Output

实际是个普邓森见证 & 范围证明。

  • OutputFeatures # 来源标记
  • Commitment # 见证(输出金额)
  • RangeProof # 见证所涉及的金额没有负数

和输入的关系:当前输出,就是下一区块的输入。

/// Output for a transaction, defining the new ownership of coins that are being
/// transferred. The commitment is a blinded value for the output while the
/// range proof guarantees the commitment includes a positive value without
/// overflow and the ownership of the private key. The switch commitment hash
/// provides future-proofing against quantum-based attacks, as well as providing
/// wallet implementations with a way to identify their outputs for wallet
/// reconstruction.
#[derive(Debug, Copy, Clone, Serialize, Deserialize)]
pub struct Output {
    /// Options for an output's structure or use
    pub features: OutputFeatures,
    /// The homomorphic commitment representing the output amount
    pub commit: Commitment,
    /// A proof that the commitment is in the right range
    pub proof: RangeProof,
}

An output consists of

  • features (currently coinbase vs. non-coinbase)
  • commitmentrG+vH
  • rangeproof

To spend an output we continue to need

  • show the output has not been previously spent
  • prove ownership of the output

ProofMessageElements

/// A structure which contains fields that are to be committed to within
/// an Output's range (bullet) proof.
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
pub struct ProofMessageElements {
    /// The amount, stored to allow for wallet reconstruction as
    /// rewinding isn't supported in bulletproofs just yet
    /// This is going to be written 3 times, to facilitate checking
    /// values on rewind
    /// Note that rewinding with only the nonce will give you back
    /// the first 32 bytes of the message. To get the second
    /// 32 bytes, you need to provide the correct blinding factor as well
    value: u64,
    /// another copy of the value, to check on rewind
    value_copy_1: u64,
    /// another copy of the value
    value_copy_2: u64,
    /// the first 8 bytes of the blinding factor, used to avoid having to grind
    /// through a proof each time you want to check against key possibilities
    bf_first_8: Vec<u8>,
    /// unused portion of message, used to test whether we have both nonce
    /// and blinding correct
    zeroes: Vec<u8>,
}

results matching ""

    No results matching ""