sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Khaytsus1 has quit []
AaronvanW has quit [Remote host closed the connection]
Guest59463 is now known as stoner19
stoner19 has quit [Changing host]
stoner19 has joined #bitcoin-wizards
ddustin has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
Aaronvan_ has joined #bitcoin-wizards
mauz555 has quit [Ping timeout: 272 seconds]
Barras2 has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 260 seconds]
ddustin has quit [Ping timeout: 265 seconds]
marcoagner has quit [Ping timeout: 265 seconds]
AbramAdelmo has quit [Remote host closed the connection]
AbramAdelmo has joined #bitcoin-wizards
mn3monic has joined #bitcoin-wizards
DeanGuss has quit [Ping timeout: 240 seconds]
rusty has quit [Quit: Leaving.]
rusty has joined #bitcoin-wizards
Aaronvan_ has quit [Remote host closed the connection]
AbramAdelmo has quit [Remote host closed the connection]
AbramAdelmo has joined #bitcoin-wizards
AbramAdelmo has quit [Remote host closed the connection]
PaulTroon has joined #bitcoin-wizards
bitdex has joined #bitcoin-wizards
shush has quit [Remote host closed the connection]
AbramAdelmo has joined #bitcoin-wizards
PaulTroon has quit [Ping timeout: 272 seconds]
AbramAdelmo has quit [Remote host closed the connection]
AbramAdelmo has joined #bitcoin-wizards
AbramAdelmo has quit [Remote host closed the connection]
queip has quit [Read error: Connection reset by peer]
bitdex has quit [Ping timeout: 240 seconds]
bitdex has joined #bitcoin-wizards
queip has joined #bitcoin-wizards
shush has quit [Remote host closed the connection]
shush has joined #bitcoin-wizards
shush has quit [Ping timeout: 240 seconds]
ddustin has joined #bitcoin-wizards
ddustin has quit [Ping timeout: 272 seconds]
tromp has joined #bitcoin-wizards
rusty has quit [Quit: Leaving.]
tromp has quit [Read error: Connection timed out]
gribble has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
gribble has joined #bitcoin-wizards
tromp has quit [Read error: Connection reset by peer]
tromp has joined #bitcoin-wizards
belcher has quit [Ping timeout: 246 seconds]
tromp has quit [Read error: Connection reset by peer]
tromp has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
tromp has quit [Ping timeout: 240 seconds]
wolfy13391 has quit []
brimstone1 has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
ddustin has joined #bitcoin-wizards
rusty has quit [Read error: Connection reset by peer]
imawhale has joined #bitcoin-wizards
jungly has joined #bitcoin-wizards
ddustin has quit [Ping timeout: 260 seconds]
PaulTroon has joined #bitcoin-wizards
tromp_ has joined #bitcoin-wizards
yanmaani has quit [Remote host closed the connection]
tromp has quit [Read error: Connection reset by peer]
yanmaani has joined #bitcoin-wizards
kurtc has joined #bitcoin-wizards
Coupe420 has quit [Read error: Connection reset by peer]
imawhale has quit [Quit: imawhale]
<kurtc>
hello ^^ in the bulletproof paper, (37) is equivalent to having the value v between 0 and 2^n - 1. the 3 equations could equivalently be compressed into 2 equations, keeping the first one and replacing the second and third one by just a_L o (a_L - 1) = 0^n. Could someone give an insight on why we do not start from this instead for the rest of the protocol in this part of the paper? Seems like it would allow to rewrite 4.1 with a little b
<kurtc>
it lighter protocol. I don't grasp very well the whole logic yet in particular the text between (63) and (64), but thanks a lot for any insight
someone235 has joined #bitcoin-wizards
brimstone1 has quit []
AaronvanW has joined #bitcoin-wizards
marcoagner has joined #bitcoin-wizards
feb has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
ddustin has joined #bitcoin-wizards
Zenton has joined #bitcoin-wizards
jcoe has joined #bitcoin-wizards
jcoe has quit [Ping timeout: 265 seconds]
ddustin has quit [Ping timeout: 272 seconds]
rusty has quit [Quit: Leaving.]
