Saturday, 4 August 2018

Can zero-knowledge proofs of ECDSA signature be used to prove double spends without encouraging them?

There is concern over the relaying of double spends in Bitcoin XT (and now Bitcoin Unlimited): that by relaying double spends it may incentivize miners to cooperate with the double spend attacks known euphemistically as "Replace By Fee". It seems like if there were a way to prove existence of a signature on a given txout, without providing the full valid transaction, this would neatly solve the problem.

The answer on this stackexchange post suggests a method by which, if you know an ECDSA signature (r,s), you can perform a transformation on it that proves knowledge of s without revealing s.

https://crypto.stackexchange.com/questions/15274/ecdsa-signature-verifiable-1-way-transformations

My elliptic curve math is not that strong, but at first glance, this would appear to be a way to solve the issue.

submitted by /u/markblundeberg
[link] [comments]

source https://www.reddit.com/r/btc/comments/94g5ik/can_zeroknowledge_proofs_of_ecdsa_signature_be/

No comments:

Post a Comment