mimblewimble team mailing list archive
-
mimblewimble team
-
Mailing list archive
-
Message #00100
Re: To Schnorr or not to Schnorr
On Mon, Mar 27, 2017 at 11:48:47AM -0700, Oleg Andreev wrote:
> Andy, you mention a "20% space hit" for sound commitments. Do you mean the double space required by digit commitments (2 points vs 1)? If that's so, I'm investigating a pretty neat trick to save even that space, so the total overhead is probably just one point (compared to pedersen commitments w/o your 24% optimization).
>
> The idea is this: all digits must share the same blinding factor and a commitment to a pure blinding factor is shared among all of them. To prevent bruteforce discovery of the digits by cancelling the blinding part via subtraction of digits, each digit would use a different generator point (precomputed).
>
> So instead of these digit commitments (consisting of 2 points each):
>
> (d_i*H + f_i*G, f_i*J)
>
> you'd have these:
>
> (d_i*H + f*G_i, f*J)
>
> where f*J is the same point shared by all digits. G_i can be precomputed. For 64-bit numbers and base-4 you need at most 32 such generators.
>
> The draft of this proposal is in our git repo, we are still working on review and a proof of correctness and security:
>
> 1. Pre-computed generators: https://github.com/chain/chain/blob/confidential-spec/docs/protocol/specifications/ca.md#generators (we only generated 31 of them, 32nd is the ed25519 base point).
> 2. Verifying range proofs using these generators: https://github.com/chain/chain/blob/confidential-spec/docs/protocol/specifications/ca.md#validate-value-range-proof
>
> Would love to hear your thoughts on that!
> Oleg.
>
Hi Oleg,
Sorry, just getting this now.
I need think about this, but my first impression is it works. Very cool!
Cheers
Andrew
--
Andrew Poelstra
Mathematics Department, Blockstream
Email: apoelstra at wpsoftware.net
Web: https://www.wpsoftware.net/andrew
"A goose alone, I suppose, can know the loneliness of geese
who can never find their peace,
whether north or south or west or east"
--Joanna Newsom
Attachment:
signature.asc
Description: PGP signature
References