Transaction Obfuscator

I’ve tried to describe what I refer to as a transaction obfuscator which I tried to describe a few times on the keybase chat. I believe this path is worth debating and researching further.
Aggregator+Obfuscator could be a good privacy combination. The reason I’m bringing it up now is because the early payment proofs might make the idea of output swapping unfeasible, so we should perhaps take some time to explore this path before we discard it.

1 Like

I fail to see how early payment proofs conflict with output swapping, as the latter doesn’t need to change the public excess.

aren’t payment proofs proved by providing the signature of the receiver? so they commit to the excess of the receiver, which doesn’t contain the offset. So the receiver needs to keep the same private excess for the payment proof to remain valid or not?

Yes, the receiver cannot change their excess, which equals
their outputs minus their inputs minus their offset times G.
So they can make any changes that keeps this equation balanced.

1 Like

i see, i forgot how offset is applied. If it’s embedded in the Xr then output swapping still works :slight_smile:

1 Like

It seems to have been a false alarm regarding the breaking of output swapping idea, my bad.