Replying to Avatar RABBIT HOLE RECAP

RHR 388: A CHRISTMAS MIRACLE WITH nostr:nprofile1qyxhwumn8ghj7mn0wvhxcmmvqyv8wumn8ghj7urjv4kkjatd9ec8y6tdv9kzumn9wsqzqpxfzhdwlm3cx9l6wdzyft8w8y9gy607tqgtyfq7tekaxs7lhmxf5dcd8v AND nostr:nprofile1qy0hwumn8ghj7cnfw33k76twd4shs6tdv9kxjum5wvhx7mnvd9hx2qg4waehxw309ajkgetw9ehx7um5wghxcctwvsqzq3e0gs8jnmued6f2rp4c6vs07xqvs4vs8zpwt82smcdch4txjvq76kl2yj

https://cdn.satellite.earth/04aebe10cc8853674d0274d1dfa68fa56983a750519414306d1051eef661955d.mp4

Avatar
SatsAndSports 2w ago 💬 2

nostr:nprofile1qqspqflat0pmtegvnqqdfz7g4nau9yxcnwzhcl8p24e22uzgcnq9trsppemhxue69uhkummn9ekx7mp0qyg8wumn8ghj7mn0wd68ytnddakj73h7976 is implementing the solution to the "sybil zapping" problem that you mention at 12m45

You can burn sats by leaving them onchain as anyone-can-spend outputs that are CLTV-locked to the future (decades in the future, if you want to help with the security budget).

A "notary" collects all the nostr event IDs, and the sats to burn for each one, and makes a single burn transaction on chain with a Merkle hash - in an op_return -to store all the IDs of the nostr events

Nostr clients and nostr relays can then verify the transaction and the Merkle proof to see which events have burned sats attached to them

There is a Nostr DVM nostr:nprofile1qqsvre9mtrs9tevx4yj8dwjvtwf4udatg5vwfktsjhna3mdp3kra7dgpr9mhxue69uhhyetvv9ujumn0wd68yerkd5hxxmmd9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcydy4f4 of these notarized notes

Reply to this note

Please Login to reply.

Discussion

Avatar
ThomasV 2w ago 💬 1

Actually, it is CSV locked., so locking decade in the future won't work.

Avatar
SatsAndSports 2w ago 💬 4

Thanks for the clarification. If I understand correctly, OP_CHECKSEQUENCEVERIFY can only go 65,535 blocks (about 15 months) into the future.

I still think the far future is better for this 😀. The main reason to give the burned sats to miners, and not just burn them immediately in an OP_RETURN, is to help with the security budget in the future

If the unlocking is too soon, it gives miners the incentive to cheat in the way we discussed a couple of months ago. A short lockup would allow a large mining pool to advertize "pay us 10 sats, and we'll pretend that we burned 12 sats for you". A large mining pool can do this today as there is a good chance that they will also mine the block at which the burned sats become unlocked and therefore they are "fake-burning" sats by paying themselves

I chose 12 sats and 10 sats there, based on the rough numbers that large pools control about 20% of hashrate

Avatar
ThomasV 1w ago

We cannot use CLTV for proof of burn, because it would allow miners to cheat. This is explained in the whitepaper: https://notary.electrum.org/n/proof-of-burn.pdf (see footnote on page 4)

Avatar
SatsAndSports 1w ago

So you're saying that miners would delay the notarization transaction until the height specified in the CLTV, so that they can notarize and redeem in the same block

Yes, they could in theory, and that would allow the cheating that we discussed before. But they're not going to delay the notarization transaction for decades, if we're sending it decades into the future

The end users of the system (I mean the users of nostr clients who are consuming nostr events and want to see which events have burned sats associated with them) are looking for reliable notaries, i.e. notaries that get the notarizing transactions into blocks within hours or days (not years or decades).

The end user's software could easily check that the notarization transaction is mined at least N blocks before whichever height is specified/implied by the CLTV or CSV locks

Avatar
ThomasV 1w ago

It's not about delaying the transaction. If you only rely on CLTV, a spammer can mine a notarization transaction today and pretend that it has been published a long time ago.

But you are right, the software could additionally check that the notarization was mined N blocks before the locktime. This introduces an extra parameter, and it feels a bit like misusing CLTV, but it would indeed allow for longer time delays than CSV.

Avatar
SatsAndSports 1w ago

The extreme case of this could be very interesting for game theory, leading to just one notary getting a very large monopoly

Imagine a single notary does a deal with all the big mining pools which together control 90% of hashrate

That notary could advertise: "give me 10 sats and I'll notarise it as 50 sats".

As they control 90% of hashrate, they will on average get 45 sats back from those 50, and hence the real cost to the notary is just 5 sats (on average) compared to the 10 sats that they earn from the creator of the nostr content

With CSV, the delay is just about 15 months, and that's short enough that the big notary is happy to wait

I think the only solution is to really make sure that today's miners don't see any value from the burning, so either notarizing to an OP_RETURN, or use CLTV to send it very far in the future

nostr:nprofile1qqsv8c37kh3aqrcckt60tzxcek79fpjghemphhvssyscdh6xq0tu42gpypmhxue69uhky6t5wdshgtnddakx7mnvv93x2tngdakxg6twvaej7qghwaehxw309a3xjarrda5kuetj9eek7cmfv9kz7qgwwaehxw309ahx7uewd3hkctc0g4qea , is this the right npub for Espen?: nostr:nprofile1qqsdx3xlr7k4x0n4kss9mzh26azsdjdjxa7e7gr3gklvck7gxaknj9qppemhxue69uhkummn9ekx7mp08kq57r I think he had the same idea

Avatar
John Satsman 1w ago

Wut?