@OrsonJ and @sowle, congratulation for the release of the technical paper ! My only interrogation would be about the part 3.2, where it is said that hf could be considered random, but the owner somewhat controls f : wouldn't it be possible for him to choose a f that gives him an advantage in the resolution of the inequation 3.2 ? For instance, if f = L, wouldn't hf always be 0 because of the modulo L ?
Thank you too much!
This is a very good question! Indeed, if
f = L an adversary may stake very easily as L mod L = 0 and thus hf = 0 too. This is why I added f != 0 (mod L) requirement to section 3.3. And there's an easy way to ensure f != 0 for commitments without additional data. I'm going to cover this in the next paper update.
I was also wondering, is such scheme compatible with Cold Staking ? I couldn't find any info regarding this security feature on the roadmap, is this something that could be implemented in Zano in the future ?
We at Zano don't favor cold staking much because we believe it creates incentives that favor centralization.