A Non-Interactive Transaction is easily accomplished if Alice and Bob are ok with the following state of affairs:
Both Bob and Alice can spend the resulting transaction.
No one else can spend it.
When Bob comes online, he must immediately spend the transaction to a secure blinding factor of his own choosing and only then is the transfer between the two of them considered concluded.
This is accomplished by Alice directly generating a blinding factor for Bob that both Alice and Bob can use.
x = Hash(m,aB) where B is Bob’s well known public key and m is unique to this transaction.
Note x is now a shared secret between Alice and Bob since Bob can recover it using bA which is equal to aB. This is used as Bob’s blinding factor.
Let X = xG
Now Alice can directly sign the verification sum, xG + 0H, because she knows the new blinding factor, x. She can also participate in generating the range proof required by the transaction.
The job of Bob’s wallet is a little more complicated unless we add a bit to the protocol to indicate this is a shared transaction.
If A and m are selected as in the original post, then no interaction at all is required between Alice and Bob.
Regards,
Farid
Footnote: Of course there is no way that Alice can prove to anyone else that Bob collected his grin.