That is my question exactly. I want to know the relationship, and how Chandran signatures come into play if stealthSend is separate. I hear comparison between StealthCoin and CryptoNote coins, but I believe they use ring signatures on the blockchain. So I confused to how Chandran signatures are used, with stealthsend.
Chandran signatures are a sub-linear ring signature system. The memory requirements scale with the square root of the number of keys in the ring. They significantly reduce the size of the block chain for medium and large-sized rings, of about 25 or more keys.
In crypto-currencies the sender must sign away funds, which accomplishes two tasks. The first is to prove ownership of the funds. The second is to authorize the transaction. The very act of signing a transaction conflicts with anonymity because the signature must be validated with a public key that is included in the transaction, and was the destination address for a previous transaction.
For anonymity, a problem arises: how can the signature be verified without revealing the source of the funds? One way is to create some ambiguity in the transaction and make a signature that authorizes the transaction without revealing exactly which key was used to authorize it. Because the transaction network is a closed system, ambiguity must be created using elements of that system. These elements amount to the public keys found in the block chain.
A ring signature is one in which a set of these keys is used to sign a transaction in such a way that it is possible to verify that the transaction is authorized but impossible to ascertain exactly which of the keys in the ring had the signing authority.
CryptoNote ring signatures achieve anonymity by making a signature with each key in the ring. But there are two types of signatures in a ring signature. One type is for public keys not authorized to sign the transaction and the other type is for the public key that is authorized to sign the transaction. Outside of the individual who created the signatures, no one knows which signature type was used with which key. It's obvious, then, from where the bloat arises with CryptoNote transactions. A transaction using 100 keys must store those 100 keys and their 100 signatures.
Chandran signatures use the same principle except that Chandran signatures employ signatures of an unknown subset of the ring. Using a subset reduces the amount of storage for the signatures, but creates a new problem in that the identities of the keys sub-ring must be obfuscated. This is achieved by using mathematical proofs to assemble the unknown subset from the full ring. These proofs are called "non-interactive witness-indistinguishable" (NIWI) proofs. Even though the person validating the transaction can use the proofs to derive a subset of the key ring, this person has no idea what the subset is because the subset has been mathematically scrambled during assembly. However, even though the subset is scrambled, it can still be used to verify the transaction signature and validate the transaction.
Thanks for the explanation, that is really impressive.
