← Back to team overview

mimblewimble team mailing list archive

Re: Assets and Mimblewimble


Sorry for the late reply, I wanted to make sure I had worked my way through your Confidential Assets paper more thoroughly before replying, I only gave it a cursory look when it "came out".

It all sounds pretty good, I think benefits with CA more than compensate for the additional space requirements. And I have hopes we may eventually aggregate some of that anyway. I'd temperate the "now" a little bit, even though I know you mean it relatively, as there's still a lot of dev that's a fair amount higher on my priority list (for example better than non-existent DoS protection). I'll send a separate "roadmap" email later for all that.

But going back to CA, both denominations and test coin are pretty neat ideas that are fairly low-hanging fruits. Soft forking other currencies/assets, possibly pegged, is also a very interesting avenue to future-proof our chain some more (beyond great scalability). And from an implementation standpoint, it also makes Grin attractive for people who are into private/permissioned use cases.

Sweet developments!

- Igno

-------- Original Message --------
Subject: Re: [Mimblewimble] Assets and Mimblewimble
Local Time: April 11, 2017 4:52 PM
UTC Time: April 11, 2017 11:52 PM
From: apoelstra@xxxxxxxxxxxxxx
To: mimblewimble@xxxxxxxxxxxxxxxxxxx

Oh, another design goal is that if a peg mechanism is possible,
that it be possible to do blind-amount pegs. I believe nothing
in this proposal precludes entirely blind issuance and deissuance

On Tue, Apr 11, 2017 at 11:36:17PM +0000, Andrew Poelstra wrote:
> ==========
> A core goal of this design is to make it possible to later softfork in a
> sidechain peg. The restrictions on this would be that the "extra condition"
> data would have some sort of SPV proof or whatever. Kernels and commitments
> can be used to describe the destination of the coins, and explicit amounts
> can be used to give miners fees in the pegged asset.
> Another idea is that if in the far future grin's coin issuance schedule
> turns out to be economically or incentive-wise bad, we can softfork in
> another coin with another schedule. (Of course, the original coin would
> remain perfectly intact, for people who don't like this.)
> This is a pretty complex proposal, and will need a fair bit of review and maybe
> modification, but it gives us an incredible amount of power:
> - Confidential assets :)
> - A test coin that users can mint arbitrarily and which adds to the
> privacy set for the real coins (but whose issuance takes constant space)
> - Ability to soft-fork in pegged (or other) currencies
> - Users who don't follow the soft-fork still get the privacy benefits of
> the new asset type, and can still verify inflation-soundness or the new
> asset and old ones.
> - In fact, we could add a coin whose issuance is based on some new and
> suspicous crypto, or trust assumptions, or whatever, and if this crypto
> fails the fallout is entirely contained to the new asset.
> ...and we get all this without any new crypto primitives (though who knows what
> a peg proof will wind up looking like..).

Andrew Poelstra
Mathematics Department, Blockstream
Email: apoelstra at wpsoftware.net
Web: https://www.wpsoftware.net/andrew

"A goose alone, I suppose, can know the loneliness of geese
who can never find their peace,
whether north or south or west or east"
--Joanna Newsom

Mailing list: https://launchpad.net/~mimblewimble
Post to : mimblewimble@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~mimblewimble
More help : https://help.launchpad.net/ListHelp