Burak Keceli [ARCHIVE] on Nostr: 📅 Original date posted:2023-06-07 🗒️ Summary of this message: Using one-show ...
đź“… Original date posted:2023-06-07
🗒️ Summary of this message: Using one-show signatures as double-spend protection is limited by miner-claimable fidelity bonds, which are less effective against adversarial miners.
đź“ť Original message:
> A problem with the idea of using one-show signatures as double-spend
> protection is that miner-claimable fidelity bonds don't work as well
> against adversaries that are not just counterparties but also miners
> themselves.
Hey David,
The fidelity bonds in the Ark context are nothing but the vTXOs themselves, which in simple terms, have two possible closures: (1) a key-path collaborative closure with higher precedence and (2) a script-path closure with lower precedence.
The key-path closure is a 2-of-2 between the rightful owner of the vTXO and the service provider. The script path closure, on the other hand, lets the service provider sweep funds after a relative lock time. The key-path closure has higher precedence over the script-path closure since it can be triggered immediately with a satisfying signature.
If the service provider double-spends a transaction that enforces a one-time signature where Bob is the vendor, Bob can forge the service provider’s signature from the 2-of-2 and can immediately claim his previously-spent vTXO(s). If Alice (or the service provider) is a miner she won’t be able steal funds regardless, since she won’t be able co-sign from the Bob’s key.
Best,
Burak
🗒️ Summary of this message: Using one-show signatures as double-spend protection is limited by miner-claimable fidelity bonds, which are less effective against adversarial miners.
đź“ť Original message:
> A problem with the idea of using one-show signatures as double-spend
> protection is that miner-claimable fidelity bonds don't work as well
> against adversaries that are not just counterparties but also miners
> themselves.
Hey David,
The fidelity bonds in the Ark context are nothing but the vTXOs themselves, which in simple terms, have two possible closures: (1) a key-path collaborative closure with higher precedence and (2) a script-path closure with lower precedence.
The key-path closure is a 2-of-2 between the rightful owner of the vTXO and the service provider. The script path closure, on the other hand, lets the service provider sweep funds after a relative lock time. The key-path closure has higher precedence over the script-path closure since it can be triggered immediately with a satisfying signature.
If the service provider double-spends a transaction that enforces a one-time signature where Bob is the vendor, Bob can forge the service provider’s signature from the 2-of-2 and can immediately claim his previously-spent vTXO(s). If Alice (or the service provider) is a miner she won’t be able steal funds regardless, since she won’t be able co-sign from the Bob’s key.
Best,
Burak