Nostr Web Client

Haha BLS everything of course. I can’t even imagine how you could do it only for the PoK. Any equivalence proof between curves will be a PoK so there’d be no point in the BLS in the first place.

I like “purecoin”. Although I also think it’s not a great direction. It’d still make way more sense than bip444. It would be interesting to present a possible if not realistic soft fork that actually would significantly reduce the amount of data embedding that could be achieved per vbyte. Then a rational debate could be had.

Point taken about locktimes. I don’t think anyone would be in favour of disabling lightning. You’d probably have to leave the spammers with that one.

Zero-Knowledge Goof 1mo ago

Oh also public derivation could work with the BLS scheme I think. Just don’t commit to the public key in the hash to curve for the PoK and it becomes malleable.

Reply to this note

Please Login to reply.

Discussion

waxwing 1mo ago 💬 2

OK. But my gut would tell me that malleable (not pubkey prefixed) BLS sigs would be unsafe. I'm assuming by PoK you do mean BLS sigs. Wouldn't you be able to forge sigs on related keys?

Zero-Knowledge Goof 1mo ago

Yeah that’s a feature. You can forge the PoK on related keys. If a key has a known key then you can’t sub-exponential data with it or any related keys either.

waxwing 1mo ago 💬 1

I think I agree.

(Apart from 'key has a known key' 😁)

Zero-Knowledge Goof 1mo ago

Haha that sentence was extremely slurred but it sounds like you got the idea!