mimblewimble team mailing list archive

Thread
Date

Forbdding multi-kernel transactions

To: "mimblewimble@xxxxxxxxxxxxxxxxxxx" <mimblewimble@xxxxxxxxxxxxxxxxxxx>
From: Ignotus Peverell <igno.peverell@xxxxxxxxxxxxxx>
Date: Thu, 16 Mar 2017 14:07:23 -0400
Feedback-id: G8oYroY5d92pDGib9ZSQuAzn8O3JuHnC9BYqk1_LZGLiD5_Mc-EkTbswwpCLUOpi1Q3pbIzgCwewBVSqDCwbaw==:Ext:ProtonMail
Reply-to: Ignotus Peverell <igno.peverell@xxxxxxxxxxxxxx>

Hi,

It occurred to me while having a few email exchanges with John Tromp (doing the code review, I guess he didn't want to hurt my feelings publicly :P) that we may have different views as to how kernels exist in transactions (I think it's pretty clear to all how they work in blocks).

My take is that we can't allow multiple kernels in standalone transactions as long as we can't figure out how to do transaction pool cut-through safely. Otherwise we're opening ourselves to a whole range of annoying attacks in the pool. If someone has a solution that would still make transaction cut-through impossible while allowing multiple kernels, I'm all ears.

Otherwise, transactions have a single kernel, which doesn't need to be a kernel at all because the excess commitment can be trivially calculated (so only fee and excess sig are required).

- Igno