Suppose I make a transaction from User1 to User2 with TX amount 2.5 XMR using RingCT. The transaction amount is encrypted using Pedersen commitment with a random value r.
I have a public view key of PubView1 for the transaction. Can I see the transaction amount if I only have the public view key? I don't have the "r" value. What is the relationship between view key and the random r value in Pedersen commitment?
The transaction amount is encrypted using Pedersen commitment with a random value r.
The amount is encrypted using the shared secret rA and committed to in a Pederson commitment.
Amount encryption:
b = n xor8 Hs(“amount”|Hs(rA|i))
Where n here denotes the unencrypted amount, rA is the shared secret, i is the output index, | is concatenation, Hs is hash to scalar and b is the final encrypted amount.
Then the Pedersen commitment C:
y = Hs(“commitment mask”|Hs(rA|i))
C = yG + bH
So one either needs r or a (private terms of the shared secret) and either R or A respectively, the public terms. R is rG, the tx public key and A is the receivers public view key. Thus with a (the receivers private key) and the tx public key R, one can decode the amount. As can the sender as they have r and A. This is because rA == aR.
Can I see the transaction amount if I only have the public view key?
No. You need some secret information, either r or a.
What is the relationship between view key and the random r value in Pedersen commitment?
See above.
