summaryrefslogtreecommitdiff
path: root/e1/219812dd61b3f0b288c9d63d84d560e00e98ad
blob: de22d1d71f68984c4a99164b370b2a40159613ea (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 5B3C849B
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Nov 2017 10:51:17 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-vk0-f49.google.com (mail-vk0-f49.google.com
	[209.85.213.49])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id CA50F136
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Nov 2017 10:51:15 +0000 (UTC)
Received: by mail-vk0-f49.google.com with SMTP id n63so2288662vkf.2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Nov 2017 02:51:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:sender:in-reply-to:references:from:date:message-id
	:subject:to:cc;
	bh=y21CDt2vT46TuZ6N05ZyTss9a09IFbjnOjqIQFxN93Q=;
	b=Gt4iNrvfZbLf5cw+lQ8+pwaBE0P//aq/n/vI5kDThQAwml7/7qtEtRFeKhSoPvnh4P
	NVPxLQf/A2KPsosK8RTDggwOE82AS1/D/W3CJdQ0UUwtauTu9anuAwQSKu/YFPtEUM3q
	Ia42+gnRqf3D9+uZtatPDCoDQINdUJVuGfJut/KQmGZdE+2aokZyJR27OT4eLBJl/KYG
	kagBrpBUQKIlrJHiF+BkhZbemkjYJPXhUQ35Fv/KCoiZrOD+8fVJJsScUQpA7dkZR5uP
	aiD/abKCEdyziH00sL6o30ytq3igU4CR2lKMTQTqD/zSkIcCX3TpRRHiMkLYX3swc3Cs
	pq+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
	:date:message-id:subject:to:cc;
	bh=y21CDt2vT46TuZ6N05ZyTss9a09IFbjnOjqIQFxN93Q=;
	b=ZQ9oZnZPQLJ82R+U/Xuwet+jvHbc5LFjECIhypEqC5Hjr4Y76xYeW17R/u/24XMaKm
	cBbQ200jQy58wpzLprR1ml1d1SdImfDuY/US+2fSuAjBuf8Jsmh4ZkkHIj8VvdYBRrNa
	n1rWY4hMruxqgJqo61xeSJLUGoo7rprmPlEqe746xQUphoMHFhx+b5+Oa1lafcvG/bKU
	SDhneY9nwPpoMe90nMEOXgY66VCZKgceLnc7GF1+UmAFEnoN6ze9Ar/bsltv6npqmRSc
	j89lNXCGoR8IDwm0hBTZ/IHTebQ0KhaHz6yN9ZmBtXsPjlXsplAUMJpccuf5DVdato5L
	M4Tg==
X-Gm-Message-State: AJaThX7J8G/AZ9y1uxQe5QJ9EGAzvkBfP0qePvXJtdoDFsdROpjBSFLp
	hVVmkd3aGziKOxLM1ku7hl/F85JwI/VZztgjTF8=
X-Google-Smtp-Source: AGs4zMYJmW7MM8IPefd6AaHPzcM3Me4YsR9HNFRZ7BjlWAWi4TBAcJw1XbL9TlMrk1DDKQnmncWON0hl49vuWekIbFs=
X-Received: by 10.31.72.7 with SMTP id v7mr9103285vka.124.1510656673851; Tue,
	14 Nov 2017 02:51:13 -0800 (PST)
MIME-Version: 1.0
Sender: gmaxwell@gmail.com
Received: by 10.103.85.148 with HTTP; Tue, 14 Nov 2017 02:51:13 -0800 (PST)
In-Reply-To: <CAAS2fgQVJU659NsX054YTTB1MCDWtSk9PXJo5+EgrBRRG+VDsw@mail.gmail.com>
References: <CAAS2fgQ0Cb2B=Ye2TnpfQqP4=kpZCxMWRXYB0CcFa71sQJaGuw@mail.gmail.com>
	<20171114091123.GA29286@savin.petertodd.org>
	<CAAS2fgQVJU659NsX054YTTB1MCDWtSk9PXJo5+EgrBRRG+VDsw@mail.gmail.com>
From: Gregory Maxwell <greg@xiph.org>
Date: Tue, 14 Nov 2017 10:51:13 +0000
X-Google-Sender-Auth: TfJoFt692oiLeMB-jaLtKPYYU-I
Message-ID: <CAAS2fgQSyzZ_1Cf+DQ4Vrs4wUHKe7Kk93p0ixq1xXXbFY8YXGQ@mail.gmail.com>
To: Peter Todd <pete@petertodd.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=0.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	FREEMAIL_FROM,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Updates on Confidential Transactions efficiency
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 10:51:17 -0000

On Tue, Nov 14, 2017 at 10:38 AM, Gregory Maxwell <greg@xiph.org> wrote:
> I think it's still fair to say that ring-in and tree-in approaches
> (monero, and zcash) are fundamentally less scalable than
> CT+valueshuffle, but more private-- though given observations of Zcash

While I'm enumerating private transaction topologies there is fourth
one I'm aware of (most closely related to ring-in):

take N inputs,  write >= N outputs,  where some coins are spent and
replaced with a new output, or an encrypted dummy... and other coins
are simply reencrypted in a way that their owner can still decode.
Provide a proof that shows you did this faithfully. So this one avoids
the spent coins list by being able to malleiate the inputs.

We never previously found an efficient way to construct that one in a
plain DL setting, but it's probably possible w/ bulletproofs, at least
for some definition of efficient.