Skip to content

Instantly share code, notes, and snippets.

@pinheadmz

pinheadmz/HNS-PRNG.md

Created January 13, 2022 16:36
Show Gist options
  • Save pinheadmz/43782e26b1c53eea08bd5b7d83dd4d5d to your computer and use it in GitHub Desktop.
Save pinheadmz/43782e26b1c53eea08bd5b7d83dd4d5d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
HNS-PRNG.md

Abstract

Introduce new covenant types and backwards-compatible rules for miners in order to collectively generate a deterministic yet unpredictable random value over a period of time. This scheme relies on the assumption that miners are diverse (decentralized) and are competitive against each other, not collaborating with each other.

TODO

Introduce a method for accumulating the revealed random values over time, and committing that accumulated value to a block header or nulldata output of each coinbase transaction.

Apply that accumulated random value to the last day (144 blocks) of each auction's BIDDING phase (maybe based on xor'ing the namehash|height with the accumulated value) to determine when an auction is closed, and refuse to confirm new BIDs after that block.

Because the accumulated value may be different in each block, there must be some method of storing the state for auctions that are closed.

Goal

Require miners to commit and then ultimately reveal a random value.

Strategy

  1. Miners can not spend their mining rewards without contributing random values
    1. Introduce new covenant types with appropriate rules
  2. Miners are incentivized to generate new random values
    1. Allow a period where miner subsidy is "anyone with the value can spend"
    2. Re-used random values or low-entropy values allow coins to be stolen

Instead of using a hash/reveal scheme we use a privKey/signature scheme so if anyone does guess the secret value in advance they can sweep the miner's reward without actually revealing the secret value (introducing an "anyone can spend" race condition).

New coinbase transaction rules:

  • Each coinbase TX must pay the entire miner subsidy + fees in one output, which must have a COINBASE_BLIND covenant

  • To make this a SOFT FORK, the coinbase address MUST be a script hash address with the following script:

      OP_TYPE
      <COINBASE_SLASH>
      OP_EQUAL
      OP_IF
        OP_TRUE
      OP_ELSE
        <miner's normal wallet public key>
        OP_CHECKSIG
      OP_ENDIF

New covenants:

COINBASE_BLIND

  • items:
    • 33-byte blind_pubKey
  • rules:
    • only valid in coinbase TX
    • only valid once per coinbase TX
    • every coinbase TX must contain one to be valid
    • value must equal miner subsidy + all fees
    • can only be spent by index-linked output with COINBASE_REVEAL covenant
    • can only be spent after 244 confirmations (one day longer than existing coinbase maturity rule)

COINBASE_REVEAL

  • items:
    • 32-byte blind_privKey
  • rules:
    • only valid if index-linked input is a COINBASE_BLIND covenant
    • blind_privKey must be the private key for the blind_pubKey (i.e. privKey * G = COMPRESSED_ECDSA_POINT(pubKey))
    • index-linked input must have at least 244 confirmations (one day longer than existing coinbase maturity rule)
    • index-linked input must not be mature more than ten days (i.e. 244 > confirmations < 244 + (144 * 10))

COINBASE_SLASH

  • items:
    • 65-byte signature verified by blind_pubKey and using standard signature hash algorithm for this input as the message
  • rules:
    • index-linked input must have at least 100 confirmations (this is already the existing coinbase maturity rule)
    • index-linked input must not be mature more than one day (i.e. 100 > confirmations < 100 + 144)
    • the value of this output MUST be reduced by exactly 50% rounded down
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment