From b09c06670154a9a2ff5fe5a2fd6371bd32a79f5d Mon Sep 17 00:00:00 2001 From: Boris Nagaev Date: Sun, 10 Mar 2024 10:41:06 -0300 Subject: [PATCH] clarify why blinding factor range proof is needed --- doc/intro.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/intro.md b/doc/intro.md index 9a05f9cbe..7785d0e8d 100644 --- a/doc/intro.md +++ b/doc/intro.md @@ -252,7 +252,9 @@ which can be signed by the attacker because Carol's blinding factor cancels out This output (`(113 + 99)*G + 2*H`) requires that both the numbers 113 and 99 are known in order to be spent; the attacker would thus have successfully locked Carol's UTXO. The requirement for a range proof for the blinding factor prevents this -because the attacker doesn't know the number 113 and thus neither (113 + 99). A more detailed description of range proofs is further detailed in the [range proof paper](https://eprint.iacr.org/2017/1066.pdf). +because the attacker doesn't know the number 113 and thus neither (113 + 99); without knowing the private key (113 + 99) +the attacker can not produce a valid range proof for the public key `(113 + 99)*G`. +A more detailed description of range proofs is further detailed in the [range proof paper](https://eprint.iacr.org/2017/1066.pdf). #### Putting It All Together