Re: Cosign Consensus

Version 3

Last scraped

Edited on 07/07/2025, 19:57:17 UTC

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

1. How do you prove that the cosigners were chosen randomly?

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

2. A typical transaction has one input and two outputs. This implies a shortage of inputs available to cosign. How do you ensure that cosigners are available for each input and inputs are available for each cosigner?

It's only typical for consumers to create transactions that split coins. Merchants typically create transactions that merge ~~the many smaller~~ coins ~~created by consumer activity into one or a few large coins~~. Sometimes the number of inputs will be less than the number of outputs, which will delay cosigners, and sometimes the number of inputs will be greater than the number of outputs, which will delay confirmations, but there will always be a natural average of 1:1.

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

3. An attack seems possible in which the attacker creates transactions but refuses to cosign their assigned inputs. I think this was already suggested, but your reply was not clear to me.

When a cosigner is nonresponsive, the sender must replace their address. They must redact the first or previous transaction before publishing a new one to avoid having more than one version of a transaction in the mempool at a time.

Version 2

Edited on 30/06/2025, 20:27:15 UTC

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

1. How do you prove that the cosigners were chosen randomly?

By using a verifiable random function.

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

2. A typical transaction has one input and two outputs. This implies a shortage of inputs available to cosign. How do you ensure that cosigners are available for each input and inputs are available for each cosigner?

It's only typical for consumers to create transactions that split coins. Merchants typically create transactions that merge the many smaller coins created by consumer activity into one or a few large coins. ~~Half~~Sometimes the ~~time the~~ number of ~~input~~inputs will be less than the number of outputs, which will delay cosigners, and sometimes the ~~other half of the time the~~ number of inputs will be greater than the number of outputs, which will delay confirmations, but there will always be a natural average of 1:1.

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

3. An attack seems possible in which the attacker creates transactions but refuses to cosign their assigned inputs. I think this was already suggested, but your reply was not clear to me.

When a cosigner is nonresponsive, the sender must replace their address. They must redact the first or previous transaction before publishing a new one to avoid having more than one version of a transaction in the mempool at a time.

Version 1

Scraped on 30/06/2025, 20:02:05 UTC

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

1. How do you prove that the cosigners were chosen randomly?

By using a verifiable random function.

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

2. A typical transaction has one input and two outputs. This implies a shortage of inputs available to cosign. How do you ensure that cosigners are available for each input and inputs are available for each cosigner?

It's only typical for consumers to create transactions that split coins. Merchants typically create transactions that merge the many smaller coins created by consumer activity into one or a few large coins. ~~That means there will be times when~~Half the time the number of ~~inputs is~~input will be less than the number of outputs, which will delay cosigners, and the other ~~times when~~half of the time the number of inputs iswill be greater than the number of outputs, which will delay confirmations, but there will always be a natural average of 1:1.

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

3. An attack seems possible in which the attacker creates transactions but refuses to cosign their assigned inputs. I think this was already suggested, but your reply was not clear to me.

When a cosigner is nonresponsive, the sender must replace their address. They must redact the first or previous transaction before publishing a new one to avoid having more than one version of a transaction in the mempool at a time.

Original archived Re: Cosign Consensus

Scraped on 30/06/2025, 19:57:18 UTC

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

1. How do you prove that the cosigners were chosen randomly?

By using a verifiable random function.

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

2. A typical transaction has one input and two outputs. This implies a shortage of inputs available to cosign. How do you ensure that cosigners are available for each input and inputs are available for each cosigner?

It's only typical for consumers to create transactions that split coins. Merchants typically create transactions that merge the many smaller coins created by consumer activity into one or a few large coins. That means there will be times when the number of inputs is less than the number of outputs, which will delay cosigners, and other times when the number of inputs is greater than the number of outputs, which will delay confirmations, but there will always be a natural average of 1:1.

Quote from: odolvlobo on June 30, 2025, 05:01:20 PM

3. An attack seems possible in which the attacker creates transactions but refuses to cosign their assigned inputs. I think this was already suggested, but your reply was not clear to me.

When a cosigner is nonresponsive, the sender must replace their address. They must redact the first or previous transaction before publishing a new one to avoid having more than one version of a transaction in the mempool at a time.