A way to prove existence with timestamp on Mimblewimble

Bitcoin allows a transaction to commit to a hash and hence prove existence of a data at a certain point in time. It's not obvious how to do that in Mimblewimble. The main issue is that everything that a transaction leaves forever on the chain is a Kernel which consists of features (1 byte) | fee (8 bytes) | lock_height (8 bytes) | excess (32 bytes) | signature (64 bytes)

As we can see, there's no place for a hash. One solution would be to add a hash and make sure the signature also signs that hash but this would mean we are making the kernel even bigger.

phyro / etcmw_braindump.md

Created February 14, 2020 15:24

ETC MW toilet napkin braindump

ETC MW napkin braindump

Define a new type of transaction that has a form a of a Pedersen commitment v*H + r*G where v denotes the amount and r is the blinding factor for v which also serves as a proof of ownership factor. Let's say Alice holds 100 ETC and wants to create her own Pedersen commitment that holds 20 ETC. She creates a transition transaction that has a transition type addr->pc and the to part holds a Pedersen commitment of type 20*H + r*G where r is the blinding factor. To verify the v part we can expose r*G public key and sign some message with it and then add 20*H to it and check if we do in fact arrive at the 20*H + r*G public key. This Pedersen commitment does not need a zero knowledge range proof to avoid inflation attacks because the value is public.

phyro / keybase.md

Created January 28, 2018 20:56

keybase.md

Keybase proof

I hereby claim:

I am phyro on github.
I am phyro (https://keybase.io/phyro) on keybase.
I have a public key whose fingerprint is D9CD 87AE 7489 EDFB F7D3 9438 20CC E2BE 3C8F FDF3

To claim this, I am signing this object: