Eliminating finalize step

Kurt · August 25, 2020, 2:35pm

I don’t see what you mean? The sender, in this order:

Calculates his partial nonce R_a.
Calculates x = Hash(c||B||R_a||tx_amount||timestamp) . (c is the Diffie-Hellman secret, useful to make x not recoverable by others, plus to be sure the recipient is the intended recipient, and the sender the expected sender).
Calculates the receiver’s nonce R_b = x.G + B, where B is the receiver’s permanent address.
Calculates the message of the signature m = Hash(R_a + R_b||fees).
Calculates s_a = r_a + Hash(m).x_a, his partial signature.
Sends R_a, s_a, X_a = x_a.G, and m to the receiver.

Then, the receiver, in this order:

Computes x.
Computes m and verifies that it matches with the m sent by the sender.
Generates randomly his private excess x_b.
Calculates s_b = x + b + Hash(m).x_b (where b is the secret key to B)
Broadcasts the kernel, kernel = (R = R_a + R_b, X = X_a + X_b, s = s_a + s_b).

So, first the sender needs to compute R, and then he needs to compute the message m in order to compute his s_a. Only then, can he send the data to the receiver.

I don’t see why “Sharing the public nonce prior to committing to the message” is true at all.

Topic		Replies	Views
Eliminating finalize step ReLoAdEd Research	13	1594	July 8, 2023
Eliminating finalize step revisited Research	47	766	July 25, 2023
Simple idea for 2-step grin transfer Research	10	435	February 15, 2023
Eliminating transaction kernels Development and Technical Discussion	5	855	January 30, 2019
Should Grin implement 2-step TXs Development and Technical Discussion	18	507	July 14, 2023

Eliminating finalize step

Related topics