Skip to content

Latest commit

 

History

History
23 lines (18 loc) · 1.3 KB

README.md

File metadata and controls

23 lines (18 loc) · 1.3 KB

Anonymous Credentials for Cashu

Experimental implementation of the core crypto behind an anonymous credentials enabled Mint.

KVAC Scheme:

KVAC for Cashu:

Extras

  • Deterministic Recovery: read deterministic_recovery.md
  • Server/Mint can tweak the amounts encoded in the attributes: $M_a' = M_a + \delta G_\text{amount}$
  • We are using $r$ as both the randomizing factor and the blinding factor:
    • different generators with unknown discrete log between them guarantees hiding.
    • Benefit: no $\pi_\text{serial}$ because not needed anymore.
    • $C_a$ becomes the serial

Range proofs:

Range proofs will be implemented as BULLETPROOFS. In this repo there is also the folklore/naive implementation as a Schnorr proof (here)