quotingThe new hotness?
nevent1q…vd83
allocinit.xyz/uploads/pipesv2.pdf
By sheer coincidence I was literally this morning thinking about witness encryption and why specialized forms of it feel like the right way forward. Then this pops up 😃
#cryptography #bitcoin
waxwing on Nostr: Trying to read this in a bit more detail, and now I think - lukewarm at best! Not ...
Trying to read this in a bit more detail, and now I think - lukewarm at best! Not only is the actual scheme they propose not practical - because it needs 100s of TB for the ciphertext - but for a much more important reason. The idea that "a secret key is locked behind providing a valid witness" involves, here, actually generating that secret key in advance. They propose doing so with an MPC protocol; even if the technicalities of that can be worked out, it still means that N of N parties could collude to bypass the proving mechanism. Not saying it's useless but it almost seems like their earlier idea (functional encryption rather than witness encryption) was actually the more interesting of the two. These are very vague, surface impressions though.