I recently stumbled across these two papers which show that it is possible to prove a 'hash' exists in a fixed sized accumulator. This is the basis behind ZeroCoin.
http://www.cs.stevens.edu/~mdemare/pubs/owa.pdfhttp://spar.isi.jhu.edu/~mgreen/ZerocoinOakland.pdfBased upon this, I would like to consider a new approach to merged-mining that is scalable to 1000's of chains. Normally you would have to include the entire merkel tree for all of the subtrees and then provide the 'index' in the tree that includes the hash of the alt-chain header in order to prove the work. This approach does not scale well as the size of the merkel tree quickly dwarfs the rest of the block-header with only 4 to 8 merged-mining chains.
If instead of using a merkel tree to 'prove the work', we first combined the hashs into the accumulator. Then calculate the proof-of-work on the accumulator, then submit the accumulator + key as the proof-of-work. The end result is that the block-header would only need to include, 1 nonce, 1 accumulator ( 160bit) and 1 key (160bit?) + normal block-header items.
Would such an approach be a better alternative to all existing merged mining strategies? Would it be as 'secure'?
