I am interested in using something like mimble wimble for a lottery application.
I want users to be able to spend fractions of their lottery tickets without writing anything on-chain.
Is this a reasonable application?
When someone finally wins, how much data do they need to write on-chain to claim their winnings?
What would that data look like?
I wrote about it here, but the documentation is written in the context of someone learning about that blockchain. https://github.com/zack-bitcoin/amoveo/blob/master/docs/design/sortition_chains.md
It is probably more helpful if I explain directly here.
Ethereum is currently using a patricia merkel tree to keep track of account balances.
mimble wimble is an alternative protocol to keep track of account balances.
but I want to keep almost all the mimble wimble stuff off-chain, and only publish the minimal slice of it to show who won the lottery.
I think there is no need for range proof in Gandalf's proposal as the pedersen commit in the output of the tx is described in the paper as non blinded (r = 0) and hence takes the form vL.
I don’t think so, because the
excess is still needed there and Bob’s public key P_b might contain some term proportional of