{
"subject": "Re: Not a suggestion",
"content": {
"format": "html",
"body": "<div class=\"post\">This is a very interesting topic. If a solution was found, a much better, easier, more convenient implementation of Bitcoin would be possible.<br/><br/>Originally, a coin can be just a chain of signatures. With a timestamp service, the old ones could be dropped eventually before there's too much backtrace fan-out, or coins could be kept individually or in denominations. It's the need to check for the absence of double-spends that requires global knowledge of all transactions.<br/><br/>The challenge is, how do you prove that no other spends exist? It seems a node must know about all transactions to be able to verify that. If it only knows the hash of the in/outpoints, it can't check the signatures to see if an outpoint has been spent before. Do you have any ideas on this?<br/><br/>It's hard to think of how to apply zero-knowledge-proofs in this case.<br/><br/>We're trying to prove the absence of something, which seems to require knowing about all and checking that the something isn't included.</div>"
},
"source": {
"name": "Bitcoin Forum",
"url": "https://bitcointalk.org/index.php?topic=770.msg8637#msg8637"
},
"date": "2010-08-11T00:14:22Z"
}