sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
CheckDavid has quit [Quit: Connection closed for inactivity]
tromp has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
Newyorkadam has joined #bitcoin-wizards
Newyorkadam has quit [Client Quit]
Newyorkadam has joined #bitcoin-wizards
tromp has quit [Ping timeout: 245 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Newyorkadam has quit [Quit: Newyorkadam]
Newyorkadam has joined #bitcoin-wizards
Newyorkadam has quit [Client Quit]
baikal has quit [Quit: ZNC 1.6.1+deb1 - http://znc.in]
tromp has joined #bitcoin-wizards
Newyorkadam has joined #bitcoin-wizards
nuncanada has quit [Ping timeout: 245 seconds]
tromp has quit [Ping timeout: 245 seconds]
nuncanada has joined #bitcoin-wizards
weez17 has quit [Quit: leaving]
d9b4bef9 has joined #bitcoin-wizards
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
Belkaar has quit [Ping timeout: 250 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Newyorkadam has quit [Quit: Newyorkadam]
Newyorkadam has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
Newyorkadam has quit [Client Quit]
tromp has quit [Ping timeout: 240 seconds]
son0p_ has quit [Quit: Lost terminal]
nuncanada has quit [Quit: Leaving]
Chris_Stewart_5 has quit [Ping timeout: 246 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
wfbarksdale has quit [Remote host closed the connection]
wfbarksdale has joined #bitcoin-wizards
superkuh has quit [Quit: offline for a bit.]
wfbarksdale has quit [Ping timeout: 246 seconds]
_whitelogger has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
tromp has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
tromp has quit [Ping timeout: 252 seconds]
d9b4bef9 has joined #bitcoin-wizards
ECH has joined #bitcoin-wizards
<ECH>
Hi. Is this the appropriate channel to ask a Q about confidential transactions?
<ECH>
From what I understand, a Confidential Transaction Address (CTA) is created via Base58Check (BTC address + blindingkey).
<ECH>
If this is the case, couldn’t anyone who sees that your CTA received a tx simply find the blinding key cuz base58 is bidirectional? Then use that to audit your address?
<ECH>
I feel like the answer to that is I need the private key to the blinding key to properly audit the tx. But I'm not sure why.
<maaku>
ECH: this is the correct channel to discuss confidential transaction in, generally
<maaku>
there is no address standard for confidential transactions not even a strawman proposal as far as I'm aware
<maaku>
but base58 is irrelevant. the information in the address is USED to create the transaction output paying you, but it is not relayed in the transaction itself
<maaku>
and no one knows your private key so, they can't recover the blinding factor from the ecdh commitment
<ECH>
maaku: thanks for responding!
<maaku>
ECDH is performed between the public key given in the CT address and an ephemeral key generated by the sender. the ephemeral key is committed to in the transaction, but to everyone else it might as well be random gobbledigook
<ECH>
Ah IC. I think that's the part I'm missing.
<maaku>
sender picks random number k, and random ephemeral secret key d. they put k*d*G in the transaction. the blinding factor is a hash of the resulting point
<maaku>
*is a hash of the point resuling from k*d*(receiver public key)
<maaku>
which the receiver calculates as k*(receiver's private key)*(sender's public key)
<ECH>
and in this it seems as if the blinding factor is built into the CTA.
<maaku>
no one else can do this without the receiver's (blinding) private key
<ECH>
Ah
<maaku>
correction, receiver calculates as (receiver's private key) * (committed ecdh value) [where committed value was k*d*G]
<maaku>
too late for me to explaining crypto :)
<ECH>
Haha
<ECH>
Was trying to think through that process.
<ECH>
That was very helpful. Thanks Maaku
<maaku>
ECH: (1) that link is blockstream documentation. blockstream uses base58 for the keys in their linquid product, but there isn't really any standard or strawman proposal that i'm aware
p0nziph0ne has quit [Ping timeout: 244 seconds]
<maaku>
i can tell you the people who designed that would not recommend it for broader use; it lacks all the niceties that bech32 addresses have
<maaku>
but the bech32 polynomial's properties break down for addresses of CT length. so a new polynomial needs to be found and I don't think that work has been completed yet
<ECH>
Yea. I was under the impression that they were trying it on liquid as a test to then possibly propose to core. I may have been mistaken.
