Storing and transferring hidden amounts on the blockchain using ECDH.
This gist will describe how to use ECDH to transfer hidden amounts in a blockchain.
first start out with two private keys:
"privateKey0": "0000000000000000000000000000000000000000000000000000000000000000"
,
"privateKeyF": "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
next compute three shared secrets:
// shared secret between privateKey0 and itself.
"sharedSecret00":"12237211748635139837530061043450201432206441889892237319568051592877041511923"
,
// shared secret between privateKeyF and itself.
"sharedSecretFF":"82875262223760956416988601125860915766933841244206307108290578087849094219521"
,
// shared secret between privateKey0 and privateKeyF.
"sharedSecret0F":"57739338942242553750896228776014673335567092091103501790731983178173264663502"
The account with privateKey0 knows sharedSecret00 and sharedSecret0F.
The account with privateKeyF knows sharedSecretFF and sharedSecret0F.
privateKey0's current balance in the blockchain is oldBalance0 = (oldAmount0)x(sharedSecret00).
privateKeyF's current balance in the blockchain is oldBalanceF = (oldAmountF)x(sharedSecretFF).
To transfer an amount0F from 0 to F, you must compute three things:
amount0F = (amount)x(sharedSecret0F).
newBalance0 = (oldBalance0) - (amount0F).
newBalanceF = (oldeBalanceF) + (amount0F).
privateKey0's new balance in the blockchain is (newBalance0).
privateKeyF's new balance in the blockchain is (newBalanceF).
You must then prove two things:
-
to create the send block, the chain needs to confirm:
newBalance0 = oldBalance0 - amount0F;
I.E. (newBalance0) + (amount0F) = (oldBalance0)
I.E. ((newAmount0)x(sharedSecret00)) + ((amount)x(sharedSecret0F)) = ((oldAmount0)x(sharedSecret00)) -
to create the receive block it needs to confirm:
newBalanceF = oldBalanceF + amount0F;
I.E. ((newAmountF)x(sharedSecretFF)) + ((amount)x(sharedSecret0F)) = ((oldAmountF)x(sharedSecretFF))