-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
3 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,8 +6,7 @@ In the Discreet Log Contract oracle model, oracles act as oblivious public entit | |
| their users act privately. | ||
|
|
||
| Due to DLC oracles' public nature, should they ever commit fraudulent acts such as spreading | ||
| false, invalid, or conflicting attestations, their fraud should be easily and compactly provable | ||
| and verifiable from public information. | ||
| false, invalid, or conflicting attestations, their fraud should be provable and verifiable from public information. | ||
| After all, oracle fraud comes in the form of an unforgeable attestation of false or invalid events, | ||
| or else in the form of multiple conflicting unforgeable attestations. | ||
|
|
||
|
|
@@ -57,7 +56,8 @@ always generate proofs which show that a fraudulent oracle attestation must exis | |
|
|
||
| The most important piece of this proof is the `aggregate_oracle_attestation` which is recoverable from | ||
| on-chain information as the difference between the broadcast CET's signature and its corresponding adaptor signature. | ||
| In the case that one has access directly to an oracle's attestation, then this can be used as the aggregate. | ||
| If `num_oracles = 1`, then the `aggregate_oracle_attestation` is directly equal to the attestation released by the one oracle. | ||
| As such, if one has access directly to an oracle's attestation, then this proof should use `num_oracles = 1`. | ||
|
|
||
| The `oracle_announcements` and `oracle_outcomes` are used to compute a signature point `S` corresponding to an anticipation of | ||
| these oracles attesting to these outcomes. | ||
|
|
@@ -141,14 +141,10 @@ for the same `oracle_announcement` but for different `oracle_outcome`s. | |
| * [`32*bytes`:`oracle_attestation_1`] | ||
| * [`nb_signatures*string`:`outcomes_2`] | ||
| * [`32*bytes`:`oracle_attestation_2`] | ||
| * [`32*bytes`:`oracle_private_key`] | ||
|
|
||
| This second kind of oracle equivocation proof is specialized and compressed (when compared to the other version) | ||
| to be optimized for equivocation proofs where the prover has direct access to non-aggregate `oracle_attestation`s. | ||
|
|
||
| This proof has the added feature of containing the `oracle_private_key` (which is computed from the announcement | ||
| and the two attestations). | ||
|
|
||
| ## Authors | ||
|
|
||
| Nadav Kohen <[email protected]> | ||
|
|
||