Published on: 2013-10-07T19:01:03+00:00
A recent update on homomorphic coins reveals that further math validation and a test implementation are required. The initial results for a 2.5kB homomorphic valued coin have been surprisingly positive. While coin splitting incurs a 2.5kB range proof, coin adding, full spending, and mining are free due to the inability of adding existing range-proofed and validated coins to overflow. Additionally, users have the option to add a homomorphically encrypted "0" value to balance out the coin taint.Adam Back, a developer, made an error in his efficient version of Zerocoin-esque in size/cost. He realized that the parameter 't' in the proof is related to bitcoin precision and coin representation, with 't=51' instead of 't=2'. This realization has led him to revert to the less efficient version or explore other creative ideas, such as the experimental Schoenmaker non-standard p, q non-EC one, in order to simplify the proof. Mark Friedenbach's input has prompted the documentation of the current state of homomorphic coins. Adam Back has been researching this topic for several months, intrigued by its unique payment privacy features, particularly in relation to auditable but commercially sensitive information. Although the cost of the efficient version is approximately twice that of the current coin size and verification cost, it offers performance advantages in other aspects.Necessary changes to Schnorr, the EC version of Schnorr-based proofs, allow for n of n multiparty signatures or k of n multiparty signatures. This improvement reduces the verification cost and signature size to that of one pair of ECS signatures. For n > 2, this modification proves to be a space and efficiency enhancement over the existing Bitcoin system.In addition to his research, Adam Back has shared his findings on Bitcointalk, encouraging further discussion and collaboration. His mistake regarding the 't' parameter has sparked the need to return to the less efficient version. However, there are ongoing efforts to explore alternative solutions to simplify the proof by changing coin representation.Furthermore, Mark Friedenbach suggests the possibility of conducting external audits of customer accounts without disclosing private data, which would have applications beyond taxation. He welcomes any proposed solutions or ideas in this regard.
Updated on: 2023-08-01T05:57:40.705485+00:00