1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
Return-Path: <jlrubin@mit.edu>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
by lists.linuxfoundation.org (Postfix) with ESMTP id CBFB5C0012
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 18 Dec 2021 02:00:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id C842561106
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 18 Dec 2021 02:00:47 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id CVg7AYU8MfS9
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 18 Dec 2021 02:00:46 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
by smtp3.osuosl.org (Postfix) with ESMTPS id 94A5060EE1
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 18 Dec 2021 02:00:46 +0000 (UTC)
Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com
[209.85.167.51]) (authenticated bits=0)
(User authenticated as jlrubin@ATHENA.MIT.EDU)
by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 1BI20hxu022611
(version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT)
for <bitcoin-dev@lists.linuxfoundation.org>; Fri, 17 Dec 2021 21:00:45 -0500
Received: by mail-lf1-f51.google.com with SMTP id d38so8334287lfv.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 17 Dec 2021 18:00:44 -0800 (PST)
X-Gm-Message-State: AOAM532bf8Bl8l/KhV9i9yONM4/My3h5kDfe+mX8DvUlT0pFAStK47BM
FHM+rVvvAbyjqBRN3NQ7xkGli7p0oLrvlG5qgVE=
X-Google-Smtp-Source: ABdhPJyT7JzlC4JewkhsQIdjK4tI7WaiVTyLrdzZeb3Q/AfN7M/rHijWVpG31q8iSiEhK3o7/9ymG4s+U8OxWSmfFnA=
X-Received: by 2002:a05:6512:1113:: with SMTP id
l19mr5246152lfg.247.1639792843417;
Fri, 17 Dec 2021 18:00:43 -0800 (PST)
MIME-Version: 1.0
References: <CAD5xwhjDBD38Xt=p=AW7XU3OCh0_9nb=-7neXuLcd-VAXJBE-Q@mail.gmail.com>
<BPaAFvgTqtCsxcAr1W_jlvWkHOaRi41GCfdHsblFGmqBVKR20qC18xk89Wh28Cmaf2YGUlN_N9_g9S_ij3bZbhsD_0qaDMcvqV1GdScVoTs=@protonmail.com>
In-Reply-To: <BPaAFvgTqtCsxcAr1W_jlvWkHOaRi41GCfdHsblFGmqBVKR20qC18xk89Wh28Cmaf2YGUlN_N9_g9S_ij3bZbhsD_0qaDMcvqV1GdScVoTs=@protonmail.com>
From: Jeremy <jlrubin@mit.edu>
Date: Fri, 17 Dec 2021 18:00:32 -0800
X-Gmail-Original-Message-ID: <CAD5xwhjDBaQvP89eh4LhYZ3E+8RQycafr9mxeOrFbivd3e=LOw@mail.gmail.com>
Message-ID: <CAD5xwhjDBaQvP89eh4LhYZ3E+8RQycafr9mxeOrFbivd3e=LOw@mail.gmail.com>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Content-Type: multipart/alternative; boundary="000000000000efed7305d36205b3"
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Bitcoin Advent Calendar] Oracles, Bonds,
and Attestation Chains
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Dec 2021 02:00:47 -0000
--000000000000efed7305d36205b3
Content-Type: text/plain; charset="UTF-8"
Yep, these are great points. There is no way to punish signing the wrong
thing directly, just not changing your answers without risk to funds.
One of the interesting things is that upon a single equivocation you get
unbounded equivocation by 3rd parties, e.g., you can completely rewrite the
entire signature chain!
Another interesting point: if you use a musig key for your staking key that
is musig(a,b,c) you can sign with a until you equivocate once, then switch
to b, then c. Three strikes and you're out! IDK what that could be used for.
Lastly, while you can't punish lying, you could say "only the stakers who
sign with the majority get allocated reward tokens for that slot". So you
could equivocate to switch and get tokens, but you'd burn your collateral
for them. But this does make an incentive for the stakers to try to sign
the "correct" statement in line with peers.
--000000000000efed7305d36205b3
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif;color:rgb(0,0,0)">Yep, these are great points. There is =
no way to punish signing the wrong thing directly, just not changing your a=
nswers without risk to funds.</div><div class=3D"gmail_default" style=3D"fo=
nt-family:arial,helvetica,sans-serif;color:rgb(0,0,0)"><br></div><div class=
=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;color:rg=
b(0,0,0)">One of the interesting things is that upon a single equivocation =
you get unbounded equivocation by 3rd parties, e.g., you can completely rew=
rite the entire signature chain!</div><div class=3D"gmail_default" style=3D=
"font-family:arial,helvetica,sans-serif;color:rgb(0,0,0)"><br></div><div cl=
ass=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;color=
:rgb(0,0,0)">Another interesting point: if you use a musig key for your sta=
king key that is musig(a,b,c) you can sign with a until you equivocate once=
, then switch to b, then c. Three strikes and you're out! IDK what that=
could be used for.</div><div class=3D"gmail_default" style=3D"font-family:=
arial,helvetica,sans-serif;color:rgb(0,0,0)"><br></div><div class=3D"gmail_=
default" style=3D"font-family:arial,helvetica,sans-serif;color:rgb(0,0,0)">=
Lastly, while you can't punish lying, you could say "only the stak=
ers who sign with the majority get allocated reward tokens for that slot&qu=
ot;. So you could equivocate to switch and get tokens, but you'd burn y=
our collateral for them. But this does make an incentive for the stakers to=
try to sign the "correct" statement in line with peers.</div></d=
iv>
--000000000000efed7305d36205b3--
|
