Wht is purpose of sc_mult() in monero source code

As proveRangeBulletproof() is the one responsible for creating Commitment and proving range proof.But when it passes control to bulletproof_PROVE(amount,mask), why bp_PROVE uses sc_mul() and ge_double_scalarmul_base_vartime() means according to theory by using(amount,mask) it should multiply a to H and y to G and than add both yG+aH but it does

sc_mult() than that ge_double whts use of all these.

Hlo anyone here wht about sc_mul()

Structs in ge.h these are the curve points so why they are 40 bytes in size as curve point should be (x,y) (32byte,32byte) and when stored as compressed should be of only 32 bytes but example like struct ge_pe3  have four things in it X Y Z T why there are four points and why each is of 40 bytes instead of being 32 bytes

Wait 6-12 hours

looks like he left

As you are here, a quick question, about that "enote" term. Can you loose a few words about that choice? What does it mean? And why do you prefer it? Would you propose to carry it up to Monero's wallet API?

Basically replacing terms like "transaction", "transfer" and/or "output"?

output is really terrible terminology, so I wracked my brains to come up with something better

enote is the best I could figure out

basically like e-mail -> electronic-bank-note or something

as for the wallet API, I wouldn't complain about propagating it although other people might have other ideas

Interesting

Well, if we don't, it probably quite quickly assumes a sense of "enote" = "Seraphis output".

Do you see "output" as terrible because it's so unspecific? Or does it put emphasis wrong? Or too easy to confuse with something else?

for me itinputs are

* for me it's confusing because outputs and inputs

*are

suggesting that there is another term which both are (enote)

Yeah, giving two terms to the same thing depending on use can of course be pretty confusing. But does not prevent us from using "output" exclusively of course

On the other side, saying "This transaction consumes the following n outputs" sounds strange

true, but then you use outputs as 'inputs' (or outputs again)

or "spends"

Thing is, it's almost always quite hard to unseat terms that are so entrenched as "output", also far beyond Monero of course, and you can fail spectacularly, with people flat-out resisting you

Anyway, I am wrong, "enote" can't replace "transaction", because that's not the same.

enote seems like a poor choice of name here, it sounds like a "memo"

rbrunner: output is too ambiguous when you are talking about making a transaction that has inputs and outputs

Hmmm, yes, but there is "banknote"

So when building a transaction you qualify the term "enote" accordingly?

To make clear what goes in and what comes out?

hyc: the outputs of a transaction are similar to memos - they are messages recording some more abstract information (you can have many copies of the same enote/output on all the nodes)

rbrunner: enote is the message recording the amount and destination, and you reference those enotes in a tx when making inputs and outputs

"this enote is used as an input. the transaction creates a new enote, the output of the tx"

'tx outputs' is a set of new enotes, 'tx inputs' are references to pre-existing enotes

Ok. I will let that settle :) For me, such terminology questions are always quite hard, and I think software can profit handsomly from a good terminology

personally, i like the enote because it gives a name to something thats independent of its current function. You can then qualify the function of the enote with "input enote" and "output enote"

and then for shorthand \I'll just call them inputs and outputs

True, but the maybe important difference is that you have, how do you call this, super-term that encompasses both

That you can use whenever it is suitable

Now you would arrive at nonsensicals like "outputs and inputs are outputs"

"<hyc> and then for shorthand \I'll just call them inputs and outputs." right. but in monero, an output used as an input isn't really the input because its in a ring. so an input contains 11 enotes.

Semantic Mondays

Or references to enotes :) Even better.

No, seriously, I think discussions like this one do have value, it's not just mental gymnastics or even worse

except pretty much universally they are called 'outputs'

by "universal", do you mean within the blockchain "industry" thats about 10 years old? or were they considered outputs prior?

the former

right. well, call me crazy, but im pretty sure a running theme with monero is that stuff could have been done better.....

agreed, and FWIW, I don't think it matters much using a different term

I don't however think enote is much better of a description

"enote records amount and destination" - since it records a destination, it is an output

the recorded destination of an enote, when used as an input, is irrelevant

well it's more like 'owner' than destination

ok, that makes more sense

tho it still isn't that significant since, as ginger points out, it's only one of many possible owners in a ring

the ring signature is a proof of membership, semantically distinct from proof of ownership

even though we do both in the same structure with legacy proofs

hmmm. but the point was to obscure the actual owner

The point is to obscure the entire thing

It’s not ‘which owner is spending?’, it’s ‘which enote is being spent?’

ok, yes

If outputs is annoying because inputs are outputs, there is "coin", which is widely used.

ie, coin control, aka selecting which output to use as input.

Could use ecoin to seem fancy. After all, a coin is just a metal note. Or maybe a note is a paper coin. Or, nowadays, a plastic one. Though plastic money has a different meaning usually.

a coin embodies itself, a 'note' is a substitute for the real thing (in our case a mathematical idea)

"ledger entry". done

Hmmm. My very first reaction was dismissal, but now I must say "ledger entry" grows on me. Also de-emphasizes the somewhat strained "wallet" concept itself.

yeah wallet kinda sucks. it's more like a checkbook

tho perhaps the US is the only country left in the world that still uses checks

Can't be worse than the floppy disk icon for "save" :)

there was at least a decade where that icon was directly relevant ;)

Ok. In "checkbook.h" we have "struct Ledger_Entry { ... } ". That will be a hit.

which is even weirder since they seem to be called "drafts" here in Ireland. not even cheques.

UkoeHB: Do you think that 128 is the most likely candidate for Seraphis ring size at the moment?

Rucknium[m]: that's the current setting

might be worth discussing 256 at some point

a ledger entry isn't an entry until a tx is mined, but a tx can stand outside the ledger (while pending, or in an offchain context)

im curious to see how the discussion goes re: increased ringsize might make it easier to spot the distribution

I think within a year we may be able to quantify fairly precisely the risk to user privacy from [substantially increased ring size] + [no binning] + [no enforcement of a canonical decoy selection algorithm at the protocol level].

My intuition tells me that the risk may be fairly high.

In that case, we would want to do binning and/or DSA enforcement by the time that Seraphis goes on mainnet. I am more enthusiastic about DSA enforcement.

Of course, binning is a type of enforcement. If we have binning, DSA enforcement would mean enforcement of the "meta distribution".

To be clear, the risk that I'm thinking of would come from defects in transaction uniformity. The "anonymity puddles".

With respect to the scaling algorithms a 256 ring size with Seraphis is possible without changing the 3000 byte reference transaction size. So there is also no need to make a change to the 300000 byte minimum for long term median ML. A ring size above 256 with Seraphis would require changes to the reference transaction size and the 300000 byte minimum.

As for the risk associated with the decoy selection algorithm l will wait until Rucknium 's research is complete before commenting.

At least before commenting in public