I am very curious about this idea; could be of great use to Marketcoin.
Edit: Sadly can't comment on weather it is more or less secure, but it certainly seems like a much better proposal than (ab)using the merkle tree.
Topic: Fixed-Size Merged Mining Proof-of-Work (1000's of chains) (Read 764 times)
I recently stumbled across these two papers which show that it is possible to prove a 'hash' exists in a fixed sized accumulator. This is the basis behind ZeroCoin.
http://www.cs.stevens.edu/~mdemare/pubs/owa.pdf
http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf
Based upon this, I would like to consider a new approach to merged-mining that is scalable to 1000's of chains. Normally you would have to include the entire merkel tree for all of the subtrees and then provide the 'index' in the tree that includes the hash of the alt-chain header in order to prove the work. This approach does not scale well as the size of the merkel tree quickly dwarfs the rest of the block-header with only 4 to 8 merged-mining chains.
If instead of using a merkel tree to 'prove the work', we first combined the hashs into the accumulator. Then calculate the proof-of-work on the accumulator, then submit the accumulator + key as the proof-of-work. The end result is that the block-header would only need to include, 1 nonce, 1 accumulator ( 160bit) and 1 key (160bit?) + normal block-header items.
Would such an approach be a better alternative to all existing merged mining strategies? Would it be as 'secure'?
http://www.cs.stevens.edu/~mdemare/pubs/owa.pdf
http://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdf
Based upon this, I would like to consider a new approach to merged-mining that is scalable to 1000's of chains. Normally you would have to include the entire merkel tree for all of the subtrees and then provide the 'index' in the tree that includes the hash of the alt-chain header in order to prove the work. This approach does not scale well as the size of the merkel tree quickly dwarfs the rest of the block-header with only 4 to 8 merged-mining chains.
If instead of using a merkel tree to 'prove the work', we first combined the hashs into the accumulator. Then calculate the proof-of-work on the accumulator, then submit the accumulator + key as the proof-of-work. The end result is that the block-header would only need to include, 1 nonce, 1 accumulator ( 160bit) and 1 key (160bit?) + normal block-header items.
Would such an approach be a better alternative to all existing merged mining strategies? Would it be as 'secure'?
Jump to: