Jeff Burdges

1. Did you consider nullifiers? Aka some value the storage of which prevents double spending? We'll need nullifiers anyways for anonymity solutions, like porting zcash sapling. The tricky part about...

Is there a github issue for O(1) storage purge yet? We'll maybe want that elsewhere like multi-block elections.. It feels silly not to have given how painful storage can become....

> Can you explain what kind of trust do we need to put on the trusted merge nodes? It's only that the merge node could publish some transactions without publishing...

Aside from lacking O(1) purge support, is there anything that prevents a parachain from supporting accounts with associated nullifier trees?

We could touch all nominators after every election to record "when last exposed", not sure what happens currently there. In principle, we could provide some tool off-chain that crawls the...

I'm not convinced we really need this honestly.. it's definitely nicer ux.. but does it buy us any concrete benefit?

I see.. yes, we could do bonded and never nominated rather cleanly. We could likely handle bonded but chilled cleanly too. Also bonded but all nominations dropped out or kicked...

1. Avoid xxhash here. It'll definitely have collisions. Ain't clear how one exploits them, but we do not care about the performance of one blake2 of 512 bits per block....

We'll want the Sassafras per-block VRF in approvals I think, not the current randomness accumulator value. An adversary would know the randomness accumulator before making their attack, so it gives...

As alloc works now, I think the biggest single annoyance turns out to be `std::io::Error` and `std::error::Error`, which cause no end of trouble. Related https://github.com/briansmith/ring/pull/869 https://github.com/ctz/rustls/issues/283 > The current implementation...