On Mon, Mar 27, 2017 at 11:48:47AM -0700, Oleg Andreev wrote: > Andy, you mention a "20% space hit" for sound commitments. Do you mean the > double space required by digit commitments (2 points vs 1)? If that's so, I'm > investigating a pretty neat trick to save even that space, so the total > overhead is probably just one point (compared to pedersen commitments w/o > your 24% optimization). > > The idea is this: all digits must share the same blinding factor and a > commitment to a pure blinding factor is shared among all of them. To prevent > bruteforce discovery of the digits by cancelling the blinding part via > subtraction of digits, each digit would use a different generator point > (precomputed). > > So instead of these digit commitments (consisting of 2 points each): > > (d_i*H + f_i*G, f_i*J) > > you'd have these: > > (d_i*H + f*G_i, f*J) > > where f*J is the same point shared by all digits. G_i can be precomputed. For > 64-bit numbers and base-4 you need at most 32 such generators. > > The draft of this proposal is in our git repo, we are still working on review > and a proof of correctness and security: > > 1. Pre-computed generators: > https://github.com/chain/chain/blob/confidential-spec/docs/protocol/specifications/ca.md#generators > (we only generated 31 of them, 32nd is the ed25519 base point). > 2. Verifying range proofs using these generators: > https://github.com/chain/chain/blob/confidential-spec/docs/protocol/specifications/ca.md#validate-value-range-proof > > Would love to hear your thoughts on that! > Oleg. >
Hi Oleg, Sorry, just getting this now. I need think about this, but my first impression is it works. Very cool! Cheers Andrew -- Andrew Poelstra Mathematics Department, Blockstream Email: apoelstra at wpsoftware.net Web: https://www.wpsoftware.net/andrew "A goose alone, I suppose, can know the loneliness of geese who can never find their peace, whether north or south or west or east" --Joanna Newsom
signature.asc
Description: PGP signature
-- Mailing list: https://launchpad.net/~mimblewimble Post to : mimblewimble@lists.launchpad.net Unsubscribe : https://launchpad.net/~mimblewimble More help : https://help.launchpad.net/ListHelp
