From 02d895915b291c6d806149b31be89fed1bafba20 Mon Sep 17 00:00:00 2001
From: GandalfThePink <46378020+GandalfThePink@users.noreply.github.com>
Date: Fri, 22 Mar 2019 10:44:00 +0100
Subject: [PATCH 1/2] Update intro.md

---
 doc/intro.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/intro.md b/doc/intro.md
index 81413032ef..067c516669 100644
--- a/doc/intro.md
+++ b/doc/intro.md
@@ -257,6 +257,13 @@ that for any `r*G + v*H` we can build a proof that will show that _v_ is greater
 zero and does not overflow.
 
 It's also important to note that in order to create a valid range proof from the example above, both of the values 113 and 28 used in creating and signing for the excess value must be known. The reason for this, as well as a more detailed description of range proofs are further detailed in the [range proof paper](https://eprint.iacr.org/2017/1066.pdf).
+The requirement to know both values to generate valid rangeproofs is an important feature since it prevents an attack where a third party could lock up UTXO's without knowing their private key by creating a transaction from
+
+    Carol's UTXO:    113*G + 2*H
+    Attakers output: (113 + 99)*G + 2*H
+    
+which can be signed by the attacker since Carols privtae key of 113 cancels due to the adverserial choice of keys. The new output could only be spent by both the attacker and Carol togeter. However, while the attacker can provide a valid siganture for the transaction, it is impossible to create a valid rangeproof for the new output invalidating this attack.  
+
 
 #### Putting It All Together
 

From b044a9b64d439ceea6f383dc28a8fa9cf386d76e Mon Sep 17 00:00:00 2001
From: GandalfThePink <46378020+GandalfThePink@users.noreply.github.com>
Date: Mon, 25 Mar 2019 14:19:12 +0100
Subject: [PATCH 2/2] Update intro.md

---
 doc/intro.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/intro.md b/doc/intro.md
index 067c516669..ccfbf4f965 100644
--- a/doc/intro.md
+++ b/doc/intro.md
@@ -257,12 +257,12 @@ that for any `r*G + v*H` we can build a proof that will show that _v_ is greater
 zero and does not overflow.
 
 It's also important to note that in order to create a valid range proof from the example above, both of the values 113 and 28 used in creating and signing for the excess value must be known. The reason for this, as well as a more detailed description of range proofs are further detailed in the [range proof paper](https://eprint.iacr.org/2017/1066.pdf).
-The requirement to know both values to generate valid rangeproofs is an important feature since it prevents an attack where a third party could lock up UTXO's without knowing their private key by creating a transaction from
+The requirement to know both values to generate valid rangeproofs is an important feature since it prevents a censoring attack where a third party could lock up UTXOs without knowing their private key by creating a transaction from
 
-    Carol's UTXO:    113*G + 2*H
-    Attakers output: (113 + 99)*G + 2*H
+    Carol's UTXO:       113*G + 2*H
+    Attacker's output:  (113 + 99)*G + 2*H
     
-which can be signed by the attacker since Carols privtae key of 113 cancels due to the adverserial choice of keys. The new output could only be spent by both the attacker and Carol togeter. However, while the attacker can provide a valid siganture for the transaction, it is impossible to create a valid rangeproof for the new output invalidating this attack.  
+which can be signed by the attacker since Carols private key of 113 cancels due to the adverserial choice of keys. The new output could only be spent by both the attacker and Carol together. However, while the attacker can provide a valid signature for the transaction, it is impossible to create a valid rangeproof for the new output invalidating this attack.  
 
 
 #### Putting It All Together