Re: Bitcoin Privacy Protocols

Quote from: BlackHatCoiner on Today at 10:54:10 AM

He even talked about key blinding and group signatures long before Monero and other privacy protocols were introduced in concept:

Quote from: satoshi on August 13, 2010, 07:28:47 PM

Crypto may offer a way to do "key blinding". I did some research and it was obscure, but there may be something there. "group signatures" may be related.

There's something here in the general area:
http://www.users.zetnet.co.uk/hopwood/crypto/rh/

What we need is a way to generate additional blinded variations of a public key. The blinded variations would have the same properties as the root public key, such that the private key could generate a signature for any one of them. Others could not tell if a blinded key is related to the root key, or other blinded keys from the same root key. These are the properties of blinding. Blinding, in a nutshell, is x = (x * large_random_int) mod m.

When paying to a bitcoin address, you would generate a new blinded key for each use.

Actually, now that you mentioned it, I don't think key blinding can be done on secp256k1 unless someone finds a deterministic pattern whereby the user can generate multiple public keys that hash into the same address/

But in the process of doing so, SHA256 will probably be broken in the process since patterns would have to be found in a hash function. But it would make the DER signatures virtually indistinguishable from normal signatures as the lowest such public key can be used for them as a sort of standardness rule.