero satoshi overhead for honest payments is an appealing argument to switch to it in the future. Since stake-based protocols can also be useful in other contexts such as Sybil-resistance and proof-of-ownership, discussing Stake Certificates is even more useful.
Updated on: 2023-06-03T03:07:35.552159+00:00