0 sats \ 0 replies \ @anon 8 Jun \ parent \ on: Introducing Ark V2 bitcoin
reading the post once again, the complexity with the design appears unavoidable. for each round, the users that wish to participate need to verify that their revocation secret was properly added to the new tree. such an invariant requires that the operator reveal all leaves to each and every user to prove that the operator is unable to abscond with the funds. if you do the math, this can quickly get to GBs or even TBs of information, which doesn't seem feasible at all. even more so if a zero knowledge proof is to be used in place.