jcoe has joined #bitcoin-wizards
kinlo has quit [Ping timeout: 246 seconds]
jcoe has quit [Ping timeout: 272 seconds]
kinlo has joined #bitcoin-wizards
jcoe has joined #bitcoin-wizards
kurtc has quit [Ping timeout: 245 seconds]
<waxwing>
i think the reason you need a_R separately (and explicitly) defined there is so that commitments can be made that the verifier can verify without ever explicitly seeing a_L
fiatjaf has quit [Remote host closed the connection]
fiatjaf has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
<kurtc>
thank you for the response ! still following the paper, it seems like, even with those two equation you can still construct a l(X), r(X) and t(X) using two blinding vectors s_l and s_R to hide a_L. for example l(X) would become l(X) = a_L + s_L . X and r(X) would become r(X) = y^n o ( (a_L - 1^n) + s_R . X ) + z . 1^n. And you do the rest of the protocol similarly as in the paper (I used the fact that with the two equations instead, the
<kurtc>
dot product identity in (39) would become <a_L , (a_L - 1^n) o y^n + z . 2^n > = z . v )
<kurtc>
sorry, a typo is in r(X). I meant z . 2^n in the expression (and not z . 1^n)
belcher has joined #bitcoin-wizards
<kurtc>
I think the verifier would still not see a_R with the construct above, but I may be wrong ! will give a look at the link that you provided :)
fiatjaf has quit [Remote host closed the connection]
fiatjaf has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 246 seconds]
feb has quit []
imawhale has joined #bitcoin-wizards
toony1 has joined #bitcoin-wizards
Kiminuo has joined #bitcoin-wizards
jcoe has quit [Ping timeout: 272 seconds]
<kurtc>
*would still not see a_L
ghost43 has quit [Remote host closed the connection]
ghost43 has quit [Remote host closed the connection]
ghost43 has joined #bitcoin-wizards
brianhoffman has joined #bitcoin-wizards
toony1 has quit []
NotASpy1 has joined #bitcoin-wizards
bitcoin-wizards4 has joined #bitcoin-wizards
bitcoin-wizards4 has left #bitcoin-wizards [#bitcoin-wizards]
<waxwing>
kurtc i think what's happening here is that you're rewriting (or writing out) a protocol variable, but not changing the actual interaction between prover and verifier
<waxwing>
in noninteractive case we need prover to send A, S, T1, T2 curve points and then a logarithmic number for the inner product proof and then some scalars ... i don't think any of that changes?
<waxwing>
.. with A being the vector pedersen commitment encapsulating a commitment to the a_L related stuff
<waxwing>
i could for sure be wrong though, just took a brief look, it's been a while :)
bitcoin-wizards3 has joined #bitcoin-wizards
kurtc has joined #bitcoin-wizards
Kiminuo has quit [Ping timeout: 268 seconds]
bsm1175321 has joined #bitcoin-wizards
<kurtc>
you need to modify a bit the commitment A yea (basically replacing a_R by a_L would work i think). but yes the work of the calculations may be a bit simplier so that proof generation / verification may be a little faster, but that should not be more than few nano seconds or something ? for example the calculation of delta(y,z) will not be needed, and the l(x) and r(x) a bit faster to evaluate
bsm1175321 has quit [Client Quit]
yanmaani has quit [Remote host closed the connection]
yanmaani has joined #bitcoin-wizards
<waxwing>
oh i see, you're just arguing the calculation could be made simpler, sorry i didn't even think about that, bit dumb :)
<waxwing>
i dunno that seems like a harder thing to work out, possibly
<kurtc>
it would be def a bit faster but no idea by how much (likely negligeable i guess though :/ ?)