[cryptography] sander & ta-shma + bitcoin, b-money, hashcash (Re: Is BitCoin a triple entry system?)

Adam Back adam at cypherspace.org
Wed Jun 15 04:16:41 EDT 2011


Efficiency is relative.  Vs a central bank and Brands credentials its
inefficient - a handful of modexps vs say one hundred or a thousand.  Vs
bitcoin with longest hash chain wins, and minimum hash being 10 minutes work
for the entire network, I think straight DLREP on all the coins in a time
interval is OK.  And having to wait for a few intervals to have confidence
your transferred coin is in a non-orphan chain to have confidence vs pretty
much instant deposit.

Note you can tune the time interval size, and so the size of the DLREP
problem.  DLREP is linear in the number of coins.

Adam

On Tue, Jun 14, 2011 at 07:40:10PM +1000, James A. Donald wrote:
> It is not a design, but an idea for a design.
>
> There is no efficient zero knowledge proof that has the required
> properties.
>
>On 2011-06-14 6:13 PM, Adam Back wrote:
>> [...]
>> They use Merkle trees to improve the computation efficiency (reduce the
>> size of the representation problems that have to be presented and
>> verified).
>>
>> I dont understood why bitcoin didnt use it




More information about the cryptography mailing list