đź“… Original date posted:2023-06-07
🗒️ Summary of this message: Using one-show signatures as double-spend protection is limited by miner-claimable fidelity bonds, which are less effective against adversarial miners.
đź“ť Original message:
> A problem with the idea of using one-show signatures as double-spend
> protection is that miner-claimable fidelity bonds don't work as well
> against adversaries that are not just counterparties but also miners
> themselves.
Hey David,
The fidelity bonds in the Ark context are nothing but the vTXOs themselves, which in simple terms, have two possible closures: (1) a key-path collaborative closure with higher precedence and (2) a script-path closure with lower precedence.
The key-path closure is a 2-of-2 between the rightful owner of the vTXO and the service provider. The script path closure, on the other hand, lets the service provider sweep funds after a relative lock time. The key-path closure has higher precedence over the script-path closure since it can be triggered immediately with a satisfying signature.
If the service provider double-spends a transaction that enforces a one-time signature where Bob is the vendor, Bob can forge the service provider’s signature from the 2-of-2 and can immediately claim his previously-spent vTXO(s). If Alice (or the service provider) is a miner she won’t be able steal funds regardless, since she won’t be able co-sign from the Bob’s key.
Best,
Burak
Burak Keceli [ARCHIVE] /
npub136…gpezn
2023-06-15 00:54:55
in reply to nevent1q…xtm3
Author Public Key
npub136rmper0tszp8xxttyzsa27tjrvx36drtpucg0544mq8cxlha6wshgpeznPublished at
2023-06-15 00:54:55Event JSON
{
"id": "0747fa3504153b3c59e95e79bcb4d98e85f5c59327109ae05d36471cb87e22f7",
"pubkey": "8e87b0e46f5c041398cb59050eabcb90d868e9a35879843e95aec07c1bf7ee9d",
"created_at": 1686790495,
"kind": 1,
"tags": [
[
"e",
"637c96dce499cccc5da5a1d7c30edbd46d958fd25c4c85af2a1d6f0aa1f7e6ef",
"",
"root"
],
[
"e",
"9373ad60b2e99f2d7d6ddee2ea13ac8eb8799e3fc27e2a161eea94c6a7b3fdbc",
"",
"reply"
],
[
"p",
"d3574a24208f4e3d0821bb4a69a0c3ae842043d444fa5c4a8c49c369918a6fb2"
]
],
"content": "📅 Original date posted:2023-06-07\n🗒️ Summary of this message: Using one-show signatures as double-spend protection is limited by miner-claimable fidelity bonds, which are less effective against adversarial miners.\n📝 Original message:\n\u003e A problem with the idea of using one-show signatures as double-spend\n\u003e protection is that miner-claimable fidelity bonds don't work as well\n\u003e against adversaries that are not just counterparties but also miners\n\u003e themselves. \n\nHey David,\n\nThe fidelity bonds in the Ark context are nothing but the vTXOs themselves, which in simple terms, have two possible closures: (1) a key-path collaborative closure with higher precedence and (2) a script-path closure with lower precedence.\n\nThe key-path closure is a 2-of-2 between the rightful owner of the vTXO and the service provider. The script path closure, on the other hand, lets the service provider sweep funds after a relative lock time. The key-path closure has higher precedence over the script-path closure since it can be triggered immediately with a satisfying signature.\n\nIf the service provider double-spends a transaction that enforces a one-time signature where Bob is the vendor, Bob can forge the service provider’s signature from the 2-of-2 and can immediately claim his previously-spent vTXO(s). If Alice (or the service provider) is a miner she won’t be able steal funds regardless, since she won’t be able co-sign from the Bob’s key.\n\nBest,\nBurak",
"sig": "f5a1d06d4dabf9d2983598e96004c6eaa9e676aa384c6351d577ee7d6a304b11d55e23ff8feb09515f699833b9bd15bff3effb8dee4fe630372964f606bd361c"
}