On Sun, Sep 29, 2013 at 10:49:00AM -0700, Mark Friedenbach wrote: >This kind of thing - providing external audits of customer accounts >without revealing private data - would be generally useful beyond >taxation. If you have any solutions, I'd be interested to hear them >(although bitcoin-dev is probably not the right place yet).
Thanks for providing the impetus to write down the current state, the efficient version of which I only figured out a few days ago :) I have been researching this for a few months on and off, because it seems like an interesting construct in its own right, a different aspect of payment privacy (eg for auditable but commercial sensistive information) but also that other than its direct use it may enable some features that we have not thought of yet. I moved it to bitcointalk: https://bitcointalk.org/index.php?topic=305791.new#new Its efficient finally (after many dead ends): approximately 2x cost of current in terms of coin size and coin verification cost, however it also gives some perf advantages back in a different way - necessary changes to schnorr (EC version of Schnorr based proofs) allow n of n multiparty sigs, or k of n multiparty sigs for the verification cost and signature size of one pair of ECS signatures, for n > 2 its a space and efficiency improvement over current bitcoin. Adam ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development