1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
|
Return-Path: <yurisvb@pm.me>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id E52E5C0037
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 19 Dec 2023 14:07:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id BFD854064F
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 19 Dec 2023 14:07:49 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org BFD854064F
Authentication-Results: smtp2.osuosl.org;
dkim=pass (2048-bit key) header.d=pm.me header.i=@pm.me header.a=rsa-sha256
header.s=protonmail3 header.b=aJ1f61x8
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001,
RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id BlMfcBXbhQR5
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 19 Dec 2023 14:07:48 +0000 (UTC)
Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16])
by smtp2.osuosl.org (Postfix) with ESMTPS id 760044010D
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 19 Dec 2023 14:07:48 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 760044010D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me;
s=protonmail3; t=1702994864; x=1703254064;
bh=ttgXlt3MeRiIfSK70wpiV5aXniR8/K2rHFEbql/alaE=;
h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
Message-ID:BIMI-Selector;
b=aJ1f61x8GdvcDF4pBpZTzxE2houMfUMBVO+c1292nzesgpsPaMPO86X+vuO0dBCDu
6Sg0roswr/WS+PtJf+Xcwcctfc12RKfO/vqwjuJfoFxAZd5JFCndyQh9HfiYMnGJdn
AfGy4zjN4V+y6+vLa2aiLr6ODjy4r5SdWFczJi6pUvE4xZClM98Jb9N6qziEBvCPuy
LIR0QUHnpJNbgRDOz/Ca3E4Havj+8zn/cECyeKuMyzTP5Xct+W2sLJUBF9JG+/dwMA
JvO1qvRTrCGXz7H3bGCrfpdFq6tMMkQwpWM4ko6Lwx+CJp9UhdMzM87QSBvi9Swe6G
SPpjndo9xBHAA==
Date: Tue, 19 Dec 2023 14:07:23 +0000
To: Nagaev Boris <bnagaev@gmail.com>
From: yurisvb@pm.me
Message-ID: <ue8nChOuMtyW_JM-WxikLpWUSn9I99UHI5ukFVfLOEmQtCo4noetzyVKercbrwjr_EqNotDsR1QZ0oijMu11TO2jpEjlJF71OjLlNoZ-00Y=@pm.me>
In-Reply-To: <CAFC_Vt644Wqn7EcvoZwFscPMov8T5kO9ss_QRgNgVNir-bBA0Q@mail.gmail.com>
References: <nvbG12_Si7DVx9JbnnAvZbNdWk7hDQA23W1TXMkfYoU2iBA95Z1HzRnXgyiwFhDBmdi_rWL0dPllX1M9N9YZPDV47VgYADNd7CQA9CkAuX0=@pm.me>
<CAFC_Vt5xqhuXjNVeSGE2Pn=0N0MuB6pOnREzGhSQSpk+hTUUSg@mail.gmail.com>
<-lH1AcjRwuxfuqLPFOh_oga10Qm12fb7Se9imDeS5ft6CU3y8KTQa3tBP0twJJBFSHgj7FC8EIxvEser3oZdWvkeitRwERQl_cCdgAWtbTU=@pm.me>
<CAFC_Vt7B1oV0_uAwKe3NQLWE2jdQ_MF1W4fnVqkf8s=YHyfVyQ@mail.gmail.com>
<1aHuuO-k0Qo7Bt2-Hu5qPFHXi4RgRASpf9hWshaypHtdN-N9jkubcvmf-aUcFEA6-7L9FNXoilIyydCs41eK4v67GVflEd9WIuEF9t5rE8w=@pm.me>
<CAFC_Vt644Wqn7EcvoZwFscPMov8T5kO9ss_QRgNgVNir-bBA0Q@mail.gmail.com>
Feedback-ID: 15605746:user:proton
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg=pgp-sha256;
boundary="------8f83ec5b0c973380aa347970be5392721e7cb5e81d2e0afeffc6547f0ea2fcee";
charset=utf-8
X-Mailman-Approved-At: Tue, 19 Dec 2023 14:36:24 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: [bitcoin-dev] Lamport scheme (not signature) to economize on L1
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2023 14:07:50 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------8f83ec5b0c973380aa347970be5392721e7cb5e81d2e0afeffc6547f0ea2fcee
Content-Type: multipart/mixed;boundary=---------------------246520715a22a95f02f6bba9f68828c4
-----------------------246520715a22a95f02f6bba9f68828c4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8
