search

tari-project / tari-dan

BSD 3-Clause "New" or "Revised" License
5 stars 14 forks source link

Fee: Add commitment/confidential split #383

Closed sdbondi closed 1 year ago

sdbondi commented 1 year ago 
// Creates n buckets from any resource. 
// For confidential this creates 3 new commitments with 10 each (key by vault owner),
// 1 change commitment (internally tracked in vault DOWN->UP) and downs the input commitment(s)
let new_buckets = self.vault.split_by_amount(TARI_RESX, 3, Amount(10));

// Bucket split 
// Takes 3x2 from bucket and creates 2 buckets with 3 each.
// equivalent to take(Amount(3)) twice 
let buckets = bucket.split(2, Amount(3)); 

// For confidential, this creates 2 commitments of value 3 with key generated by owner
// and change commitment which is in the original bucket

We need to add an interface for commitment generation that the engine can use, implemented by the key manager

Open questions:

e.g $C_I$ is $k_i.G + 100.H$

split(2, Amount(3)) generates $C_1 = k_1.G + 3.H$, $C_2 = k_2.G + 3.H$ and change $C_c = kc.G + 94.H$ with sig $s = r{agg} + e.(k_1 + k_2 + k_c - k_i)$

Each of these substates should prove balance is maintained with a range proof and signature, however they are treated as separate substates, so a verifier would need to know about $C_I$, $C_1$, $C_2$ and $C_c$. However $C_1$ could be deposited in vault $V_1$, $C_2$ in vault $V_2$ etc.

For non-confidential, VNs could just agree to inflate. With this in mind, we can draw some parallels to the base layer.

sdbondi commented 1 year ago

Ref #391

stringhandler commented 1 year ago

Can close now?

sdbondi commented 1 year ago

Yup closed in #391, #397, #400