1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 5B3C849B
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 14 Nov 2017 10:51:17 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-vk0-f49.google.com (mail-vk0-f49.google.com
[209.85.213.49])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id CA50F136
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 14 Nov 2017 10:51:15 +0000 (UTC)
Received: by mail-vk0-f49.google.com with SMTP id n63so2288662vkf.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 14 Nov 2017 02:51:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc;
bh=y21CDt2vT46TuZ6N05ZyTss9a09IFbjnOjqIQFxN93Q=;
b=Gt4iNrvfZbLf5cw+lQ8+pwaBE0P//aq/n/vI5kDThQAwml7/7qtEtRFeKhSoPvnh4P
NVPxLQf/A2KPsosK8RTDggwOE82AS1/D/W3CJdQ0UUwtauTu9anuAwQSKu/YFPtEUM3q
Ia42+gnRqf3D9+uZtatPDCoDQINdUJVuGfJut/KQmGZdE+2aokZyJR27OT4eLBJl/KYG
kagBrpBUQKIlrJHiF+BkhZbemkjYJPXhUQ35Fv/KCoiZrOD+8fVJJsScUQpA7dkZR5uP
aiD/abKCEdyziH00sL6o30ytq3igU4CR2lKMTQTqD/zSkIcCX3TpRRHiMkLYX3swc3Cs
pq+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:cc;
bh=y21CDt2vT46TuZ6N05ZyTss9a09IFbjnOjqIQFxN93Q=;
b=ZQ9oZnZPQLJ82R+U/Xuwet+jvHbc5LFjECIhypEqC5Hjr4Y76xYeW17R/u/24XMaKm
cBbQ200jQy58wpzLprR1ml1d1SdImfDuY/US+2fSuAjBuf8Jsmh4ZkkHIj8VvdYBRrNa
n1rWY4hMruxqgJqo61xeSJLUGoo7rprmPlEqe746xQUphoMHFhx+b5+Oa1lafcvG/bKU
SDhneY9nwPpoMe90nMEOXgY66VCZKgceLnc7GF1+UmAFEnoN6ze9Ar/bsltv6npqmRSc
j89lNXCGoR8IDwm0hBTZ/IHTebQ0KhaHz6yN9ZmBtXsPjlXsplAUMJpccuf5DVdato5L
M4Tg==
X-Gm-Message-State: AJaThX7J8G/AZ9y1uxQe5QJ9EGAzvkBfP0qePvXJtdoDFsdROpjBSFLp
hVVmkd3aGziKOxLM1ku7hl/F85JwI/VZztgjTF8=
X-Google-Smtp-Source: AGs4zMYJmW7MM8IPefd6AaHPzcM3Me4YsR9HNFRZ7BjlWAWi4TBAcJw1XbL9TlMrk1DDKQnmncWON0hl49vuWekIbFs=
X-Received: by 10.31.72.7 with SMTP id v7mr9103285vka.124.1510656673851; Tue,
14 Nov 2017 02:51:13 -0800 (PST)
MIME-Version: 1.0
Sender: gmaxwell@gmail.com
Received: by 10.103.85.148 with HTTP; Tue, 14 Nov 2017 02:51:13 -0800 (PST)
In-Reply-To: <CAAS2fgQVJU659NsX054YTTB1MCDWtSk9PXJo5+EgrBRRG+VDsw@mail.gmail.com>
References: <CAAS2fgQ0Cb2B=Ye2TnpfQqP4=kpZCxMWRXYB0CcFa71sQJaGuw@mail.gmail.com>
<20171114091123.GA29286@savin.petertodd.org>
<CAAS2fgQVJU659NsX054YTTB1MCDWtSk9PXJo5+EgrBRRG+VDsw@mail.gmail.com>
From: Gregory Maxwell <greg@xiph.org>
Date: Tue, 14 Nov 2017 10:51:13 +0000
X-Google-Sender-Auth: TfJoFt692oiLeMB-jaLtKPYYU-I
Message-ID: <CAAS2fgQSyzZ_1Cf+DQ4Vrs4wUHKe7Kk93p0ixq1xXXbFY8YXGQ@mail.gmail.com>
To: Peter Todd <pete@petertodd.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=0.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
FREEMAIL_FROM,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Updates on Confidential Transactions efficiency
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 10:51:17 -0000
On Tue, Nov 14, 2017 at 10:38 AM, Gregory Maxwell <greg@xiph.org> wrote:
> I think it's still fair to say that ring-in and tree-in approaches
> (monero, and zcash) are fundamentally less scalable than
> CT+valueshuffle, but more private-- though given observations of Zcash
While I'm enumerating private transaction topologies there is fourth
one I'm aware of (most closely related to ring-in):
take N inputs, write >= N outputs, where some coins are spent and
replaced with a new output, or an encrypted dummy... and other coins
are simply reencrypted in a way that their owner can still decode.
Provide a proof that shows you did this faithfully. So this one avoids
the spent coins list by being able to malleiate the inputs.
We never previously found an efficient way to construct that one in a
plain DL setting, but it's probably possible w/ bulletproofs, at least
for some definition of efficient.
|
