Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 25158E9A for ; Tue, 9 Feb 2016 13:19:36 +0000 (UTC) X-Greylist: delayed 00:07:07 by SQLgrey-1.7.6 Received: from smtp.uni-ulm.de (smtp.uni-ulm.de [134.60.1.26]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0FD19120 for ; Tue, 9 Feb 2016 13:19:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at uni-ulm.de Received: from banane.informatik.uni-ulm.de (banane.informatik.uni-ulm.de [134.60.77.114]) (authenticated bits=0) by mail.uni-ulm.de (8.14.9/8.14.9) with ESMTP id u19DCKqY006081 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for ; Tue, 9 Feb 2016 14:12:22 +0100 (CET) Date: Tue, 9 Feb 2016 14:12:15 +0100 From: Henning Kopp To: bitcoin-dev@lists.linuxfoundation.org Message-ID: <20160209131215.GE2329@banane.informatik.uni-ulm.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-DCC-EATSERVER-Metrics: poseidon 1166; Body=1 Fuz1=1 Fuz2=1 X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 09 Feb 2016 21:57:09 +0000 Subject: [bitcoin-dev] Question regarding Confidential Transactions X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Feb 2016 13:19:36 -0000 Hi all, I am trying to fully grasp confidential transactions. When a sender creates a confidential transaction and picks the blinding values correctly, anyone can check that the transaction is valid. It remains publically verifiable. But how can the receiver of the transaction check which amount was sent to him? I think he needs to learn the blinding factor to reveal the commit somehow off-chain. Am I correct with this assumption? If yes, how does this work? All the best Henning -- Henning Kopp Institute of Distributed Systems Ulm University, Germany Office: O27 - 3402 Phone: +49 731 50-24138 Web: http://www.uni-ulm.de/in/vs/~kopp