On Saturday, May 3, 2025 at 11:55:28 AM UTC Sanket Kanjalkar wrote:

> hash(UTXO_A||salt) + hash(UTXO_B||salt) - hash(UTXO_C||salt) - 
hash(UTXO_D||salt) == 0 (proving (A==C && B==D) || (A==D && B==C))

What if instead of hash we encrypt with AES and modular add/subs? I cannot 
prove it; but I also don't see a clear way this is broken. 

1. Sample random symmetric key `k`
2. Instead of above; AES_k(UTXO_A) + AES_k(UTXO_B) - AES_k(UTXO_C) - 
AES(UTXO_D) == 0 =>  (proving (A==C && B==D) || (A==D && B==C))?


AES in CTR mode is, I'm not sure about other modes? Obviously CTR mode 
would be unsuitable! (I mean sure modular add/sub and xor are different 
operations but they are quite close).  I think that in many modes the 
collision resistance would have to at least be restricted by the birthday 
bound with the small block size. I think CMC might be needed to avoid that 
sort of issue.

 

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n%40googlegroups.com.