<p​reland:matrix.org> Question before I try and do this myself: is there a pdf or other document that gives step-by-step instructions to generate a Monero address using nothing but pen and paper (and a dice/coin for a random starting seed)

<p​reland:matrix.org> I think it would be the most secure way to create a paper wallet

<p​cre:monero.social> As far as I know, there is no such document.

i might be misremembering but feather wallet has a feature for this where you can use a dice

but not exactly the same as just pen and paper

<p​cre:monero.social> You can also use a dice to add some extra entropy, for creating a new key. monero-wallet-cli --extra-entropy

<p​cre:monero.social> I wrote this 5 years ago: github.com/nonie-sys/monero_extra_entropy

<p​cre:monero.social> But today I would prefer and recommend a hardware wallet.

<r​ecanman:agoradesk.com> Lol, if you want to do elliptic curve math on pen and paper, go ahead

<r​ecanman:agoradesk.com> I can write a document for you if you'd like

<r​ecanman:agoradesk.com> You'd need the mnemonic wordlist or you can store it as a number/hex-encoded

<p​cre:monero.social> You could create a private key with dice and use it to create a mnemonic seed if you distrust the «random number generator¢ on the hardware wallet.

<p​reland:matrix.org> That would be nice; would definitely quell the concerns of schizos lol

<p​cre:monero.social> The term paranoid fits better.

<p​reland:matrix.org> Ideally it would work something like

<p​reland:matrix.org> -get random data using a coin, dice, etc. and tally the results

<p​reland:matrix.org> -turn the results into valid input for the equation if necessary

<p​reland:matrix.org> -do da math (this would likely take a while, especially if you add an extra condition of excluding any use of a calculator)

<p​reland:matrix.org> -tada! You have a truly 100% paper Monero wallet!

<p​reland:matrix.org> Ironically I don’t think this would be all that useful on its own. If you were also able to create a transaction by hand and then input+send it to a node….

<p​cre:monero.social> Monero works in a different way to Bitcoin in this respect. You cannot simply sign a transaction and send it to a node.

<r​ecanman:agoradesk.com> A better way is to just generate a seed?

<r​ecanman:agoradesk.com> Why generate the view/spend keys and address when you are just keeping it private and not using it?

<r​ecanman:agoradesk.com> I would see this as less secure

<r​ecanman:agoradesk.com> Just input your own entropy from a dice

<r​ecanman:agoradesk.com> If you're going to do elliptic curve operations on the Ed25519 curve...

<a​ioghaosdihfaowie:matrix.org> Hi, can all sha256 hashes be used as a hex seed?

You usually want a reduced scalar. If your hash has something like... 4 ? maybe 5 ? zeroes at the end, it's reduced.

I don't know whether just zeroing these on another random 256 bit value is unbiased enough though.

An unreduced scalar will work, but you might see "odd" things like non matching keys in some places.

will *usually* work :)

Reducing a scalar is just calculating modulo with a ~252 bit number. So PITA manually.

<a​ioghaosdihfaowie:matrix.org> How can I get private spend and view key from hex seed/mnemonic?

restore it in the CLI wallet, then run "spendkey" and "viewkey" commands

<a​ioghaosdihfaowie:matrix.org> Do I need to sc_reduce32 hex seed to get priv spend key? If so what's the formula for sc_reduce?

sc_reduce is basically a 256-bit modulo operation

Easiest is to roll keys until you get one with 4 zeroes at the end. That should not be biased I think.

I *think* 4 bits is enough to ensure it is reduced.

Well, it does bias, due to rejecting a few keys at the high end of the domain. Just.. not much. But not much can be a lot in crypto so...

ed25519 base is a bit larger than 2^252, so it will be biased

It's better to pick random values <= 15*base and then do a modulo

Modulo by hand isn't really feasible, is it ?

Right

Comparing to L is. So if you do that instead of 4 zero bits, it should be unbiased.

<a​ioghaosdihfaowie:matrix.org> How do I get Private View Key? Keccak-256 of Private Spend Key doesn't work.

<a​ioghaosdihfaowie:matrix.org> Nevermind, I figured it out.

<a​remor:matrix.org> Are collaborative transactions possible in Monero?

<a​remor:matrix.org> (Multiple inputs in one tx that require completely different set of private spend keys in order for the TX to be valid.)

Possible, but I don't know any wallets that implement this

All you need to spend an input is to know the one-time spend key for this input.

.merge+ 9316 9323

Added

.merge+ 9313 9307 9306 9309 9310 9305

...

luigi1111: could you do merges? CI is currently broken due to some compiler changes

Tx size: 138.8838 kB

I did not expect to see that