You're looking at Less Wrong's discussion board. This includes all posts, including those that haven't been promoted to the front page yet. For more information, see About Less Wrong.

jimrandomh comments on Homomorphic encryption and Bitcoin - Less Wrong Discussion

5 Post author: jimrandomh 19 May 2011 01:07AM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (9)
Tags: bitcoin cryptography

Comments (9)

You are viewing a single comment's thread. Show more comments above.

Comment author: jimrandomh 19 May 2011 01:52:36AM 1 point [-]

This doesn't require any difficult encryption: just split your private key into two uniformly random strings which XOR to the correct value (ie, generate one half randomly, and XOR it with the private key to get the other).This doesn't require any difficult encryption: just split your private key into two uniformly random strings which XOR to the correct value (ie, generate one half randomly, and XOR it with the private key to get the other).

That doesn't work. If you do that, then every time you send money, then to sign an outgoing transaction, you have to put the two keys back together on one or the other of the two computers. The point of using homomorphic encryption is to avoid doing that, since it creates an opportunity to steal the combined key.

Comment author: paulfchristiano 19 May 2011 02:52:53AM 5 points [-]

I see. My earlier proposal defends you against an adversary who steals your computer, but not against one who has root access without your knowledge.

In that case it is sufficient to have secure function evaluation. This is conceptually much easier than homomorphic encryption (having been discovered some 25 years earlier) and is currently much more practical (ie, practical at all). I don't know much about existing implementations.

Powered by Reddit Powered by Reddit