Hi everybody,
Was wondering if it could be possible in some way to verify with certainty that a particular "blinder" participated in a particular blinding process?
Some kind of partially blinded signatures I guess. Don't know if it could work with bitcoin though.
Thanx for your help.
Topic: Blind signatures using Bitcoin-compatible ECDSA (Read 4638 times)
Btw, here's a second draft, a better worded and formatted one.
http://oleganza.com/blind-ecdsa-draft-v2.pdf
Great work Oleg, superb thing, here is your 4. Core protocol in Go language, w/ playground https://gist.github.com/kac-/a25e8410beb2d1514f2c.http://oleganza.com/blind-ecdsa-draft-v2.pdf
Thanks, I will try to integrate secp256k1 into this if I get a chance.
Btw, here's a second draft, a better worded and formatted one.
http://oleganza.com/blind-ecdsa-draft-v2.pdf
Great work Oleg, superb thing, here is your 4. Core protocol in Go language, w/ playground https://gist.github.com/kac-/a25e8410beb2d1514f2c.http://oleganza.com/blind-ecdsa-draft-v2.pdf
BTW:
Perhaps is the same as http://dspace.nitrkl.ac.in/dspace/bitstream/2080/625/1/IJCSNS-V7-I6.pdf (via http://dspace.nitrkl.ac.in/dspace/handle/2080/625 )
Has anybody tried to code it? It doesn't work for me.This actually sounds remarkably similar to something I am working on:
https://bitcointalksearch.org/topic/m.9489290
Btw, here's a second draft, a better worded and formatted one.
http://oleganza.com/blind-ecdsa-draft-v2.pdf
Great work Oleg, superb thing, here is your 4. Core protocol in Go language, w/ playground https://gist.github.com/kac-/a25e8410beb2d1514f2c.http://oleganza.com/blind-ecdsa-draft-v2.pdf
BTW:
Perhaps is the same as http://dspace.nitrkl.ac.in/dspace/bitstream/2080/625/1/IJCSNS-V7-I6.pdf (via http://dspace.nitrkl.ac.in/dspace/handle/2080/625 )
Has anybody tried to code it? It doesn't work for me.
Btw, here's a second draft, a better worded and formatted one.
http://oleganza.com/blind-ecdsa-draft-v2.pdf
http://oleganza.com/blind-ecdsa-draft-v2.pdf
Perhaps is the same as http://dspace.nitrkl.ac.in/dspace/bitstream/2080/625/1/IJCSNS-V7-I6.pdf (via http://dspace.nitrkl.ac.in/dspace/handle/2080/625 )
Yes, this was it. Weird because I tested the prior link yesterday and it worked.
Perhaps is the same as http://dspace.nitrkl.ac.in/dspace/bitstream/2080/625/1/IJCSNS-V7-I6.pdf (via http://dspace.nitrkl.ac.in/dspace/handle/2080/625 )
http://paper.ijcsns.org/07_book/200706/20070637.pdf
This is the one I was thinking about. Not exactly in your scheme but related, so might be useful.
This is the one I was thinking about. Not exactly in your scheme but related, so might be useful.
Link seems to be broken.
Broken link, see below.
This is the one I was thinking about. Not exactly in your scheme but related, so might be useful.
This is the one I was thinking about. Not exactly in your scheme but related, so might be useful.
I'm finding your paper a bit difficult to understand because you use the same notation for scalar multiplication and point multiplication and likewise for addition.
Sorry, I use the same notation for brevity. By convention, all integers are lowercase symbols and points are uppercase. Also, point is always the last in the sequence of multipliers, like so: a*b*c*G which is equivalent to (a*b*c)*G. Hope this helps reading.
I'm finding your paper a bit difficult to understand because you use the same notation for scalar multiplication and point multiplication and likewise for addition.
I don't understand how you are calculating P using the inverse of p?
I don't understand how you are calculating P using the inverse of p?
Calculate p^-1 and then multiply G by it.
@oleganza, I recommend cross-posting to the bitcoin development mailing list for more commentary.
really cool, watching. 
I don't understand how you are calculating P using the inverse of p?
Ok, I should have thought about it! I think I see what you mean.
I'm finding your paper a bit difficult to understand because you use the same notation for scalar multiplication and point multiplication and likewise for addition.
I don't understand how you are calculating P using the inverse of p?
I don't understand how you are calculating P using the inverse of p?
I have read some literature on this, let me see if I can find it.
I think I got it right this time:
http://oleganza.com/blind-ecdsa-draft-v1.pdf
If this works, then we all can enjoy private multi-party locks on our bitcoin stashes.
http://oleganza.com/blind-ecdsa-draft-v1.pdf
If this works, then we all can enjoy private multi-party locks on our bitcoin stashes.
Ok, take two. What I need is some custom computation by third party that does not leak their private key, which can be transformed into a standard signature (r, s = (k^-1)*(h + f(d)*r) verifiable by a transformed public key f(d)*G. In other words, they may use non-standard signing scheme, but it should be transformable into a standard ECDSA signature used in Bitcoin.
Bingo. Thanks.
Anyway, are there working solutions somewhere?
Anyway, are there working solutions somewhere?
They'll recognize r when they see it in the network.
Jump to: