asciilifeform: not only to verify it, again and again every time a new machine is stood up,
asciilifeform: generating and broadcasting a tx imposes a cost on all users, for all time
asciilifeform: in essence you are paying holders of coin for the trouble of keeping up with your movements of same
asciilifeform: btw i suspect that 'tx must include a micro libation to the gods' -- i.e. a leak -- is a necessary component of 'hard vacuum', 0socialism trbi as discussed earlier
asciilifeform: so now miner has hard incentive to find actual tx in he wild, to fill his block.
asciilifeform: now, miner could generate them himself. but now let's also suppose that every tx must also leak an epsilon of coin to /dev/null.
asciilifeform: while we're doing trb-i : in addition to 'tx is 1024 bytes, and block is 1024 tx' , consider another item: 'block MUST contain 1024 valid tx'
asciilifeform: so, for instance, you can prove that a k-of-k (must have ALL parts) shamir split, where you then take each share and encipher with different method -- will NEVER be weaker than the strongest cipher used.☟︎
asciilifeform: i suspect that the most that can be hoped for, is a large pile of items that are provable to add ~zero or more~ headache to the enemy, individually AND in the aggregate.
asciilifeform: the movement can be farmed out to the specialist ( described in the last example )
asciilifeform: the bond can be, e.g., casks of rum, not necessarily btc.
asciilifeform: the other thing is, 'fallback' is a marketable ( per http://btcbase.org/log/2017-02-25#1618260 ) service. you can post a bond with somebody, and he gives you a fresh addr that you can use as fallback (if you drink it - he drinks up your bond, which is presumably more valuable than the addr amt.)☝︎
asciilifeform: 1 more upstack : it is possible to make a repudiatable fallback. ( how : you publish the privkey of the fallback addr, after, of course, you've successfully moved its contents to a new one. ) now it is not enough for enemy to find some d00d who knows the privkey to said fallback -- he also has to know ~who had it at time t~, because today ~everyone~ has it.
asciilifeform: 'Remember that most of these """journalists""" grew up either during Watergate or in its shadow, and so it's hardly surprising that they see the role of the press as some kind of unelected fourth branch of government whose job is to "take down" the President, if all else fails. Bernstein and Woodward are their gods.'
asciilifeform: mircea_popescu: 'cosigner' not in the idiot 'multisig' sense, but in the banking sense. 'this unencrypted input GUARANTEES validity of this tx, but if blinded input turns out valid, it does not get balance substracted.'
asciilifeform: i will guess that the scheme described above, is the closest anyone will ever see to an actual hard-solution to the given problem.
asciilifeform: (unless you botch your tx-making and end up invoking the fallback)
asciilifeform: well you would use a virginal pile of coin as the cosigner
asciilifeform: ( to revisit upstack : a transaction could have any number of blinded inputs, ordered by priority, if the ~sum~ moved is public, and there is at least 1 nonblinded fallback 'cosigner' input carried along. )
asciilifeform: mircea_popescu: last i heard, they set up a 'parallel whitehouse taiwan' to 'report' on.
asciilifeform: that way you can guarantee the validity of a blinded tx.
asciilifeform: which gets used if the primary input turns out to invalidate on unblind
asciilifeform: you could permit a tx to have an encrypted input, if it has a verifiable fallback input, rather like 'co-signer' in banking world
asciilifeform: btw i know of 1 simple way to make 'blinded input'
asciilifeform: it was obvious even to rms, the mushroom man
asciilifeform: mircea_popescu: that's what the 'trusted computing' / 'fritz chip' / etc. thing was about. and that it was about this, was obvious in 1995.
asciilifeform: Licensed Agents Of The Crown may, under some exceptional circumstances, add!111 but Only Terrorists could ever GCD.
asciilifeform: each based on mathematical sleight of hand, rather than actual crypto
asciilifeform: more recently, the zerocoin (or was it zcash..?) thing
asciilifeform: aha, and if anyone else can think of something that belongs on the list -- i'm all ears
asciilifeform: mircea_popescu no longer satisfied with the historic 'there's no taint damn you all to hell' solution to subj ?
asciilifeform: blinded output is trivial (many ways to unblind 1 or more blocks later); it is ~inputs~ that are the squared-circle.
asciilifeform: (i even suspect that it is possible to rigorously prove that these requirements are mathematically contradictory)
asciilifeform: now, a magical squaring of the 'anonymous tx' circle, where you lose ~nothing~, can prove a balance, verify a tx, and send entirely blinded, that satisfies everyone -- would technologically supplant classical algo. but there is no sign that such a thing is possible.
