08:02:40 <wannahelp[m]> I am studying the subject of using Monero coin to carry out covert communication. Could anyone please tell me where we can find the one-time covert address for our transaction? Thank you very much for your help
11:52:09 <merope> Somebody just posted this on reddit: https://www.youtube.com/watch?v=2glB7Cr6Jhw
11:52:21 <merope> https://reddit.com/r/Monero/comments/t6a6vf/count_me_in_extendablity_for_threshold_ring/
13:14:33 <ErCiccione> <UkoeHB> "ErCiccione: https://github.com/..." <- Awesome, thanks for the ping UkoeHB 🙂
14:17:32 <gingeropolous> "add potential signers"....
14:19:14 <gingeropolous> could this be whats needed for floating ring members?
15:15:39 <plowsof[m]>  added the paper here https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=47&browserTabID= 👍️
15:26:24 <xmr-ack[m]> <wannahelp[m]> "I am studying the subject of..." <- I think you are refering to the "stealth address" created for the recipient of a transaction, you can view them by going to xmrchain.net and entering the transaction id number into the search
15:26:33 * xmr-ack[m] uploaded an image: (60KiB) < https://libera.ems.host/_matrix/media/r0/download/matrix.org/laZQhfRkwZcRgBSVwiJTtSnJ/image.png >
15:31:08 <xmr-ack[m]> You might find this paper helpful https://www.researchgate.net/publication/349460480_MRCC_A_Practical_Covert_Channel_over_Monero_with_Provable_Security
16:43:18 <jeffro256[m]> Here's a link to that Count Me In! paper:
16:43:37 <jeffro256[m]> https://eprint.iacr.org/2021/1240.pdf
16:44:49 <jeffro256[m]> IIUC, if this could be applied to Monero, then all the rings signatures in a block could be combined non-interactively for much better anonymity sets
16:45:56 <jeffro256[m]> It even has a notion of key-images, although they call them "same-message linkable extendable ring signatures"
16:46:26 <jeffro256[m]> Page 3, under "A Generic Transformation"
17:44:40 <gingeropolous> wowzers
18:09:36 <gingeropolous> though perhaps u could run into a MW-type problem... like, the non-interactive ring proof combination could provide better anon sets, but if you can capture the tx while its in the txpool (to catch its original set), the non-interactive combination doesn't do much
18:19:31 <gingeropolous> though, you could have txs self-combining as they make their hops via dandelion, though thats still susceptible to sybil
18:20:16 <gingeropolous[m]> mebbe?
18:42:56 <jeffro256[m]> Well I think the problem was that in WM, there weren't any decoys. Yes, you could combine transaction input/output sets, but they were all spent outputs. With this setup, you could have 160 members, of which only 10 are true spends, which is the sum of 10 single spender rings with 15 decoys each. 
18:49:45 <gingeropolous[m]> right. so the initial signature would provide protection "over the wire", and then if the non-interactive thing works, it could amplify the protection on the blockchain
19:01:01 <jeffro256[m]> gingeropolous Yes, I believe thats true if I understand the paper right