ZmnSCPxj [ARCHIVE] on Nostr: 📅 Original date posted:2019-07-02 📝 Original message:Sent with ProtonMail ...
📅 Original date posted:2019-07-02
📝 Original message:Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, July 2, 2019 5:30 PM, Tamas Blummer <tamas.blummer at gmail.com> wrote:
> Hello ZmnSCPxj,
>
> > On Jul 2, 2019, at 10:12, ZmnSCPxj ZmnSCPxj at protonmail.com wrote:
> > As a counterargument, I observe that committing to the advertisement on the UTXO is similar to committing to a SCRIPT on a UTXO.
> > And I observe the Graftroot idea, wherein we commit to a public key on the UTXO, and admit a SCRIPT that is signed by the public key as a SCRIPT that unlocks the UTXO for spending.
> > By analogy, in my "advertising" scheme, instead of committing the advertisement on the UTXO, I can instead commit a public key (for example, the hash of the "advertiser pubkey" is used to tweak the onchain public key).
> > Then we use this advertiser pubkey to admit advertisements on the advertising network.
> > This advertiser pubkey is used to sign an "advertisement chain", which is a merklized singly-linked list whose contents are the actual advertisements, each node being signed using the advertiser pubkey.
> > To ensure that the advertiser does not sign multiple versions of this chain, we can have the signing nonce be derived from the height of the advertchain, such that signing the same height multiple times leads to private key revelation.
>
> The advertiser would thereby put the funds of the HODLer on risk of his misbehavior, which means the HODLer would have to trust the advertizing service.
No it would not :)
Onchain, the locked UTXO would be a 2-of-2 MuSig / 2p-ECDSA of the HODLer and the advertising broker.
The HODLer and advertising broker perform a (mostly-offchain) ritual that ensures that the HODLer gets a `nLockTime` transaction spending from this UTXO and paying it back to the HODLer, and that the advertising broker pays for rent of this UTXO, prior to the UTXO actually appearing onchain.
The UTXO requires both cooperation of HODLer and advertising broker in order to spend, and the HODLer only cares that it gets an `nLockTime` transaction and will no longer cooperate / will permanently delete its share of the key after getting this.
The MuSig / 2p-ECDSA pubkey used will then be tweaked (by addition in MuSig, by multiplication in 2p-ECDSA; the HOLDer need not even learn it, the advertising broker can tweak its pubkey in the Bitcoin-level transaction beforehand) to commit to a hash of the "Advertising pubkey".
Thus I say the UTXO "commits to the advertising pubkey", not "pays to the advertising pubkey".
Indeed, the pubkey of the advertising broker used on the Bitcoin blockchain can be very different from the advertising pubkey used on the advertchain.
This "Advertising pubkey" is the pubkey used in the advertchain.
The actual money on Bitcoin cannot be spent by the broker unilaterally.
However, what advertisement it will commit to on the advertchain, can be controlled unilaterally by the advertising broker.
That is the entire point: the HODLer rents out the UTXO to the advertising broker, relinquishes control over the advertchain, but retaining (eventual) control over the actual Bitcoins.
The advertising broker then has sole control of the advertchain, and can rent it out for smaller timeframes to actual service/product providers.
Regards,
ZmnSCPxj
📝 Original message:Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, July 2, 2019 5:30 PM, Tamas Blummer <tamas.blummer at gmail.com> wrote:
> Hello ZmnSCPxj,
>
> > On Jul 2, 2019, at 10:12, ZmnSCPxj ZmnSCPxj at protonmail.com wrote:
> > As a counterargument, I observe that committing to the advertisement on the UTXO is similar to committing to a SCRIPT on a UTXO.
> > And I observe the Graftroot idea, wherein we commit to a public key on the UTXO, and admit a SCRIPT that is signed by the public key as a SCRIPT that unlocks the UTXO for spending.
> > By analogy, in my "advertising" scheme, instead of committing the advertisement on the UTXO, I can instead commit a public key (for example, the hash of the "advertiser pubkey" is used to tweak the onchain public key).
> > Then we use this advertiser pubkey to admit advertisements on the advertising network.
> > This advertiser pubkey is used to sign an "advertisement chain", which is a merklized singly-linked list whose contents are the actual advertisements, each node being signed using the advertiser pubkey.
> > To ensure that the advertiser does not sign multiple versions of this chain, we can have the signing nonce be derived from the height of the advertchain, such that signing the same height multiple times leads to private key revelation.
>
> The advertiser would thereby put the funds of the HODLer on risk of his misbehavior, which means the HODLer would have to trust the advertizing service.
No it would not :)
Onchain, the locked UTXO would be a 2-of-2 MuSig / 2p-ECDSA of the HODLer and the advertising broker.
The HODLer and advertising broker perform a (mostly-offchain) ritual that ensures that the HODLer gets a `nLockTime` transaction spending from this UTXO and paying it back to the HODLer, and that the advertising broker pays for rent of this UTXO, prior to the UTXO actually appearing onchain.
The UTXO requires both cooperation of HODLer and advertising broker in order to spend, and the HODLer only cares that it gets an `nLockTime` transaction and will no longer cooperate / will permanently delete its share of the key after getting this.
The MuSig / 2p-ECDSA pubkey used will then be tweaked (by addition in MuSig, by multiplication in 2p-ECDSA; the HOLDer need not even learn it, the advertising broker can tweak its pubkey in the Bitcoin-level transaction beforehand) to commit to a hash of the "Advertising pubkey".
Thus I say the UTXO "commits to the advertising pubkey", not "pays to the advertising pubkey".
Indeed, the pubkey of the advertising broker used on the Bitcoin blockchain can be very different from the advertising pubkey used on the advertchain.
This "Advertising pubkey" is the pubkey used in the advertchain.
The actual money on Bitcoin cannot be spent by the broker unilaterally.
However, what advertisement it will commit to on the advertchain, can be controlled unilaterally by the advertising broker.
That is the entire point: the HODLer rents out the UTXO to the advertising broker, relinquishes control over the advertchain, but retaining (eventual) control over the actual Bitcoins.
The advertising broker then has sole control of the advertchain, and can rent it out for smaller timeframes to actual service/product providers.
Regards,
ZmnSCPxj