I tried my best to create an easy-to-understand explanation graphic.
Can you (significantly) increase the resolution? The small font doesn't do it justice.
While discussing Bitcoin privacy and blind certificates, I think this post (from 2016) never received the attention it deserves:
Hiding entire content of on-chain transactions. The same author later implemented it as
blackbytes, but it never took off. I'm not quoting the entire post, please just
read the topic. I'll only post this summary:
So if I understand correctly, the public block chain is just a "bag of hashes" which cannot be verified or anything by any node or miner. It is just a block chain of "data". These data only have meaning for the people receiving "banknote files", which allows them to check the validity of the whole "banknote". The hashes are in fact nothing else but hashes of "signed transactions", like with bitcoin, except that only the *signature hash* goes on the public block chain, and the actual transaction data remain on the individual banknote file. Is that the gist ? In fact, you need, as you say, TWO signatures (or hashes of signatures): one is the transaction signature (including the new beneficiary) and the other is the "spend" signature of simply the previous output. The first signature (spending signature) makes that you cannot do double spending any more (you have invalidated the file up to the point where you transmit it), and the second signature allows the receiver to have a valid "new address" that he can spend (and only he, because only he has the secret key that goes with it like on bitcoin).
This is indeed a very, very good idea ! Money becomes more "physical" again: it are files !