š
Original date posted:2019-07-02
š Original message:Sent with ProtonMail Secure Email.
āāāāāāā Original Message āāāāāāā
On Tuesday, July 2, 2019 5:30 PM, Tamas Blummer <tamas.blummer at gmail.com> wrote:
> Hello ZmnSCPxj,
>
> > On Jul 2, 2019, at 10:12, ZmnSCPxj ZmnSCPxj at protonmail.com wrote:
> > As a counterargument, I observe that committing to the advertisement on the UTXO is similar to committing to a SCRIPT on a UTXO.
> > And I observe the Graftroot idea, wherein we commit to a public key on the UTXO, and admit a SCRIPT that is signed by the public key as a SCRIPT that unlocks the UTXO for spending.
> > By analogy, in my "advertising" scheme, instead of committing the advertisement on the UTXO, I can instead commit a public key (for example, the hash of the "advertiser pubkey" is used to tweak the onchain public key).
> > Then we use this advertiser pubkey to admit advertisements on the advertising network.
> > This advertiser pubkey is used to sign an "advertisement chain", which is a merklized singly-linked list whose contents are the actual advertisements, each node being signed using the advertiser pubkey.
> > To ensure that the advertiser does not sign multiple versions of this chain, we can have the signing nonce be derived from the height of the advertchain, such that signing the same height multiple times leads to private key revelation.
>
> The advertiser would thereby put the funds of the HODLer on risk of his misbehavior, which means the HODLer would have to trust the advertizing service.
No it would not :)
Onchain, the locked UTXO would be a 2-of-2 MuSig / 2p-ECDSA of the HODLer and the advertising broker.
The HODLer and advertising broker perform a (mostly-offchain) ritual that ensures that the HODLer gets a `nLockTime` transaction spending from this UTXO and paying it back to the HODLer, and that the advertising broker pays for rent of this UTXO, prior to the UTXO actually appearing onchain.
The UTXO requires both cooperation of HODLer and advertising broker in order to spend, and the HODLer only cares that it gets an `nLockTime` transaction and will no longer cooperate / will permanently delete its share of the key after getting this.
The MuSig / 2p-ECDSA pubkey used will then be tweaked (by addition in MuSig, by multiplication in 2p-ECDSA; the HOLDer need not even learn it, the advertising broker can tweak its pubkey in the Bitcoin-level transaction beforehand) to commit to a hash of the "Advertising pubkey".
Thus I say the UTXO "commits to the advertising pubkey", not "pays to the advertising pubkey".
Indeed, the pubkey of the advertising broker used on the Bitcoin blockchain can be very different from the advertising pubkey used on the advertchain.
This "Advertising pubkey" is the pubkey used in the advertchain.
The actual money on Bitcoin cannot be spent by the broker unilaterally.
However, what advertisement it will commit to on the advertchain, can be controlled unilaterally by the advertising broker.
That is the entire point: the HODLer rents out the UTXO to the advertising broker, relinquishes control over the advertchain, but retaining (eventual) control over the actual Bitcoins.
The advertising broker then has sole control of the advertchain, and can rent it out for smaller timeframes to actual service/product providers.
