This requires the reader to be familiar with ErgoMix, which is defined in the whitepaper and one variant is given here.
The idea is as follows:
Using her secret x, Alice creates a box containing (g, g^x)
Bob spends this box with one or more of his own boxes and his secret y to create two boxes, one with (g, g^x, g^y, g^xy) and the other with (g, g^x, g^xy, g^y) without revealing which is which.
One of them is spendable by Alice and the other by Bob. Only Alice and Bob know which, and no outsider can guess this with better than 50% (i.e., random guessing).
The scripts are given at the above link. I have created the half-mix box on behalf of Alice. We need someone to take on Bob’s role and create the output boxes.
Here are the steps I used to create the transaction via Kiosk:
(Alice)
I believe the current API is insufficient to create Bob’s transaction in a simple way, but Ergo itself definitely supports it.
So until the API is further enhanced, I probably cannot spend it myself.
I’ll update this post if I manage to spend this. Others are also invited to try.
I need a bit of help to get this transaction mined, as it has no fee! If you have a mining node, you should be able to set:
ergo {
node {
minimalFeeAmount = 0
}
}
This should allow your mempool to accept zero-fee transactions. Furthermore, you will then need to POST this JSON to /transactions in order to get it into your mempool:
Great work!! Indeed, they look indistinguisbable
For real world use, it will be good if we automate this allowing several rounds. Somewhat like a blackbox where we put in 10 ergs and take them out after a few rounds without any human involvement.
One immediate thing to notice is that because we have the line OUTPUTS.size == 2, there cannot be a fee or change output.
Since Ergs cannot be destroyed, this additionally requires that the half mix box has to be spent with one or more boxes whose total value is exactly the same as the half mix box.
It is difficult to get a transaction mined without fee. Hence a practical implementation of ErgoMix must handle fee.
The above code allows two half mix boxes with the same gX and value to be spent together, as was done in the mix transaction. It is possible that Alice generates two such boxes and Bob spends both to claim one output. This flaw must be addressed.