<maaku>
ECH: (2) that link is about exporting and importing CT *blinding keys* not addresses
<ECH>
You know what the disconnect was for me? That I was treating CTA like standard BTC addresses.
<ECH>
everything makes sense now
<ECH>
So the CTA is what goes in blockchain as part of the UTXO. And it should be unique as the sender is creating the blinding factor.
<ECH>
combined with your address.
<ECH>
Dang okay. That works.
<maaku>
So the procedure on that page is exporting private information which is all you'd need to see the amounts. but an address alone wouldn't help you
<ECH>
Got it.
<maaku>
CT addresses *are* a bit like bitcoin addresses. They have the information you need to send coins to the recipient.
<ECH>
Yea. But the static property is what tripped me up
<ECH>
or thinking they were static.
<maaku>
I'm not sure what you mean by non-static?
<ECH>
The CTA is a one time use address that's generated by a random number + an address right?
<ECH>
So the random # should change.
<ECH>
unless the sender repeatedly sent it to the same address and used the same # over and over again for multiple tx's.
<maaku>
No to the details of that. Yes an address *should* be single use. But the "blinding" portion of an address is static in current CT implementations afaik
p0nziph0ne has joined #bitcoin-wizards
<maaku>
(static to the wallet, and which is actually a flaw that should be fixed if it isn't already)
<maaku>
the CT address is a tuple of {blinding public key, <script details>}
<maaku>
The blinding public key is not specific to the transaction, although that's probably good policy. It doesn't contain the blinding factor / nonce.
<maaku>
The nonce is committed to in the output itself, within the transaction.
<maaku>
A CT transaction output is {Pedersen commitment, ecdh nonce, scriptPubKey}
<maaku>
The commitment is v*G+k*H; k is calculated as H(d*ecdh), where d is the secret key corresponding to the blinding public key in the address
tromp has joined #bitcoin-wizards
<maaku>
So what's in the address is the information necessary for the sender to make the transaction. The transaction contains the information necessary for the recipient to receive it.
<maaku>
ECH: that clear things up?
<ECH>
Yea. A ton.
<ECH>
I like how you broke down the CTA and CT transaction.
<ECH>
that was helpful
<ECH>
I was thinking about trying to write up an ez guide to CT for newbs.
<maaku>
That would be much appreciated!
<ECH>
Not sure that's likely anymore though.
<ECH>
Haha
<ECH>
I'm going to have to do some more reading.
tromp has quit [Ping timeout: 246 seconds]
<maaku>
When a wallet sees a transaction with a a script it recognizes as its own (or an script it knows) it completes the ECDH, hashes to get the blinding factor, and attempts to rewind the rangeproof, which it can do if the blinding factor is correct
Zenton` has joined #bitcoin-wizards
Zenton has quit [Ping timeout: 245 seconds]
<maaku>
For mimblewimble the story isn't as good.. all outputs have the same script (OP_TRUE), so you have to try unwinding using any keys you have
<maaku>
I actually don't know if there's been a better soultion worked out for this.. would be interested if anyone else knows.
harrymm has quit [Ping timeout: 240 seconds]
harrymm has joined #bitcoin-wizards
harrymm has quit [Max SendQ exceeded]
harrymm has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
Traino has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
tromp has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
Traino has quit [Remote host closed the connection]
Traino has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
wfbarksdale has joined #bitcoin-wizards
arubi has quit [Remote host closed the connection]
arubi has joined #bitcoin-wizards
wfbarksdale has quit []
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
harrymm has quit [Ping timeout: 272 seconds]
deusexbeer has quit [Ping timeout: 250 seconds]
deusexbeer has joined #bitcoin-wizards
dvknv has quit [Remote host closed the connection]
dvknv has joined #bitcoin-wizards
harrymm has joined #bitcoin-wizards
abcbc has joined #bitcoin-wizards
Traino has quit [Ping timeout: 250 seconds]
abcbc has quit [Ping timeout: 250 seconds]
Zenton` has quit [Quit: ERC (IRC client for Emacs 25.2.2)]
Zenton has joined #bitcoin-wizards
JackH has joined #bitcoin-wizards
weez17 has joined #bitcoin-wizards
_whitelogger has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 250 seconds]
samm_ has quit [Ping timeout: 252 seconds]
samm__ has joined #bitcoin-wizards
SopaXorzTaker has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
<andytoshi>
no, but we got trial-rewinding down to 3.5 microseconds on my laptop
<andytoshi>
or 280k outputs per second
<andytoshi>
oh, that does not include the ECDH. you'd need to use some symmetric key to actually get that performance.