Thank you for the question, Boris. That was an easy one:
Short answer is Lamport hashes are protected by long hash of key fingerpri=
nt an ECC (Schnorr or otherwise conventional) public-key, which is not pub=
lished until first transaction. For clarity:
HL(.) =3D serial-work- and memory-*hard* hash with *short* digest (ex.: Ar=
gon2 with ~ 12 bytes output. "L" for "Lamport");
HC(.) =3D nonspecific representation of conventional, serial-work- and mem=
ory-*easy* hashes with *long* (brute-force-resistant) digest length. "C" f=
or "Conventional";
KDF(.) =3D conventional key deriving function
ECCPUB =3D public key correspondent to ECCPRI
ECCPRI =3D KDF(seed, tag) //conventional BTC signing key (could be Schnorr=
instead)
LAMPPUB =3D HL(LAMPPRIi)
LAMPPRI =3D HL(seed, tag) //Though it is (more) feasible to crack a seed S=
that works as pre-image to LAMPRI, such seed can only be deemed valid if =
the public key correspondent to KDF(s) =3D ECCPUB, so ultimately, cracking=
seed is still as hard as cracking a conventional seed.
ADDR =3D H(ECCPUB, LAMPPUB) //Conventional BTC key fingerprinting with con=
ventionally used hashes and their respective brute-force-resistant digest =
lengths
TX =3D plaintext transaction
LSIG =3D HL(TX, LAMPPRI)
COMMITMENT =3D Smart contract stating "This UTXO is frozen until one of th=
e following happens: A) publishing of a L such that HL(TX,L) =3D LSIG befo=
re T2 in which case TX is deemed valid and executed, or B) T2 blocks from =
now, when miner of LSIG has gets F1+FF1, and the miner of COMMITMENT gets =
FC, both from UTXO"
BL =3D "Bundle of Lamport scheme" =3D (TX, LSIG)
BC =3D "Bundle of Commitment and Conventional Signing" =3D (COMMITMENT, EC=
CPRI(COMMITMENT), ECCPUB, LAMPPUB) //LAMPPUB is added here to allow easy v=
erification that ECCPUB corresponds to ADDR
BT =3D "Total Bundle" =3D (BL, BC)
F1 =3D fee offered to mine BL
FF1 =3D fine offered to miner of BL to compensate for delay
FC =3D fee offered to mine BC in case of default
T0 =3D Block height of broadcasting of BT
T1 =3D Block height owner should aim at broadcasting LAMPPRI block ~ T0+1=
to T0+6 blocks. This is to protect owner from dissensus (revealing LAMPPR=
I in a block and have it utilized to forge transaction in a competing bloc=
k of same height).
T2 =3D Block height of expiration of commitment ~ T0+24 hours to T0+ a few=
days to protect user from execution of commitment being triggered by inno=
cent unavailability.
From ADDR alone, Miners, cannot forge a valid LSIG, nor try to ascertain L=
AMPPUB or LAMPPRI, because of pre-image-resistance of H(.) and brute-force=
resistance of ECCPUB before being published. The saving happens because, =
safe from T2 passing without LAMPRI being broadcasted, only BL and LAMPPR,=
and not BC, end up in Blockchain.
The proposed scheme, therefore allows for only 1 instance of Lamport schem=
ed-based economic transaction, which has to be the first transaction of AD=
DR (because of publishing of ECCPUB). After this first transaction, ADDR i=
s stil valid, just no longer able to issue transactions.
The proposed scheme, therefore, favors the good practice of non-address re=
use.
YSVB
Sent with Proton Mail secure email.
