📅 Original date posted:2022-02-25 📝 Original message:> El Gamal commitments, ...

Billy Tetrud [ARCHIVE] /

npub1xqc…cnns

2023-06-07 23:04:50

in reply to nevent1q…6lhg

📅 Original date posted:2022-02-25
📝 Original message:> El Gamal commitments, for example, are perfectly binding but only
computationally hiding.

That's very interesting. I stand corrected in that respect. Thanks for the
information Adam!

On Fri, Feb 25, 2022, 05:17 AdamISZ <AdamISZ at protonmail.com> wrote:

> > I really don't see a world where bitcoin goes that route. Hiding coin
> amounts would make it impossible to audit the blockchain and verify that
> there hasn't been inflation and the emission schedule is on schedule. It
> would inherently remove unconditional soundness from bitcoin and replace it
> with computational soundness. Even if bitcoin did adopt it, it would keep
> backwards compatibility with old style addresses which could continue to
> use ordinals.
>
> Nit: it isn't technically correct to say that amount hiding "inherently
> removes unconditional soundness". Such commitments can be either perfectly
> hiding or perfectly binding; it isn't even logically possible for them to
> be both, sadly. But we are not forced to choose perfect binding; El Gamal
> commitments, for example, are perfectly binding but only computationally
> hiding.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20220225/8c71070c/attachment-0001.html>;

Author Public Key

npub1xqcwcttsyk0a64d63crrwsxp88pa42np37rw87hrfn4uku78g2aqltcnns

Show more details

Published at

2023-06-07 23:04:50

Kind type

1 Short Text Note

Event JSON

{ "id": "324d1b4c6088e93c66ba1adc27dbd57211add7e09ab1edcace992e6819049f33", "pubkey": "3030ec2d70259fdd55ba8e063740c139c3daaa618f86e3fae34cebcb73c742ba", "created_at": 1686179090, "kind": 1, "tags": [ [ "e", "d02d0fc8bd4813916005a4f5a2fa0c9ad7cfa482c61e415689932ce1e4eff98a", "", "root" ], [ "e", "2100526f26cc12146f79ba9c84a8e19d8a4dc4dc3164aed1025eb8ec98909317", "", "reply" ], [ "p", "9b3cb9066a41d6c59c090531827defe6138e14f8b94a7802a8a183aa309a4e2b" ] ], "content": "📅 Original date posted:2022-02-25\n📝 Original message:\u003e El Gamal commitments, for example, are perfectly binding but only\ncomputationally hiding.\n\nThat's very interesting. I stand corrected in that respect. Thanks for the\ninformation Adam!\n\nOn Fri, Feb 25, 2022, 05:17 AdamISZ \u003cAdamISZ at protonmail.com\u003e wrote:\n\n\u003e \u003e I really don't see a world where bitcoin goes that route. Hiding coin\n\u003e amounts would make it impossible to audit the blockchain and verify that\n\u003e there hasn't been inflation and the emission schedule is on schedule. It\n\u003e would inherently remove unconditional soundness from bitcoin and replace it\n\u003e with computational soundness. Even if bitcoin did adopt it, it would keep\n\u003e backwards compatibility with old style addresses which could continue to\n\u003e use ordinals.\n\u003e\n\u003e Nit: it isn't technically correct to say that amount hiding \"inherently\n\u003e removes unconditional soundness\". Such commitments can be either perfectly\n\u003e hiding or perfectly binding; it isn't even logically possible for them to\n\u003e be both, sadly. But we are not forced to choose perfect binding; El Gamal\n\u003e commitments, for example, are perfectly binding but only computationally\n\u003e hiding.\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20220225/8c71070c/attachment-0001.html\u003e", "sig": "9f2d43f7e40b70c95a3100745390e5f641a04aaccaf0bd589949adbdfdb8959fb0182cb53eaf539e3ca80995c7d7dd119f7c7dbd83293418840a7fb368d2f587" }