bitcoin-dev
Lamport scheme (not signature) to economize on L1
Posted on: December 19, 2023 14:07 UTC
Lamport hashes, in the context of cryptocurrency transactions, are safeguarded by a lengthy hash of a key fingerprint associated with an ECC public key, which remains undisclosed until the initial transaction takes place.
These hashes employ a serial-work and memory-hard algorithm to produce a short digest. For instance, Argon2 might be used to generate an output of approximately 12 bytes. In contrast, conventional hashing functions are constructed to be memory-easy and produce long digests that are resistant to brute-force attacks.
The construction of a conventional Bitcoin signing key involves a key derivation function (KDF) that uses both a seed and a tag to yield an ECC private key (ECCPRI), which could be based on Schnorr signatures or other standard algorithms. Corresponding public keys (ECCPUB) and Lamport public keys (LAMPPUB) are derived from private keys using respective hashing mechanisms. The process ensures that while it might be possible to crack a seed that serves as a pre-image to a Lamport private key (LAMPPRI), the seed will only be considered valid if it corresponds to an ECC public key generated by the KDF.
Bitcoin addresses (ADDR) are created using both the ECC public key and the Lamport public key, with conventional hash functions ensuring digest lengths that resist brute force attempts. Transactions (TX) are plain text, and their signatures (LSIG) are created using both the transaction and the Lamport private key via the hard hash function.
A smart contract, referred to as a COMMITMENT, defines conditions under which a transaction output (UTXO) is frozen: either upon the publication of a value that matches the hash signature before a specified block height (T2), validating and executing the transaction, or when T2 blocks have passed, allowing miners to claim their fees.
This system introduces two bundles: the Bundle of Lamport scheme (BL), containing the transaction and its Lamport signature, and the Bundle of Commitment and Conventional Signing (BC), which includes the commitment, the ECC private key's signature over the commitment, and both public keys. The Total Bundle (BT) comprises these two bundles and relates to the mining fees and fine structures (F1, FF1, FC) for processing.
The proposed framework operates with a single-use economic model for Lamport-based transactions, meaning the address (ADDR) can only issue one transaction following this method, encouraging the practice of not reusing addresses. This approach integrates time constraints, aiming to protect the owner from potential dissensus by broadcasting the Lamport private key within a specific window and securing users from commitment execution due to unintended unavailability.
This summary presents the proposed encryption and transaction signing scheme in a structured manner, focusing on the differentiation between conventional and Lamport-based cryptographic elements and the procedures involved in creating secure and verifiable cryptocurrency transactions.