On Tuesday, December 19th, 2023 at 1:45 AM, Nagaev Boris <bnagaev@gmail.co=
m> wrote:
> On Mon, Dec 18, 2023 at 7:44=E2=80=AFPM yurisvb@pm.me wrote:
> =
> > I beg to disagree: key owner broadcasts first bundle (let's call it th=
is way) so that it is on any miner's best interest to include said bundle =
on their's attempted coinbase because they know if they don't any other co=
mpeting miner will in the next block.
> =
> =
> What if an attacker broadcasts the first bundle? He spent a lot of
> time cracking the hash which is the part of the address in the
> proposed scheme. Then he cracked the second layer of hashing to have
> both hashes ready. If the utxo has enough sats, the attack is
> economically viable.
> =
> =
> --
> Best regards,
> Boris Nagaev
-----------------------246520715a22a95f02f6bba9f68828c4
Content-Type: application/pgp-keys; filename="publickey - yurisvb@pm.me - 0x535F445D.asc"; name="publickey - yurisvb@pm.me - 0x535F445D.asc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="publickey - yurisvb@pm.me - 0x535F445D.asc"; name="publickey - yurisvb@pm.me - 0x535F445D.asc"
LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgp4c0JOQkYySmpSWUJDQUM1MXlo
K0s0MmF0c0V5MGdCTmgvaklXR1hzQnRFLzdJOGFuUmZkZTcvcWdHeXkKbEx4TXFZRE1OelUwN3c5
Z3VINllKRDdWdzNaUmxTVGVqNU9Hc2laOFJ2OUp4YXBYc0MxeDMrdHhOQkFQClYyVml1MVpsMnhK
Y29sTDkrem9SUmhmU25lVDVaZm1IQlpBSklKbmhOdU80ajhrRi9iNDRFaEZ3NkwvTgpGbE9rK1VC
SkVvS0FFQWttd09aWWpVTDd6MStRdzJBZkJIVGVwNFMzYmY4SmZMNDFOUVJsRnBSa3MrSkMKTjNa
c0ozZmZhNURjWjVqTGgyK2k5Mlg2eE8yVW5nM0hLYXhJYTVtbzB3cGVvQ1JQdUxNRjE2cjVQelJ4
CjJmNldzZVlUbWVmZWVYUGUzZEhyTTR4ai9ndHpBRGNxaFd6VVZLM21ZNTdPTXhVYjJ4MWdqZ1Z6
QUJFQgpBQUhOSFhsMWNtbHpkbUpBY0cwdWJXVWdQSGwxY21semRtSkFjRzB1YldVK3dzQjFCQkFC
Q0FBZkJRSmQKaVkwV0Jnc0pCd2dEQWdRVkNBb0NBeFlDQVFJWkFRSWJBd0llQVFBS0NSQXYzelY4
UzhOTVZkTkRCLzlRCnZRRlpZNkRzR3FMOTlkKzI2QjdHYmRCb0VjenUxL2NqTVpNdE9QeW9nSElF
eXllalR3R1RVN3ZYNEpWZQozRHZnbnd4U2xIYjQ2dDU2VGV3OU5rZ2V4MmFIb0hGRnJBd3MraTVa
ajdZN2lhL2l2RVozZE1KR3dNSUoKeVlQS08rdG1ockxNYWlSSFdnUnhtSG5mRnhUY1dFQ1dSZEk3
dDRJWFp3Rm9QN2Z3TVVVVXQrV3NTbzJSCnJhUVZEL3NTL2F2TlF5T2h6YTlLcVBQNjBZY3B2RUtj
UXArL2hyTjRRcFhVSkxiaDFZMVlqeUhlbDhnQgpRa3p2QzUwUjVxTzRlY2xxSy9FMEhESnlDWmZN
TThkV2o0REJrTWN2SzlsYjB5b3ZRMDFFTXp1NkU1NEcKYjZ0VFp1bktQTVpVd1J1SW5FY0hHMjV0
azdWUEM4clJTU0hqeDhTT3pzQk5CRjJKalJZQkNBQ3RiUWdNCldRSnMvTVdZbDR2THRLSlhYbFlS
T2h1YkVWbjRjTFdZSmVFWHpzSllCQWRlNWh0QlEzc212UjJ2NnVJegptejJpaXFsSkVVdmYwY2xM
WS9QVExoSGVTbWE5VTRodzRaRDNZKzV6WWxINURza2l1N3lLZTdIVmpEVmkKd1FJN25acWRvanJs
dDhCZENiOVNMaXRNaFRvR1crS2E1VCtUOWNmbWthMk1qa3pRSFBNTEJtdVJ6a2V2ClBkZFF6M0xB
MjMzZDNHREVTZklCYy91OC9YelBUNkZTZ3MzSEh4OEFJbFdQbEJaYmh6WmpQNlRLclRNRQpOSEtK
cmxTRlZKclErL25QU28ya0VSL0VDczF0aUJEY0JkamVPYWx6LzdRVWN0Rnp3NGdjS0RtMGpUeEkK
cVhWVlV3a2tuRkM4NDZMTjNBT2p0UWRyOVV3czVsTzhkeXBGQUJFQkFBSEN3RjhFR0FFSUFBa0ZB
bDJKCmpSWUNHd3dBQ2drUUw5ODFmRXZEVEZXS2VBZ0FxRXN1QXJMZFprYXBvZDI3K2hpcHZZNUcr
eVRLQW1NMApIVlhmQzJiMVdtNXQwQXhOVXVkMlJ1OTE1MHA3V09CRXpXYkxnNXdzOTc1M296dlZi
cFpIQU9uVGZOeXoKUUR5QWhmZ1hNQjIvdzRERXEwT2tlQVBRNXhsQWtISDZpUW1hSkZiYy9FRjRX
ZWZWeE92MnNRNDlRNks5Ci9Bb1FROG54RVh1RzRidXVrclEwTGVlTVAzNEdMWUhYK2JvWENHQmxI
MGhiZm5kc3VQbEdqYnBnWVErdQplclJGTlB4N1JtSWtnQjJ0WmhwZkZ3VGtid1c2TVFmWDM5Z3F1
SitwVEVKUnA5UmpJVjFZU2txSjZJUkgKQkc4eFBocGgzT3huaWJyWkdlbGdtakpNM2QwM1k5OSs3
OXBvdTRlY09BeWYyTHMrMVVTY2NDTzA2YnI4CldlcjJ3cmI0WXc9PQo9aHJheAotLS0tLUVORCBQ
R1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==
-----------------------246520715a22a95f02f6bba9f68828c4--
--------8f83ec5b0c973380aa347970be5392721e7cb5e81d2e0afeffc6547f0ea2fcee
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsBzBAEBCAAnBYJlgaN5CZAv3zV8S8NMVRYhBFNfRF3t6Z4/pmFJQy/fNXxL
w0xVAAB5JQgAhuxOItVigEDOJM9aWJrVtsjK9/eOOuQF8RQJ4YrDGluutaBG
Gqat4WSU+J2+SLF9qtIkbvd3sAedx2/4cplreGtCz8sAeVaix5GIiNH2nJ8L
V4G8JUNn1bhAxDy7xmCjICbkc5rI/RsKMty4HBLgOmOoO26XrhI9uIwvrmDn
ur0zwXGDMHRSy4/6hHHvtNdHFkZmmUSRv05GN7c9cG893r9hkgoIaryPDVne
y15wxte10hMUsw3hnTJ1S5yh/3qY/X+l6EoLXTKkL8IyndBrMZ9hJyrvAzEJ
fBgOhcyKMXczIlIor5jVFGVlfHHrU2VOYS8KvxkYktR2H7v1N/T7Wg==
=RqpP
-----END PGP SIGNATURE-----
--------8f83ec5b0c973380aa347970be5392721e7cb5e81d2e0afeffc6547f0ea2fcee--
|