Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rangeproofs #1

Open
Moumi opened this issue Dec 4, 2017 · 3 comments
Open

Rangeproofs #1

Moumi opened this issue Dec 4, 2017 · 3 comments

Comments

@Moumi
Copy link

Moumi commented Dec 4, 2017

First off, I greatly appreciate your Python implementation of Borromean signatures. It helps me a lot in my project. Next, I would like to request a feature: range proofs.

Rangeproofs, as shown in here have the ability to hide the transaction amount also. This would mean that you don't need any P_i's anymore from the network, but can just create a Borromean signature from the commitments made for the rangeproof. Would it be possible to have those implemented? If needed, I can aid you in the progress.

@AdamISZ
Copy link
Owner

AdamISZ commented Dec 4, 2017

This repo was an educational exercise to help me with understanding during the process of writing this which was actually written in 2015 (despite the date on the pdf, that reflects minor edits). In that doc I go into the rangeproof construction in considerable detail (in the form used in the original Elements Alpha codebase; note that the Monero RingCT form described in your link is a slightly different (and suboptimal) form).
I'd be happy to offer any help you need if you want to try implementing it; I won't be doing so myself. By the way it seems increasingly likely that the Borromean ring signature style rangeproof will be totally superseded by the new bulletproofs design, you can read a bit about it in my blogpost here.

@Moumi
Copy link
Author

Moumi commented Dec 6, 2017

Hey @AdamISZ thanks for the reply. I actually managed with that post to construct range proofs. Therefore I thank you a lot for the clear post. I'm now in the process of understanding multi-input and multi-output aspects. Since you go in confidential transactions with 1-in and 1-out, with an additional fee. There's a missing connection with the stealth addresses that are being used.

I had the question if you would be able to explain the process of multi-input and multi-output and how the spend keys, derived from the incoming transactions, are used. In addition, how to link the created signatures and range proofs to a recipient. Is that possible for you to explain?

EDIT: I have seen the bulletproof design, but for my current research I just have to show the appliance of borromean signatures and how they are used. But I will definitely look into it for future work.

@AdamISZ
Copy link
Owner

AdamISZ commented Dec 6, 2017

I believe the features you're describing there (stealth addresses, spend keys) are specific to Monero; at least, they are not part of CT itself. I only have a passing knowledge of some aspects of Monero, and in particular I don't know much if anything about the whole of ringCT itself. You should reach out to Monero people; one place is on freenode #monero-research-lab , they have other channels they can guide you to to get answers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants