Return-Path: <sridhar87@gmail.com>
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 8327BC07FF
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 22:18:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by whitealder.osuosl.org (Postfix) with ESMTP id 76B44869CB
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 22:18:31 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id nNbpoh4BFb69
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 22:18:30 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com
[209.85.208.54])
by whitealder.osuosl.org (Postfix) with ESMTPS id 31929869CA
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 22:18:30 +0000 (UTC)
Received: by mail-ed1-f54.google.com with SMTP id t9so16802172edq.8
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 14:18:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=MA60qgdwHV7UBw2Ni84alQCYNCZJu9O11BQ45ukFtyI=;
b=KN+wMJ3EvFkITxShovytmDItaieHBVxoPdlhRrvZAzi8ndBwkOiWRhSJyUAGFpm62b
YnYxk1Lf23o355IMK27F7dHygfyNECXmv2BdZRfAWk5LmA9+Hx7OYIj2EQ6uWKm0bZUU
hIX5Rezq3g42dytcOK2kqj9n7ecSSCNlu9r6NueGZ1RH8KyMKtLjVBvm1GkqIm3l9nvq
5C7iw6wlVKskT+nBkoG+rduRV5dlsoLJz3SvZrpiPdpx+Va/YcN77GjDO10FloZ9VZIh
uwmQ4pNZakbhfUj7EKhaMDs1dWVrZRszc14nrGHC7kn5mTAzo2KzwnSYUqIHDCNqfjIB
Nw2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=MA60qgdwHV7UBw2Ni84alQCYNCZJu9O11BQ45ukFtyI=;
b=qdQCk2/xOInQgzTKZGOXp8yB98tj8lAoWxY0R3PrFc4f4vBLIQpPlxhRGUKmpFqswo
OsL9ukY1Buj1vJkma2u+Bj0SPOLRT3lyzYTvF3hB8JCYMzUqw5rVTNWgMV+cokfaT0qa
gVyogxZn9m5L1vSP4Rh7OGft9LSTpUpVSV2wOs63nyY7sus8VFASS9czLGFv70/YN8Ll
HoCaVI8bIHxjySraUVJ5GWvjjC/8JNWRyFlHL6hc/l49kQ90MmyJTUlvVYpIcHVysG2o
W3k0S1g+A1aiGewx6RV8gH1Lw5lM9l7LkcQWsaGMGoiZ0BigI6f7hnd3RMEX7apb4U2F
r2Qw==
X-Gm-Message-State: AOAM531elWBKFgOGkmtB0JzEb391BqqAWfbIyapmauQU9E5WabZTyjFJ
jm1w0RE5qjL0RqUUrn5VKdiKkTp4rFX6R0ZathO+GrWpbe9kiMNU
X-Google-Smtp-Source: ABdhPJxvhFBEfZOA2kfnZUeAPbrCyotkyHvApGSGstpY8ykoXzmveUovv4ZejLoDpY8Lixz23eYLIyhu479hh0C/lqo=
X-Received: by 2002:a50:9fe6:: with SMTP id c93mr12770246edf.30.1605478708300;
Sun, 15 Nov 2020 14:18:28 -0800 (PST)
MIME-Version: 1.0
From: Sridhar G <sridhar87@gmail.com>
Date: Sun, 15 Nov 2020 23:18:17 +0100
Message-ID: <CAF8yEM_gur=r2WvQ=y3bE53cfds=gQT3se-GAspHvMQzUnW-9Q@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary="0000000000001a50bd05b42ca4f5"
X-Mailman-Approved-At: Sun, 15 Nov 2020 23:03:55 +0000
Subject: [bitcoin-dev] CoinPools based on m-of-n Schnorr aggregated
signatures
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2020 22:18:31 -0000
--0000000000001a50bd05b42ca4f5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi everyone,
N-of-n multisig transaction using Schnorr aggregate signature is trivial
and is similar to the current P2PKH. I would like to propose a model for
m-of-n multisig transactions using Schnorr aggregate signatures and use
this to enable CoinPools for off-chain scalability.
1. Creating the pool
A transaction is made on the bitcoin network with an output having the
following script:
<pub_key_1> <pub_key_2> <pub_key_3> .. <pub_key_N> N M OP_POOL
Bitcoin network will create a =E2=80=98pool=E2=80=99 with all the =E2=80=98=
N=E2=80=99 public keys and note
down the threshold M for this pool. This UTXO would be referred as <POOL_ID=
>
2. Depositing money to pool
Deposits can be made to a pool with <POOL_ID> with the following script
<POOL_ID> OP_LOAD_POOL_AGG_PUB_KEY OP_CHECKSIG
3. Redeeming money from pool
Redeem script would contain the aggregated signature from all signers and
the bitmap of signers.
*<AGG_SIG> <SIGNERS_BITMAP>* <POOL_ID> OP_LOAD_POOL_AGG_PUB_KEY
OP_CHECKSIG
With <AGG_SIG> <SIGNERS_BITMAP> provided by the person that redeems money
from a pool, where
<AGG_SIG> - is the aggregated signature
<SIGNERS_BITMAP> - Is a bitmap representing whether the member of the pool
at position 'i' of bitmap has signed or not(1 =3D signed, 0 - has not signe=
d)
So we will be introducing two new opcodes:
1.
OP_POOL - this will be used to create a new coin pool.
2.
OP_LOAD_POOL_AGG_PUB_KEY - This opcode does three things
1.
loads the pool (POOL_ID)
2.
checks if there are atleast 'm' signers (based on SIGNERS_BITMAP)
3.
aggregates the public key of the signers. (based on SIGNERS_BITMAP)
The opcode uses the top two elements from the stack- the first
element from the stack specifies the POOL_ID to load, which will load the
public keys from the pool. This opcode also checks if there are =E2=80=98M=
=E2=80=99
signers(as specified at the time of creation of the pool) and aggregates
the public keys that have signed based on SIGNERS_BITMAP using Schnorr
aggregate signature scheme and puts back this aggregated public key onto
the stack.
SIGNERS_BITMAP is a 32 byte value, and represents a bitmap of which public
keys from the pool have signed the transaction.
Having this scheme would enable-
1.
Scalability of m-of-n multisig transactions - People can deposit money
to a pool(with 32 byte SIGNERS_BITMAP, we can allow for 256 possible
signers).
2.
Trust minimized off-chain scalability solutions due to the use of a
sufficiently large pool of signers. Most existing pools might allow for
only a few signers as having many signers would mean higher transaction
cost.
Downsides:
1.
We need to have the public keys of the members of the pool exposed.
Despite the downsides of exposing public keys, do you think this would be a
viable scheme for enabling CoinPool for the Bitcoin network? Or, any scheme
that may expose public keys is a no-go in the Bitcoin network?
Thanks! Looking for your feedback and thoughts on this.
-Sridhar
--0000000000001a50bd05b42ca4f5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-920b9d27-7fff-fe08-1e=
5b-08c1713fbbde"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(=
0,0,0);background-color:transparent;font-variant-numeric:normal;font-varian=
t-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Hi everyo=
ne,</span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;m=
argin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb=
(0,0,0);background-color:transparent;font-variant-numeric:normal;font-varia=
nt-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">N-of-n m=
ultisig transaction using Schnorr aggregate signature is trivial and is sim=
ilar to the current P2PKH. I would like to propose a model for m-of-n multi=
sig transactions using Schnorr aggregate signatures and use this to enable =
CoinPools for off-chain scalability.</span></p><br><p dir=3D"ltr" style=3D"=
line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size=
:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-=
weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;verti=
cal-align:baseline;white-space:pre-wrap">1. Creating the pool</span></p><p =
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><sp=
an style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-co=
lor:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;=
vertical-align:baseline;white-space:pre-wrap">A transaction is made on the =
bitcoin network with an output having the following script:</span></p><br><=
p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-=
color:transparent;font-variant-numeric:normal;font-variant-east-asian:norma=
l;vertical-align:baseline;white-space:pre-wrap"><pub_key_1> <pub_k=
ey_2> <pub_key_3> .. <pub_key_N> N M OP_POOL</span></p><br><=
p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-=
color:transparent;font-variant-numeric:normal;font-variant-east-asian:norma=
l;vertical-align:baseline;white-space:pre-wrap">Bitcoin network will create=
a =E2=80=98pool=E2=80=99 with all the =E2=80=98N=E2=80=99 public keys and =
note down the threshold M for this pool. This UTXO would be referred as <=
;</span><span style=3D"font-size:10.5pt;font-family:Arial;background-color:=
rgb(248,249,250);font-variant-numeric:normal;font-variant-east-asian:normal=
;vertical-align:baseline;white-space:pre-wrap">POOL_ID></span></p><br><p=
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><s=
pan style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-c=
olor:transparent;font-weight:700;font-variant-numeric:normal;font-variant-e=
ast-asian:normal;vertical-align:baseline;white-space:pre-wrap">2. Depositin=
g money to pool</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-t=
op:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;c=
olor:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;fo=
nt-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">=
Deposits can be made to a pool with <POOL_ID> with the following scri=
pt</span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(=
0,0,0);background-color:transparent;font-variant-numeric:normal;font-varian=
t-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><</spa=
n><span style=3D"font-size:10.5pt;font-family:Arial;background-color:rgb(24=
8,249,250);font-variant-numeric:normal;font-variant-east-asian:normal;verti=
cal-align:baseline;white-space:pre-wrap">POOL_ID</span><span style=3D"font-=
size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;f=
ont-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:ba=
seline;white-space:pre-wrap">> OP_LOAD_POOL_AGG_PUB_KEY </span><span sty=
le=3D"font-size:10.5pt;font-family:Arial;background-color:rgb(248,249,250);=
font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:b=
aseline;white-space:pre-wrap">OP_CHECKSIG</span></p><br><p dir=3D"ltr" styl=
e=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font=
-size:10.5pt;font-family:Arial;background-color:rgb(248,249,250);font-weigh=
t:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-a=
lign:baseline;white-space:pre-wrap">3. Redeeming money from pool</span></p>=
<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
<span style=3D"font-size:10.5pt;font-family:Arial;background-color:rgb(248,=
249,250);font-variant-numeric:normal;font-variant-east-asian:normal;vertica=
l-align:baseline;white-space:pre-wrap">Redeem script would contain the aggr=
egated signature from all signers and the bitmap of signers.</span></p><br>=
<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
<span style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background=
-color:transparent;font-variant-numeric:normal;font-variant-east-asian:norm=
al;vertical-align:baseline;white-space:pre-wrap"><b><AGG_SIG> <SIG=
NERS_BITMAP></b> <POOL_ID>=C2=A0 OP_LOAD_POOL_AGG_PUB_KEY=C2=A0 </=
span><span style=3D"font-size:10.5pt;font-family:Arial;background-color:rgb=
(248,249,250);font-variant-numeric:normal;font-variant-east-asian:normal;ve=
rtical-align:baseline;white-space:pre-wrap">OP_CHECKSIG</span></p><p dir=3D=
"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span sty=
le=3D"font-size:10.5pt;font-family:Arial;background-color:rgb(248,249,250);=
font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:b=
aseline;white-space:pre-wrap"><br></span></p><p style=3D"line-height:1.38;m=
argin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10.5pt;font-famil=
y:Arial;background-color:rgb(248,249,250);font-variant-numeric:normal;font-=
variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Wit=
h <AGG_SIG> <SIGNERS_BITMAP> provided by the person that redeem=
s money from a pool, where</span></p><p style=3D"line-height:1.38;margin-to=
p:0pt;margin-bottom:0pt"><span style=3D"font-size:10.5pt;font-family:Arial;=
background-color:rgb(248,249,250);font-variant-numeric:normal;font-variant-=
east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><AGG_SIG=
> - is the aggregated signature</span></p><p style=3D"line-height:1.38;m=
argin-top:0pt;margin-bottom:0pt"><SIGNERS_BITMAP> - Is a bitmap repre=
senting whether the member of the pool at position 'i' of bitmap ha=
s signed or not(1 =3D signed, 0 - has not signed)</p><p style=3D"line-heigh=
t:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p style=3D"line-height:1.=
38;margin-top:0pt;margin-bottom:0pt"><br></p><p dir=3D"ltr" style=3D"line-h=
eight:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10.5p=
t;font-family:Arial;color:rgb(34,34,34);background-color:rgb(248,249,250);f=
ont-weight:400;font-style:normal;font-variant:normal;text-decoration:none;v=
ertical-align:baseline;white-space:pre-wrap">So we will be introducing two =
new opcodes:</span></p><ol style=3D"margin-top:0px;margin-bottom:0px"><li d=
ir=3D"ltr" style=3D"list-style-type:decimal;font-size:10.5pt;font-family:Ar=
ial;color:rgb(34,34,34);background-color:transparent;font-weight:400;font-s=
tyle:normal;font-variant:normal;text-decoration:none;vertical-align:baselin=
e;white-space:pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;=
margin-bottom:0pt"><span style=3D"font-size:10.5pt;font-family:Arial;color:=
rgb(34,34,34);background-color:rgb(248,249,250);font-weight:400;font-style:=
normal;font-variant:normal;text-decoration:none;vertical-align:baseline;whi=
te-space:pre-wrap">OP_POOL - this will be used to create a new coin pool.</=
span></p></li><li dir=3D"ltr" style=3D"list-style-type:decimal;font-size:10=
.5pt;font-family:Arial;color:rgb(34,34,34);background-color:transparent;fon=
t-weight:400;font-style:normal;font-variant:normal;text-decoration:none;ver=
tical-align:baseline;white-space:pre"><p dir=3D"ltr" style=3D"line-height:1=
.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-fa=
mily:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;fo=
nt-style:normal;font-variant:normal;text-decoration:none;vertical-align:bas=
eline;white-space:pre-wrap">OP_LOAD_POOL_AGG_PUB_KEY - This opcode does thr=
ee things</span></p></li><ol style=3D"margin-top:0px;margin-bottom:0px"><li=
dir=3D"ltr" style=3D"list-style-type:lower-alpha;font-size:11pt;font-famil=
y:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-=
style:normal;font-variant:normal;text-decoration:none;vertical-align:baseli=
ne;white-space:pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:r=
gb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;fo=
nt-variant:normal;text-decoration:none;vertical-align:baseline;white-space:=
pre-wrap">loads the pool (POOL_ID)</span></p></li><li dir=3D"ltr" style=3D"=
list-style-type:lower-alpha;font-size:11pt;font-family:Arial;color:rgb(0,0,=
0);background-color:transparent;font-weight:400;font-style:normal;font-vari=
ant:normal;text-decoration:none;vertical-align:baseline;white-space:pre"><p=
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><s=
pan style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-c=
olor:transparent;font-weight:400;font-style:normal;font-variant:normal;text=
-decoration:none;vertical-align:baseline;white-space:pre-wrap">checks if th=
ere are atleast 'm' signers (based on SIGNERS_BITMAP)</span></p></l=
i><li dir=3D"ltr" style=3D"list-style-type:lower-alpha;font-size:11pt;font-=
family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;=
font-style:normal;font-variant:normal;text-decoration:none;vertical-align:b=
aseline;white-space:pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-to=
p:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;co=
lor:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:norm=
al;font-variant:normal;text-decoration:none;vertical-align:baseline;white-s=
pace:pre-wrap">aggregates the public key of the signers. (based on SIGNERS_=
BITMAP)</span></p></li></ol></ol><p style=3D"line-height:1.38;margin-top:0p=
t;margin-bottom:0pt"><span id=3D"gmail-docs-internal-guid-f9c86549-7fff-0d3=
7-f786-683b00720058"><span style=3D"font-size:11pt;font-family:Arial;color:=
rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-va=
riant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0The opcode uses the top two elements from =
the stack- the first element from the stack specifies the POOL_ID to load, =
</span><span style=3D"font-size:10.5pt;font-family:Arial;color:rgb(0,0,0);b=
ackground-color:rgb(248,249,250);font-variant-numeric:normal;font-variant-e=
ast-asian:normal;vertical-align:baseline;white-space:pre-wrap">which will l=
oad the public keys from the pool. </span><span style=3D"font-size:11pt;fon=
t-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-n=
umeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-=
space:pre-wrap">This opcode also checks if there are =E2=80=98M=E2=80=99 si=
