Author: ZmnSCPxj 2021-08-10 11:37:37
Published on: 2021-08-10T11:37:37+00:00
The use of El-Gamal commitment scheme can lead to unconditional soundness in Bitcoin. A possible design for this is maintaining a non-CT block and a separately-committed CT block like SegWit. When transferring funds from the legacy non-CT block, one can put it into a "burn" transaction that causes the same amount to be created in the CT block. To move from the CT block back to legacy non-CT, one would match one of those "burn" TXOs and spend it with proof that the amount you are removing from the CT block is exactly the same value as the "burn" TXO you are now spending. The "burn" TXOs would be some trivial anyone-can-spend. Basically, this is "CT as a 'sidechainlike' that every fullnode runs". In the legacy non-CT block, the total amount of funds that are in all CT outputs is known, and will have a known upper limit, that cannot be higher than the supply limit of the legacy non-CT block. At the same time, *individual* CT-block TXOs cannot have their values known. This allows the CT block to use an unconditional privacy and computational soundness scheme. If somehow the computational soundness is broken, then the first one to break it would be able to steal all the CT coins, but not *all* Bitcoin coins, as there would not be enough "burn" TXOs on the legacy non-CT blockchain.
Updated on: 2023-06-03T05:23:06.186034+00:00