if the void talks back then you has problem

also support is going offshore to india

lets have a filler meeting this saturday before the usual timeslot on the 8th monero-project/meta #854

How do we have a meeting while the bridge is broken?

Russia Ukraine bridge?

how broken is the bridge.. are we talking normal level of broken, or broken broken

i think we are at level 1. Bridge requires a daily wake up call else 1st message is dropped

Pre-meeting bridge wake up call will make everything ok?

WAKE UP

So loud

<boog900[m]> "Here: youtube.com..." <- > <@boog900:monero.social> Here: youtube.com/live/m-qWvfhABrY?feature=share

>

> At 37 mins he say it doesn't go away

Thanks for this, had wondered. So Seraphis with full membership proofs doesn't fix the need to lock the outputs of a spend for 10 blocks.

So then, the only way to "fix" this UX issue, so that your non-technical friend or family member doesn't run into it, is to include a feature like Monerujo's Pocket Change into wallets.

Currently Pocket Change may reduce privacy slightly, due to the fingerprinting.

With full chain membership proofs, does that fingerprinting issue go away?

theoretically yes

tx size (10kb) and possibly fee increase could make churning less attractive. reducing the 10block lock is still a topic for discussion

kayabanerve confirms in number 4 (reg the 10block lock) here monero-project/research-lab #100#issuecomment-1608082485

john_r365: Not slightly.

Notably.

The main issue is any pocket change TX will then have multiple of its outputs selected at time of spend. Monero prefers 2-in to 1-in, so you fan out your outputs, yet the input selection will merge them back in.

Even Seraphis with 128-rings will get nuked under pocket change solutions.

If we stay on rings, we need to implement coin control if you want to have a viable pocket change.

I prefer Monero to not require users know how to manually do coin control.

Under ZK-SNARKS, no, this won't matter at all. Pocket change TXs will stand out. TXs spending pocket change won't. The pocket change TXs also shouldn't be linkable to anything else, making their standing out irrelevant.

Err, sorry, full chain membership proof. I'm technically not proposing a SNARK. I just have the community colloquialism burned into my head still.

Berman just corrected me. It won't do a 2-input immediately. After one TX, with one pocket change input, they'll have distinct TX IDs. Then Monero is willing to do a 2-input TX. This is a trivial EAE pattern though.

* trivial EAE-esque pattern

It effectively immediately doxes the first TX as spending the pocket change, and the second TX as spending the first TX and the original pocket change.

So pocket change does likely entirely remove your sender privacy due to the fundamental nature of rings.

It wouldn't under FCMPs, meaning there's a way around the 10-block lock which isn't giving up privacy under FCMPs, despite the lock still existing.

So, with FCMPs (nice acronym) your pocket change TXs stand out, but a TX spending pocket change do not?

i think with FCMP's - it doesnt matter what you're doing (you could be minting a mordinal , churning pocket change or paying a utility bill - its all the same on chain - to be confirmed*)

Right, and since the pocket change TX itself is unlinkable, who cares?

ofrnxmr: ... I just made an issue to shave off 128 bytes if it makes you feel better

We'd save tens of percent with BP++, but yeah, that's the numbers on it.

In the meantime, segregating a pocket change wallet (for everyday spending) from a sneaky/savings wallet is possible through careful churning (best practice for churning is forever a WIP)

Dynamic blocksize will handle the increase. Or do you mean "are we increasing the penalty free zone" (300kb)?

blankpage: I'm not convinced of the efficiency of churning, though MAGIC is actively funding research on it. So we'll find out.

The issue is the input merging.

Also, if you segregate pocket change, that's just admitting to giving up privacy on coins you use on a day to day basis.

ofrnxmr[m]: ArticMine proposed this re: penalty free zon.

ofrnxmr[m]: BP++ hopefully would get us to 6, though I haven't checked the exact math and that could be too optimistic. We'd have to look at Halo 2 after that.

s/zon/zone/

I assume that ideal churning practice would involve some careful consolidation of enotes

And might be inefficient from a "number of tx needed to be sure" perspective

blankpage: Requiring coin control and every user of Monero to have an understanding + actively consider each spend, or far more advanced input selection algos which would require more info from users at time of spend to work properly.

I may have been mistaken.

It's not 10kb. It's 50.

Yikes

/s :P Now that I'm done giving ofrnxmr a heart attack... it may be 2kb an input, not 4.

hnng

So 2kb * 2 + whatever the TX body + 1kb for the bulletproofs = 5kb, not 4kb.

s/*/\*/, s/4kb/10kb/

can you provide a security proof for those maths

Also variable size from output count and tx_junkdrawer (if it still exists)

XD Rucknium

Ideally, we're 512 AC gates which is 1024 BP gates. 2 ** 11 = 1024. (11 * 64) + (6 * 32) = 896 bytes.

Wee have two proofs per input under curve trees. 896 * = just under 2 kb

But there's a bit of additional proving data lying around (the vector commitments) which is prob a couple hundred bytes.