gners(as specified at the time of creation of the pool) and aggregates the =
public keys that have signed based on SIGNERS_BITMAP using Schnorr aggregat=
e signature scheme and puts back this aggregated public key onto the stack.=
</span></span><br></p><p style=3D"line-height:1.38;margin-top:0pt;margin-bo=
ttom:0pt"><br></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;m=
argin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb=
(0,0,0);background-color:transparent;font-variant-numeric:normal;font-varia=
nt-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">SIGNERS_=
BITMAP is a 32 byte value, and represents a bitmap of which public keys fro=
m the pool have signed the transaction.</span></p><br><p dir=3D"ltr" style=
=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-=
size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;f=
ont-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:ba=
seline;white-space:pre-wrap">Having this scheme would enable-</span></p><ol=
style=3D"margin-top:0px;margin-bottom:0px"><li dir=3D"ltr" style=3D"list-s=
tyle-type:decimal;font-size:11pt;font-family:Arial;color:rgb(0,0,0);backgro=
und-color:transparent;font-variant-numeric:normal;font-variant-east-asian:n=
ormal;vertical-align:baseline;white-space:pre"><p dir=3D"ltr" style=3D"line=
-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11p=
t;background-color:transparent;font-variant-numeric:normal;font-variant-eas=
t-asian:normal;vertical-align:baseline;white-space:pre-wrap">Scalability of=
m-of-n multisig transactions - People can deposit money to a pool(with 32 =
byte SIGNERS_BITMAP, we can allow for 256 possible signers).</span></p></li=
><li dir=3D"ltr" style=3D"list-style-type:decimal;font-size:11pt;font-famil=
y:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:=
normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:p=
re"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0=
pt"><span style=3D"font-size:11pt;background-color:transparent;font-variant=
-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;whit=
e-space:pre-wrap">Trust minimized off-chain scalability solutions due to th=
e use of a sufficiently large pool of signers. Most existing pools might al=
low for only a few signers as having many signers would mean higher transac=
tion cost.</span></p></li></ol><br><p dir=3D"ltr" style=3D"line-height:1.38=
;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-famil=
y:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:=
normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:p=
re-wrap">Downsides:</span></p><ol style=3D"margin-top:0px;margin-bottom:0px=
"><li dir=3D"ltr" style=3D"list-style-type:decimal;font-size:11pt;font-fami=
ly:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric=
:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:=
pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:=
0pt"><span style=3D"font-size:11pt;background-color:transparent;font-varian=
t-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;whi=
te-space:pre-wrap">We need to have the public keys of the members of the po=
ol exposed.</span></p></li></ol><br><p dir=3D"ltr" style=3D"line-height:1.3=
8;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-fami=
ly:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric=
:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:=
pre-wrap">Despite the downsides of exposing public keys, do you think this =
would be a viable scheme for enabling CoinPool for the Bitcoin network? Or,=
any scheme that may expose public keys is a no-go in the Bitcoin network?<=
/span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bo=
ttom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);=
background-color:transparent;font-variant-numeric:normal;font-variant-east-=
asian:normal;vertical-align:baseline;white-space:pre-wrap"><br></span></p><=
p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=
=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:tran=
sparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical=
-align:baseline;white-space:pre-wrap">Thanks! Looking for your feedback and=
thoughts on this.</span></p><p style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(=
0,0,0);background-color:transparent;font-variant-numeric:normal;font-varian=
t-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">-Sridhar<=
/span></p></span><br class=3D"gmail-Apple-interchange-newline"></div>
--0000000000001a50bd05b42ca4f5--