[zapps-wg] Random Beacon Announcement
Sean Bowe
sean at z.cash
Thu Mar 22 15:53:58 EDT 2018
Hi Peter,
I mentioned in another discussion that I wanted to announce the beacon
in advance and publish it on the mailing list, signed, so that if I
had attempted to adaptively choose amongst different beacons someone
could demonstrate it by posting both signatures. I think this is good
enough; your suggestion is interesting too!
The timestamp is just a harmless demonstration of defense in depth.
Not including it might have suggested I couldn't; since it's cheap and
easy, why not.
Sean
On Thu, Mar 22, 2018 at 12:01 PM, Peter Todd <pete at petertodd.org> wrote:
> On Sun, Mar 18, 2018 at 03:54:42PM -0600, Sean Bowe via zapps-wg wrote:
>> Attached is the (signed) announcement of the random beacon.
>>
>> Also, it's been timestamped using OpenTimestamps.
>
> It's important to note that the OTS proof added little, if any, security to
> this random beacon, for the simple reason that creating multiple variations of
> it is nearly costless.
>
> A much more compelling proof would have been to burn some amount of BTC in an
> OP_RETURN output announcing the block that will be chosen. That's independently
> verifiable after the fact as expensive to do multiple times, and also acts as a
> timestamp.
>
> Though given the low number of possible blocks to use as a seed - and the
> apparent resistance of the use-case to partial influence - this may all be
> academic anyway.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
More information about the zapps-wg
mailing list