Further design and development now happens under the Slingshot repository:
interstellar / spacesuit Goto Github PK
View Code? Open in Web Editor NEWEfficient multi-asset confidential transactions
License: Apache License 2.0
Efficient multi-asset confidential transactions
License: Apache License 2.0
Further design and development now happens under the Slingshot repository:
Potentially also get performance comparisons against other confidential assets protocols.
This is prompted by the discussion in ZkVM interstellar/zkvm#28.
In ZkVM spec we use borrow
instruction that returns a WideValue which may have negative qty, but with absolute value still in u64 range. We are not exposing WideValues to the higher-level protocols, but we still need to represent the negative-but-in-range quantity in ZkVM and Cloak.
Cloak protocol must be updated to explicitly allow negative, but in-range input values. Outputs are still explicitly checked to be non-negative, and since inputs are in narrow range, overflow mod |G| cannot happen, and therefore negative quantities have to be compensated by the corresponding positive quantities in the Mix gadgets.
qty:u64
in AllocatedValue
with enum SignedInteger { Positive(u64), Negative(u64) }
.WDYT @cathieyun @vickiniu ?
PR here: #15
Problem
Currently we have value defined as three-item tuple (q,a,t)
, quantity, issuer, tag. This is a relic from the original ring-signature-based design in Sept 2017, where the tag
could've been used as a private key by an issuer to enable "confidential issuance".
In Bulletproofs, the prover must know all the secrets to compute per-proof values [*], which makes use of confidential "tag" impossible.
Proposal
Given the narrow role of the tag in the first place, we can completely get rid of it and simplify the implementation as a result.
tag
and issuer
.flavor
from a tuple (issuer, tag)
into a single scalar f
.[*] Strictly speaking, the prover can cooperate with the issuer to construct necessary pieces of the CS commitments and polynomials with the use of the secret tag, but it must be done per-transaction, and this way leaks the fact that the transaction involves that issuer's assets.
What's the difference between the main and master branch?
Each value is a triplet of amount, tag, issuer
.
amount
: represent a secret amounttag
: represents a customization part of the asset flavorissuer
: represent an issuer of the asset flavorIn transfers, all values are secret. In plain issuance, tag
and issuer
are not secret. In confidential issuance case, issuer
is non-secret generic program (which implements confidential issuance), while tag
is secret.
We have two options to represent the values:
V = amount*A + tag*B + issuer*C + blinding*D
. That's 32 bytes per output. In a 16-output transaction the size of commitments is less than the proof size (0.5Kb vs 1.5Kb).The problem is: we don't know how to adapt BP to work with such compressed commitment. It may turn out that to support it we'd need additional intermediate commitments, destroying the gains from the compression in the first place.
Suggestion:
spacesuit::transaction::fill_cs()
into spacesuit::cloak()
spacesuit::<gadget>::fill_cs()
into spacesuit::<gadget>()
.spacesuit::cloak()
and spacesuit::rangeproof()
and Value/AllocatedValue
types. The rest keep private to the crate.A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.