On Wed, May 15, 2013 at 6:24 PM, Gavin <gavinandre...@gmail.com> wrote:
> Busy with pre-conference stuff, not following details of this conversation...
> ... but it sounds a lot like the "guy fawkes" protocol Zooko was thinking 
> about a year or so ago.

Sort of, but in a guy fawkes signature you use the commitment to hide
the preimage that proves you had authority to spend a coin.   Adam
proposes you do this in order to hide _which coin you're spending_.

This has obvious anti-DOS complications, but Adam deftly dodged my
initial attempts to shoot him down on these grounds by pointing out
that you could mix blinded and blinded inputs and have priority and
transaction fees come from only the unblinded ones.

Effectively,  it means that so long as you could convince the network
to let you spend some coins, you could also spend other ones along for
the ride and the network wouldn't know which ones those were until it
was too late for it to pretend it never saw them.

I think there are all kinds of weird economic implications to this— a
blinded payment would seem to have a different utility level to an
unblinded one: you can't use it for fees— except you can unblind it at
any time.  And the discontinuousness  ("two types of inputs") and that
it would enable mining gibberish (though perhaps not data storage, if
you see my preimage solution to that) seems awkward and I think I have
to spend some time internalizing it before I can really think through
the implications.

AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
Bitcoin-development mailing list

Reply via email to