waxwing on Nostr: The tree is constructed publically (so both by the prover and the verifier, and ...
The tree is constructed publically (so both by the prover and the verifier, and whoever), from the public data of taproot pubkeys and sat values of the utxos. The privacy comes from the select-and-rerandomize algo, which makes a blinded version of the commitments xG + vH (in this application), adding rJ. So you can't claim a pubkey or amount that is different, and your knowledge of the private key is ensured by the proof of representation (see 3.6 in the paper).
Published at
2024-09-19 04:28:05Event JSON
{
"id": "d8cd3435d51c84feecc8671c64e321bc4167c1dc7ec69774373fc26b16dff718",
"pubkey": "675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728",
"created_at": 1726720085,
"kind": 1,
"tags": [
[
"e",
"7e011cf7d21d3cd01a566a6fa6882e27003671a4a64039ea43e33e18aafb4c09",
"",
"root"
],
[
"e",
"716fa18c7b82a38bf1f7d7b172ea09a4c248a6af21bf6edde746db1cfb039c00",
"",
"reply"
],
[
"p",
"675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728"
],
[
"p",
"c658a027806520596e9dd1197c1e793e1bf2eef5a177441c42f50b0f05c54f48"
]
],
"content": "The tree is constructed publically (so both by the prover and the verifier, and whoever), from the public data of taproot pubkeys and sat values of the utxos. The privacy comes from the select-and-rerandomize algo, which makes a blinded version of the commitments xG + vH (in this application), adding rJ. So you can't claim a pubkey or amount that is different, and your knowledge of the private key is ensured by the proof of representation (see 3.6 in the paper).",
"sig": "54695e1a105fa570a45adb088fea1c4190eefa204807db407a8752b5fe2c86c2dfd65d65fe1dc9690d128ca7d0dd9fa434dfd2b46c641bed929af47e4e9fe089"
}