I sometimes have short questions I’d like to ask and would love a place to look at other questions too. I suppose that it’d need some sort of management to ensure that the best answer is next to the question which is not the default behaviour of the forum. Also there’d be nothing preventing a single question becoming a thread. I remember @renzokuken trying to get a Stack Exchange going. Just an idea though.
For now, here are some of the questions I have accumulated over time:
Does a wallet need its own real-time chain state to receive grin?
Could Lightning work on Grin for additional scalability?
Can you sign messages like in Bitcoin to prove that you have keys to an output?
Is there a coin that’s easier to enable atomic swaps with?
How long does it take for a transaction to reach every node currently?
Not really. Once the tx kernel appears on-chain (i.e. on the most-work branch), as required in a payment proof, then you definitely received the grin. So one does need the up-to-date chain state to verify the payment proof, but it’s not needed to perform the transaction.
In principal, yes. In fact there is a sketched design for payment channels, based on a new kernel type, NRD (No Recent Duplicate). That type can be used on testnet, but is disabled on mainnet, so that one could safely start experimenting with payment channel implementation on testnet. Building a lightning network on top will be a huge undertaking.
Certainly. E.g. Grin’s CoinSwap uses ownership proofs to prevent spam attacks.
I think Bitcoin is about as easy as it gets.
Similar to any other chain, I think. Should be on the order of seconds.
There will be inevitably. In roughly 1% of the time that someone finds a valid block, another will be found within a second, and they’ll compete for being extended further.
No; Grin cannot be burned. All grin ever produced must be distributed over the UTXO set of unspent outputs, and the rangeproof of each could only be produced with full knowledge of its blindings factor. So the rangeproof creator(s) of each output can still spend it unless they forgot their private key(s).
I think the answer is a clear no:
A transaction looks something like: (r2G + v2H) + (r3G + v3H) - (r1G + v1H) = (r2 + r3 - r1)G + 0H
So it involves EC multiplication and addition. Now one could guess the value parts to see which inputs and outputs belong together. Therefore there is also a kernel offset to prevent anyone from just guessing the values which would allow them so de-aggregate transactions in a block meaning they would know which inputs and outputs belong together.
I do wonder if there are any known attacks to trick someone in revealing a public key.
I understand correctly that, hypothetically, a private key can be selected for a bitcoin address with a quantum computer, but this does not apply to GRIN, since the address and amount are not visible.
A quantum computer will break Grin in the worst way possible, because it will find the discrete log of H, even if it takes years, and then one can arbitrarily inflate Grin by opening a Pedersen commitment to any desired amount, undetectably.
Of course, the owner of such a computer will prefer to undetectably inflate Zcash or Monero, with thousands of times more liquidity in dollars.
They could also steal bitcoin outputs with known public keys, but that will be detected once enough victims step forward with complaints of their well-protected funds getting stolen.
I personally have a hard time believing that quantum computers can scale. That nature would let us compute reliably with amplitudes as small as 2^-256. I’d love to make a bet with anyone who believes a quantum computer will break 256-bit cryptography within a decade.
That’s just forgetting the private key, a not-publicly-verifiable act.
I consider that different from the usual burning where anyone can verify that the funds were sent to an unspendable output.
