I saw that switch commitments have been removed for various reasons.
Let me suggest a variant (idea suggested by Pieter Wuille initially):
The switch commitment is (v*G + b*H), where b = b' + hash(v*G + b'*H,
b'*J). (So this "tweaks" the commitment, in a pay-to-contract / taproot
style).
Before t
al, because the
> > probability cannot be amplified afterwards: If there is no
> > preimage,
> > you can compute as much as you want...
> >
> > [4] This is probably fine, because we decided to use Pedersen
> > commitments and computationally sound rang
t even there, this argument be made formal.
If you're really interested, look at Lemma 4.1 in
https://eprint.iacr.org/2017/604 or Lemma 1 in https://eprint.iacr.org/
2013/606.pdf.
On Fri, 2017-09-08 at 13:43 +0200, Tim Ruffing wrote:
> On Thu, 2017-09-07 at 18:12 +, Andrew Poelstra w
>
> > > > > >
> > > > > > Original Message
> > > > > > From: Michael Riley
> > > > > > Sent: Wednesday, November 15, 2017 06:45 PM
> > > > > > To: Andrew Bellenie ,mimblewimble@l
> &g
That's the first proposal idea is not "arbitrary" in the sense that you
could use it for every G project/company. I was looking for an idea
like that but couldn't find anything. A snake is also a careful hint
to Harry Potter (not too much in my opinion).
I like the idea very much, maybe someone w
On Mon, 2017-10-02 at 13:11 +0100, Yeastplume wrote:
> Once MimbleWimble is proven and observed in the wild, then there will
> be plenty of opportunity to experiment with different ideas via
> multiple assets or forks implementing different rules etc. However,
> for Grin at present I will argue for
On Thu, 2017-09-07 at 18:12 +, Andrew Poelstra wrote:
> It's true that people can put non-random things here which would be
> really
> bad for privacy. I don't think there's any efficiently-verifiable way
> to
> prevent that. Maybe requiring the data be a hash and requiring the
> preimage
> be
On Thu, 2017-09-07 at 16:47 -0400, 0xb100d wrote:
>
> It struck me (and this is clearly an immense technical overhead idea
> and likely very bad) that you could have two chains a MIM and a WIM
> one that was binding and one that was hiding, and you would move
> value from one to the other dependin
The poll has expired already. I guess this is not intentional.
On Thu, 2017-09-07 at 15:03 -0400, Ignotus Peverell wrote:
> Hi all,
>
> Following up on branding thread, I've put together an online poll for
> the coin name. Feel free to relay far and wind, this is to gather
> sentiment and opinion
Hi Jimmy,
ê is a bilinear map (a "pairing"), defined in line 87. (And I guess e
is just a typo, it should be ê.)
Pairings are often helpful in constructing crypto scheme, because they
add algebraic structure. The drawback is that you need special elliptic
curves; "normal" curves don't offer pairi
Hello,
I'm one of the authors of ValueShuffle. It's great to see this being
discussed here. There are a few general things I'd like to mention.
I'll definitively work on an implementation of CoinShuffle++ or
ValueShuffle over the summer. It's not yet clear what currency is the
target but the goa
11 matches
Mail list logo
