1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
Return-Path: <john.tromp@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 97181B7A
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 19 Sep 2019 15:47:25 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ot1-f48.google.com (mail-ot1-f48.google.com
[209.85.210.48])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 27C6F711
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 19 Sep 2019 15:47:25 +0000 (UTC)
Received: by mail-ot1-f48.google.com with SMTP id b2so3483996otq.10
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 19 Sep 2019 08:47:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc:content-transfer-encoding;
bh=8uIu5CvSESqImzKSwTa91vQf+QhlO3JkjKQXyG2EWY4=;
b=jnZWMa1+9OjZIZLrxvnr/l8Z/YVRvfjyJwI1pdbK0B/kAaFRCSK2mvhAk2GWdDh8+m
FItuZtcWDLovcNmZJzw2uTpiLuEkQxHvbGhGJLeuWfA2++ZNT7xIYoJ59D60BdYPhizm
YkvaYPtM+wK8TpdSVcRQUGkf7Zea2UzFNkkUaISUGsKF30qv2kzK6q9Xbnf9hDESicD6
A9G+ExWu4sWjnbbUpCtrLLk3oa0jxR572TYT1sTMhPjWfa0LzHgtyW9oUPL+x1i7m9vf
BpSK8sQo8OxcMPcnwUy2TEdVNOD/7KciEvrdEXqeUhvrRgR+hBejgDBsaChCR7DbKsAj
eO3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc:content-transfer-encoding;
bh=8uIu5CvSESqImzKSwTa91vQf+QhlO3JkjKQXyG2EWY4=;
b=nKhqnP4OGl2/a86+JmsLd5pMmJcQMW3/ImK9/dAC8TiCGCgQTUWkUCbAdwiG4hpQEA
NPMyFdgkJtRrLLsnvn29DCeoNjTMIVS272U/xGk/tqk97HHBhUC7wjKj8b6nNN8g/hMv
VoxDEWZFWR8hH4cW0HX6+xFV05+CU8HCALl5H2LnqFwk63VE/G8Dc5O3ZlIPzdFyJxD+
5u4AwFWSzmKZjG1U+LlZMBgyXdUG8zZHUHOCWLrdn8sA+vOpuiOeMypg3Okaci03yQbZ
bJFQTUA9fGg3fTammf+5LXmOBJk5+zh71NhEBHcec/qkYiKGMnj/haCZjNey2+lrAzWf
QeBA==
X-Gm-Message-State: APjAAAWV+I/4hiPMd+/UX7bT4/R+PBQPseLZIO+nqvBgUwqmp79GNG1p
dP5MCH9KhtQkRE2x6B4zbXCd9MkBsmydczAHhg==
X-Google-Smtp-Source: APXvYqzhILnRXkLMbIm1OYgnt2IRHXRcj6T7JgRh7RHCbyGfK4moSTdBD38H0VzjjWMxxVd5I1pSTlC2khk8aDo6UoU=
X-Received: by 2002:a9d:7d17:: with SMTP id v23mr1743857otn.81.1568908044353;
Thu, 19 Sep 2019 08:47:24 -0700 (PDT)
MIME-Version: 1.0
References: <mailman.1791.1568888841.8631.bitcoin-dev@lists.linuxfoundation.org>
<CAOU__fw11EmAJzay7-H7X3my5+xNGGo_BS6_1hphauPXTgbw8Q@mail.gmail.com>
<IQ52_xPiESoJFzOk3QzRDJth00dtYquOnBkG3NXrORK0FrmIaCXf0Gxrnv-AYV94Q0sRLt03ejZyhOk3ZMhnPikoIkvG77ZRqhBbl86QucU=@protonmail.com>
In-Reply-To: <IQ52_xPiESoJFzOk3QzRDJth00dtYquOnBkG3NXrORK0FrmIaCXf0Gxrnv-AYV94Q0sRLt03ejZyhOk3ZMhnPikoIkvG77ZRqhBbl86QucU=@protonmail.com>
From: John Tromp <john.tromp@gmail.com>
Date: Thu, 19 Sep 2019 17:47:12 +0200
Message-ID: <CAOU__fznZ4EznXPoiM5E2HaTzafZQ3dKQmXHOPaG8PzASiOFcg@mail.gmail.com>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 19 Sep 2019 15:52:54 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Timelocks and Lightning on MimbleWimble
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 15:47:25 -0000
dear ZmnSCPxj,
> Which I suppose is my point: you lose some of the "magic shrinking blockc=
hain" property in implementing relative locktimes, as you now increase the =
data you have to store forever (i.e. the kernels).
The "magic shrinking" of MW never applied to kernels. To validate the
current UTXO set, you need to validate *all* the kernels, each of
which is a Pedersen commitment to zero together with a Schnorr
signature using said commitment as public key. Then you need to check
that the sum of UTXO commitments (outputs) minus the summed block
rewards times G (inputs) equals the sum of kernel commitments.
Basically, the same check that is applied to individual transactions.
> It seems to me that Poon-Dryja and Decker-Wattenhofer can be "directly" p=
orted over to any MimbleWimble blockchain with relative locktimes.
> Reference [5] seems to be Poon-Dryja ported over to using relative lockti=
mes for MimbleWimble.
Yes, Beam's design is a straightforward port of Poon-Dryja.
> Decker-Russell-Osuntokun ("eltoo") is harder due to the `SIGHASH_NOINPUT`=
requirement.
> I have tried to derive an equivalent to this `SIGHASH_NOINPUT` somehow by=
considering that the "reference to previous kernel" as being akin to the B=
itcoin transaction input referring to a previous output, however it seems t=
o be not easy to create a retargatable "reference to previous kernel" in th=
is way.
The Grin "Elder channel" design of [3] is similar in spirit to eltoo
though, as the revocation transaction can be combined with the final
close transaction to counter any closing attempt to an obsolete state.
The design also offers some bandwidth savings compared to the
Poon-Dryja design.
> In any case, it seems to me that the loss of SCRIPT does not prevent a Mi=
mbleWimble blockchain from using an offchain updateable cryptocurrency syst=
em.
Correct; lack of scripts is not as much of a handicap for MW as it
appears. Multi-sig, atomic swaps, and payment channels are all
possible.
regards,
-John
|