Practical considerations:
1/ only taproot utxos
2/ address reuse is not supported (though it could be with a trivial algo change
3/ notice the anon set is not "all utxos in the keyset provided" (say it was "all taproot utxos above 0.1 btc" for example). if you specify 5 utxos and you prove "total is between 10 and 12 btc", then obviously not all combinations of 4 utxos add up to something in that range. So if you started with e.g. 300k, your actual anon set might be more like 5000 (guess!). (but even more confusing - 5k utxos might be *part* of a set of 4 that adds up to that range, but the number of actual combinations of 4 could be astronomically larger). Due to nonlinear distribution of utxos, it will therefore be better, if you have a large treasury, to split your coins into a lot more small values, and then build proofs of sums with larger utxo numbers.
4/ proofs in the current code are not aggregated, which makes proving for say 50 utxos, not 4, impractically slow. But this is an implementation detail: aggregation of these bulletproofs is a well established algorithm, and removes this problem. The verification here is very fast, as with aut-ct.
By the way if you're wondering where any documentation of this algorithm is, yet, don't, I haven't written it yet, it's on the way.
waxwing /
npub1va…knuu7
2024-08-26 18:55:04
in reply to nevent1q…wcr9
Author Public Key
npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7Published at
2024-08-26 18:55:04Event JSON
{
"id": "3146f8d3538ba635904f2f3241ee114e8bda5afc1baf1e183570db4d053e1eeb",
"pubkey": "675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728",
"created_at": 1724698504,
"kind": 1,
"tags": [
[
"e",
"650c5eaff0355edfe48c7a4d7c7f5e8df046a0fd376987ac2872a876b2ff3f3b",
"",
"reply"
],
[
"p",
"675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728"
]
],
"content": "Practical considerations:\n\n1/ only taproot utxos\n\n2/ address reuse is not supported (though it could be with a trivial algo change\n\n3/ notice the anon set is not \"all utxos in the keyset provided\" (say it was \"all taproot utxos above 0.1 btc\" for example). if you specify 5 utxos and you prove \"total is between 10 and 12 btc\", then obviously not all combinations of 4 utxos add up to something in that range. So if you started with e.g. 300k, your actual anon set might be more like 5000 (guess!). (but even more confusing - 5k utxos might be *part* of a set of 4 that adds up to that range, but the number of actual combinations of 4 could be astronomically larger). Due to nonlinear distribution of utxos, it will therefore be better, if you have a large treasury, to split your coins into a lot more small values, and then build proofs of sums with larger utxo numbers.\n\n4/ proofs in the current code are not aggregated, which makes proving for say 50 utxos, not 4, impractically slow. But this is an implementation detail: aggregation of these bulletproofs is a well established algorithm, and removes this problem. The verification here is very fast, as with aut-ct.\n\nBy the way if you're wondering where any documentation of this algorithm is, yet, don't, I haven't written it yet, it's on the way.",
"sig": "4f757dbc9784a85cc735e1b7faa2faa34ff5bafc20eee4e28c48133ff7268b6ea892ec9579f3e4da39b7fa8a73f7adad2237d65d055c4911c681e5ddc0d44d64"
}