-
gingeropolous
can the atomic swap stuff being proposed be hacked to make payment channels / lightning network on monero?
-
zkao
gingeropolous, not in a reasonable way, swaps wouldn't be extensible to form payment channels natively. The current swap proposal works because it uses refund transactions in bitcoin. However, it should be possible to swap on-chain monero for lightning-bitcoin. From what i know, a way to enable native payment channels is DLSAG,
eprint.iacr.org/2019/595, written by prolific contributors of this community
-
sarang
Monero uses a zero-knowledge range proving system (Bulletproofs) to avoid commitment "overflow"
-
sarang
Its transaction protocol uses a witness-indistinguishable signature construction
-
sarang
And yes, I get very annoyed when people conflate "zero-knowledge proving system" with "privacy-preserving transaction protocol" automatically...
-
sarang
Also, hello
-
moneromooo
heya
-
sarang
FWIW "zero-knowledge proving system" has a precise technical meaning
-
sarang
The balance part of the transaction protocol relies on the Pedersen binding property
-
sarang
Which in turn relies on the discrete-log independence of our Pedersen generators
-
sarang
-
sarang
If the project were to move to something like Triptych or Arcturus or Lelantus or RingCT 3.0 or Omniring, then the transaction protocol would use a zero-knowledge proving system for transaction authorization as well... but the zero-knowledge property has _nothing_ to do with the ability to use a larger anonymity set
-
sarang
What it does is make it easy to mathematically argue about _protocol_ properties (signer ambiguity, balance, etc.)
-
sarang
These can be trickier to argue if you only have witness indistinguishability
-
sarang
But I'd say that in practice, the difference doesn't really matter
-
sarang
the end
-
sarang
How's the channel doing?
-
kenshamir[m]
<sarang "the end"> TLDR: Zero-knowledge is like Mjölnir , but not every problem is a nail :)
-
sarang
Heh
-
sarang
It's unfortunately been used as a "marketing term" in a way that I think hasn't been helpful
-
sarang
It's a really handy tool that can help build nice protocols
-
sarang
But having a hammer doesn't mean you automatically have a finished shed
-
kenshamir[m]
<sarang "It's unfortunately been used as "> A: "We have this business use-case, which seems impossible"
-
kenshamir[m]
A : "Can't seem to find my tooth-brush"
-
kenshamir[m]
B : "You tried applying a zero knowledge protocol to figure out its rough whereabouts, then use bulletproofs to trustlessly verify the GPS co-ordinates in linear time?"
-
kenshamir[m]
Ok, Im done :)
-
sarang
I always liked the Where's Waldo analogy (or whatever he's called... apparently it's different outside the U.S.)
-
kenshamir[m]
Over here, I think we use a "cave" analogy, but I can't remember
-
kenshamir[m]
Also like the Card analogy that Groth mentioned a few years ago
-
sarang
Suppose I have a Waldo picture and want to prove to you that I know where Waldo is, but don't want to show where
-
sarang
I cut a Waldo-sized hole in a big piece of cardboard
-
sarang
You turn around, and I place the picture behind the cardboard so the hole lines up with Waldo
-
sarang
You turn back around, and see that I found Waldo, but you don't gain any information about where in the picture he is
-
sarang
And further, once I take away the cardboard, you can't use my "proof" to claim to someone else that you know where he is
-
kenshamir[m]
Ahh right, I guess the card-board has to be at least double the size of the picture
-
sarang
Indeed!
-
kenshamir[m]
Card one: If I want to convince you that the card I have is red, without telling you the exact card. I show you the deck, then give you the 26 black cards
-
sarang
Oh nice
-
kenshamir[m]
You can deduce the card I have is indeed red, but you do not know which card. Saw Groth mention it in a video a couple years ago
-
sarang
So what we've demonstrated here is that all you need to build privacy-preserving transaction protocols is a deck of cards and a Waldo book
-
kenshamir[m]
Should we start a new blockchain?
-
sarang
Waldochain
-
kenshamir[m]
wen ico
-
kenshamir[m]
If you find waldo, you can take all the money from the chain
-
kenshamir[m]
In zero knowlege <- very important
-
gingeropolous
and the color of the cards is the only identifying feature?
-
kenshamir[m]
<gingeropolous "and the color of the cards is th"> Hmm good question.
-
kenshamir[m]
The colour case above is special because as soon as you prove your card does not have feature X, it implies that it has feature Y
-
sarang
Waldo wins!
-
Isthmus