jeffro256: I want to say Seraphis isn't solely important for the reason most people know, which is logarithmic rings (critically important, of course). Seraphis decouples membership from linkability, and lets use logarithmic rings now yet also merkles and so on in the future :D It's a fundamental shift in transaction construction that should give us headway to evolve, without breaking pools again, until we hit the quantum

barrier

Just to add on excitement :)

Analysis of the Linux Random Number Generator: eprint.iacr.org/2006/086.pdf

Cryptanalysis of the Random Number Generator of the Windows

Operating System: eprint.iacr.org/2007/419.pdf

> <@dotcomgnet:matrix.org> Cryptanalysis of the Random Number Generator of the Windows

> Operating System: eprint.iacr.org/2007/419.pdf

Those are, thankfully, 15 years old. Your comment in -dev about modernizing the Windows API was good though :) I'm excited to see the issue for it

<kayabanerve[m]> "> <@kayabanerve:matrix.org..." <- People still use win7

* use win7 :)

GnetDotcom[m]: Windows 7 came out 2 years after and I'm assuming the internal mechanism on Microsoft has been patched :p

But you won't hear me say we should still use such a dated API ;)

by the way where in the source is located the bigint lib?

GnetDotcom[m]: Where do you believe one is used? The crypto code uses the RCT::key type for the scalar/field element fields. Balances are u64. Difficulty checks are... Probably a byte op.

Also, -dev for this :)

i am currently working on something "like accumulators" for my PhD currently.

so i started to have a look at RSA Accumulators and the hidden order group.

can somebody tell my why exactly RSA accumulators need to be performed in an hidden order group?

Is the problem that the order of picture of the function f(x, y) = x^y on the group could be smaller than the group and therefore collapse over time or is there any kind of attack which can be done when the order of the group i known?

s/currently//

atomfried[m]: just looked at this briefly blog.goodaudience.com/deep-dive-on-rsa-accumulators-230bc84144d9 in the ‘proving membership’ section. My guess is if you know the group order then you can do an inverse to derive an arbitrary y that works.

y = A3 ^ 1/3

Although idk how you can do arithmetic with an unknown order... (not that I know much about RSA)

the unkown order group is exactly the trusted setup problem ... you trust someone to multiply N=p*q with p and q prime and then create a group mod N which has the order phi(N) which is unkown when p an q are realy destroyed

so if there is an RSA accumulator which does not use an unkown order group we would have a O(1) accumulator useable without a trusted setup to prove set membership