On Saturday, May 3, 2025 at 11:55:28 AM UTC Sanket Kanjalkar wrote:
> hash(UTXO_A||salt) + hash(UTXO_B||salt) - hash(UTXO_C||salt) - hash(UTXO_D||salt) == 0 (proving (A==C && B==D) || (A==D && B==C))

What if instead of hash we encrypt with AES and modular add/subs? I cannot prove it; but I also don't see a clear way this is broken. 

1. Sample random symmetric key `k`
2. Instead of above; AES_k(UTXO_A) + AES_k(UTXO_B) - AES_k(UTXO_C) - AES(UTXO_D) == 0 =>  (proving (A==C && B==D) || (A==D && B==C))?

AES in CTR mode is, I'm not sure about other modes? Obviously CTR mode would be unsuitable! (I mean sure modular add/sub and xor are different operations but they are quite close).  I think that in many modes the collision resistance would have to at least be restricted by the birthday bound with the small block size. I think CMC might be needed to avoid that sort of issue.

 

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n%40googlegroups.com.