:: Re: [unSYSTEM] ZeroCash - zero know…
Góra strony
Delete this message
Reply to this message
Autor: Justus Ranvier
Data:  
Dla: unsystem
Temat: Re: [unSYSTEM] ZeroCash - zero knowledge proof, seems promising
On 05/20/2014 02:57 AM, Kristov Atlas wrote:
> You join a group of people (ring) and share pubkeys, forming an
> aggregate ring pubkey. The crypto works so that others can confirm that
> a tx was signed with the appropriate privkey to spend, but they won't be
> able to tell which party in the ring signed it. I imagine this could
> work ad hoc using another party to orchestrate (e.g. obelisk server) or
> it could be arranged ahead of time and be performed asynchronously. All
> the parties need to do is exchange pubkeys, they don't need to continue
> signing each tx in the future. I'm not sure on this, but it may be even
> possible to scale that ring up to the size of all users of a
> crypto-currency willing to pre-publish their pubkey.


Based on my understanding of ring signatures, I'm not sure I understand
why using them would inherently require a facilitator, at least in the
context of how Bitcoin works.

You can harvest pubkeys from the blockchain by watching spending
transactions - you don't need the cooperation of the other private key
holders.

Then you can obfuscate the redemption script by encoding your receiving
address in P2SH format - that way nobody else knows the list of pubkeys
in the ring until you actually spend the output.