|
bitcreditscc
|
 |
August 26, 2015, 12:14:27 PM |
|
But for this to work it has to be tethered to the BTC chain...and there we'll have our Bitcoin world war II
In fact, I foresee considerable opposition to implement sidechain hooks in Bitcoin Core. But sidechains can add so much value to Bitcoin that the change is likely to be implemented. If not, Bitcoin might soon become obsolete and give way to an equivalent network that implements extensibility via sidechains. I wonder what happens when the regulators realize that sidechains can put privacy and anonymity back ;-) It won't be "considerable" this is likely to be all out war, think about the statements made by core devs with regard to alternate coins.....then they go and cook this up.... so they will get immense push back for that, then there is the personal interest vector, then there are those who will oppose a means of getting back @ them for this block size issue All this before technical debates have even started... |
|
|
|
|
|
|
"Governments are good at cutting off the heads of a centrally
controlled
networks like Napster, but pure P2P networks like Gnutella and Tor seem
to be holding their own." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
Carlton Banks
Legendary
 Offline
Activity: 3430
Merit: 3071
|
|
August 26, 2015, 12:23:31 PM |
|
But for this to work it has to be tethered to the BTC chain...and there we'll have our Bitcoin world war II
In fact, I foresee considerable opposition to implement sidechain hooks in Bitcoin Core. But sidechains can add so much value to Bitcoin that the change is likely to be implemented. If not, Bitcoin might soon become obsolete and give way to an equivalent network that implements extensibility via sidechains. I wonder what happens when the regulators realize that sidechains can put privacy and anonymity back ;-) It won't be "considerable" this is likely to be all out war, think about the statements made by core devs with regard to alternate coins.....then they go and cook this up.... so they will get immense push back for that, then there is the personal interest vector, then there are those who will oppose a means of getting back @ them for this block size issue All this before technical debates have even started... What you're underestimating is the duration of the war. Sure, it will spread confusion, anger, defiance etc, but trends are so short these days, it'll probably blow over in a week or two. XT comes to irritate every now and again, but the enthusiasm doesn't last long. |
Vires in numeris
|
|
|
|
bitcreditscc
|
|
August 26, 2015, 12:39:15 PM |
|
But for this to work it has to be tethered to the BTC chain...and there we'll have our Bitcoin world war II
In fact, I foresee considerable opposition to implement sidechain hooks in Bitcoin Core. But sidechains can add so much value to Bitcoin that the change is likely to be implemented. If not, Bitcoin might soon become obsolete and give way to an equivalent network that implements extensibility via sidechains. I wonder what happens when the regulators realize that sidechains can put privacy and anonymity back ;-) It won't be "considerable" this is likely to be all out war, think about the statements made by core devs with regard to alternate coins.....then they go and cook this up.... so they will get immense push back for that, then there is the personal interest vector, then there are those who will oppose a means of getting back @ them for this block size issue All this before technical debates have even started... What you're underestimating is the duration of the war. Sure, it will spread confusion, anger, defiance etc, but trends are so short these days, it'll probably blow over in a week or two. XT comes to irritate every now and again, but the enthusiasm doesn't last long. We can only hope.... What i hate the most is today's cat rustling type of journalism. Somehow they can take any issue and whip up the world into a frenzy blowing things way out of proportion and spreading panic. Most of the crashes this week can be attributed to media's doomsday kind of reporting, if they even get a whiff of another issues, we'll all rue the day. |
|
|
|
|
|
tonych
Legendary
Offline
Activity: 964
Merit: 1008
|
|
October 08, 2015, 08:29:12 AM
Last edit: October 08, 2015, 08:52:42 AM by tonych |
|
Given our two generators we can build a commitment scheme like this:
commitment = xG + aH
Here x is our secret blinding factor, and a is the amount that we're committing to.
