You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Let $g$ be the generator of some group $\mathbb{G}$ for which the discrete logarithm problem is hard.
The note formed from deposit $i$ will store the polynomial $r_i (x - D_i)$, where $r_i$ is some randomly sampled field element. Actually, we represent the polynomial by storing the powers of $g$ of the coefficients of the polynomial: $(g^{r_i}, g^{-r_iD_i})$. The reason for this is to hide $D_i$.
When joining input notes, we multiply the corresponding polynomials in the input notes and store them in the new output note.
To be more precise, when joining deposit 1 and deposit 2, we store the powers of $g$ of the coefficients of the polynomial $r_1 r_2 (x - D_1)(x - D_2)$ in the output note.
Note that the polynomial stored in a note vanishes exactly on the deposit addresses from which its funds originated.
So to transact, we just have to prove that the polynomial in the output note does not vanish on the sanctioned deposit addresses.
The text was updated successfully, but these errors were encountered:
Let$g$ be the generator of some group $\mathbb{G}$ for which the discrete logarithm problem is hard.
The note formed from deposit$i$ will store the polynomial $r_i (x - D_i)$ , where $r_i$ is some randomly sampled field element. Actually, we represent the polynomial by storing the powers of $g$ of the coefficients of the polynomial: $(g^{r_i}, g^{-r_iD_i})$ . The reason for this is to hide $D_i$ .
When joining input notes, we multiply the corresponding polynomials in the input notes and store them in the new output note.
To be more precise, when joining deposit 1 and deposit 2, we store the powers of$g$ of the coefficients of the polynomial $r_1 r_2 (x - D_1)(x - D_2)$ in the output note.
Note that the polynomial stored in a note vanishes exactly on the deposit addresses from which its funds originated.
So to transact, we just have to prove that the polynomial in the output note does not vanish on the sanctioned deposit addresses.
The text was updated successfully, but these errors were encountered: