<r​ecanman:agoradesk.com> Ah, nevermind, found [crypto_core_ed25519_scalar_reduce](libsodium.gitbook.io/doc/advanced/p…arithmetic#scalar-arithmetic-over-l)

<r​ecanman:agoradesk.com> It seems that Ristretto255 uses Curve25519, which just uses a different elliptic curve equation?

<k​ayabanerve:matrix.org> recanman: Curve25519 and Ed25519 are birationally equivalent to each other.

<k​ayabanerve:matrix.org> Ristretto is a prime-order group over the same field as Curve25519 and Ed25519, which can be implemented as an abstraction over Ed25519.

<r​ecanman:agoradesk.com> So, with some exceptions, Curve25519 will work when working with Cryptonote addresses?

<r​ecanman:agoradesk.com> Oh, over the same field. Just to confirm, this makes it 'compatible' with Ed25519

<r​ecanman:agoradesk.com> Oh, over the same field. Just to confirm, this makes it 'compatible' with Ed25519?

selsta: Any rough timeline on the .4 release?

dEBRUYNE: I would like to release it until end of month but it depends on when there are merges and if things will get reviewed in time

selsta: ty

i would like to include this but it's a huge change and I'm worried about it introducing new bugs monero-project/monero #9135

might make sense to let it run on some nodes first

Worthwhile to keep it for a later release imo

<n​ot_thankful_for_today:matrix.org> i have a question regarding monero ring signatures and outputs. Anyone can help ?

<n​ot_thankful_for_today:matrix.org> Let's say I have 2 outputs of 0.4 XMR in my wallet, for a total balance of 0.8 XMR, and I attempt to make a payment for 0.41 XMR. Will my input take 2 ring signatures out of the 16 ring signatures ?

<n​ot_thankful_for_today:matrix.org> What will happen with the change I get back of 0.39 XMR ? will it be a brand new output that nobody knows ?

<e​dge7:matrix.org> For the first point, I think every used output gets it's own ring signature

as for the second question, the change output will be a newly created one, but the recipient of the same transaction knows that the change belongs to you

they have the pubkey although they can't read the amount