Though rn, we're 1024 AC gates, 2048 BP gates, so add 128 bytes. Still ~2kb.

And then BP++ would still offer a many % reduction.

* 896 * 2 = just

*That does assume a VC scheme is implemented.

Vc?

plowsof: Rucknium github.com/kayabaNerve/full-chain-m…%3Aopen+is%3Aissue+label%3Asecurity

blankpage: kayabaNerve/full-chain-membership-proofs #4

We need a BP+ VC or to fall back to BP, which would slightly increase the above proof sizes and hamper future efforts. It's not currently done, so our current sizes/discussions are much worse, but it will be done before anything I recommend for deployment.

Thanks. I am not seeing any messages today from Rucknium which others seem to be seeing based on context.

I am not seeing messages from them. I just tagged them as I thought they'd appreciate the healthy amount of tracking I'm giving to their priority, as it's also mine.

OK so it is not some glitch in the matrix

Updated the MRL issue to clarify I believe I doubled my numbers by accident. I assume 5.5kb is a lot more amenable to everyone than 10?

absolutely

Maybe a CAPS LOCK disclaimer over the Monerokon talk would be a good idea also

hardware has become so much cheaper, that the cost per TX is still going down

kayaba has reduced FCMP transactions by almost 50% , well done

plowsof: I'm doubling all future CCS proposals I make for the rest of my life and expect no complaints

:p

Ha. Planning a couple soon

First, I'm finishing my issue tracker. I'm trying to track out everything that has to be done on the self-contained lib side of things

"Full chain membership proofs" or FCMP is clunky IMO, can we maybe roll with "global signatures" as an analogy to "ring signatures"?

blankpage: It's not a signature

And then that issue tracker will become the second CCS. A set of already defined tasks, already tracked, broken down with timelines and contributors.

At one point I called them Tony proofs. Now I just call them Curve Trees despite using a much more efficient construction internally.

It still takes the overall technique from Curve Trees, which arguably wasn't novel. They just did a really tight definition of it.

And then I got a tighter definition 😎

Needs to be a short name that gets the concept across for educational materials... like how we are moving to "enotes"

Who is Tony?

blankpage: Oh. It was because it was a membership over bulletproofs. MoB.

If I meet a guy named Tony who isn't the mob, honestly, just a wasted opportunity.

Moner.ooo Update - Added Localmonero.co

Global proofs? Sounds like something which already means something specific elsewhere

GMP sounds equiv to FCMP. GP isn't specific enough IMO.

If you force yet another name to exist, even though there's no reason for another name, and it'd solely muddle the waters compared to Curve Trees IMO, I can start thinking of ones. Will likely involve the word "maid" in someway though just to mess with people though. Fair warning :p

Membership Always Including ...

Fewer words is better so I vote GMP

I vote FCMP because I'm petty and technically, GMPs include outputs from every chain

But I'll ack GMPs would be fine :p

But in the distant sharded, horizontally scalable future, I'll note we may actually discuss GMPs (not FCMPs)

Like if someone asks me "how does monero hide the sender?" the answer "curve trees" invites further questions rather than a feeling of conceptual understanding

wownero with FCMP first?

Funky Coin Membership Proofs

blankpage: are we sure that "full chain membership proofs" or FCMPs is going to clear up the confusion that "curve trees" might invite? 😅 Surely either way, further explanation will be needed?

"What is the curve?" "What is the tree?" "Is the tree curved, or the fruit on the tree?"

Just call them MPs. N00bs won't know partial existed in the first place. If anyone asks partial or full, we just say why wouldn't it be full

/s :p

This but not sarcastically ^

I don't want to be an elitist asshole about not having FCMPs after how long it took us, but the rest can be unironic

monero.town works again :)

Best android Lemmy app?

Those containers are lacking Monero stickers

<blankpage[m]> "Best android Lemmy app?" <- i like gebora

> <@blankpage:monero.social> Best android Lemmy app?

* i like jerboa

lemmur is also good though

<hbs[m]> "PXL_20230627_152706771.jpg" <- hey, that's my country

* my country. fuck my country

<hbs[m]> "PXL_20230627_152706771.jpg" <- Waste of Monero stickers...

Put them in bus stations or inside the airports so normies actually see them.

old ledger monero app vulnerability : in 2020 of april, it was possible to have your spend key extracted by simply plugging in to a computer, unlocking, and opening the monero app (with no further interaction) details/video shown here deadcode.me/blog/2020/04/25/Ledger-…onero-app-spend-key-extraction.html (it was fixed by Ledger). The author of that article made a pull request recently for some trezor misc. trezor fixes.

john_r365 opened up a bounty to get it reviewed bounties.monero.social/posts/85 which currently stands as 2.2 xmr. sech1 is currently working through / reviewing the pull request

Lol

HWW are garbage

They are quite useful if you can have a hardened firmware