Author: Adam Back 2013-10-01 19:11:43
Published on: 2013-10-01T19:11:43+00:00
Adam Back, a developer, has been researching payment privacy constructs for a few months. He moved the topic to Bitcointalk and provided the impetus to write about the current state after figuring out an efficient version a few days ago. This construct provides different aspects of payment privacy, such as for auditable but commercially sensitive information, and may enable some features that have not been thought of yet. The efficient version is approximately 2x cost in terms of coin size and coin verification cost. The necessary changes to Schnorr allow n of n multiparty sigs or k of n multiparty sigs for the verification cost and signature size of one pair of ECS signatures. For n > 2, it is a space and efficiency improvement over the current bitcoin. However, Adam made a mistake in his writing about how the t parameter in the proof relates to bitcoin precision and coin representation (he thought t=2 but t=51), so he needs to return to the less efficient version. There are other creative ideas to change coin representation to simplify the proof, but this attempt failed. Mark Friedenbach mentioned providing external audits of customer accounts without revealing private data, which would be useful beyond taxation. If you have any solutions, he would be interested to hear them.
Updated on: 2023-06-07T17:19:09.356371+00:00