<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">I understand, thank you! :)</span><br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> SomberNight <somber.night@protonmail.com><br>
<b>Sent:</b> Friday, December 28, 2018 22:41<br>
<b>To:</b> bitcoin-dev@lists.linuxfoundation.org; tensiam@hotmail.com<br>
<b>Subject:</b> [bitcoin-dev] Create a BIP to implement Confidential Transactions in Bitcoin Core</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="PlainText">Hi Kenshiro,<br>
<br>
That is not how the BIP process works. Instead of requesting the creation<br>
of a BIP, you just create one. :)<br>
<br>
Re CT in Bitcoin, I have my doubts whether you can get consensus for that.<br>
>From section 4.6 of the Bulletproofs paper [0]:<br>
<br>
"Bulletproofs ... are computationally binding. An adversary that could<br>
break the discrete logarithm assumption could generate acceptable range<br>
proofs for a value outside the correct range. ... An adversary that can<br>
break the binding property of the commitment scheme or the soundness of<br>
the proof system can generate coins out of thin air and thus create<br>
uncontrolled but undetectable inflation rendering the currency useless"<br>
<br>
I don't have the domain knowledge to debate whether quantum computers will<br>
ever exist but AFAICT their emergence would easily kill a currency that<br>
uses these kind of range proofs for confidential transactions.<br>
<br>
<br>
[0]: <a href="https://eprint.iacr.org/2017/1066.pdf">https://eprint.iacr.org/2017/1066.pdf</a><br>
<br>
<br>
> From: "Kenshiro []" tensiam@hotmail.com<br>
><br>
> Hi,<br>
><br>
> I think Confidential Transactions (CT) are a great idea to provide enough privacy for normal users (hidden amounts) and fungibility.<br>
><br>
> I would like to request the creation of a BIP to implement CT in Bitcoin Core. I read that CT are already implemented in Grin and Monero so it looks that CT are enough mature to be implemented in Bitcoin.<br>
><br>
> If the CT transaction size is 3x the size of a normal transaction the block size could be increased by 3x too, or just keep the current block size and make CT transactions optional.<br>
><br>
> Thank you!<br>
</div>
</span></font></div>
</body>
</html>