1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
Return-Path: <pappjm@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 388FCEEE
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 9 Feb 2016 22:12:38 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yw0-f176.google.com (mail-yw0-f176.google.com
[209.85.161.176])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id CDD4B167
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 9 Feb 2016 22:12:37 +0000 (UTC)
Received: by mail-yw0-f176.google.com with SMTP id q190so506349ywd.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 09 Feb 2016 14:12:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=subject:to:references:from:message-id:date:user-agent:mime-version
:in-reply-to:content-type:content-transfer-encoding;
bh=SrnaLHbBQQ7bqrUn9ypWe4MlI+cKwMWn6lZCGKYZDnk=;
b=yENlcly+HcQfnM2z4KlYKqorfVgvmrESU9eAmDrxwwwgZtkbpWstIVRV6R38KQBSuu
x4wxpkCZdfw2oVBUwQFF38jgyIahFC3gYayAVHK1/zRp0NfWM+q0IGzNROt5ICN8d2G1
Fye9LeYpYbz0ZkABI5KZH9p1ngk/G0VKwEsH7S0BBfjNJpaghilk0MmMg7TPrvla9KgU
Y22OkeQOtqOIAHZ+RiBFyFx5o/8A6gBSlG5Ib7f+Zny46wGaVH+2tMOGgzUY0zW7O/Xj
9PzQ2OSM1vi7IUx4MVveMgkzvKzRVEmxfu/9QyzohWluzCcSPKNEf+s8firk3xNMbuQC
oLlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:subject:to:references:from:message-id:date
:user-agent:mime-version:in-reply-to:content-type
:content-transfer-encoding;
bh=SrnaLHbBQQ7bqrUn9ypWe4MlI+cKwMWn6lZCGKYZDnk=;
b=PrlKNiM+dz/R5JP2XdFa6hTQtJu+RcmDf3/cDCWTz9E8O3fpeEy0AYLjknzMqDdn7m
mcoKN+JhutC9xdRwbszssa5njFilkGURotobwVzOg9W42ZKf1t2qkJvDX/WGV/CbYFER
JMTZNRBP95RVJSGsNjsUAcKHacQ3iUSeM7AEzXDwCRqbgPyeeVHDhK/u9Lou3ntYSto3
rz3Bxsj6cSxOdFGt4YX7B1LmfqvApWKL/ey5jsMdENXJ4D+q6ZK5DpzEHlsjvABXXJTq
prIwYtZFFSS7uZANEK62ppj+B1LQraStoxuujXOJITFSyOK9U93MtuAFfPAiBKMZYzvv
ADfQ==
X-Gm-Message-State: AG10YORQRbaUjd/8MLOdKpGMuVIcw5e+j5UN7nO/PDcKb9iELSbX93z59/8ljeHK2BgPjw==
X-Received: by 10.129.34.133 with SMTP id i127mr19919567ywi.153.1455055957060;
Tue, 09 Feb 2016 14:12:37 -0800 (PST)
Received: from ?IPv6:2602:304:cfd3:380:d132:4228:3346:3b85?
([2602:304:cfd3:380:d132:4228:3346:3b85])
by smtp.gmail.com with ESMTPSA id t76sm91303ywe.47.2016.02.09.14.12.35
for <bitcoin-dev@lists.linuxfoundation.org>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 09 Feb 2016 14:12:35 -0800 (PST)
To: bitcoin-dev@lists.linuxfoundation.org
References: <20160209131215.GE2329@banane.informatik.uni-ulm.de>
From: Jeremy Papp <pappjm@gmail.com>
Message-ID: <56BA6455.9030803@gmail.com>
Date: Tue, 9 Feb 2016 16:12:37 -0600
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <20160209131215.GE2329@banane.informatik.uni-ulm.de>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 09 Feb 2016 22:14:53 +0000
Subject: Re: [bitcoin-dev] Question regarding Confidential Transactions
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2016 22:12:38 -0000
My understanding of the paper is that the blinding factor would be
included in the extra data which is incorporated into the ring
signatures used in the range proof.
Although, since I think the range proof is optional for single output
transactions (or at least, one output per transaction doesn't require a
range proof since there's only one possible value that it can be to make
the whole thing work, and that value must be in range, I'm not entirely
sure how you'd transmit it then, though in any case, since using it will
pretty much require segwit, adding extraneous data isn't much of a
problem. In both cases, I imagine the blinding factor would be
protected from outside examination via some form of shared secret
generation... Although that would require the sender to know the
recipient's unhashed public key; I don't know of any shared secret
schemes that will work on hashed keys.
Jeremy Papp
On 2/9/2016 7:12 AM, Henning Kopp via bitcoin-dev wrote:
> Hi all,
>
> I am trying to fully grasp confidential transactions.
>
> When a sender creates a confidential transaction and picks the blinding
> values correctly, anyone can check that the transaction is valid. It
> remains publically verifiable.
> But how can the receiver of the transaction check which amount was
> sent to him?
> I think he needs to learn the blinding factor to reveal the commit
> somehow off-chain. Am I correct with this assumption?
> If yes, how does this work?
>
> All the best
> Henning
>
|
