Range proof's Confidential Transaction understanding

Question

I've some doubt about Greg Maxwell Confidential transaction and hope someone can help to make it clear. A commitment using Elliptic Curve math is:

                                  P=xG + aH

where G,H are public value and x,a are private.

My questions are:

1. xG is public or private value?
2. if xG is a public value why an attacker cannot simply make a brute force attack trying all possible value of a checking for the equality with the P value?
3. if xG is a private value the CT paper tell: can be proven to be a commitment to a zero by just signing a hash of the commitment with the commitment as the public or if if you want to prove a=1 make C' = C - 1H and then sign the hash of C'. How signing C or C' can I prove the value and also how can I verify a sign if I dont know xG?

Answer 1

Only the overall commitment (P) is revealed. G and H are constants known to everyone. x (the blinding factor) and a (the value) are secret.

if xG is a private value the CT paper tell: can be proven to be a commitment to a zero by just signing a hash of the commitment with the commitment as the public or if if you want to prove a=1 make C' = C - 1H and then sign the hash of C'. How signing C or C' can I prove the value and also how can I verify a sign if I dont know xG?

You can only sign with a point if it's a known multiple of G. By definition, a signature with private key k can be verified with public key kG. If P = xG + aH with a nonzero, it is impossible to find a k such that kG = xG + aH - that would require knowing the ratio between G and H (and H is constructed in such a way that this ratio is unknown to everyone).