On Wed, Aug 07, 2019 at 08:48:06AM -0500, Bryan Bishop via bitcoin-dev wrote: > Single-use seals > ================ > > This proposal may have inadvertedly demonstrated a practical way to implement > Peter Todd's single-use seals concept . I am hesitant to say so, though, > because I think he would ask for a more sophisticated way to verify seal > closure.
I'm not sure what you're getting at here; single-use-seals are really boring and simple. To recap, they're akin to a pubkey that has the "magical" property that it can only be signed once. This of course is impossible with math alone, but can be implemented with beyond-math mechanisms like trust or PoW (physics). Thus you have a globally unique seal, which can be closed over a message, producing a witness attesting to the fact that the seal was closed over that message. A single-use-seal protocol is secure if it is impossible (in your chosen security model) to trick the validation function into thinking a single seal was closed over two different messages. The obvious implementation with Bitcoin is to define the seal to be a specified txout, and the witness to be a transaction (and lite client proof) that spends that txout in a transation with an OP_RETURN output committing to the hash of the message as the first output. A fancier implementation could use a pay-to-pubkey-style commitment (RGB¹ uses something along these lines). For applications requiring a chain of single-use-seals, you can easily keep two txouts for seals in your wallet, and alternate them as the chain is extended. Do you mean to say there didn't previously exist a practical way to implement them? Or that you've found another way? I'm curious what you mean here. 1) https://github.com/rgb-org/spec -- https://petertodd.org 'peter'[:-1]@petertodd.org
Description: PGP signature
_______________________________________________ bitcoin-dev mailing list firstname.lastname@example.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev