To follow up on the remarkable work Greg announced from Benedikt Bünz (Stanford)
and Jonathan Bootle (UCL) on Bulletproofs: https://eprint.iacr.org/2017/1066
Summary
=
Over the last couple weeks, along with Jonas Nick, Pieter Wuille, Greg Maxwell
and Peter Dettmann, I've implemented the s
On Tue, Nov 14, 2017 at 10:38 AM, Gregory Maxwell wrote:
> I think it's still fair to say that ring-in and tree-in approaches
> (monero, and zcash) are fundamentally less scalable than
> CT+valueshuffle, but more private-- though given observations of Zcash
While I'm enumerating private transacti
On Tue, Nov 14, 2017 at 9:11 AM, Peter Todd wrote:
> I _strongly_ disagree with this statement and urge you to remove it from the
> paper.
I very strongly disagree with your strong disagreement.
> The worst-case risk of undetected inflation leading to the destruction of a
> currency is an easily
On Tue, Nov 14, 2017 at 01:21:14AM +, Gregory Maxwell via bitcoin-dev wrote:
> The primary advantage of this approach is that it can be constructed
> without any substantial new cryptographic assumptions (e.g., only
> discrete log security in our existing curve), that it can be high
> performan
On Tue, Nov 14, 2017 at 01:21:14AM +, Gregory Maxwell via bitcoin-dev wrote:
> Jump to "New things here" if you're already up to speed on CT and just
> want the big news.
> This work also allows arbitrarily complex conditions to be proven in
> the values, not just simple ranges, with proofs
Jump to "New things here" if you're already up to speed on CT and just
want the big news.
Back in 2013 Adam Back proposed that Bitcoin and related systems could
use additive homomorphic commitments instead of explicit amounts in
place of values in transactions for improved privacy. (
https://b
