rangeproof: add a "net blinding factor" API for Elements #204
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I may add more commits to this but I think it's ready for review as-is. |
Our original API for Confidential Assets transaction balancing was the
single function `secp256k1_pedersen_blind_generator_blind_sum` which
attempts to take a complete list of vbfs and abfs and modifies a single
abf at the end. However this API has a number of shortcomings:
* it is really confusing
* it assumes that the user has all the abfs and vbfs in convenient
arrays, requiring marshalling on the C++ side
* it does not support partial computations, as are needed by PSET
* there is no easy/sensible way to extend this API to allow more
interesting of transaction balancing (e.g. by blinding only an
asset, leaving the value explicit)
The hope is that by exposing the arithmetic at a more fine-grained
level, these issues will be fixed. These methods can be abused to do
arithmetic on arbitrary scalars, but this is already possible (in an
ugly manner) by using secp256k1_seckey_tweak_add and explicit 0-checks.
apoelstra
force-pushed
the
2022-09--elements-api
branch
from
14620d1
to
ac0958f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our original API for Confidential Assets transaction balancing was the single function
secp256k1_pedersen_blind_generator_blind_sumwhich attempts to take a complete list of vbfs and abfs and modifies a single abf at the end. However this API has a number of shortcomings:The hope is that by exposing the arithmetic at a more fine-grained level, these issues will be fixed. These methods can be abused to do arithmetic on arbitrary scalars, but this is already possible (in an ugly manner) by using secp256k1_seckey_tweak_add and explicit 0-checks.