tromp has joined #bitcoin-wizards
<andytoshi>
oh, but in MW you're always encrypting to yourself, so you would do this
bsm117532 has quit [Ping timeout: 268 seconds]
dnaleor has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
TheoStorm has quit [Ping timeout: 252 seconds]
deusexbeer has quit [Quit: Konversation terminated!]
deusexbeer has joined #bitcoin-wizards
wildermind has joined #bitcoin-wizards
<instagibbs>
Also afaik, all CT implementations use blinding keys which are static with respect to the scriptPubKey only.
<instagibbs>
At least Elements/Liquid does
Belkaar has quit [Quit: bye]
Chris_Stewart_5 has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
nuncanada has joined #bitcoin-wizards
dnaleor is now known as TheoStorm
samm__ has quit [Read error: Connection reset by peer]
samm__ has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 252 seconds]
betawaffle has quit [Excess Flood]
betawaffle has joined #bitcoin-wizards
yoleaux has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 246 seconds]
tromp has joined #bitcoin-wizards
enemabandit has joined #bitcoin-wizards
tromp has quit [Ping timeout: 246 seconds]
TheoStorm has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
RubenSomsen has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
comboy has quit [Ping timeout: 268 seconds]
tombusby has quit [Ping timeout: 250 seconds]
comboy has joined #bitcoin-wizards
tombusby has joined #bitcoin-wizards
TheoStorm has quit [Quit: Leaving]
TheoStorm has joined #bitcoin-wizards
p0nziph0ne has quit [Quit: Leaving]
enemabandit has quit [Ping timeout: 245 seconds]
AaronvanW has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 252 seconds]
cannedprimates has joined #bitcoin-wizards
Apocalyptic has quit [Ping timeout: 245 seconds]
Apocalyptic has joined #bitcoin-wizards
intcat has quit [Ping timeout: 250 seconds]
intcat has joined #bitcoin-wizards
superkuh has joined #bitcoin-wizards
wildermind has quit [Quit: Connection closed for inactivity]
tromp has joined #bitcoin-wizards
tin_ has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
tromp has quit [Remote host closed the connection]
SopaXorzTaker has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
a5m0 has quit [Remote host closed the connection]
Guyver2 has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
a5m0 has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
Belkaar has quit [Quit: bye]
AaronvanW has quit [Remote host closed the connection]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 246 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
nuncanada has quit [Quit: Leaving]
Dizzle has joined #bitcoin-wizards
dvknv has quit [Remote host closed the connection]
dvknv has joined #bitcoin-wizards
dvknv has quit [Ping timeout: 240 seconds]
Krellan has quit [Read error: Connection reset by peer]
Krellan has joined #bitcoin-wizards
dvknv has joined #bitcoin-wizards
dvknv has quit [Ping timeout: 240 seconds]
Belkaar has quit [Quit: bye]
tin_ has quit [Ping timeout: 252 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
dvknv has joined #bitcoin-wizards
d9b4bef9 has quit [Remote host closed the connection]
d9b4bef9 has joined #bitcoin-wizards
nanotube has quit [Ping timeout: 240 seconds]
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
nanotube has joined #bitcoin-wizards
nanotube has quit [Ping timeout: 272 seconds]
tombusby has quit [Ping timeout: 250 seconds]
tombusby has joined #bitcoin-wizards
nanotube has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
dvknv has quit [Remote host closed the connection]
dvknv has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]