-
Rucknium[m]Question: Say that Monero moves to a new signature scheme. If it turns out that there is some unexpected fundamental flaw with the signature scheme, would it be the case that anyone who holds coins that are protected by the new signature scheme (i.e. someone receiving XMR after the network upgrade, and holding) would have their coins and/or privacy in danger?
-
UkoeHBRucknium[m]: it depends what the flaw is
-
Rucknium[m]I've seen people frequently claim that one advantage of Monero over Zcash is that Monero's cryptography is older and more battle-tested than Zcash's zero-knowledge cryptography. How true is this claim now? And how true will it be when and if we switch to Triptych or Seraphis or Spark or something else?
-
UkoeHBReached a nice milestone today: I have working membership proof implementations for testing (based on modifying sarang's Triptych code). github.com/UkoeHB/monero/blob/seraphis_perf/src/mock_tx/grootle.h
-
UkoeHBI cannot take credit for anything found in those files - I just implemented what I could based on other papers and other people's ideas.
-
UkoeHBRucknium[m]: Afaik it's still true, Seraphis/Spark cryptography relies on much more standard assumptions than ZCash. Maybe someone with a deeper understanding of the cryptography seen can clarify.
-
UkoeHBscene*
-
UkoeHBHopefully this weekend or early next week I will have some performance numbers for preliminary comparisons of Triptych vs Seraphis/Spark.
-
UkoeHB(perf numbers for membership proofs only)
-
chadddd[m]UkoeHB will those numbers include verification performance? And batch verification?
-
UkoeHBchadddd[m]: yes
-
IngeUkoeHB: Awesome!
-
UkoeHBAnyone able to help me make an optimized version of `ge_scalarmult_p3()` for small scalars (i.e. 4-byte scalars)? For now it only needs to be good enough for testing.
-
UkoeHBI think it just needs to find the highest non-zero byte of the scalar, and only iterate over bytes <= that byte (instead of iterating over all bytes always).
-
UkoeHBBut the cryptomath is over my head...
-
atomfried[m]where is `ge_scalarmult_p3` defined and implemented?
-
moneromooocrypto-ops.c
-
» moneromooo git greps fast it seems
-
UkoeHB