Hacker News new | comments | show | ask | jobs | submit login

At first I was worried of what would happen if the exchange introduced fake nodes with negative balances at the bottom of the tree, but there would be no way for them to hide that without the first real customer up to the root finding out (there would have to be a negative node that he/she could see). This sounds like a great idea!

Unless the negative valued customer and the surrounding customers never logged in... But thats a limitation of the scheme that can't be avoided. If a user never logs in you could just steal just their balance (and correctly set it to zero).

You also must make sure that all customers are seeing the same root, and that you can't do funny business like constantly update it to swap out which customers you're robbing. (e.g. it should be a daily or weekly updated thing).

You've got a point, the root of the tree could be made available to the main charting sites.. or even weekly written into the blockchain.

As for the negative values, I wasn't thinking of robbing anyone, but just pretending you are solvent when really you're not. I'm not sure I see what you mean by "swap out which customers you're robbing", could you expand?

E.g. say you have two customers with a balance of 100. You report the total is 100— so 100 BTC has gone missing.

When customer A logs in you give them one root and show them their balance (and B has a balance of 0). When customer B logs in— oops balances just update— you show them a new root, and in that one B has a balance of 100.

So you need to pin the commitments strongly enough so that the prover can't swap them out at will.

Thanks, I get it now. Hadn't thought of that.

Of course, if many people were connected at the same time, this would quickly become perilous gymnastics for the exchange.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact