Good morning Antoine,
> TLUV doesn't assume cooperation among the construction participants once the
> Taproot tree is setup. EVICT assumes cooperation among the remaining
> construction participants to satisfy the final CHECKSIG.
>
> So that would be a feature difference between TLUV and
Hi Zeeman,
> To reveal a single participant in a TLUV-based CoinPool, you need to
reveal O(log N) hashes.
> It is the O(log N) space consumption I want to avoid with `OP_EVICT`, and
I believe the reason for that O(log N) revelation is due precisely to the
arbitrary but necessary ordering.
AFAIU
Thanks for the clarification ZmnSCPxj!
On Sat, Feb 19, 2022 at 5:41 AM ZmnSCPxj wrote:
> Good morning Billy,
>
> > > "fully" punitive channels also make large value channels more
> dangerous from the perspective of bugs causing old states to be published
> >
> > Wouldn't it be ideal to have the
Good morning Billy,
> > "fully" punitive channels also make large value channels more dangerous
> >from the perspective of bugs causing old states to be published
>
> Wouldn't it be ideal to have the penalty be to pay for a single extra
> transaction fee? That way there is a penalty so cheating
> "fully" punitive channels also make large value channels more dangerous
from the perspective of bugs causing old states to be published
Wouldn't it be ideal to have the penalty be to pay for a single extra
transaction fee? That way there is a penalty so cheating attempts aren't
free (for
> One point of discomfort I have with Eltoo that I think is not universal,
but is shared by some others, is that non-punitive channels may not be good
for high-value channels as you do want, especially in a congested
blockspace world, punishments to incentivize correct behavior (otherwise
cheating
Good morning Jeremy,
> This is a fascinating post and I'm still chewing on it.
>
> Chiming in with two points:
>
> Point 1, note with respect to evictions, revivals, CTV, TLUV:
>
> CTV enables 1 person to be evicted in O(log N) or one person to leave in
> O(log N). TLUV enables 1 person to leave
This is a fascinating post and I'm still chewing on it.
Chiming in with two points:
Point 1, note with respect to evictions, revivals, CTV, TLUV:
CTV enables 1 person to be evicted in O(log N) or one person to leave in
O(log N). TLUV enables 1 person to leave in O(1) O(log N) transactions, but
Good morning ariard,
> > A statechain is really just a CoinPool hosted inside a
> > Decker-Wattenhofer or Decker-Russell-Osuntokun construction.
>
> Note, to the best of my knowledge, how to use LN-Penalty in the context of
> multi-party construction is still an unsolved issue. If an
Hi Zeeman,
> After some thinking, I realized that it was the use of the
> Merkle tree to represent the promised-but-offchain outputs of
> the CoinPool that lead to the O(log N) space usage.
> I then started thinking of alternative representations of
> sets of promised outputs, which would not
Good morning Erik,
> > As I understand your counterproposal, it would require publishing one
> > transaction per evicted participant.
>
> if you also pre-sign (N-2, N-3, etc), you can avoid this
It also increases the combinatorial explosion.
> > In addition, each participant has to store `N!`
> As I understand your counterproposal, it would require publishing one
transaction per evicted participant.
if you also pre-sign (N-2, N-3, etc), you can avoid this
> In addition, each participant has to store `N!` possible orderings in
which participants can be evicted, as you cannot predict
Good morning Erik,
> hey, i read that whole thing, but i'm confused as to why it's necessary
>
> seems like N of N participants can pre-sign an on-chain transfer of funds for
> each participant to a new address that consists of (N-1) or (N-1)
> participants, of which each portion of the
hey, i read that whole thing, but i'm confused as to why it's necessary
seems like N of N participants can pre-sign an on-chain transfer of funds
for each participant to a new address that consists of (N-1) or (N-1)
participants, of which each portion of the signature is encrypted for the
same
On the topic of half aggregation, Chalkias et al. gave a convincing security
proof last year:
https://eprint.iacr.org/2021/350
As an aside, half aggregation is not exactly the scheme in the OP because that
one is insecure. This does not affect Zmn's conclusion and was already
pointed out in the
`OP_EVICT`: An Alternative to `OP_TAPLEAFUPDATEVERIFY`
==
In late 2021, `aj` proposed `OP_TAPLEAFUPDATEVERIFY` in order to
implement CoinPools and similar constructions.
`Jeremy` observed that due to the use of Merkle tree paths, an
`OP_TLUV`
16 matches
Mail list logo