Does it mean that x and a are to be communicated privately (off-chain) from sender to recipient of coins? Anything else that is communicated privately? Also, are commitments required for outputs only or you need to include input commitments as well in your transaction data? If including input commitments, I wonder if it makes sense changing their blinding factors, not just copying them from source outputs. |
Simplicity is beauty
|
|
|
gmaxwell (OP)
Moderator
Legendary
Offline
Activity: 4158
Merit: 8382
|
|
October 08, 2015, 05:41:10 PM |
|
Does it mean that x and a are to be communicated privately (off-chain) from sender to recipient of coins? Anything else that is communicated privately?
Also, are commitments required for outputs only or you need to include input commitments as well in your transaction data? If including input commitments, I wonder if it makes sense changing their blinding factors, not just copying them from source outputs.
x is private by virtue of being the conveyed by an ECDH key negotiation. No external communication is required. (E.g. go build elements alpha, and give me an address from it and I'll send you some coins!). They're required for outputs only, and technically only when there are multiple outputs. Inputs are already known to be in range by virtue of having been created as outputs. |
|
|
|
|
tonych
Legendary
Offline
Activity: 964
Merit: 1008
|
|
October 08, 2015, 10:00:55 PM |
|
x is private by virtue of being the conveyed by an ECDH key negotiation. No external communication is required.
Do the wallets still need to connect directly, without touching the blockchain? How the receiver would learn the amount then? (E.g. go build elements alpha, and give me an address from it and I'll send you some coins!).
Do I have to be online at the same time as you? They're required for outputs only, and technically only when there are multiple outputs. Inputs are already known to be in range by virtue of having been created as outputs.
This is about range proofs but I asked about commitments. |
Simplicity is beauty
|
|
|
|
waxwing
|
|
October 10, 2015, 05:42:18 PM
Last edit: October 10, 2015, 05:57:34 PM by waxwing |
|
x is private by virtue of being the conveyed by an ECDH key negotiation. No external communication is required.
Do the wallets still need to connect directly, without touching the blockchain? How the receiver would learn the amount then? No, the idea is that addresses in Elements alpha contain an ECDH pubkey, so the sender can (non-interactively) send secret information to the receiver using ECDH key exchange. The amount of the transaction output is embedded into the range proof, without taking up more space (it's actually XORed in). No prior interaction is needed between sender and receiver (that's a pretty fundamental requirement of course). Do I have to be online at the same time as you?
No, see above. They're required for outputs only, and technically only when there are multiple outputs. Inputs are already known to be in range by virtue of having been created as outputs.
This is about range proofs but I asked about commitments. Both Pedersen commitments and range proofs are published to the network for each vout (utxo). You might find this doc I wrote useful if you're looking into the details: https://github.com/AdamISZ/ConfidentialTransactionsDoc/blob/master/essayonCT.pdf. For example, the diagram at the end (page 20) of the transaction layout. |
PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)
|
|
|
tonych
Legendary
Offline
Activity: 964
Merit: 1008
|
|
October 11, 2015, 07:28:27 PM |
|
Thanks, the doc was very useful for understanding the details. |
Simplicity is beauty
|
|
|
|
|
neerajmittal
Newbie
Offline
Activity: 36
Merit: 0
|
|
January 16, 2018, 11:37:59 AM |
|
Well, I'm impressed. Why you went to the trouble to implement your ring signature scheme makes a lot more sense now.Since the vast majority of transactions will be <42.94967295 BTC, almost all transactions will have exponent zero. So, transactions with exponent >0 will stand out and be much less anonymous. And the inputs and outputs to coin joins will need to have the same exponent.Nothing against it, the space saved is worth the loss of anonymity for very large transactions. But it is probably best to warn people about it so that no one uses confidential transactions incorrectly.Also, if I have several inputs with different exponents (let's say 0,1 and 2) and I want join them into a single ouput, will the protocol force me to have two outputs (with exp 0 and 2) or will it round down the amount.
|
|
|
|
|
|
