bitcoin-dev

Shielded CSV: Private and Efficient Client-Side Validation

Shielded CSV: Private and Efficient Client-Side Validation

Original Postby Antoine Riard

Posted on: September 25, 2024 12:23 UTC

In a comprehensive examination of the scalability challenges associated with implementing blockchain technology, particularly in the context of data storage and transaction verification, certain critical points emerge.

The limitation of having to store 64 bytes of data on the blockchain, whether as plaintext for atomic client-side validation transactions or in a more cryptographically efficient form such as an accumulator, presents a significant bottleneck. This constraint necessitates that the data, regardless of its size, must be publicly available on the blockchain, or alternatively, there should be a mechanism such as a distributed publication board for pay-to-contract commitments. Such a system would allow for the reveal of these commitments to CSV clients in a way that minimizes interaction.

Another crucial issue identified is the protocol's current inability to prevent double spending. To mitigate this risk, it is proposed that all coins used in a transaction be "nullified" by publishing a corresponding nullifier on the blockchain. This approach, however, implies that each participant verifying a nullifier must bear the bandwidth cost of reading the entire blockchain, which could be prohibitively expensive and inefficient.

Regarding privacy concerns, while coin proofs are designed to reveal no information beyond the validity and creation time of the coin, the visibility of coin creation time could potentially lead to deanonymization through cross-layer analysis techniques. A suggested solution involves the use of range proofs, like Pedersen commitments, which can obscure the coin creation time by logically ordering the lower and upper bounds of the range value based on the sequence of chain block times and heights. This method, while enhancing privacy, also brings into discussion the balance between perfectly hiding and perfectly binding cryptographic properties, pointing towards the potential for broader consensus-level applications, such as incorporating dedicated structures within the taproot annex where fields are accounted as witness units.