On Fri, Feb 26, 2016 at 11:33 PM, Tier Nolan via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > That is very interesting. > > There has been some recent discussion about atomic cross chain transfers > between Bitcoin and legacy altcoins. For this purpose a legacy altcoin is > one that has strict IsStandard() rules and none of the advanced script > opcodes.
One might wonder why anyone would want to own coins that couldn't keep up technologically, but to each his own. (especially one defunct enough that it can't even update IsStandard rules...) I don't think it's infeasible to do the EC multiply in a snark, but an efficient implementation would be a lot of work. You'd probably want to build a circuit for the field operations using 128 bit operations. Fortunately the overall operation is pretty easy to directly convert into a circuit (e.g. no branching). Why not use the single-show-signature scheme I came up with a while back on the Bitcoin side to force the bitcoin side to reveal a private key? http://lists.linuxfoundation.org/pipermail/lightning-dev/2015-November/000344.html _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev