Study support of vaults in grin/mimblewimble

[ignopeverell]

Grin should already support in the near future:

• multisig using aggregate (formerly Schnorr) signatures ;
• time-locked transactions.

Using these primitives, figure out how to implement vaults [1] [2].

[1] http://hackingdistributed.com/2016/02/26/how-to-implement-secure-bitcoin-vaults/ [2] http://fc16.ifca.ai/bitcoin/papers/MES16.pdf

[yeastplume]

No panic on response, but what's the intended mechanism for time-locked transactions? Edit, never mind, I need to look at the other time-related issues more closely.

[ignopeverell]

You're in for some reading :-) It's mostly on the mailing-list, mixed up with more sophisticated contract explorations. I'd look over the following threads, check some of the replies as well:

https://lists.launchpad.net/mimblewimble/msg00022.html https://lists.launchpad.net/mimblewimble/msg00025.html https://lists.launchpad.net/mimblewimble/msg00036.html https://lists.launchpad.net/mimblewimble/msg00086.html

[yeastplume]

Heh... at some stage I'll have a look through that lot and try to summarise here, for easier future reference.

[antiochp]

Multisig we effectively get for free right? It can be handled entirely in the wallet impl?

http://diyhpl.us/~bryan/papers2/bitcoin/mimblewimble-andytoshi-INCOMPLETE-DRAFT-2016-10-06-001.pdf

Multisignature Outputs. We observe that CT rangeproofs can be produced interactively in the
same ways that Schnorr signatures can to produce multisignature outputs. Similarly the sinking
signatures can be trivially produced in a multiparty way. So support for multiparty signatures, while
not addressed in this article, is simply a matter of wallet support and requires no further changes to
the system.

[ignopeverell]

Andrew assumes Schnorr sigs in his paper, however those aren't ready yet (although getting close from what I can see at https://github.com/bitcoin-core/secp256k1/pull/461). So yes, once we have Schnorr, they'll basically come for free. For now, as we temporarily do ECDSA, we don't have multisig.

[antiochp]

Ahh makes sense - thanks!

[sesam]

In September, Schnorr sigs were not ready yet. Does Simple Schnorr Multi-Signatures with Applications to Bitcoin now mean that they are? Paper authors: Gregory Maxwell, @apoelstra, Yannick Seurin, and Pieter Wuille <-- Andrew or @antiochp might know what the next step or dependency is to move forward on vaults in grin

[sesam]

grin uses Schnorr since a couple months, and this issue talks about time locked transactions which we presumably already have. So with both pieces, what's left to research or implement in this issue?