waxwing on Nostr: On a first scan read, I'm not sure there's much of interest here. As he notes in the ...
On a first scan read, I'm not sure there's much of interest here. As he notes in the efficiency section, it's comparable in verification cost to pre existing C(LSAG), at least that's intuitive, so I just believe it. It *is* very compact, but I don't think that's new.
I think curve trees + signature of knowledge of the rerandomised key gives the same effect with much faster verification, at the cost of a fairly trivial increase in size of proof (and with very sublinear scaling, imagine 2.6kB for 50K keys and 2.6kB for 200K keys).
In a blockchain proof size is paramount, but verification speed is also important. Luke Parker's FCMP stuff is actually trying to get both together.
I think curve trees + signature of knowledge of the rerandomised key gives the same effect with much faster verification, at the cost of a fairly trivial increase in size of proof (and with very sublinear scaling, imagine 2.6kB for 50K keys and 2.6kB for 200K keys).
In a blockchain proof size is paramount, but verification speed is also important. Luke Parker's FCMP stuff is actually trying to get both together.