boogerlad
commented
3 years ago Is storing 64 bytes of arbitrary data still possible with Triptych? If so, couldn't this be used to replace tx_extra?
Open SarangNoether opened 4 years ago
boogerlad
commented
3 years ago Is storing 64 bytes of arbitrary data still possible with Triptych? If so, couldn't this be used to replace tx_extra?
SarangNoether
commented
3 years ago Yes, a Triptych proof can store 64 bytes of arbitrary data using a seeded PRNG.
boogerlad
commented
3 years ago Is this a "bug" or a "feature"? That is, will the ability to store arbitrary data eventually be removed? I can think of some pretty nifty use cases.
SarangNoether
commented
3 years ago The network can't detect it, so it's not possible to "remove" this feature. It's entirely up to client software to embed and/or recover this data.
UkoeHB
commented
1 year ago Here is a paper about inserting a communication channel via steganography: https://ieeexplore.ieee.org/abstract/document/9356584
It's possible to storage data in a Bulletproof range proof, under particular trust assumptions. In particular, knowledge of a PRNG seed used for random element generation can be used to store 32 bytes of arbitrary data; however, this allows for the brute-force recovery of all Pedersen values used in the proof by any entity that knows the seed. For a proof consisting of exactly one Pedersen commitment, the inclusion of another 32 bytes of data is possible, but this leaks the Pedersen mask. Storage of data should therefore be intended only for use by the prover.
Similarly, it's possible in Triptych to store 64 bytes of arbitrary data per proof in a way that leaks the signing index to a PRNG seed holder.