Justus, you're right. Any party "i" can compute a ring signature "s" on
a message "m" using "m", privkey_i, and pubkey_1 through pubkey_n.
ringsig(m, privkey_i, pubkey_1, ... pubkey_n) = s

-Kristov

On 05/20/2014 12:06 AM, Justus Ranvier wrote:
> Based on my understanding of ring signatures, I'm not sure I understand
> why using them would inherently require a facilitator, at least in the
> context of how Bitcoin works.
>
> You can harvest pubkeys from the blockchain by watching spending
> transactions - you don't need the cooperation of the other private key
> holders.
>
> Then you can obfuscate the redemption script by encoding your receiving
> address in P2SH format - that way nobody else knows the list of pubkeys
> in the ring until you actually spend the output.
>
>
> _______________________________________________
> unSYSTEM mailing list: http://unsystem.net
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem