Skip to content

Rejected features

clemahieu edited this page Oct 19, 2014 · 16 revisions

Interlocked transactions

It would be possible to put a send and receive action in to a single block but this would require a connection and agreement between the sender and receiver as to where the transaction should go in their respective block chains. Connecting in order generate a transaction would add complexity and breach much of the pseudonymity of the ledger. Interlocked transactions could also temporarily freeze either account for fork resolution if either of them generated a fork.

Infinite divisibility

It's possible to express each account balance as a fraction of the total coin supply. This would require peers to be able to operate on large rational numbers and there would need to be consensus guarding against fractions with large numerators and denominators that represents a disproportionately small balance. Using a fraction would also make block size variable which can hurt some block storage optimizations. The only necessary form of fractional balance would be n/2^m where m can be increased to generate smaller balances. This complexity seems unnecessary if we operate on integral coins from a sufficiently large pool.

Multiple-input/output blocks

It would be possible to construct blocks that could take multiple inputs and multiple outputs but this adds complexity to the receiving part of a transaction because we not only have to name the source send block but which entry in the send block we're receiving. This would also make blocks variable size which requires framing and hurts some block store optimizations. The same block would also be in multiple chains and the entire block would need to be rolled back if any the entries created a fork. Multiple inputs and outputs greatly increases complexity of the ledger algorithms.

FIPS/NIST Elliptic curves

We decided against using FIPS and NIST elliptic curves for a number of reasons. NIST and FIPS curves have some undesirable properties from an engineering standpoint, the recommended curves around the security range we're looking for, 256bit, were either far off from this number e.g. 233 or 283 bits, or were very close but inconveniently not exactly 256 bits e.g. they're 256 bits plus 1 sign bit. These curves also have a number of undesirable properties from a side-channel analysis perspective making decisions based on secret information which leaks timing information and given enough time can leak the keys used. There are a number of other complicated implementation details that are hard to get right. Attackers like difficult things because difficulty leads to mistakes and mistakes lead to vulnerabilities. ED25519 is an incredibly easy to use digital signing scheme, for more information see http://ed25519.cr.yp.to/

Interoperability