-
paymewithmonero[
Seeking help in Launching a Song based on Monero - Its pretty kick ass and reaching out to Monero team to see if they want to listen to a demo
-
Blackwolfsa
Thanks for the discussion so far, it's really been interesting and good learning. But I still think I am missing something here.
-
Blackwolfsa
If v is 20, yes mod 5 will make it 0. But v is only the private key(scalar), and you use mod only if you convert it over to a public key right? Or do you mod is before that as well?
-
carrington[m]
Test
-
carrington[m]
Huh weird. Missing messages just appeared after that test. Probably something on my matrix end.
-
Lyza
on the CPFP topic, I recall some talk recently of removing the 10 block lock time. if I recall correctly, it's something that may be possible under seraphis?
-
UkoeHB
no
-
Lyza
hmmm I'm almost sure there was some convo about removing tx-chaining maybe not seraphis related I would trust you to know about that lol
-
Lyza
adding*
-
UkoeHB
removing tx chaining? seraphis has tx chaining...
-
UkoeHB
10 block lock is a hard requirement
-
UkoeHB
as in, you need to kill pow first before you can kill 10 block lock
-
Lyza
okay then, maybe this is my point of confusion -- I thought tx-chaining was the ability to spend unmined transactions?
-
UkoeHB
yes, but it doesn't solve 10 block lock, just lets you change the person who has to sit around waiting
-
Lyza
but can't the next person also chain the tx, thus avoiding the wait?
-
Rucknium[m]
The 10 block lock isn't an inherent feature of PoW.
-
Lyza
I guess the point is you can only do it for unmined transactions, and once you get a confirmation then you have to wait to spend? that would be weird UX
-
Lyza
yeah definitely not the locktime is pretty unique to monero / CN
-
UkoeHB
it's a hard req for a privacy coin like monero... who cares about non-privacy coins?
-
Rucknium[m]
You think it's a hard req just because transactions reference outputs by index -- am I understanding your position correctly?
-
UkoeHB
no, because reorgs can invalidate any tx that references a reorged tx
-
UkoeHB
it's an attack vector
-
Lyza
okay that aside, tx chaining would still allow for CPFP transactions, no?
-
Rucknium[m]
But isn't it this type of attack possible exactly because the reference is done by index rather than hash?
-
Lyza
I do vaguely recall such a discussion ^^
-
UkoeHB
No, it’s because in a reorg you can double spend an output spent by the orphaned chain. Any reference (index, hash, or otherwise) to the orphaned tx containing the spent output is permanently dead (unless another reorg restores it).
-
UkoeHB
What is CPFP?
-
Lyza
"child pays for parent" -- if a transaction is stuck in the mempool due to low fees, the person on the receiving side can broadcast a new transaction to incentivize miners to include both by increasing the average fee per byte between them
-
UkoeHB
Not quite permanent* since you could reproduce the output of the dead tx you want to spend, in another tx... but it’s questionable what the advantage would be.
-
Lyza
a new transaction that spends the unmined output from the first*
-
Rucknium[m]
Hmmm. I still think this is particular to reference-by-index. The orphaned transactions would still be in the mempool of the set of nodes and miners that do not follow the orphaned chain and they could include (and almost certainly would include) it in a block.
-
UkoeHB
Lyza: I see. That is independent of tx chaining, because you’d need a whole new tx type (where the inputs don’t have ring signatures).
-
moneromooo
I don't think you would.
-
moneromooo
And double spending on another chain is also a bitcoin thing (hsah rate notwithstanding).
-
Rucknium[m]
Is the 10 block lock and its rationale discussed in Zero to Monero?
-
UkoeHB
Rucknium[m]: still no, in my scenario the orphaned tx are dead because the main chain double spends them
-
Rucknium[m]
Hmmm ok. I guess I don't understand it yet.
-
UkoeHB
Rucknium[m]: it isn’t discussed there, the analysis has improved since I wrote that
-
UkoeHB
moneromooo: if you have a tx in the mempool, and another tx comes along and says ‘I want to bump the fee of that other tx’, doesn’t that require a new tx type? Especially if it’s child-pays-for-parent, where the real spend of the parent is known.
-
UkoeHB
Lyza: sorry, I mean it would be a different/special kind of tx chaining, separate from normal tx chaining.
-
moneromooo
I don't think it does:
-
Rucknium[m]
Replace by fee (RBF) would still work in Monero, though, right?
-
moneromooo
Alice sends tx0 spending outputs A0 to A10, creating outputs B0 and B1, B0 goes to Bob, B1 is change.
-
moneromooo
Bob wants that to be mined, so sends tx1 spending B0 to B10, creating C0 and C1, with high fee.
-
moneromooo
To claim the tx1 high fee, tx0 has to be mined.
-
moneromooo
er, Bob spends B0, B2..B11. Since B1 is unrelated.
-
moneromooo
Well, can spend B1 too I guess. Just does not have to.
-
spackle[m]
Am I wrong in saying that tx1 using B0, B... cannot be created until tx0 is mined (+10 blocks), since B0 would be rejected as an invalid ring member?
-
moneromooo
No, but this is based on referencing oututs by pubkey.
-
moneromooo
Oh, was that what was meant by a new type of tx ? If so, then you're right. I thought it meant a type of tx specifically for that pays-for-parent usage.
-
moneromooo
Since it was in the context of referencing by pubkey in the first place.
-
moneromooo
(I assume "hash" means pubkey in the backlog above)
-
gingeropolous
it might work, but would that kind of chaining diminish the ring sig obfuscation?
-
Rucknium[m]
I think you could do it right, but wallets would have to be aware of transactions in the mempool so that decoys could be pulled from the mempool.
-
UkoeHB
moneromooo: I see what you mean
-
UkoeHB
moneromooo: I see what you mean
-
UkoeHB
However, the reorg attack remains, so I think if you want that behavior then a special tx type without ring sigs is necessary.
-
gingeropolous
sure, but the reorg attack is only a concern if you are the one being attacked... i.e., if someone is actually trying to double spend against you
-
gingeropolous
if the ref by hash thing is in, orphan chain txs get dumped back into the mempool
-
gingeropolous
a "natural" re-org would probably include most of those transactions in the "new" chain anyway
-
UkoeHB
gingeropolous: no, it is a generic attack because your decoys can also be double spent
-
gingeropolous
hrmmmm
-
UkoeHB
so all the attacker has to do is double spend a bunch of his own transactions, and any time a reorg occurs anyone who referenced his tx's outputs as decoys will see their tx get yeeted
-
UkoeHB
a reorg that switches out one of the attackers double spends*
-
Rucknium[m]
Hmm. That seems less of a privacy issue and more of a user inconvenience issue. The privacy issue seems to be on the level of a FloodXMR attack.
-
gingeropolous
of course my mind goes back to my prior thought on this which is to magically create ring sigs that "work" if n/m are present, but i remember that idea not having legs
-
UkoeHB
it isn't a privacy issue... it is a protocol design issue
-
UkoeHB
censorship-resistance *
-
gingeropolous
yeah im not thinking of it as a privacy issue, i mean like you could still make a transaction function if, say, 3/11 of the ring members just disappeared
-
gingeropolous
like, 8 of them are still there. good enough! says the protocol
-
UkoeHB
I was responding to Rucknium[m]
-
gingeropolous
roight roight
-
UkoeHB
that idea doesn't work with any proof system I know about
-
gingeropolous
time to go to the idea tree :)