Actuarial System To Reduce Interactivity In N-of-N (N > 2) Multiparticipant Offchain Mechanisms

However, after analyzing it, ZmnSCPxj concludes that BitVM cannot be used for the desired purpose. The goal is to restrict the actuary to signing for a particular spend only once. The proposed mechanism involves fixing the reuse factor, which would require a change in Bitcoin consensus on top of SIGHASH_ANYPREVOUT. ZmnSCPxj suggests using a program that checks if two signatures sign different things but have the same public key. If the program validates, it means the actuary has cheated, and appropriate actions can be taken. However, BitVM triggers on dishonest execution of the program, so it cannot be used as-is. Honest execution leads to the BitVM contract resolving via timeout. ZmnSCPxj explores changing the "polarity" of the logic, but it requires the actuary to act as a validator instead of a prover, which is not ideal. ZmnSCPxj also mentions the need for the actuary to provide something that would make a transaction immediately confirmable, but BitVM only allows for dishonest execution of a BitVM program. Additionally, the actuary should be restricted to showing this for only one transaction, not multiple transactions.

The second email is from Antoine, who responds to ZmnSCPxj's previous message. Antoine discusses the amount of funds allocated to each participant and clarifies that the bond is not part of the construction funding. Antoine suggests two options to ensure lack of equivocation of an off-chain state: updating the subgroup of balance keys on-chain or designing a fraud proof system using OP_CHECKSIGFROMSTACK and the spent outpoint committed as a partial transaction template. However, fidelity bonds must be locked up equal to the counterparty's initial balance multiplied by the remaining counterparties to prevent cheating against other parties. Antoine provides an example where a factory with 1000 participants and a balance of 10,000 satoshis would require locking up 10,000,000 in fidelity bonds. He also mentions that a pre-nominated coordinator can reduce the burden of the full fidelity bond but raises concerns about coordinator unavailability and the associated fee costs.