- camo 1.0 implemented.
- amount field (32 bytes) restricted to 4 bytes.
- top 7 representative accounts (top 7 weight delegated to them) have camo reps (i.e. do not delegate their weight)
when sending or recieving a 4 byte amount
- divide 32 byte amount into 8 'bins', each 4 bytes long.
- set first 4 bytes to a nonce that makes the amount exceeds the max supply of the coin.
This nonce helps protect the ECDH shared secret.
Setting it to exceed max supply ensures the encrypted amount is never mistaken for an unencrypted amount.
(then, for each of the seven reps)
1. calculate the ECDH shared secret
2. blake hash (nonce + shared secret) to get a bit mask.
3. XOR actual amount with bit mask to get masked amount.
4. put masked amount in one of the seven remaining bins.
when verifying a send or receive block.
- if the amount is under max supply, do the usual calculation.
- if the amount is over max supply, use the ECDH shared secret and nonce to calculate the bitmask.
- do the usual calculation with each of the seven amounts.
If one of them calculates correctly, accept the calculation.
- a block is accepted if a 33% majority of the voting weight accepts the calculations.
- only 4 bytes of entropy.
- a collusion of all network owners (top 7 representatives) can reveal all amounts.
- if the top 7 reps change to 7 completely different reps, nobody can accept the calculations.
- if a new rep gets over 33% majority, nobody can accept the calculations.
this can be mitigated by having a 'rep bootstrap' where a new rep can request the unencrypted frontiers.
the assumption is if you are willing to spend enough to buy a 33% stake in the network, you can buy the unencrypted amounts as well.