Nostr Web Client

Replying to

Hanshan

i don't think so.

maybe informally zkp have this soundness error

but its my understanding that the Petersen commitments that Monero uses are perfectly binding.

another wiki page

https://en.m.wikipedia.org/wiki/Commitment_scheme

Saberhagen The Nameless 10mo ago

PCs are perfectly hiding, but computationally binding, meaning a quantum adversay cannot break the hiding property(privacy), but can break the binding property(forge fake coins). AFAIK you can only have one or the other. El Gamal is the opposite.

Aside from a quantum adversary existing, it's still infeasible to break the binding property with PCs the same way it would be infeasible to figure out a Bitcoin private key from a public key

Here is another good write up by the grin community on PCs and commitment schemes:

https://docs.grin.mw/wiki/miscellaneous/switch-commitments/#properties-of-commitment-schemes

Reply to this note

Please Login to reply.

Discussion

No replies yet.