bitcoin-dev
Lamport scheme (not signature) to economize on L1
Posted on: December 19, 2023 21:22 UTC
In the analysis of a proposition regarding cryptographic measures, several key points were addressed to optimize system efficiency and security.
Initially, there was a correction made on the size of hash values; it was established that 12 bytes are sufficient for the hashes, as opposed to a previously mentioned 14-byte figure, which results in a saving of 4 bytes. Furthermore, it was acknowledged that including ECCPUB is critical for reducing the risks associated with the LSIG miner, suggesting that it should be broadcasted alongside LAMPPRI to minimize exposure.
Additionally, there's an argument presented advocating for the reduction of the fingerprint to 128 bits based on the weakest-link principle. This standard is widely used and would lead to a reduction of 4 bytes compared to current implementations that use a longer bit length. The discussion also touches on the potential benefits of employing Schnorr keys, which could adhere to this standardized bit length while maintaining security.
The conversation continues with an examination of the trade-off between entropy derivation costs and the number of bits used. By applying this trade-off to addresses, it's suggested that one could further economize by reducing an additional byte without severely impacting the system's integrity.
Lastly, the timing of transactions within the system was simplified. It was proposed that T0, the block height at which an LSIG is buried, does not need to be variable. Instead, T2 can be predetermined to always represent the time equivalent to T0 plus 48 hours. This fixed interval aims to prevent any accidental defaults on commitments due to network unavailability, thereby ensuring reliable transaction finality. The value of T1 remains unspecified but should be set such that it accommodates T0’s stated condition.