ComSig Signature for Mimblewimble Non-Interactive Transaction

Notes:

  1. This was known as part of Proof-Of-Knowledge, as showed in the document in related works part and in the references.
  2. This signature is bigger than standard Schnorr signature, 96 bytes instead of 64 bytes.
  3. Because there’s no way for the sender to create the range proof for the receiver’s output, without the knowledge of the receiver’s private key, I still don’t see the possibility to use it for Grin.
  4. It will be used in Gotts, since there’s no requirement to have the range proof because Gotts supports the public value instead of the hidden value, the new transaction scheme of Gotts will be much more compact and simple.

Related Links:

Algorithm Brief by One Figure: