📅 Original date posted:2013-05-06
📝 Original message:On Mon, May 06, 2013 at 03:08:57PM -0400, Peter Todd wrote:
>> Hmm: maybe one could use a Brands private credential with offline double
>> spend detection, with the reputation but not coin address of the node
>> disclosed, and the nodes coin address embedded in the proof. Each node
>> could be is own CA, providing a ZKP. If the node ever double spends a coin,
>> it loses its reputation as the coin address is revealed.
>
>Be careful not to mix up the concept of a relay node with someone
>posessing Bitcoins. Node's don't spend coins, people/wallets do.
My comment was to say that a good behaviour bond for a relay node could be
put on an address that is defined as unspendable until such time as an
auditor can prove the node engaged in the undesired behaviour, at which
point the audit receives the payment as part of his proof. Or until the
node ceases to operate. Its a smart contract.
However I added to that, that it is still possible to do that while
preseving privacy, to point out that it is technically possible, for people
to be aware of in their mental toolbox, if it helps solve an otherwise
tricky problem.
So that would be a privacy preserving smart contract, the parties are
unknown, and unknowable (with unconditional security even), but still the
smart contract executes. In some sense a privacy preserving smart-contract
is closer to the real point of Szabo's smart-contract idea because you cant
try to renege on the contract in a conventional court - because you cant
identify your counter-party. Bitcoins privacy feature is fairly weak so
that is probably often not true.
Of course you'd probably need zerocoin to stand much chance of proving an
address private key of an unlinked coin was in the double-spend disclosed
attribute in the first place, and as we know zerocoin is not that efficient.
> Make the node identity expensive to obtain. For instance, construct PoW's
> including the node pubkey somehow,
that could be easily done with the work of creating a vanity address. eg
address containing many leading 0s.
Adam
Adam Back [ARCHIVE] /
npub1ac…lswfj
2023-06-07 15:01:20
in reply to nevent1q…8ljk
Author Public Key
npub1ac86vemj7ce5z8jyxt39rna3tvwql6xd30ha3vxcd6esysp23d9qrlswfjPublished at
2023-06-07 15:01:20Event JSON
{
"id": "4724a0aa9141bd4700d58e26fed9ee860c3775439155c4c83249ca28c438046f",
"pubkey": "ee0fa66772f633411e4432e251cfb15b1c0fe8cd8befd8b0d86eb302402a8b4a",
"created_at": 1686150080,
"kind": 1,
"tags": [
[
"e",
"8f17d7252b4579422dc7433ef0a4296b9c4b424214e310c8a705de524992f8e1",
"",
"root"
],
[
"e",
"d8bab697184c8e1d3f7da043e2a3265691024f2f4437bd89b52864295ea30486",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "📅 Original date posted:2013-05-06\n📝 Original message:On Mon, May 06, 2013 at 03:08:57PM -0400, Peter Todd wrote:\n\u003e\u003e Hmm: maybe one could use a Brands private credential with offline double\n\u003e\u003e spend detection, with the reputation but not coin address of the node\n\u003e\u003e disclosed, and the nodes coin address embedded in the proof. Each node\n\u003e\u003e could be is own CA, providing a ZKP. If the node ever double spends a coin,\n\u003e\u003e it loses its reputation as the coin address is revealed.\n\u003e\n\u003eBe careful not to mix up the concept of a relay node with someone\n\u003eposessing Bitcoins. Node's don't spend coins, people/wallets do.\n\nMy comment was to say that a good behaviour bond for a relay node could be\nput on an address that is defined as unspendable until such time as an\nauditor can prove the node engaged in the undesired behaviour, at which\npoint the audit receives the payment as part of his proof. Or until the\nnode ceases to operate. Its a smart contract.\n\nHowever I added to that, that it is still possible to do that while\npreseving privacy, to point out that it is technically possible, for people\nto be aware of in their mental toolbox, if it helps solve an otherwise\ntricky problem.\n\nSo that would be a privacy preserving smart contract, the parties are\nunknown, and unknowable (with unconditional security even), but still the\nsmart contract executes. In some sense a privacy preserving smart-contract\nis closer to the real point of Szabo's smart-contract idea because you cant\ntry to renege on the contract in a conventional court - because you cant\nidentify your counter-party. Bitcoins privacy feature is fairly weak so\nthat is probably often not true.\n\nOf course you'd probably need zerocoin to stand much chance of proving an\naddress private key of an unlinked coin was in the double-spend disclosed\nattribute in the first place, and as we know zerocoin is not that efficient.\n\n\u003e Make the node identity expensive to obtain. For instance, construct PoW's\n\u003e including the node pubkey somehow,\n\nthat could be easily done with the work of creating a vanity address. eg\naddress containing many leading 0s.\n\nAdam",
"sig": "c2042422be1e51cacb86d54e7af5f2f05342021f8c405f3484a245f53a8d5b928af71ea6db74f1d3ab24c676c9dd350944b0b173653e39563d296e99de12ec7e"
}