You still need the ZKP to prove the pre-images of some set of have some valid representation. I am referring the step where you have `n` points whose pre-images you want to sell in a single transaction. I am just saying you don't need n outputs to sell n DLOGs. You can set up an access structure ahead of time such that anyone who knows the discrete log of `X` will learn the discrete log of `X_1`, `X_2`,... , `X_n`. e.g set a polynomial such that p(1) = x_1, p(2) = x_2, ..., p(n) = x_n, then send p(n+1), p(n +2), ... p(2n -1) to the purchaser (they verify they are correct by interpolating X_1, X_2,..., X_n). Then sell them a single DLOG p(2n). From it they can interpolate the polynomial and recover x_1, ... ,x_n. You don't need to do any VSS here.
This is sort of the idea of "packed" secret sharing from the literature. If all the secrets are uniformly sampled and independently random then that *should* be secure protocol under DLOG assumption. Might need some more thought if that's not the case.
Zero-Knowledge Goof
npub1xh…9gst6
2025-03-11 01:42:26
in reply to nevent1q…0xfs
Author Public Key
npub1xh897wvhn93tda0zws94mdyc7eagc8qm0798clp7x48zh6kjwazq29gst6Published at
2025-03-11 01:42:26Event JSON
{
"id": "74378fa9ad1ef1f07dca3ad2ea76c32032b3385fa1d54f92b638cc2d8ef55d79",
"pubkey": "35ce5f39979962b6f5e2740b5db498f67a8c1c1b7f8a7c7c3e354e2bead27744",
"created_at": 1741657346,
"kind": 1,
"tags": [
[
"e",
"680d1372a5426a58dc4d7fea84449a5dfe315844f825f284e32132c64e7d6128",
"wss://nostr-pub.wellorder.net",
"root"
],
[
"e",
"c6d9b1f37a67c8e97ddc127009ab0d394c136759bbb4e32bb79b83a377a04818",
"wss://nostr-pub.wellorder.net",
"reply"
],
[
"p",
"675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728"
],
[
"p",
"35ce5f39979962b6f5e2740b5db498f67a8c1c1b7f8a7c7c3e354e2bead27744"
],
[
"r",
"wss://atlas.nostr.land/"
],
[
"r",
"wss://eden.nostr.land/"
],
[
"r",
"wss://no.str.cr/"
],
[
"r",
"wss://nos.lol/"
],
[
"r",
"wss://nostr-pub.wellorder.net/"
],
[
"r",
"wss://nostr.bitcoiner.social/"
],
[
"r",
"wss://nostr.inosta.cc/"
],
[
"r",
"wss://nostr.mom/"
],
[
"r",
"wss://nostr.oxtr.dev/"
],
[
"r",
"wss://puravida.nostr.land/"
],
[
"r",
"wss://relay.nostr.bg/"
],
[
"r",
"wss://relay.snort.social/"
],
[
"r",
"wss://nostr.wine/"
],
[
"r",
"wss://relay.damus.io/"
],
[
"r",
"wss://relay.nostr.band/"
],
[
"r",
"wss://relay.nostr.com.au/"
]
],
"content": "You still need the ZKP to prove the pre-images of some set of have some valid representation. I am referring the step where you have `n` points whose pre-images you want to sell in a single transaction. I am just saying you don't need n outputs to sell n DLOGs. You can set up an access structure ahead of time such that anyone who knows the discrete log of `X` will learn the discrete log of `X_1`, `X_2`,... , `X_n`. e.g set a polynomial such that p(1) = x_1, p(2) = x_2, ..., p(n) = x_n, then send p(n+1), p(n +2), ... p(2n -1) to the purchaser (they verify they are correct by interpolating X_1, X_2,..., X_n). Then sell them a single DLOG p(2n). From it they can interpolate the polynomial and recover x_1, ... ,x_n. You don't need to do any VSS here.\n\nThis is sort of the idea of \"packed\" secret sharing from the literature. If all the secrets are uniformly sampled and independently random then that *should* be secure protocol under DLOG assumption. Might need some more thought if that's not the case.",
"sig": "a5dfe03e228900aabcb1cf0a58543b008a17eb784b1e9fad22d1af36e1216e08337c6942e069501684dd92feac7529106e8dc97a0b57b9fcbb341e3267258831"
}