[RFC-0012] Cold Minting

peerchemist · June 2, 2019, 10:35am

peercoin/rfcs/blob/master/text/0012-cold-minting/0012-cold-minting.md

# Cold Minting

- Status: proposed ("proposed", "agreed", "active", "implemented" or "rejected")
- Type: new feature
- Related components: (if any)
- Start Date: 08-05-2014
- Discussion: https://talk.peercoin.net/t/cold-storage-minting-proposal/2336 and https://github.com/peercoin/peercoin/pull/78
- Supersedes: (fill me in with a link to RFC this supersedes - if applicable)
- Superseded by: (fill me in with a link to RFC this is superseded by - if applicable)
- Author: Sigmike

## Summary

The main idea is the use of a new kind of address very similar to multi-signature addresses with two public keys, one that allows only minting and the other that allows only spending.

## Conventions
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](http://tools.ietf.org/html/rfc2119).

## Motivation

This file has been truncated. show original

sandakersmann · August 22, 2019, 11:25pm

I’m leaning against no on this one.

blackout7 · August 22, 2019, 11:36pm

Cold minting is a feature needed otherwise it will be useless (except security) to store Peercoin’s on hardware cold storage. It seems to be a difficult feature to implement otherwise it would have been done already right? I do not know protocol implication it affect though.

Nagalim · August 23, 2019, 12:18am

It is not prohibitively difficult to implement. The hesitation has everything to do with the potential development of ‘minting pools’ and their implications on a decentralized security model.

blackout7 · August 23, 2019, 12:20am

Oh I see. I didn’t think of this kind of implications. That’s clearly understandable.

Nagalim · August 23, 2019, 12:22am

There is a way to perform ‘air gapped’ minting with the current protocol. First, place your coins in a 2-of-3 multisig. Next, store two of the keys in cold storage. Now, use findstake.js to locate the next staking interval for your output. Manually form a coinstake transaction with a timestamp in the future of that minting window. Move the unsigned txn through an air-gap (use a USB or whatever) to your cold storage. Sign the txn with one of the cold keys. Move the partially signed txn back to the networked computer. Wait for the window, then form a block using the coinstake txn. Sign the block and the coinstake with the hot key. Broadcast.

You could hypothetically do this once a month and catch most of your mint reward. Creating the software to support doing it easily has not been a high priority however. Also, if we make it easy enough, a lesser form of minting pools becomes foreseeable.

linalouise · September 2, 2019, 3:41pm

What are the security issues with a minting pool?

Does a minting pool require the minting participants to hand over control and decision to the minting pool operator? In which case a malicious minting pool operator can use the pooled stake to perform a 51% attack?

Or is a PoS minting pool p2p and similar to PoW mining pool, in that every minter independently performs the stake finding and the reward is shared via the minting pool protocol?

If the PoS minting pool is p2p and each minter independently operates though collectively shares the reward, why would this necessarily be a security risk?

linalouise · September 2, 2019, 3:46pm

There should be a way for minters to easily mint without exposing their keys. This is one of the obstacles to widespread participation.