On Fri, Aug 18, 2017 at 07:37:33PM -0400, Ignotus Peverell wrote: > I think it makes sense. It's a reasonable price to pay and I like that it > makes it a lot easier to scan your unspent outputs. One question: switch > commitments reuse H and compute SHA256(rH). Any particular reason why we'd > want yet another generator? >
If I remember right, the crypto for unconditionally-sound rangeproofs [1] is simpler if we have a separate and dedicated generator for the second point. But I can't recall the details now, I'm feeling unwell and my head is foggy. Will need to revisit it. > And we'd likely use blake2 again instead of SHA256 but that's a detail. > Sure :) [1] https://github.com/apoelstra/secp256k1-mw/pull/1 -- Andrew Poelstra Mathematics Department, Blockstream Email: apoelstra at wpsoftware.net Web: https://www.wpsoftware.net/andrew "A goose alone, I suppose, can know the loneliness of geese who can never find their peace, whether north or south or west or east" --Joanna Newsom
signature.asc
Description: PGP signature
-- Mailing list: https://launchpad.net/~mimblewimble Post to : mimblewimble@lists.launchpad.net Unsubscribe : https://launchpad.net/~mimblewimble More help : https://help.launchpad.net/ListHelp