Regards,
ZmnSCPxj
ZmnSCPxj [ARCHIVE] /
npub1g5ā¦3ms3l
2023-06-07 18:19:05
in reply to nevent1qā¦p0ly
Author Public Key
npub1g5zswf6y48f7fy90jf3tlcuwdmjn8znhzaa4vkmtxaeskca8hpss23ms3lSeen on
wss://relay.noswhere.comPublished at
2023-06-07 18:19:05Event JSON
{
"id": "dd8690b14c2425bb1accfef1ddde8126d1a3f5046c1c2a4c143c7881736529a3",
"pubkey": "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861",
"created_at": 1686161945,
"kind": 1,
"tags": [
[
"e",
"3c9e48adf555bcb684b7db89a8331285e9e31548be31a167a1f1d6aff4b3cbf3",
"",
"root"
],
[
"e",
"4dadbbb3cadbc8d1c90df791c37bd3f1835cf64e5eb011357c610de008e3fc50",
"",
"reply"
],
[
"p",
"c632841665fccdabf021322b1d969539c9c1f829ceed38844fea24e8512962d7"
]
],
"content": "š
Original date posted:2019-07-02\nš Original message:Sent with ProtonMail Secure Email.\n\nāāāāāāā Original Message āāāāāāā\nOn Tuesday, July 2, 2019 5:30 PM, Tamas Blummer \u003ctamas.blummer at gmail.com\u003e wrote:\n\n\u003e Hello ZmnSCPxj,\n\u003e\n\u003e \u003e On Jul 2, 2019, at 10:12, ZmnSCPxj ZmnSCPxj at protonmail.com wrote:\n\u003e \u003e As a counterargument, I observe that committing to the advertisement on the UTXO is similar to committing to a SCRIPT on a UTXO.\n\u003e \u003e And I observe the Graftroot idea, wherein we commit to a public key on the UTXO, and admit a SCRIPT that is signed by the public key as a SCRIPT that unlocks the UTXO for spending.\n\u003e \u003e By analogy, in my \"advertising\" scheme, instead of committing the advertisement on the UTXO, I can instead commit a public key (for example, the hash of the \"advertiser pubkey\" is used to tweak the onchain public key).\n\u003e \u003e Then we use this advertiser pubkey to admit advertisements on the advertising network.\n\u003e \u003e This advertiser pubkey is used to sign an \"advertisement chain\", which is a merklized singly-linked list whose contents are the actual advertisements, each node being signed using the advertiser pubkey.\n\u003e \u003e To ensure that the advertiser does not sign multiple versions of this chain, we can have the signing nonce be derived from the height of the advertchain, such that signing the same height multiple times leads to private key revelation.\n\u003e\n\u003e The advertiser would thereby put the funds of the HODLer on risk of his misbehavior, which means the HODLer would have to trust the advertizing service.\n\nNo it would not :)\n\nOnchain, the locked UTXO would be a 2-of-2 MuSig / 2p-ECDSA of the HODLer and the advertising broker.\nThe HODLer and advertising broker perform a (mostly-offchain) ritual that ensures that the HODLer gets a `nLockTime` transaction spending from this UTXO and paying it back to the HODLer, and that the advertising broker pays for rent of this UTXO, prior to the UTXO actually appearing onchain.\n\nThe UTXO requires both cooperation of HODLer and advertising broker in order to spend, and the HODLer only cares that it gets an `nLockTime` transaction and will no longer cooperate / will permanently delete its share of the key after getting this.\n\nThe MuSig / 2p-ECDSA pubkey used will then be tweaked (by addition in MuSig, by multiplication in 2p-ECDSA; the HOLDer need not even learn it, the advertising broker can tweak its pubkey in the Bitcoin-level transaction beforehand) to commit to a hash of the \"Advertising pubkey\".\nThus I say the UTXO \"commits to the advertising pubkey\", not \"pays to the advertising pubkey\".\nIndeed, the pubkey of the advertising broker used on the Bitcoin blockchain can be very different from the advertising pubkey used on the advertchain.\n\nThis \"Advertising pubkey\" is the pubkey used in the advertchain.\n\nThe actual money on Bitcoin cannot be spent by the broker unilaterally.\n\nHowever, what advertisement it will commit to on the advertchain, can be controlled unilaterally by the advertising broker.\nThat is the entire point: the HODLer rents out the UTXO to the advertising broker, relinquishes control over the advertchain, but retaining (eventual) control over the actual Bitcoins.\nThe advertising broker then has sole control of the advertchain, and can rent it out for smaller timeframes to actual service/product providers.\n\n\nRegards,\nZmnSCPxj",
"sig": "fafeec387e8a20c9fc3dc53b454f6a6a4e4517756caf4ee98aff57d7d772ea7a063c779b8164e46c6bd159250717a19f4ad15bb8132e70dbc03017734f621845"
}