10:42:39 hello good day :) 10:42:47 https://github.com/monero-project/monero/blob/master/src/ringct/bulletproofs.cc 10:43:36 i don't see G and H nowhere there. 10:44:38 i assume the "systemwide" G and H = H(g) is used, right? 10:48:21 They are defined in src/ringct/rctTypes.h. 10:48:46 A comment there also say how H is derived. 10:52:10 i have seen that before. 10:54:46 I'm just guessing that bulletproof_PROVE uses G and H; as defined in the rctTypes.h ? 11:07:50 i don't know what a[] and b[] are . 11:08:26 Arrays (pointers really). 11:09:01 f(int a[]) means f(int*) really. Just expected to point to more than one. 11:11:00 https://eprint.iacr.org/2017/1066.pdf 11:11:05 page 16 11:11:38 what is the a[] and b[] ? 11:12:14 where is G[n] calculated? 15:12:21 slave_blocker: they are in there: just search rct::H and rct::G 15:22:53 const rct::key Gi = get_exponent(rct::H, i * 2 + 1); 15:23:07 nice 15:23:14 thanks 15:23:37 :) 15:28:37 so 15:28:41 The :: operator is called the scope-resolution operator and does just that, it resolves scope. So, by prefixing a type-name with this, it tells your compiler to look in the global namespace for the type. 15:29:01 rct::H 15:29:17 is therefore systemwide:) 15:29:38 slave_blocker: no, ::rct::H would be systemwide 15:33:19 so what does the syntax for rct::H mean? 15:34:07 rct is a struct ? and H is a part of the struct? 15:34:22 or rct is a class? 15:40:33 "so what does the syntax for rct:..." <- https://en.cppreference.com/w/cpp/language/qualified_lookup, ::rct::H is doing global lookup (avoids any ambiguity), rct::H may fail if there is some ambiguity 15:51:10 rct is a namespace, H is a static variable defined in a header rctOps.h in the rct namespace, when you include that header then your including file acquires rct::H as a file-scope static variable 15:51:55 the scope-resolution qualifier without any prefix is the global scope, if there is a prefix then it is a namespace or class 15:57:23 in ztm on page 137, the transaction has 7 entries for L and for R. 15:57:34 why is that? 15:58:09 is this size always the same for every type of tx? 15:59:39 does L and R receive 3 entries ++; for every output? 16:04:21 slave_blocker: section 5.5 footnote 11 16:15:57 log 2 (64 ยท p) 16:16:09 what does that mean ? 16:16:51 p stands for the output amount? 16:20:28 i mean the amount of outputs. 16:25:36 yes 16:25:38 i see 16:26:45 so on page 137, there are 2 outputs hence p=2, log(128) = 7... 16:28:43 ? 16:36:45 what ? 16:37:27 so having 5 outputs or 6 outputs leads to the same size in L and R of 9 elements ? 16:43:14 so when t(x) is calculated = l(x) * r(x), thats how much the expression evaluates to formally? how many elements are in t_0 t_1 and t_2 ? 16:44:31 https://github.com/monero-project/monero/blob/master/src/ringct/bulletproofs.cc#L707 16:44:49 aprime[i] = l[i]; 16:44:49 bprime[i] = r[i]; 16:45:47 i don't see how l[i] and r[i], is filled? 16:48:16 but i < MN, so the number is static... that does not have to do with L and R... 17:00:40 UkoeHB, l[i] is different from L[i] right? l has the size MN and L has the size log(64 * p)? 17:01:33 but the proof leads to the verification itself, because of the fiat-shamir ... 17:02:38 ah ! 17:04:03 so in the case of ztm v2, there are 7 "proofs" being done! and each proof is one element in each L and R ??? 17:16:20 slave_blocker: idk much about the inner workings of BP 17:25:12 :| 17:26:22 noooo 17:26:42 :(... 17:44:23 oh my 19:33:32 " const rct::key Gi = get_expo..." <- Right, yet this doesn't actually return an exponent. Instead it returns hash_to_point(H || i) or so