[Question] Is public data in the rangeproof secure.

[SWvheerden]

Hi, I was wondering about this. Can you have public data inside of the range-proof and still have it secure. I am also hoping this is correct place to ask this. If it is not, please correct me and advise me where I am better of asking this.

Normally you have a pedersen commitment (v.H + k.G) . You would then use v and k to construct a bulletproof for the commitment. And this should all be fine and well.

But if you where to add in some variable j, which is public and not private. And you then use the following commitment (v.H + (k+j).G) and respectively use v and k+j for the bulletproof. Is this all secure with just k being private?

[cathieyun]

Can you clarify what you mean by "secure"? Do you mean to ask if k would remain secret with this new construction?

In a very handwavey way, if k = k' + j, k and k' are secret and j is public, then you still shouldn't have any information given j to deduce what k is (as long as k' is chosen "well"). But what are you trying to achieve with adding j? How are j and k' chosen?

[SWvheerden]

Hi, thanks for the replay. Yes I was asking about if k' would still be secure.

j is chosen from public variables. While k' is chosen randomly. The end goal for this is using the bulletproof to "lock" certain values if I can call it that.

This was the end goal we wanted to achieve: https://rfc.tari.com/RFC-0201_TariScript.html