Closed zie1ony closed 4 years ago
oleganza
commented
4 years ago If you have C=Com(a+b) and want to prove that it is equal to a sum of A=Com(a) and B=Com(b), then you can simply choose the blinding factors for C as sum of blinding factors for A and B and check C == A + B.
zie1ony
commented
4 years ago In my example I work with Pedersen Commitments, so: commit = value * G + blinding * H and proof should proof that 0 =< value =< max.
I don't have blindings known. In the best case I can construct (proof_b, commit_b) knowing (proof_a, commit_a), so I would know blinding_b, but I don't know how is that helping here.
zie1ony
commented
4 years ago Looks like it's not possible.
I have two pairs:
(proof_a, commit_a)and(proof_b, commit_b). Is it possible to mergeproof_aandproof_bso it proofscommit_a + commit_b?