-
sarangHello all
-
sarangSorry for the radio silence today... have been updating the Arcturus security model
-
sarangI've decided to use a similar balance definition to that of Omniring, which is a clever construction that I really like
-
sarangThe idea is that you build an extractor to pull the signing data, and show that the tag was constructed properly and the amounts make sense
-
sarangand then argue that if an adversary could break the balance property or spend improperly, this would correspond to either a soundness break, a break in the binding property of the tag constructor, or a break in the commitment scheme
-
sarangAt first it seemed tricky, since Arcturus only lets you extract information about the sum/difference of commitments... but then I remembered that the range proof already lets you extract commitment data!
-
sarangSo you can build a composite extractor with Arcturus and Bulletproofs
-
sarangand that should give all the witness data you need to show balance