00:32:50 <m-relay> <p​reland:matrix.org> Question before I try and do this myself: is there a pdf or other document that gives step-by-step instructions to generate a Monero address using nothing but pen and paper (and a dice/coin for a random starting seed)
00:33:22 <m-relay> <p​reland:matrix.org> I think it would be the most secure way to create a paper wallet
00:41:07 <m-relay> <p​cre:monero.social> As far as I know, there is no such document.
00:43:03 <selsta> i might be misremembering but feather wallet has a feature for this where you can use a dice
00:43:10 <selsta> but not exactly the same as just pen and paper
00:46:46 <m-relay> <p​cre:monero.social> You can also use a dice to add some extra entropy, for creating a new key. monero-wallet-cli --extra-entropy
00:59:41 <m-relay> <p​cre:monero.social> I wrote this 5 years ago: https://github.com/nonie-sys/monero_extra_entropy
01:00:56 <m-relay> <p​cre:monero.social> But today I would prefer and recommend a hardware wallet.
01:12:05 <m-relay> <r​ecanman:agoradesk.com> Lol, if you want to do elliptic curve math on pen and paper, go ahead
01:12:09 <m-relay> <r​ecanman:agoradesk.com> I can write a document for you if you'd like
01:12:35 <m-relay> <r​ecanman:agoradesk.com> You'd need the mnemonic wordlist or you can store it as a number/hex-encoded
01:34:33 <m-relay> <p​cre:monero.social> You could create a private key with dice and use it to create a mnemonic seed if you distrust the «random number generator¢ on the hardware wallet.
01:35:38 <m-relay> <p​reland:matrix.org> That would be nice; would definitely quell the concerns of schizos lol
01:37:32 <m-relay> <p​cre:monero.social> The term paranoid fits better.
01:37:57 <m-relay> <p​reland:matrix.org> Ideally it would work something like 
01:37:57 <m-relay> <p​reland:matrix.org> -get random data using a coin, dice, etc. and tally the results
01:37:59 <m-relay> <p​reland:matrix.org> -turn the results into valid input for the equation if necessary
01:38:01 <m-relay> <p​reland:matrix.org> -do da math (this would likely take a while, especially if you add an extra condition of excluding any use of a calculator)
01:38:03 <m-relay> <p​reland:matrix.org> -tada! You have a truly 100% paper Monero wallet!
01:39:08 <m-relay> <p​reland:matrix.org> Ironically I don’t think this would be all that useful on its own. If you were also able to create a transaction by hand and then input+send it to a node….
01:50:24 <m-relay> <p​cre:monero.social> Monero works in a different way to Bitcoin in this respect. You cannot simply sign a transaction and send it to a node.
02:03:13 <m-relay> <r​ecanman:agoradesk.com> A better way is to just generate a seed?
02:03:33 <m-relay> <r​ecanman:agoradesk.com> Why generate the view/spend keys and address when you are just keeping it private and not using it?
02:03:53 <m-relay> <r​ecanman:agoradesk.com> I would see this as less secure
02:03:55 <m-relay> <r​ecanman:agoradesk.com> Just input your own entropy from a dice
02:04:57 <m-relay> <r​ecanman:agoradesk.com> If you're going to do elliptic curve operations on the Ed25519 curve...
06:49:45 <m-relay> <a​ioghaosdihfaowie:matrix.org> Hi, can all sha256 hashes be used as a hex seed?
06:50:32 <moneromooo> You usually want a reduced scalar. If your hash has something like... 4 ? maybe 5 ? zeroes at the end, it's reduced.
06:51:11 <moneromooo> I don't know whether just zeroing these on another random 256 bit value is unbiased enough though.
06:52:03 <moneromooo> An unreduced scalar will work, but you might see "odd" things like non matching keys in some places.
06:52:24 <moneromooo> will *usually* work :)
06:53:30 <moneromooo> Reducing a scalar is just calculating modulo with a ~252 bit number. So PITA manually.
08:10:23 <m-relay> <a​ioghaosdihfaowie:matrix.org> How can I get private spend and view key from hex seed/mnemonic?
08:27:38 <sech1> restore it in the CLI wallet, then run "spendkey" and "viewkey" commands
10:13:58 <m-relay> <a​ioghaosdihfaowie:matrix.org> Do I need to sc_reduce32 hex seed to get priv spend key?  If so what's the formula for sc_reduce?
11:37:59 <sech1> sc_reduce is basically a 256-bit modulo operation
11:41:13 <moneromooo> Easiest is to roll keys until you get one with 4 zeroes at the end. That should not be biased I think.
11:41:34 <moneromooo> I *think* 4 bits is enough to ensure it is reduced.
11:42:42 <moneromooo> Well, it does bias, due to rejecting a few keys at the high end of the domain. Just.. not much. But not much can be a lot in crypto so...
11:42:46 <sech1> ed25519 base is a bit larger than 2^252, so it will be biased
11:43:19 <sech1> It's better to pick random values <= 15*base and then do a modulo
11:43:57 <moneromooo> Modulo by hand isn't really feasible, is it ?
11:44:36 <sech1> Right
11:45:23 <moneromooo> Comparing to L is. So if you do that instead of 4 zero bits, it should be unbiased.
12:33:39 <m-relay> <a​ioghaosdihfaowie:matrix.org> How do I get Private View Key? Keccak-256 of Private Spend Key doesn't work.
13:11:28 <m-relay> <a​ioghaosdihfaowie:matrix.org> Nevermind, I figured it out.
20:20:58 <m-relay> <a​remor:matrix.org> Are collaborative transactions possible in Monero? 
20:20:59 <m-relay> <a​remor:matrix.org> (Multiple inputs in one tx that require completely different set of private spend keys in order for the TX to be valid.)
20:41:40 <sech1> Possible, but I don't know any wallets that implement this
20:42:30 <sech1> All you need to spend an input is to know the one-time spend key for this input.
22:42:35 <selsta> .merge+ 9316 9323
22:42:35 <xmr-pr> Added
22:44:00 <selsta> .merge+ 9313 9307 9306 9309 9310 9305
22:44:00 <xmr-pr> ...
23:17:17 <selsta> luigi1111: could you do merges? CI is currently broken due to some compiler changes
23:18:32 <spackle> https://xmrchain.net/tx/6c7769691cdf10791ec6bae41df3316be6996da5bc07d683b1e53d1b91a1c83d
23:18:35 <spackle> Tx size: 138.8838 kB
23:18:40 <spackle> I did not expect to see that