Re: [Bitcoin-development] homomorphic coin value (validatable but encrypted) (Re: smart contracts -- possible use case? yes or no?)

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Adam Back <adam@cypherspace•org>
To: Mark Friedenbach <mark@monetize•io>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] homomorphic coin value (validatable but encrypted) (Re: smart contracts -- possible use case? yes or no?)
Date: Tue, 1 Oct 2013 21:11:43 +0200	[thread overview]
Message-ID: <20131001191143.GA16116@netbook.cypherspace.org> (raw)
In-Reply-To: <20131001142603.GA9208@netbook.cypherspace.org>

Err actually not (efficient) I made a mistake that came out when I started
writing it up about how the t parameter in the proof relates to bitcoin
precision and coin representation (I thought t=2, but t=51).  Damn!  Back to
the not so efficient version (which is more zerocoin-esque in size/cost), or
the more experimental Schoenmaker non-standard p, q non EC one, or other
creative ideas to change the coin representation to simplify the proof (of
which this was a failed attempt).  See the bitcointalk thread for details.

https://bitcointalk.org/index.php?topic=305791.new#new

Adam

On Tue, Oct 01, 2013 at 04:26:03PM +0200, Adam Back wrote:
>On Sun, Sep 29, 2013 at 10:49:00AM -0700, Mark Friedenbach wrote:
>>This kind of thing - providing external audits of customer accounts
>>without revealing private data - would be generally useful beyond
>>taxation. If you have any solutions, I'd be interested to hear them
>>(although bitcoin-dev is probably not the right place yet).
>
>Thanks for providing the impetus to write down the current state, the
>efficient version of which I only figured out a few days ago :)
>
>I have been researching this for a few months on and off, because it seems
>like an interesting construct in its own right, a different aspect of
>payment privacy (eg for auditable but commercial sensistive information) but
>also that other than its direct use it may enable some features that we have
>not thought of yet.
>
>I moved it to bitcointalk:
>
>https://bitcointalk.org/index.php?topic=305791.new#new
>
>Its efficient finally (after many dead ends): approximately 2x cost of
>current in terms of coin size and coin verification cost, however it also
>gives some perf advantages back in a different way - necessary changes to
>schnorr (EC version of Schnorr based proofs) allow n of n multiparty sigs,
>or k of n multiparty sigs for the verification cost and signature size of
>one pair of ECS signatures, for n > 2 its a space and efficiency improvement
>over current bitcoin.
>
>Adam

next prev parent reply	other threads:[~2013-10-01 19:11 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-27 23:41 [Bitcoin-development] smart contracts -- possible use case? yes or no? Melvin Carvalho
2013-09-28 20:15 ` rob.golding
2013-09-29  2:28   ` Neil Fincham
2013-09-29  8:32     ` Gavin Andresen
2013-09-29  9:37       ` Adam Back
2013-09-29 17:49         ` Mark Friedenbach
2013-10-01 14:26           ` [Bitcoin-development] homomorphic coin value (validatable but encrypted) (Re: smart contracts -- possible use case? yes or no?) Adam Back
2013-10-01 19:11             ` Adam Back [this message]
2013-10-07 19:01               ` Adam Back
2013-09-29  9:44       ` [Bitcoin-development] smart contracts -- possible use case? yes or no? Melvin Carvalho
2013-09-29  9:46     ` Melvin Carvalho
2013-09-29 11:33       ` Mike Hearn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131001191143.GA16116@netbook.cypherspace.org \
    --to=adam@cypherspace$(echo .)org \
    --cc=bitcoin-development@lists$(echo .)sourceforge.net \
    --cc=mark@monetize$(echo .)io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox