00:32:50 <m-relay> <preland:matrix.org> Question before I try and do this myself: is there a pdf or other document that gives step-by-step instructions to generate a Monero address using nothing but pen and paper (and a dice/coin for a random starting seed) 00:33:22 <m-relay> <preland:matrix.org> I think it would be the most secure way to create a paper wallet 00:41:07 <m-relay> <pcre:monero.social> As far as I know, there is no such document. 00:43:03 <selsta> i might be misremembering but feather wallet has a feature for this where you can use a dice 00:43:10 <selsta> but not exactly the same as just pen and paper 00:46:46 <m-relay> <pcre:monero.social> You can also use a dice to add some extra entropy, for creating a new key. monero-wallet-cli --extra-entropy 00:59:41 <m-relay> <pcre:monero.social> I wrote this 5 years ago: https://github.com/nonie-sys/monero_extra_entropy 01:00:56 <m-relay> <pcre:monero.social> But today I would prefer and recommend a hardware wallet. 01:12:05 <m-relay> <recanman:agoradesk.com> Lol, if you want to do elliptic curve math on pen and paper, go ahead 01:12:09 <m-relay> <recanman:agoradesk.com> I can write a document for you if you'd like 01:12:35 <m-relay> <recanman:agoradesk.com> You'd need the mnemonic wordlist or you can store it as a number/hex-encoded 01:34:33 <m-relay> <pcre:monero.social> You could create a private key with dice and use it to create a mnemonic seed if you distrust the «random number generator¢ on the hardware wallet. 01:35:38 <m-relay> <preland:matrix.org> That would be nice; would definitely quell the concerns of schizos lol 01:37:32 <m-relay> <pcre:monero.social> The term paranoid fits better. 01:37:57 <m-relay> <preland:matrix.org> Ideally it would work something like 01:37:57 <m-relay> <preland:matrix.org> -get random data using a coin, dice, etc. and tally the results 01:37:59 <m-relay> <preland:matrix.org> -turn the results into valid input for the equation if necessary 01:38:01 <m-relay> <preland:matrix.org> -do da math (this would likely take a while, especially if you add an extra condition of excluding any use of a calculator) 01:38:03 <m-relay> <preland:matrix.org> -tada! You have a truly 100% paper Monero wallet! 01:39:08 <m-relay> <preland:matrix.org> Ironically I don’t think this would be all that useful on its own. If you were also able to create a transaction by hand and then input+send it to a node…. 01:50:24 <m-relay> <pcre:monero.social> Monero works in a different way to Bitcoin in this respect. You cannot simply sign a transaction and send it to a node. 02:03:13 <m-relay> <recanman:agoradesk.com> A better way is to just generate a seed? 02:03:33 <m-relay> <recanman:agoradesk.com> Why generate the view/spend keys and address when you are just keeping it private and not using it? 02:03:53 <m-relay> <recanman:agoradesk.com> I would see this as less secure 02:03:55 <m-relay> <recanman:agoradesk.com> Just input your own entropy from a dice 02:04:57 <m-relay> <recanman:agoradesk.com> If you're going to do elliptic curve operations on the Ed25519 curve... 06:49:45 <m-relay> <aioghaosdihfaowie:matrix.org> Hi, can all sha256 hashes be used as a hex seed? 06:50:32 <moneromooo> You usually want a reduced scalar. If your hash has something like... 4 ? maybe 5 ? zeroes at the end, it's reduced. 06:51:11 <moneromooo> I don't know whether just zeroing these on another random 256 bit value is unbiased enough though. 06:52:03 <moneromooo> An unreduced scalar will work, but you might see "odd" things like non matching keys in some places. 06:52:24 <moneromooo> will *usually* work :) 06:53:30 <moneromooo> Reducing a scalar is just calculating modulo with a ~252 bit number. So PITA manually. 08:10:23 <m-relay> <aioghaosdihfaowie:matrix.org> How can I get private spend and view key from hex seed/mnemonic? 08:27:38 <sech1> restore it in the CLI wallet, then run "spendkey" and "viewkey" commands 10:13:58 <m-relay> <aioghaosdihfaowie:matrix.org> Do I need to sc_reduce32 hex seed to get priv spend key? If so what's the formula for sc_reduce? 11:37:59 <sech1> sc_reduce is basically a 256-bit modulo operation 11:41:13 <moneromooo> Easiest is to roll keys until you get one with 4 zeroes at the end. That should not be biased I think. 11:41:34 <moneromooo> I *think* 4 bits is enough to ensure it is reduced. 11:42:42 <moneromooo> Well, it does bias, due to rejecting a few keys at the high end of the domain. Just.. not much. But not much can be a lot in crypto so... 11:42:46 <sech1> ed25519 base is a bit larger than 2^252, so it will be biased 11:43:19 <sech1> It's better to pick random values <= 15*base and then do a modulo 11:43:57 <moneromooo> Modulo by hand isn't really feasible, is it ? 11:44:36 <sech1> Right 11:45:23 <moneromooo> Comparing to L is. So if you do that instead of 4 zero bits, it should be unbiased. 12:33:39 <m-relay> <aioghaosdihfaowie:matrix.org> How do I get Private View Key? Keccak-256 of Private Spend Key doesn't work. 13:11:28 <m-relay> <aioghaosdihfaowie:matrix.org> Nevermind, I figured it out. 20:20:58 <m-relay> <aremor:matrix.org> Are collaborative transactions possible in Monero? 20:20:59 <m-relay> <aremor:matrix.org> (Multiple inputs in one tx that require completely different set of private spend keys in order for the TX to be valid.) 20:41:40 <sech1> Possible, but I don't know any wallets that implement this 20:42:30 <sech1> All you need to spend an input is to know the one-time spend key for this input. 22:42:35 <selsta> .merge+ 9316 9323 22:42:35 <xmr-pr> Added 22:44:00 <selsta> .merge+ 9313 9307 9306 9309 9310 9305 22:44:00 <xmr-pr> ... 23:17:17 <selsta> luigi1111: could you do merges? CI is currently broken due to some compiler changes 23:18:32 <spackle> https://xmrchain.net/tx/6c7769691cdf10791ec6bae41df3316be6996da5bc07d683b1e53d1b91a1c83d 23:18:35 <spackle> Tx size: 138.8838 kB 23:18:40 <spackle> I did not expect to see that