After the receiver scan the blockchain and identifies his own transaction, how does he know the amount that he received in that Tx? (Without off-chain communication)
I appreciate a Technical explanation according to the Monero terminology (RingCT etc..).
Thanks.
The amount is encrypted by the sender and then communicated as part of the transaction (it's a field called amount in the ecdhInfos part of the transaction).
To decrypt the encrypted amount, you need to know your private view key a. The transaction already includes the transaction public key R.
Decrypted amount = encrypted amount - Hs(Hs(8aR || i)) where i is the index of the output whose amount you want to decrypt, || means byte concatenation, and Hs() is a hashing function that returns a kind of number called a scalar.
Update:
In order to reduce the storage required for the encrypted amount from 32 bytes to 8 bytes, the scheme is now:
decrypted_amount = 64-bit encrypted amount XOR first 8 bytes of keccak("amount" || Hs(8aR || i))
