Monero Becomes Bulletproof を読んだメモ

the use of zk-SNARKs is the only practical way to completely unlink the identities engaged in a digital currency transaction

trusted parameter generation ceremony.

パラメータ生成にtrustedなsetupが必要

Traceable Ring Signatures

CryptoNodeに提案されたRing Signaturesより柔軟かつ秘匿性がある

Traceable Ring Signaturesの実装を使う（Suzuki 2006）

Monero’s terminology, a decoy signer pulled from historical transactions is called a mixin.

Mining pools used 0 mixins when disbursing funds to constituents

Confidential Transactions (CT) that hides transaction amounts.

CTはliquidでも述べれているのでRing Sigとか特有ではなくて、もう少し一般的な言葉として捉えたほうがよさそう。

The Pedersen commitment scheme used in RingCT

⇛range proof

is not a negative number.

The Confidential Transactions scheme also requires a special signature across all encoded commits within a transaction; a type of signature called a Borromean Ring Signature

tx中に含まれるすべてのエンコードされたcommitsに対して署名が必要⇛Borromean Ring Signature

このpaperっぽい。これもSuzukiさん？

Borromean ringsとかいうものがあるらしい。トポロジー的な円（たぶんトーラス）が3つ組み合わさった感じ。

CryptoNote white paper was the idea of a “wrapped” address to protect receivers, which Monero still uses

Moneroではaddressをwrapしてあげて秘匿している

The term Stealth Address has been used to describe this mechanism and it provides a cleverly designed way to hide a transaction’s destination.

Stealth Address

the use of NIZKP Bulletproofs does not require a trusted setup for parameter generation,