← Back to team overview

mimblewimble team mailing list archive

Re: Scriptless scripting and deniable swaps


> The people constructing the locktimes are depending on the security of the
> zero-knowledge proof (which could be as simple as just hashes being random
> oracles) and the security of the timelock puzzles (RSA problem being hard).
>> I don't see the downside of simply requiring a locktime on every kernel...
> Extra identifying data which miners can identify and censor,

Locktimes will generally be at or a few blocks behind the current tip.

>additional data being stored in the chain forever,

True; 4 bytes extra per kernel.

> additional validation cost for users who
> aren't involved in the contract, permanent complexity of adding specific
> contract enforcement logic to consensus code.

One comparison in each case; kernel.locktime >= blockindex

So the costs are small, but better avoided altogether I agree.

Can you elaborate on how to prove that the third privkey is indeed
equal to base^{2^largenumber} ?

Follow ups