The idea is as follows:
Using her secret x, Alice creates a box containing (g, g^x)
Bob spends this box with one or more of his own boxes and his secret y to create two boxes, one with (g, g^x, g^y, g^xy) and the other with (g, g^x, g^xy, g^y) without revealing which is which.
One of them is spendable by Alice and the other by Bob. Only Alice and Bob know which, and no outsider can guess this with better than 50% (i.e., random guessing).
The scripts are given at the above link. I have created the half-mix box on behalf of Alice. We need someone to take on Bob’s role and create the output boxes.
Here are the steps I used to create the transaction via Kiosk:
- Get (P2PK) address
- Get public key from P2PK address
- Set group element gX as with above public key in environment
- get default generator (g) by setting the exponent as 1
- Set default generator (g) in environment
- get full mix script hash using above environment variables
- update the environment with the above script hash
- Get the P2S address of Alice’s half-mix box
- Send transaction using the swagger API (can also be done via Kiosk)
Here is the transaction on the blockchain
I believe the current API is insufficient to create Bob’s transaction in a simple way, but Ergo itself definitely supports it.
So until the API is further enhanced, I probably cannot spend it myself.
I’ll update this post if I manage to spend this. Others are also invited to try.