From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 71BD9DF2 for ; Fri, 26 Feb 2016 23:45:05 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io0-f174.google.com (mail-io0-f174.google.com [209.85.223.174]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 49D4614D for ; Fri, 26 Feb 2016 23:45:04 +0000 (UTC) Received: by mail-io0-f174.google.com with SMTP id z135so138604106iof.0 for ; Fri, 26 Feb 2016 15:45:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=1zz0sorjhIrDSW9HjOzbTeTvqEyXYaY+cb6HxwXjcOU=; b=s+HzYKnW9ePk7d/IkBITdKp5RBDHYZh7RoUAVJvswoDcwrtMiuZJ/sAdqAh3tg/+vi Sxn2KBOfBp3SyN2b4/ZnOO3xwGKJNvUegbaUOhXmE16EvZATMG/yWxvInFeK/6lWEl1p RAj6RnwDvh+7rl3OlfhO+qPoTS1eFI0Ky7OgqAUpQSAnDC+HDT3GgW5jifjxsR0fSP0h QkgvV+8JtIj7tMQgaa7cY+HkbKNmiiTyRHhc622RIm0tIAiTTQPgVah8nRCBvamc00hm OIKHHIgxEvuWaVjY+V54xIdUOM7gtUAXw4tHL8wq/fdyUQrnZMkwia37iEfKYhH6cXpP uwlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=1zz0sorjhIrDSW9HjOzbTeTvqEyXYaY+cb6HxwXjcOU=; b=F8xHizJeQvQdsGgPV9+VeVsq6w3zvzAoh5yyYDMjkR4NnFnK+ttPiGo4GzN9vbZUpP Ii+k2Sv17iOO27c5sWnh5Y/9IJmg0EYBrUiJ/VuX932Z5XpUNW/VoOocGPmrV8CQ/WAF pUFqZWZ4sWkfTSSEt9Ptg7yH8EBWQZJYF2zMT0anVdb7/VkmElmTxJD/N0coXjW0+Zgm 8U6deO6JG6kcR0HI2lPb2qz5T51xEZgWPEIzJ43iJ2A28JubJWn4C7Eb9pjVa9HmrrtH m0WmtnQ5aaaYdlYnQCjGomWe+yUYMDb487RjkuJpkYrXgzX56nzXxMXX4WCoQcBMWCrc 8o8w== X-Gm-Message-State: AG10YOT6NXAzAF0KThUYc7y5H2C8WQPdEILED/eG7zQHDTN/4ofr9YsVXDh76+vaaMq84zzG5OFEBa1yED7TIg== MIME-Version: 1.0 X-Received: by 10.107.4.213 with SMTP id 204mr10589307ioe.134.1456530303708; Fri, 26 Feb 2016 15:45:03 -0800 (PST) Sender: gmaxwell@gmail.com Received: by 10.107.132.75 with HTTP; Fri, 26 Feb 2016 15:45:03 -0800 (PST) In-Reply-To: References: Date: Fri, 26 Feb 2016 23:45:03 +0000 X-Google-Sender-Auth: g7g5xzTvy-1kxu7KvNo_Uz52s1I Message-ID: From: Gregory Maxwell To: Tier Nolan Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] The first successful Zero-Knowledge Contingent Payment X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Feb 2016 23:45:05 -0000 On Fri, Feb 26, 2016 at 11:33 PM, Tier Nolan via bitcoin-dev wrote: > That is very interesting. > > There has been some recent discussion about atomic cross chain transfers > between Bitcoin and legacy altcoins. For this purpose a legacy altcoin is > one that has strict IsStandard() rules and none of the advanced script > opcodes. One might wonder why anyone would want to own coins that couldn't keep up technologically, but to each his own. (especially one defunct enough that it can't even update IsStandard rules...) I don't think it's infeasible to do the EC multiply in a snark, but an efficient implementation would be a lot of work. You'd probably want to build a circuit for the field operations using 128 bit operations. Fortunately the overall operation is pretty easy to directly convert into a circuit (e.g. no branching). Why not use the single-show-signature scheme I came up with a while back on the Bitcoin side to force the bitcoin side to reveal a private key? http://lists.linuxfoundation.org/pipermail/lightning-dev/2015-November/000344.html