Very good post, like it lots.
To our knowledge this problem has not been openly addressed by the academic community without introducing a trusted party as found in the RingCT 2.0 [4].
This is the same as my findings when you really start to up-scale to numbers over a hundred million and in the end the network becomes flooded
with chatter and the time characteristics will fall like a stone.
Do not confuse the word "trust" with control and really Pow or PoS and all the other concepts of "Proof" flying around really comes down to establishing
a type of trust between nodes which is fine with me and if a cluster of nodes (big fuck off machines) are needed to enhance the smooth running and they
don't get direct access to the "Money" then this is a price we must pay.
Academia should not veto practicalities, you have to have a trade off and more to the point admit it also because in the end you get found out
when things go wrong.
Thank you for the kind words!
The reference to trust was in the cryptographic context, specifically ring signature time complexity. Introducing a trusted party into a payment system on that level invalidates the decentralization property and thus it should not be acceptable to introduce into any decentralized payment system as it would be a step backwards from the original design outlined by Satoshi.
Sun et al. introduced a constant (linkable) ring signature size in their 2017 ePrint,
"RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero" [1] although it requires trust, our system is logarithmic and requires no trust. In this scenario, the performance trade-off to forgo the decentralization property is not sufficient.
It's not bad idea to cut Ring Signature from calculating TX ID, but do you think it's possible to combine Schnorr Signature with Ring Signature to reduce overall input/decoy size in transaction?
Hi ETFbitcoin,
That is an interesting concept, combining Schnorr Signature with ring signatures is possible although it would require further study to observe the cost benefit analysis. Herranz et al. proposed such a system in their 2003 ePrint:
"Forking Lemmas in the Ring Signatures' Scenario" however that system is still linear.
Hi ETFbitcoin,
Upon further study: a transaction in our system employs (linkable) ring signatures in two different places. On one side, the sender signs his transaction with the linkable ring signature scheme. On the other side, a ring signature is required in the process of proof-of-sum. If one of them is replaced by Schnorr's signature, the anonymity of the whole system will be decreased. Moreover, Boolberry uses a
special flag [2] to guarantees that a coin won't be spent without mixins. Such a technique is to deal with the problem caused by signing a transaction on behalf of a ring with only one participant. Since the Schnorr's signature can be regarded as a ring signature with one participant, we don't recommend combining it with ring signatures in Boolberry v2.
[1] -
https://eprint.iacr.org/2017/921[2] -
https://www.slideshare.net/boolberry/boolberry-solves-cryptonoteflaws-37055246