On Thu, 2017-09-07 at 18:12 +, Andrew Poelstra wrote:
> It's true that people can put non-random things here which would be
> really
> bad for privacy. I don't think there's any efficiently-verifiable way
> to
> prevent that. Maybe requiring the data be a hash and requiring the
> preimage
> be
On Thu, 2017-09-07 at 16:47 -0400, 0xb100d wrote:
>
> It struck me (and this is clearly an immense technical overhead idea
> and likely very bad) that you could have two chains a MIM and a WIM
> one that was binding and one that was hiding, and you would move
> value from one to the other
The poll has expired already. I guess this is not intentional.
On Thu, 2017-09-07 at 15:03 -0400, Ignotus Peverell wrote:
> Hi all,
>
> Following up on branding thread, I've put together an online poll for
> the coin name. Feel free to relay far and wind, this is to gather
> sentiment and
be amplified afterwards: If there is no
> > preimage,
> > you can compute as much as you want...
> >
> > [4] This is probably fine, because we decided to use Pedersen
> > commitments and computationally sound rangeproofs before the switch
> >
I saw that switch commitments have been removed for various reasons.
Let me suggest a variant (idea suggested by Pieter Wuille initially):
The switch commitment is (v*G + b*H), where b = b' + hash(v*G + b'*H,
b'*J). (So this "tweaks" the commitment, in a pay-to-contract / taproot
style).
Before
5 matches
Mail list logo
