Jeff Burdges

We used RSA blind signatures in https://taler.net/en/ because the verification runs much much faster. Arguably RSA blind signatures have a more fragile implementation since people might omit either of the...

There are no known attacks on the BLS signatures scheme security as a signature scheme, but.. We have no conservative curve choices for BLS, only fast curves designed for systems...

At least one if not both of the linked papers has a miller loop per ring member, which sounds like the slowest construction ever proposed. It depends on ring size,...

I'd forget 3 completely since someone else could pay too. I'd propose this scheme: At the relay chain side, we've a `purchase_blocks` call which spends some amount of DOTs on...

Yes, I'm thinking orders should stay valid for a long period or time. It's clear we need restrictions upon opening connections of course, but unclear why this means purchases expire...

Anyways, we've always wanted to permit parachains to design their own block production strategies. We do imho need an interface that excludes some really stupid ones, for which no `allow_connections`...

As an alternative.. We could decide that on-deman parachains should've one or two good block production and economic models, but they need not be anywhere near as flexible as full...

Alright @eskimor and I discussed this, all this pre-scheduling stuff exists to avoid doing a separate protocol for parathreads. We do more complex code elsewhere but avoid subtle refactoring.

Interesting.. It's legal for a collator to make multiple blocks at the same height, but we do not necessarily need to make it legal for them to make multiple blocks...

Yes, it's problematic if parachain block producers could spam everyone asking for their entire chain history. We could design anti-capture protocols that protect against this, which work assuming 2/3rd of...