-
spirobel[m]
do all transaction get constructed by the wallet2 api with this function:
github.com/monero-project/monero/bl…e_core/cryptonote_tx_utils.cpp#L201 or are there different code paths?
-
spirobel[m]
s/transaction/transactions/, s/cryptonote_core/cryptonote\_core/, s/cryptonote_tx_utils/cryptonote\_tx\_utils/
-
UkoeHB
spirobel[m]: yes, until this PR where multisig txs will use a different path
monero-project/monero #8149
-
spirobel[m]
UkoeHB: how about transaction uniformity with multisig txs? will they be visible as multisig on chain? or do they look like all other transactions
-
UkoeHB
they should look like other txs, aside from the fact ring members and tx fee will be very stale compared to when the tx is submitted
-
spirobel[m]
-
UkoeHB
spirobel[m]: yes, you can see it in set_tx_extra(); a large amount of that code was copied directly from construct_tx_with_tx_key()
-
sech1
.merges
-
xmr-pr
7774 8296 8356 8357 8358
-
sech1
I hate to be that guy but I have to remind that June 16th was supposed to be binary release date, this is in 2 days
-
sech1
Do we still aim for June 16th? If not, maybe we should have a dev meeting this weekend?
-
arnuschky[m]
<sech1> "Do we still aim for June 16th..." <- well the branch hasn't even been created, so I think that point's been answered ;)
-
sech1
PRs can be merged, branch can be created in a matter of minutes
-
arnuschky[m]
I wanted to suggest a dev meeting on the multisig situation this weekend already (if we have the audit's final report). Alternatively we could meet up at Monerokon
-
willshu[m]
Hello, XMR uses ed25519 as far as I know. This is, for example, an ed25519 private key, "d9acad686f03b1bb5054fb8b4c35a96f22dee45372e4c5ed9751373486d02399259e184f5c7cecf261063dd298e250b2303cf896a3d6705eedd35cc8b97cee0a". When I use the first 64 characters to sign a transaction, the sdk returns "failed to verify secret spend key". Why is that?
-
willshu[m]
s/d9acad686f03b1bb5054fb8b4c35a96f22dee45372e4c5ed9751373486d02399259e184f5c7cecf261063dd298e250b2303cf896a3d6705eedd35cc8b97cee0a/c45ca69ddc12adc2fff9951f701bed35f5ca8b48ab7274b9cd50ccecb85f226c4a81e153cd561443ae318500c0f7f6dba14b4b7f11327acd80c60eda52759dcf/
-
sech1
Different encoding probably
-
sech1
.merges
-
xmr-pr
7774 8296 8356 8357 8358
-
sech1
8381 and 8384 are also important before we branch
-
willshu[m]
-
ooo123ooo1234567
<willshu[m]> "Hello, XMR uses ed25519 as far..." <- What's the source of that 128 chars hex string ?
-
YOUNGUNION[m]
admins, hello i need help with my transaction from binance to monero wallet. i dont get monero from binance, because payment id not found about error host
-
moneromooo
Try asking in #monero.
-
willshu[m]
<ooo123ooo1234567> "What's the source of that 128..." <- You mean for the same mnemonic, ed25519 and xmr algorithm generates different private (spend) key, so I cannot use an ed25519 private key as xmr private spend key?
-
ooo123ooo1234567
<arnuschky[m]> "I wanted to suggest a dev..." <- conferences aren't the best place to ask critical questions, though meetings too
-
ooo123ooo1234567
willshu[m]: "edd25519 algorithm" what is it ? any code ?
-
ooo123ooo1234567
> <@will.shu:matrix.org> You mean for the same mnemonic, ed25519 and xmr algorithm generates different private (spend) key, so I cannot use an ed25519 private key as xmr private spend key?
-
ooo123ooo1234567
* "ed25519 algorithm" what is it ? any link to code ?
-
willshu[m]
-
ooo123ooo1234567
There is no code on that wiki page
-
ooo123ooo1234567
How exactly do you generate priv key ?
-
merope
64 characters or 64 bytes?
-
willshu[m]
merope: 64 characters.
-
UkoeHB
willshu[m]: what is your procedure for generating and printing that private key?
-
willshu[m]
-
willshu[m]
The private key is a standard ed25519 private key.
-
willshu[m]
That is 32 bytes and 64 characters
-
ooo123ooo1234567
> <@will.shu:matrix.org> I did not have the exact code, but this is the procedure:
cryptobook.nakov.com/digital-signat…20key,point%20G%20for%20the%20curve).
-
ooo123ooo1234567
>
-
ooo123ooo1234567
> The private key is a standard ed25519 private key.
-
ooo123ooo1234567
Indeed, there is a small problem
-
ooo123ooo1234567
-
ooo123ooo1234567
-
ooo123ooo1234567
github.com/monero-project/monero/bl…b/master/src/crypto/crypto.cpp#L167, if you would pass the same hex string into monero-wallet-cli then it would firstly reduce secret key
-
ooo123ooo1234567
try to apply sc_reduce(...) to your hex string, or enter it into monero-wallet-cli and grab reduced one with `spendkey` cmd
-
willshu[m]
const privateViewKey = sc_reduce32(cn_fast_hash(privateSpendKey))
-
willshu[m]
How do you suggest I get my privateSpendKey from the 64-char hex? sc_reduce32(privateKeyHex)?
-
willshu[m]
Above is how I get my privateViewKey from the privateSpendKey.
-
willshu[m]
How do you suggest that I transform from a 64-char hex to a privateSpendKey? sc_reduce32(64-char hex)?
-
ooo123ooo1234567
-
ooo123ooo1234567
it will generate both view and spend keys
-
moneromooo
No. The hex represenation is just a textual representation.
-
willshu[m]
moneromooo: ?
-
ooo123ooo1234567
willshu[m]: 64 hex -> 32 bytes -> ::generate(...)
-
ooo123ooo1234567
s/cryptonote_basic/cryptonote\_basic/, s/<hex/\</
-
willshu[m]
ooo123ooo1234567: Do you know how to call this library from node.js?
-
ooo123ooo1234567
<willshu[m]> "Do you know how to call this..." <-
github.com/jedisct1/libsodium/blob/…e/sodium/crypto_core_ed25519.h#L104, this function from libsodium is doing the same as sc_reduce(...), there are nodejs bindings for libsodium
-
ooo123ooo1234567
<willshu[m]> "Do you know how to call this..." <- just add reduce step for secret, which is being generated for some reason outside of monero "sdk", once wallet is generated from secret spend key it's possible to get all keys with methods `std::string WalletImpl::secretViewKey() const`
-
willshu[m]
ooo123ooo1234567: no problem from privateSpendKey to privateViewKey, just looking at how to get from 64-char hex to privateSpendKey. Do you mean I call in Node.js:
-
willshu[m]
const _sodium = require('libsodium-wrappers');
-
willshu[m]
_sodum.crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s)?
-
willshu[m]
What is unsigned char *r, const unsigned char *s?
-
ooo123ooo1234567
it isn't clear whether you're doing in educational purposes or for some production, 1st case - use monero-wallet-cli / read code, 2nd case - generate new wallet with monero wallet api instead of externally / read code
-
willshu[m]
<ooo123ooo1234567> "it isn't clear whether you're..." <- Sorry I am a little lost. 64 hex -> 32 bytes -> ::generate(...) : Which library and api should I use?
-
willshu[m]
<ooo123ooo1234567> "it isn't clear whether you're..." <- For example, what does the `::generate(...)` step have to do with sc_reduce?
-
ooo123ooo1234567
> <@will.shu:matrix.org> no problem from privateSpendKey to privateViewKey, just looking at how to get from 64-char hex to privateSpendKey. Do you mean I call in Node.js:... (full message at
libera.ems.host/_matrix/media/r0/do…331b85297e93e29814c9da4a563205a7c05)
-
ooo123ooo1234567
btw, monero lib are you using for nodejs ?
-
ooo123ooo1234567
* btw, what monero lib
-
ooo123ooo1234567
> <@will.shu:matrix.org> no problem from privateSpendKey to privateViewKey, just looking at how to get from 64-char hex to privateSpendKey. Do you mean I call in Node.js:... (full message at
libera.ems.host/_matrix/media/r0/do…0cf19d8939034d9e398cd746226cf2a9f4f)
-
willshu[m]
ooo123ooo1234567: monero-javascript
-
willshu[m]
void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s);
-
willshu[m]
From the doc you showed above, the two params are somewhat different from 32 bytes in js
-
ooo123ooo1234567
-
ooo123ooo1234567
-
ooo123ooo1234567
s/a/to generate new wallet keys/
-
UkoeHB
willshu[m]: you shouldn't need to scalar reduce if it's already a private key
-
UkoeHB
hence my question, where did you get that hex string?
-
ooo123ooo1234567
> <@will.shu:matrix.org> void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s);
-
ooo123ooo1234567
>
-
ooo123ooo1234567
> From the doc you showed above, the two params are somewhat different from 32 bytes in js
-
ooo123ooo1234567
jedisct1/libsodium #920#issuecomment-578395336, wow, there is even example from libsodium author
-
ooo123ooo1234567
UkoeHB: it doesn't matter now
-
sech1
Question. Who takes care of DNS checkpoints?
paste.debian.net/hidden/8ea57f14 - isn't it a bit... outdated?
-
selsta
fluffy did years ago
-
sech1
and monerod queries it every hour by default, right in before adding a new block
-
sech1
sometimes these queries stall monerod for up to a minute
-
sech1
which is why p2pool recommends adding --disable-dns-checkpoints
-
selsta
would there be harm in deactivating it at this point?
-
sech1
As far as I understand, it's used to speed up syncing beyond built-in checkpoints
-
sech1
so disabling it won't change anything
-
selsta
speed up? I think it's solely a security feature
-
sech1
syncing goes faster while checkpoints are available
-
selsta
speed up syncing is this other checkpoint system that requires built in hashes
-
selsta
they have the same name but is something different
-
sech1
don't know, it's in the same checkpoints.cpp
-
moneromooo
It's a semi centralized emergency sanity check. I don't tink it was ever used.
-
selsta
`src/blocks/checkpoints.dat` and hash in `src/cryptonote_core/blockchain.cpp` is used for speed up syncing as far as I know
-
moneromooo
It doens't affect sync speed. Hash of hashes does. The above ^
-
selsta
sanity check checkpoints are in `src/checkpoints/checkpoints.cpp`
-
sech1
right, it's a different system then
-
selsta
if it isn't used it might make sense to deactivate it and avoid the constant DNS queries
-
moneromooo
The embedded hashes should not be called checkpoints, they're hashes of block hashes. Same as calling output pubkeys stealth addresses, it just confuses things by taking a name and applying it to something else.
-
selsta
checkpoints.dat is the confusing part
-
sech1
well, all it does now is stalling monerod every hour
-
sech1
and it can potentially shut down all nodes that query DNS, if malicious incorrect hashes are planted there
-
sech1
not p2pool nodes, those will be fine because they disable it
-
moneromooo
It's off by default. It'll just whine a bit and continue.
-
sech1
-
sech1
it sends SIGTERM if something is wrong
-
moneromooo
It should not.
-
moneromooo
If enabled, it should act as a... checkpoint.
-
sech1
right
-
sech1
--enforce-dns-checkpointing enables this shutdown behavior
-
moneromooo
Maybe I'm misremembering then. I was sure it was off by default...
-
sech1
I just checked the code. It requires this cmd parameter
-
sech1
anyway, should the whole DNS checkpointing be disabled by default?
-
sech1
It's not updated and has never been used
-
moneromooo
The enforcement, yes. The checking, no, but feel free to make it fetch in a thread.
-
sech1
I was planning to move it to thread pool
-
sech1
until I checked the actual DNS records :D
-
sech1
ok, I'll move it to thread pool then
-
moneromooo
That's like saying "I never used by first aid kit so first aid kits are useless and should be binned" :)
-
moneromooo
Now, I'm assuming it still works, and I don't *know* that.
-
sech1
continuing the analogy, who holds the keys to the first aid kit (checkpoints.moneropulse.* domains)?
-
moneromooo
pony and/or binaryFate AFAIK.
-
selsta
bF now yes
-
sech1
ok, a PR with a few DNS query fixes is coming this week
-
sech1
I also don't like how the default thread pool is used for both tx verification and DNS queries. Checkpoints fill the thread pool with long-lasting DNS queries (7 at a time), stalling all tx verification
-
sech1
I/O needs separate thread pool
-
moneromooo
Easy to change, no ?
-
sech1
yes
-
sech1
threadpool::getInstance() -> threadpool::getInstanceForCompute() and threadpool::getInstanceForIO()
-
ooo123ooo1234567
-
moneromooo
That sounds... odd. Why not use a local one ?
-
moneromooo
I'm reasonably sue some other classes have their own pool.
-
sech1
no, everyone uses threadpool::getInstance()
-
moneromooo
Though looking, they all seem to use the default one now.
-
sech1
threadpool even has private constructor
-
moneromooo
Not sure why. Can't be creation time if it's a long lived object field.
-
ooo123ooo1234567
sech1: There are more sophisticated ways to stall tx verification, why to start from the most unimportant one which can be even disabled with cli arg ?
-
sech1
it has getNewForUnitTests() function, but it's for testing
-
moneromooo
Oh, private ctor. I see.
-
moneromooo
Looks like it was always so, so no object can have had a local pool before.
-
moneromooo
Must have been boost::thread's then.
-
sech1
ooo123 again "useful" advices, better keep silent if you have nothing useful. unbound async lookup? What to do with the calling code with is 100% synchronous? Are you advocating for a full rewrite again? "Unimportant"? It literally stalls monerod every hour for a random (sometimes up to a minute) period of time.
-
sech1
*which is 100%
-
ooo123ooo1234567
sech1: urgent - disable with cli arg
-
ooo123ooo1234567
sech1: It will be rewrite since there are other problems and thread for that particular dns check is a waste of time, unless it's in educational purposes
-
sech1
let me decide myself what is a waste of time, ok?
-
sech1
added to ignore again
-
ooo123ooo1234567
sech1: there is some problem with logging, added notification is present, but removed notification is absent for some reason
-
ooo123ooo1234567
<sech1> "let me decide myself what is a..." <- sure, as long as it doesn't interfere with code correctness in monero repo
-
willshu[m]
<ooo123ooo1234567> "> <@will.shu:matrix.org> void..." <- It seems the `libsodium.js` does not have an export method called `crypto_core_ed25519_scalar_reduce`
-
kayabanerve[m]
will.shu: If you get a bigint, you can trivially perform scalar reduction, though I'd have to check what elliptic/noble does for a constant time bigint...
-
ooo123ooo1234567
<willshu[m]> "Do you know how to call this..." <-
github.com/monero-ecosystem/monero-…/wallet/monero_wallet_keys.cpp#L167, found answer for this: check how create_wallet_from_keys was exported into node-js via monero-javascript->monero-cpp->monero_wasm_bridge.cpp
-
ooo123ooo1234567
github.com/monero-ecosystem/monero-…/wallet/monero_wallet_keys.cpp#L167, you can export this way function that will accept hex string -> decode it into bytes -> apply sc_reduce -> return reduced hex string
-
ooo123ooo1234567
*
github.com/monero-ecosystem/monero-cpp/blob/master/src/wallet/monero\_wallet\_keys.cpp#L167, you can export this way new function that will accept hex string -> decode it into bytes -> apply sc\_reduce -> return reduced hex string
-
willshu[m]
ooo123ooo1234567: From the js code of this site -
xmr.llcoins.net/addresstests.html, can I infer that I can get privateSpendKey from `sc_reduce32(64-char hex)`?
-
plowsof[m]
full disclosure: will shu has a ccs open requesting funds for this work , this is his 'homework'
-
ooo123ooo1234567
-
binaryFate
<sech1> continuing the analogy, who holds the keys to the first aid kit (checkpoints.moneropulse.* domains)? <- pony and me indeed
-
monerm[m]
Howdy folks, I'm new to Monero and I'm trying to understand how it works and was hoping someone here could answer a question for me
-
monerm[m]
I know how Pedersen commitments verify that the sum of all inputs and outputs is zero. What I don't know is how the network confirms that the input amounts are legitimate to begin with.
-
monerm[m]
C = x*G + a*H
-
monerm[m]
What is preventing me from using an output worth 0.4 XMR as an input in a tx, but doing the pedersen commitment math as if "a" is 0.6? Essentially, how does anyone verify that "a" is the actual amount of an input?
-
sech1
because if you do a commitment for the wrong amount, the sum of commitments will not be 0
-
sech1
-
jeffro256[m]
All amounts start as unencrypted from minining, so that the commitments have a starting point which everyone can verify so that there's not an infinite amount floating around
-
jeffro256[m]
From there, the sum of the output commitments must equal the sum of the input commitments
-
sech1
plus the range proofs
-
jeffro256[m]
Yes ^
-
sech1
that prove all numbers are non-negative
-
jeffro256[m]
Bulletproofs is the name of the proof that makes sure you don't send yourself +5 XMR and -5XMR
-
jeffro256[m]
Soon Bulletproofs+
-
jeffro256[m]
The only way you could come up with a commitment which satisfies that the sum is 0 without the amounts summing to 0 is you would have to know the logarithm between G and H, which were picked so that no ones ones that
-
monerm[m]
Maybe my confusion stems from how an input is put into a transaction.
-
monerm[m]
When you receive an output worth let's say 1 XMR and the pederson commitment is C = xG + 1H
-
monerm[m]
When you go to spend it as an input does x have to be the same? My understanding was that you select a random x when building the transaction
-
sech1
you select it for outputs, inputs are already on the blockchain
-
jeffro256[m]
I believe you can pick random x for all except one output on a transaction. Once you have picked random blinding factors for other outputs, there is only one "correct" blinding factor for the last output
-
jeffro256[m]
So you solve for it
-
jeffro256[m]
It's still hiding because it's a function of the other blinding factors you picked
-
monerm[m]
So as the receiver. My output to my stealth address is C = xG + 1H. When I spend it I must use the same C = xG + 1H right?
-
monerm[m]
Thank you all very much for the responses btw
-
UkoeHB
monerm[m]: yes, when you spend an output you give the verifier an index reference into the ledger. The verifier looks up the exact copy of your output (along with all the decoys) in order to verify CLSAGs.
-
monerm[m]
Thank you all! You guys rock. Gosh dang Monero is neat