18:35:35 <m-relay> <b​obolisto:matrix.org> Can you guys provide any info regarding FCMP? I'm a developer, no cryptography expert but I could write a wallet or payment system for any crypto. I understand ring signatures. I understand it's weaknesses and how they can be mitigated. I understand how key images prevent double-spending. I can't really understand the math behind CT but I trust it (somewhat) because there's enough<clipped message>
18:35:35 <m-relay> <b​obolisto:matrix.org>  info going around and I could understand it if I bother. But I can't find much info about FCMP. I've read what I can find on getmonero.org but I'm still pretty clueless about it. I've read it prevents AEA attacks but I don't get how. If it's like zcash I think similar attacks are possible there but that may be my ignorance. I heard that it helps with the spam attacks but that wor<clipped message>
18:35:37 <m-relay> <b​obolisto:matrix.org> ries more because it means a bad actor could be trying to push for this update. I know fcmp is better than few decoys but I would love to understand how it works
18:36:30 <m-relay> <b​obolisto:matrix.org> Can you guys provide any info regarding FCMP? I'm a developer, no cryptography expert but I could write a wallet or payment system for any crypto. I understand ring signatures. I understand it's weaknesses and how they can be mitigated. I understand how key images prevent double-spending. I can't really understand the math behind CT but I trust it (somewhat) because there's enough<clipped message>
18:36:31 <m-relay> <b​obolisto:matrix.org>  info going around and I could understand it if I bother. But I can't find much info about FCMP. But I've read what I can find on getmonero.org but I'm still pretty clueless about fcmp. I've read it prevents AEA attacks but I don't get how. If it's like zcash I think similar attacks are possible there but that may be my ignorance. I heard that it helps with the spam attacks but th<clipped message>
18:36:33 <m-relay> <b​obolisto:matrix.org> at worries more because it means a bad actor could be trying to push for this update. I know fcmp is better than few decoys but I would love to understand how it works
18:37:28 <m-relay> <k​ayabanerve:matrix.org> An FCMP is a ZK proof to verify the input is a rerandomization of an output committed to within a Merkle tree.
18:38:02 <m-relay> <k​ayabanerve:matrix.org> https://github.com/kayabaNerve/fcmp-plus-plus-paper is its presentation
19:06:29 <m-relay> <b​obolisto:matrix.org> Thanks! I'll have to do a lot more homework ZK proofs before I can understand that. I do have have a clue but it's a lot more complicated than RingCT and there will probably be less eyes to spot the bugs, etc. Those are my concerns. But I'll keep learning I'll probably be back with questions
19:10:07 <m-relay> <b​obolisto:matrix.org> Oh another thing I read somewhere on getmonero.org is that it will help take monero out of the fringes and increase price. Why will it do that?
19:10:49 <m-relay> <r​ucknium:monero.social> BoboListo: Stop using LLMs for info.
19:11:09 <m-relay> <r​ucknium:monero.social> GM.org didn't say that, but LLMs have been saying things like that.
19:11:15 <m-relay> <r​ucknium:monero.social> Please :)
19:11:34 <m-relay> <b​obolisto:matrix.org> I didn't... Let me find it
19:13:59 <m-relay> <b​obolisto:matrix.org> My bad it wasn't getmonero.org but it wasn't LLMs either. It's 99bitcoins.com
19:14:04 <m-relay> <b​obolisto:matrix.org> https://99bitcoins.com/news/monero-privacy-update-unprecedented-anonymity/
19:17:52 <m-relay> <b​obolisto:matrix.org> And they just throw it out there randomly on an fcmp article
19:18:28 <ofrnxmr> "While being the cornerstone of Monero, ring signatures are susceptible to vulnerabilities like the Exchange Attack Everywhere (EAE) attack. "
19:19:00 <ofrnxmr> Article probably written by LLM too, lol
19:19:08 <m-relay> <r​ucknium:monero.social> Aha, it _was_ probably LLM.
19:19:24 <m-relay> <r​ucknium:monero.social> EAE = "Eve-Alice-Eve"
21:01:07 <m-relay> <b​obolisto:matrix.org> So the Merkle tree is generated from random outputs on the blockchain and the ZK proof proves that one of the outputs used to generate the tree is mine and has not been spent, etc. without revealing any of the outputs so it could be from the whole chain?
22:25:45 <m-relay> <k​ayabanerve:matrix.org> BoboListo: You can read the paper for the practical impacts even if you don't understand the section on the actual FCMP implementation.
22:26:12 <m-relay> <k​ayabanerve:matrix.org> I did not aim to 'bolster Monero's price'.
22:26:59 <m-relay> <k​ayabanerve:matrix.org> The Merkle tree is generated from all outputs on the blockchain.
22:27:45 <m-relay> <k​ayabanerve:matrix.org> The FCMP solely proves the input tuple is a re-randomization of an on-chain output. The SAL proof proves it's yours and its key image (which we use to prove it hasn't been spent before).
22:28:21 <m-relay> <k​ayabanerve:matrix.org> (Spend-Authorization + Linkability Proof)
22:31:14 <m-relay> <k​ayabanerve:matrix.org> The FCMP++ construction is *a* proof satisfying membership and *a* proof satisfying SAL. The 'input tuple' is the output of the FCMP++, and the input to the SAL. You can follow its flow accordingly, even without knowing either proof in detail.
22:32:57 <m-relay> <k​ayabanerve:matrix.org> The SAL proof is quite straightforward though. It's a Bulletproof+ proving a 1-row inner-product and a Generalized Schnorr Protocol (Sigma composition of Schnorr signatures?) for the rest of the openings.
22:34:30 <m-relay> <k​ayabanerve:matrix.org> The FCMP is an arithmetic circuit premised on Generalized Bulletproofs (an extension to support Vector Commitments) of nontrivial complexity. The section begins by stating its syntax, before defining individual building blocks, before the final encoded program. It should be relatively followable _so long as you don't ask how the discrete-log gadget works and just accept it does_.
22:35:03 <m-relay> <k​ayabanerve:matrix.org> Well, most of it is easy to follow if you don't ask how it works and just accept it does 🤔
22:54:32 <m-relay> <g​ooseworld:matrix.org> Anyone here tried keet.io ?
23:15:00 <m-relay> <b​asses:matrix.org> please discuss in #monero-offtopic:monero.social