If you want to read about the coolest signature scheme and its application, this blog post is for you!
Pointcheval & Sanders (PS) signatures can be computed directly over Pedersen commitments, are re-randomizable (together with the commitment) and are easily thresholdizable. twitter.com/ittaia/status/1613261432329478156
You can use PS signatures to instantiate a more powerful variant of Chaum's seminal work on ecash: i.e., anonymous coins with arbitrary (rather than fixed) denominations. You'll only need three extra ingredients: Sigma protocols, Dodis-Yampolskiy VRFs and ZK range proofs.
In fact, that's what we do in our work on Untraceable Transactions (UTT) #shamelessplug, and this blog post serves as a more user-friendly introduction to some of the key ideas in that paper: eprint.iacr.org/2022/452
alin.apt
@alinush407
I put the "crypto" in "cryptocurrency" | Founding Team & Head of Cryptography at @AptosLabs