Published on: 2016-02-13T16:55:31+00:00
In an email conversation between Henning Kopp and Jeremy Papp, they discuss the inclusion of the blinding factor in range proofs for confidential transactions. They explore various possibilities, such as encrypting the blinding factor with the receiver's public key or using shared secret generation. They note that ECC works differently from RSA, and instead of directly encrypting with a public key, a shared secret is generated using ECDH. Adding extraneous data is not a major issue since it would likely require segwit. However, it is important to consider that the sender would need to know the recipient's unhashed public key, which is not commonly used in Bitcoin transactions due to potential vulnerabilities to quantum computers. The conversation delves into technical aspects of blinding factors and shared secrets in Bitcoin transactions.The discussion continues in an email exchange where Jeremy suggests including the blinding factor in the extra data incorporated into the ring signatures used in the range proof. He considers the range proof optional for single output transactions, as there is only one possible value that can work. However, he is uncertain about how to transmit the blinding factor. Both Jeremy and Henning agree that adding extraneous data is not a significant concern, given that its usage would likely require segwit. They also envision protecting the blinding factor from outside examination through some form of shared secret generation. However, this approach necessitates the sender knowing the recipient's unhashed public key, which differs from the usual practice in Bitcoin transactions. Henning raises a question about how the receiver can verify the amount sent to them and suggests that the receiver needs to learn the blinding factor to reveal the commit off-chain. Henning is associated with Ulm University in Germany.In response to a user's query on Bitcoin development, the responder explains that the blinding factor would be included in the extra data embedded in the ring signatures used in the range proof for confidential transactions. They highlight that the range proof is optional for single output transactions and would require segwit if utilized. Adding extraneous data is not a significant concern in this context. The responder suggests that the blinding factor would likely be safeguarded from external scrutiny through shared secret generation. However, this would entail the sender knowing the recipient's unhashed public key, which deviates from the common practice of using hashed keys. The responder expresses uncertainty about any shared secret schemes applicable to hashed keys.Henning Kopp, a researcher at Ulm University in Germany, seeks clarification on confidential transactions. He raises a question regarding how the receiver can verify the amount sent to them when the sender creates a confidential transaction and accurately selects the blinding values. While anyone can still confirm the validity of the transaction as it remains publicly verifiable, Henning believes that the receiver needs to learn the blinding factor to reveal the commit off-chain. However, he requests further explanation regarding the process.
Updated on: 2023-08-01T17:48:08.274738+00:00