Time: 4pm CEST
- Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing (sections 2, 3)
- Informal introduction to the Pedersen Commitment scheme on stackexchange
Time: 4pm CEST
Great initiative would love to join the meeting where i can get the invite.
Hey! You can read more about how the kindergarten works and find the instructions here
For ZEXE paper, do we need to read through a specific section?
Can’t give you the exact section numbers, that is why I put it in the optional reading materials.
Take a look at the abstract, introduction, and conclusion to get the idea of the paper and then just skim through the rest of the paper, paying extra attention to the parts that mention what the commitment scheme is used for and how the homomorphic properties are helpful there
UPD: the homomorphic properties are not used anywhere explicitly actually, the example in section 6.1 could use it for value checks. It is pretty similar to zcash so you can just skip it
A short overview
We talked about commitment schemes in general, Pedersen commitment and how it is used in Zcash, the MASP, and Taiga. In all three examples it is used to check the transaction balance of created and consumed notes; Zcash — single asset case, Taiga and the MASP — multiple assets. Pedersen commitment is used to commit to the note values and sum them together in a privacy-preserving way, and the actual balance check is performed with the help of the binding signature
Another example of a homomorphic commitment scheme is KZG, which is also additively homomorphic
Unrelated but cool:
Terence shared with us some cool cartoons about WebAssembly (and probably more):