Thread

Zero-JS Hypermedia Browser

Relays: 5
Replies: 2
Generated: 06:27:21
avatar
Max max@towardsliberty.com npub1klkk...x3vt
Interesting, do you have more info on this? This seems more expressive and composable, probably with larger proof size. There's a new paper "Anchored Merkle Range Proofs for Pedersen Commitments" (ePrint 2025/1811, October) which might stay within your existing primitives, maybe more suitable than bullet proofs for you. How would you handle key compromise in the middle of the chain? Are the roles attached to the chain position?
2025-12-04 18:27:33 from 1 relay(s) ↑ Parent 2 replies ↓
Login to reply

Replies (2)

avatar
Zsubmariner co@zsubmesh.net npub1csmg...cakv
Oh, cool, that paper looks like exactly what we were thinking. I didn't know about it. No, the proofs are actually much smaller because they are recursive across the chain. (Like a kb-ish.) Compromise or just withdrawal of an attestation at any point in the chain is just a revocation sent to the trust anchor. There's a revocation merkle on the anchor and chain merkle in the chain. The roles (or properties... They don't have to be roles) are just stacked along the chain. Anchor -> admin -> moderator So, that's what you are proving. "I am a moderator according to an admin according to the anchor and none of the keys used in this chain is revoked"
2025-12-04 19:19:49 from 1 relay(s) ↑ Parent Reply