Re: [Bitcoin-development] homomorphic coin value (validatable but encrypted) (Re: smart contracts -- possible use case? yes or no?)

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Adam Back <adam@cypherspace•org>
To: Mark Friedenbach <mark@monetize•io>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] homomorphic coin value (validatable but encrypted) (Re: smart contracts -- possible use case? yes or no?)
Date: Mon, 7 Oct 2013 21:01:03 +0200	[thread overview]
Message-ID: <20131007190103.GA6811@netbook.cypherspace.org> (raw)
In-Reply-To: <20131001191143.GA16116@netbook.cypherspace.org>

An update on the homomorphic coins, some more math validation & a test
implementation needs to be done, but a surprisingly good outcome so far of
predicted 2.5kB homomorphic valued coin.  Only coin splitting has to incur
the 2.5kB range proof.  Coin adding, full spending and mining is "free",
because adding existing range proofed and validated coins cant overflow by
definition (21 mil coin cap).  You can also (obviously I guess) add a
homomorphicaly encrypted "0" value to a few other peoples coin balance to
get a kind of taint mitigation.

https://bitcointalk.org/index.php?topic=305791.msg3294618#msg3294618

Adam

On Tue, Oct 01, 2013 at 09:11:43PM +0200, Adam Back wrote:
>Err actually not (efficient) I made a mistake that came out when I started
>writing it up about how the t parameter in the proof relates to bitcoin
>precision and coin representation (I thought t=2, but t=51).  Damn!  Back to
>the not so efficient version (which is more zerocoin-esque in size/cost), or
>the more experimental Schoenmaker non-standard p, q non EC one, or other
>creative ideas to change the coin representation to simplify the proof (of
>which this was a failed attempt).  See the bitcointalk thread for details.
>
>https://bitcointalk.org/index.php?topic=305791.new#new
>
>Adam
>
>On Tue, Oct 01, 2013 at 04:26:03PM +0200, Adam Back wrote:
>>On Sun, Sep 29, 2013 at 10:49:00AM -0700, Mark Friedenbach wrote:
>>>This kind of thing - providing external audits of customer accounts
>>>without revealing private data - would be generally useful beyond
>>>taxation. If you have any solutions, I'd be interested to hear them
>>>(although bitcoin-dev is probably not the right place yet).
>>
>>Thanks for providing the impetus to write down the current state, the
>>efficient version of which I only figured out a few days ago :)
>>
>>I have been researching this for a few months on and off, because it seems
>>like an interesting construct in its own right, a different aspect of
>>payment privacy (eg for auditable but commercial sensistive information) but
>>also that other than its direct use it may enable some features that we have
>>not thought of yet.
>>
>>I moved it to bitcointalk:
>>
>>https://bitcointalk.org/index.php?topic=305791.new#new
>>
>>Its efficient finally (after many dead ends): approximately 2x cost of
>>current in terms of coin size and coin verification cost, however it also
>>gives some perf advantages back in a different way - necessary changes to
>>schnorr (EC version of Schnorr based proofs) allow n of n multiparty sigs,
>>or k of n multiparty sigs for the verification cost and signature size of
>>one pair of ECS signatures, for n > 2 its a space and efficiency improvement
>>over current bitcoin.
>>
>>Adam

next prev parent reply	other threads:[~2013-10-07 19:01 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-27 23:41 [Bitcoin-development] smart contracts -- possible use case? yes or no? Melvin Carvalho
2013-09-28 20:15 ` rob.golding
2013-09-29  2:28   ` Neil Fincham
2013-09-29  8:32     ` Gavin Andresen
2013-09-29  9:37       ` Adam Back
2013-09-29 17:49         ` Mark Friedenbach
2013-10-01 14:26           ` [Bitcoin-development] homomorphic coin value (validatable but encrypted) (Re: smart contracts -- possible use case? yes or no?) Adam Back
2013-10-01 19:11             ` Adam Back
2013-10-07 19:01               ` Adam Back [this message]
2013-09-29  9:44       ` [Bitcoin-development] smart contracts -- possible use case? yes or no? Melvin Carvalho
2013-09-29  9:46     ` Melvin Carvalho
2013-09-29 11:33       ` Mike Hearn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131007190103.GA6811@netbook.cypherspace.org \
    --to=adam@cypherspace$(echo .)org \
    --cc=bitcoin-development@lists$(echo .)sourceforge.net \
    --cc=mark@monetize$(echo .)io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox