in

Did Satoshi disappear to help create Monero? Here is an interesting old thread about privacy ideas.

[https://bitcointalk.org/index.php?topic=770](https://bitcointalk.org/index.php?topic=770)

Found the recent disucussion of the topic here: [https://np.reddit.com/r/Monero/comments/morrpp/satoshi_talking_about_privacy_features_that_got/](https://www.reddit.com/r/Monero/comments/morrpp/satoshi_talking_about_privacy_features_that_got/)

In this old thread on the BitcoinTalk forum there was an interesting privacy discussion. There are hints toward Ring signatures, stealth addresses, zk-snarks and even some description of how MimbleWimble works. This was years before those projects came to be. It was interesting to come across this. Here is the relevant information from Satoshi‘s quotes:

*This is a very interesting topic.  If a solution was found, a much better, easier, more convenient implementation of Bitcoin would be possible.*

*Originally, a coin can be just a chain of signatures.  With a timestamp service, the old ones could be dropped eventually before there’s too much backtrace fan-out, or coins could be kept individually or in denominations.  It’s the need to check for the absence of double-spends that requires global knowledge of all transactions.*

*The challenge is, how do you prove that no other spends exist?  It seems a node must know about all transactions to be able to verify that.  If it only knows the hash of the in/outpoints, it can’t check the signatures to see if an outpoint has been spent before.  Do you have any ideas on this?*

*It’s hard to think of how to apply zero-knowledge-proofs in this case.*

*We’re trying to prove the absence of something, which seems to require knowing about all and checking that the something isn’t included.*

——

*What we need is a way to generate additional blinded variations of a public key.  The blinded variations would have the same properties as the root public key, such that the private key could generate a signature for any one of them.  Others could not tell if a blinded key is related to the root key, or other blinded keys from the same root key.  These are the properties of blinding.  Blinding, in a nutshell, is x = (x * large_random_int) mod m.*

*When paying to a bitcoin address, you would generate a new blinded key for each use.*

*Then you need to be able to sign a signature such that you can’t tell that two signatures came from the same private key.  I’m not sure if always signing a different blinded public key would already give you this property.  If not, I think that’s where group signatures comes in.  With group signatures, it is possible for something to be signed but not know who signed it.*

*As an example, say some unpopular military attack has to be ordered, but nobody wants to go down in history as the one who ordered it.  If 10 leaders have private keys, one of them could sign the order and you wouldn’t know who did it.*

Edit: format



View Reddit by ethereumflowView Source

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

12 Comments

  1. Monero is everything Satoshi wanted bitcoin to be.

    Not sure if he worked on monero but he for sure guided that.

    He spoke of ring sigs and stealth addresses long before xmr.

  2. He got whacked a long time ago by people who knew what bitcoin could turn into, and they realized their mistake and are now reaping the ironic results when they couldn’t find his private key.

    That’s my theory.

Loading…

0

What do you think?

Raze Network to Launch its Public Distribution Sale on Balancer Liquidity Bootstrapping Pool

Raze Network to Launch its Public Distribution Sale on Balancer Liquidity Bootstrapping Pool

ETH Gas Price is at a low level today compared to what we had for weeks. Take advantage of it and do your wallet transfers, swaps and L1<->L2 transactions today.