1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
Return-Path: <somber.night@protonmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 2FE02CA5
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 28 Dec 2018 21:42:02 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-40136.protonmail.ch (mail-40136.protonmail.ch
[185.70.40.136])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 809DC6FB
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 28 Dec 2018 21:42:01 +0000 (UTC)
Date: Fri, 28 Dec 2018 21:41:51 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=default; t=1546033318;
bh=6sK1WE3ju/iQHYi5smK51Fh7qztSDzvxtMEC35haUJI=;
h=Date:To:From:Reply-To:Subject:Feedback-ID:From;
b=Pju6xDN7ax3kvlU50By2sObLi4rczw6eD05+NTfOT/WxTqxtuKbtl3/gNsVlZCHhx
tFAgQXk43wyeg/NCND2jSt2y7ZK3VcKSCO2uZKgc2aYspV3JiShIVMWi7jBVpHckrb
43XSNZQACxAvL6D1jobisBZlSpnc8gtbOCN0etp8=
To: "bitcoin-dev@lists.linuxfoundation.org"
<bitcoin-dev@lists.linuxfoundation.org>,
"tensiam@hotmail.com" <tensiam@hotmail.com>
From: SomberNight <somber.night@protonmail.com>
Reply-To: SomberNight <somber.night@protonmail.com>
Message-ID: <3VIFGj5yxFpKlSgjMAlPCuTJOSzYkZI2l7tMwtQq4LStjiXgfS7A61jdZ5ZoyalJmjo71EQtNC_F06JgpQ1m046fWbq_6Nhe3BGkMOU-17I=@protonmail.com>
Feedback-ID: daQbrs0DpmRrllQYkksiX-ZnvUtz6D5CoTQt69spWvfuKGSaRC1oU4kOBEGTrhNvt_RBDz2CWSzCwYz6Ytdxzw==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, FREEMAIL_REPLYTO,
RCVD_IN_DNSWL_LOW autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Mon, 31 Dec 2018 14:02:50 +0000
Subject: [bitcoin-dev] Create a BIP to implement Confidential Transactions
in Bitcoin Core
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Dec 2018 21:42:02 -0000
Hi Kenshiro,
That is not how the BIP process works. Instead of requesting the creation
of a BIP, you just create one. :)
Re CT in Bitcoin, I have my doubts whether you can get consensus for that.
From section 4.6 of the Bulletproofs paper [0]:
"Bulletproofs ... are computationally binding. An adversary that could
break the discrete logarithm assumption could generate acceptable range
proofs for a value outside the correct range. ... An adversary that can
break the binding property of the commitment scheme or the soundness of
the proof system can generate coins out of thin air and thus create
uncontrolled but undetectable inflation rendering the currency useless"
I don't have the domain knowledge to debate whether quantum computers will
ever exist but AFAICT their emergence would easily kill a currency that
uses these kind of range proofs for confidential transactions.
[0]: https://eprint.iacr.org/2017/1066.pdf
> From: "Kenshiro []" tensiam@hotmail.com
>
> Hi,
>
> I think Confidential Transactions (CT) are a great idea to provide enough=
privacy for normal users (hidden amounts) and fungibility.
>
> I would like to request the creation of a BIP to implement CT in Bitcoin =
Core. I read that CT are already implemented in Grin and Monero so it looks=
that CT are enough mature to be implemented in Bitcoin.
>
> If the CT transaction size is 3x the size of a normal transaction the blo=
ck size could be increased by 3x too, or just keep the current block size a=
nd make CT transactions optional.
>
> Thank you!
|
