There is concern over the relaying of double spends in Bitcoin XT (and now Bitcoin Unlimited): that by relaying double spends it may incentivize miners to cooperate with the double spend attacks known euphemistically as "Replace By Fee". It seems like if there were a way to prove existence of a signature on a given txout, without providing the full valid transaction, this would neatly solve the problem.
The answer on this stackexchange post suggests a method by which, if you know an ECDSA signature (r,s), you can perform a transformation on it that proves knowledge of s without revealing s.
https://crypto.stackexchange.com/questions/15274/ecdsa-signature-verifiable-1-way-transformations
My elliptic curve math is not that strong, but at first glance, this would appear to be a way to solve the issue.
[link] [comments]
source https://www.reddit.com/r/btc/comments/94g5ik/can_zeroknowledge_proofs_of_ecdsa_signature_be/
No comments:
Post a Comment