I am studying the subject of using Monero coin to carry out covert communication. Could anyone please tell me where we can find the one-time covert address for our transaction? Thank you very much for your help

Somebody just posted this on reddit: youtube.com/watch?v=2glB7Cr6Jhw

<UkoeHB> "ErCiccione: github.com..." <- Awesome, thanks for the ping UkoeHB 🙂

"add potential signers"....

could this be whats needed for floating ring members?

added the paper here moneroresearch.info/index.php?actio…SOURCEVIEW_CORE&id=47&browserTabID= 👍️

<wannahelp[m]> "I am studying the subject of..." <- I think you are refering to the "stealth address" created for the recipient of a transaction, you can view them by going to xmrchain.net and entering the transaction id number into the search

You might find this paper helpful researchgate.net/publication/349460…_over_Monero_with_Provable_Security

Here's a link to that Count Me In! paper:

IIUC, if this could be applied to Monero, then all the rings signatures in a block could be combined non-interactively for much better anonymity sets

It even has a notion of key-images, although they call them "same-message linkable extendable ring signatures"

Page 3, under "A Generic Transformation"

wowzers

though perhaps u could run into a MW-type problem... like, the non-interactive ring proof combination could provide better anon sets, but if you can capture the tx while its in the txpool (to catch its original set), the non-interactive combination doesn't do much

though, you could have txs self-combining as they make their hops via dandelion, though thats still susceptible to sybil

mebbe?

Well I think the problem was that in WM, there weren't any decoys. Yes, you could combine transaction input/output sets, but they were all spent outputs. With this setup, you could have 160 members, of which only 10 are true spends, which is the sum of 10 single spender rings with 15 decoys each.

right. so the initial signature would provide protection "over the wire", and then if the non-interactive thing works, it could amplify the protection on the blockchain

gingeropolous Yes, I believe thats true if I understand the paper right