Boffee
Boffee
Why isn't it sufficient to just use 2 layers of commit-reveal?
Say we want to shuffle Player A's deck of 40 cards. 1. Player A randomly shuffles 1 - 40 2. Player A creates commitment for each of the 40 indices...
> Note that if you want to replace ElGamal by a naive hash commitment, you'd need to also add a private salt, so you'd still need the zero-knowledge proof. 2...
> Yes, there is also a contract component for the unhappy case that works as you suggested. It's just that since that is there, and arguably there should be a...
The optimistic approach I see lol. > an off-chain component to aggregate the signatures, because we don't want the latency of doing all this commit-reveal stuff on-chain Hmm, can the...