Good morning Dustin,

> Wouldn’t a revealed private key for time locked funds create a race to spend? I imagine miners who are paying attention would have the advantage but it would still just be a race.

If Bitcoin had implemented RBF "properly" (i.e. not have the silly "opt-out" rule) then such races are won by bidding up the fees.  A random person who is not the original staker would be willing to pay miners a fee up to the entire staked amount minus dustlimit satoshis; obviously a staker would be far less willing to pay up such a fee, so the random person slashing the funds would have a major advantage in that race.
Thus the race will be won by whoever mines the highest-fee transaction.
It still becomes very unlikely that the staker will win unless the staker already has a significant mining hashpower (and if the staker has significant hashpower, then the Bitoin layer itself is at peril anyway, never mind sidechains built on top of it).

Regards,
ZmnSCPxj

>
> On Tue, Jan 22, 2019 at 6:14 AM ZmnSCPxj via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> > Good Morning Matt,
> >
> > > ### ZmnSCPxj,
> > >
> > > I'm intrigued by this mechanism of using fixed R values to prevent multiple signatures, but how do we derive the R values in a way where they are
> > unique for each blockheight but still can be used to create signatures or verify?
> >
> > One possibility is to derive `R` using standard hierarchical derivation.
> > Then require that the staking pubkey be revealed to the sidechain network as actually being `staking_pubkey = P + hash(P || parent_R) * G` (possibly with some trivial protection against Taproot).
> > To sign for a blockheight `h`, you must use your public key `P` and the specific `R` we get from hierarchical derivation from `parent_R` and the blockheight as index.
> >
> > Regards,
> > ZmnSCPxj
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev