|
|
|
|
|
|
by petertodd
2496 days ago
|
|
|
Additionally you can use iterated hashing: take the block hash b and hash it n times as in H(H(H(H(b)))) etc. Since hashing is a serial operation, and each hash is a random mapping of input to output, with enough iterations (hundreds of billions) you make it completely infeasible for the miner to even know what the result was by the time they have to make the block public. Zcash actually did this for their second trusted setup; IIRC the delay was set to be about a week's worth of computation. It's a much better scheme for many use-cases than anything else I've seen in this conversation. The main downside is exactly when which participate actually finds out what the final result is isn't well defined. But for cases where you can commit to the result in advance that's fine. |
|
|