-
@ Saberhagen The Nameless
2025-03-04 08:28:11
PCs are perfectly hiding, but computationally binding, meaning a quantum adversay cannot break the hiding property(privacy), but can break the binding property(forge fake coins). AFAIK you can only have one or the other. El Gamal is the opposite.
Aside from a quantum adversary existing, it's still infeasible to break the binding property with PCs the same way it would be infeasible to figure out a Bitcoin private key from a public key
Here is another good write up by the grin community on PCs and commitment schemes:
https://docs.grin.mw/wiki/miscellaneous/switch-commitments/#properties-of-commitment-schemes