05:16:28 <Guest53> Wht is purpose of sc_mult() in monero source code
05:19:57 <Guest53> As proveRangeBulletproof() is the one responsible for creating Commitment and proving range proof.But when it passes control to bulletproof_PROVE(amount,mask), why bp_PROVE uses sc_mul() and ge_double_scalarmul_base_vartime() means according to theory by using(amount,mask) it should multiply a to H and y to G and than add both yG+aH but it does
05:19:58 <Guest53> sc_mult() than that ge_double whts use of all these.
07:06:17 <Guest3475> Hlo anyone here wht about sc_mul()
09:01:27 <Guest3421> Structs in ge.h these are the curve points so why they are 40 bytes in size as curve point should be (x,y) (32byte,32byte) and when stored as compressed should be of only 32 bytes but example like struct ge_pe3  have four things in it X Y Z T why there are four points and why each is of 40 bytes instead of being 32 bytes
09:22:17 <ofrnxmr[m]> Wait 6-12 hours
12:13:42 <UkoeHB> looks like he left
12:15:43 <rbrunner> As you are here, a quick question, about that "enote" term. Can you loose a few words about that choice? What does it mean? And why do you prefer it? Would you propose to carry it up to Monero's wallet API?
12:16:17 <rbrunner> Basically replacing terms like "transaction", "transfer" and/or "output"?
12:20:33 <UkoeHB> output is really terrible terminology, so I wracked my brains to come up with something better
12:20:41 <UkoeHB> enote is the best I could figure out
12:21:23 <UkoeHB> basically like e-mail -> electronic-bank-note or something
12:22:59 <UkoeHB> as for the wallet API, I wouldn't complain about propagating it although other people might have other ideas
12:23:10 <rbrunner> Interesting
12:24:02 <rbrunner> Well, if we don't, it probably quite quickly assumes a sense of "enote" = "Seraphis output".
12:25:04 <rbrunner> Do you see "output" as terrible because it's so unspecific? Or does it put emphasis wrong? Or too easy to confuse with something else?
12:25:42 <HenryHollingwort> for me itinputs are 
12:25:54 <HenryHollingwort>  * for me it's confusing because outputs and inputs
12:25:58 <HenryHollingwort> *are
12:26:15 <HenryHollingwort> suggesting that there is another term which both are (enote)
12:27:13 <rbrunner> Yeah, giving two terms to the same thing depending on use can of course be pretty confusing. But does not prevent us from using "output" exclusively of course
12:27:53 <rbrunner> On the other side, saying "This transaction consumes the following n outputs" sounds strange
12:27:59 <HenryHollingwort> true, but then you use outputs as 'inputs' (or outputs again) 
12:28:01 <rbrunner> or "spends"
12:29:38 <rbrunner> Thing is, it's almost always quite hard to unseat terms that are so entrenched as "output", also far beyond Monero of course, and you can fail spectacularly, with people flat-out resisting you
12:31:50 <rbrunner> Anyway, I am wrong, "enote" can't replace "transaction", because that's not the same.
12:39:24 <hyc> enote seems like a poor choice of name here, it sounds like a "memo"
12:41:25 <UkoeHB> rbrunner: output is too ambiguous when you are talking about making a transaction that has inputs and outputs
12:41:44 <rbrunner> Hmmm, yes, but there is "banknote"
12:42:22 <rbrunner> So when building a transaction you qualify the term "enote" accordingly?
12:43:11 <rbrunner> To make clear what goes in and what comes out?
12:44:01 <UkoeHB> hyc: the outputs of a transaction are similar to memos - they are messages recording some more abstract information (you can have many copies of the same enote/output on all the nodes)
12:44:44 <UkoeHB> rbrunner: enote is the message recording the amount and destination, and you reference those enotes in a tx when making inputs and outputs
12:45:06 <gingeropolous> "this enote is used as an input. the transaction creates a new enote, the output of the tx"
12:45:16 <UkoeHB> 'tx outputs' is a set of new enotes, 'tx inputs' are references to pre-existing enotes
12:47:39 <rbrunner> Ok. I will let that settle :) For me, such terminology questions are always quite hard, and I think software can profit handsomly from a good terminology
12:56:04 <gingeropolous> personally, i like the enote because it gives a name to something thats independent of its current function. You can then qualify the function of the enote with "input enote" and "output enote"
12:59:47 <hyc> and then for shorthand \I'll just call them inputs and outputs
13:01:39 <rbrunner> True, but the maybe important difference is that you have, how do you call this, super-term that encompasses both
13:02:21 <rbrunner> That you can use whenever it is suitable
13:03:07 <rbrunner> Now you would arrive at nonsensicals like "outputs and inputs are outputs"
13:07:46 <gingeropolous> "<hyc> and then for shorthand \I'll just call them inputs and outputs." right. but in monero, an output used as an input isn't really the input because its in a ring. so an input contains 11 enotes. 
13:08:22 <gingeropolous> Semantic Mondays
13:08:45 <rbrunner> Or references to enotes :) Even better.
13:09:19 <rbrunner> No, seriously, I think discussions like this one do have value, it's not just mental gymnastics or even worse
13:26:58 <jtgrassie> except pretty much universally they are called 'outputs'
13:28:11 <gingeropolous> by "universal", do you mean within the blockchain "industry" thats about 10 years old? or were they considered outputs prior?
13:28:25 <jtgrassie> the former
13:29:45 <gingeropolous> right. well, call me crazy, but im pretty sure a running theme with monero is that stuff could have been done better.....
13:31:51 <jtgrassie> agreed, and FWIW, I don't think it matters much using a different term
13:33:51 <jtgrassie> I don't however think enote is much better of a description
13:48:13 <hyc> "enote records amount and destination" - since it records a destination, it is an output
13:48:41 <hyc> the recorded destination of an enote, when used as an input, is irrelevant
13:49:03 <UkoeHB> well it's more like 'owner' than destination
13:49:27 <hyc> ok, that makes more sense
13:50:17 <hyc> tho it still isn't that significant since, as ginger points out, it's only one of many possible owners in a ring
13:51:05 <UkoeHB> the ring signature is a proof of membership, semantically distinct from proof of ownership
13:52:05 <UkoeHB> even though we do both in the same structure with legacy proofs
13:52:31 <hyc> hmmm. but the point was to obscure the actual owner
13:58:52 <UkoeHB> The point is to obscure the entire thing
13:59:40 <UkoeHB> It’s not ‘which owner is spending?’, it’s ‘which enote is being spent?’
14:00:19 <hyc> ok, yes
14:52:31 <moneromooo> If outputs is annoying because inputs are outputs, there is "coin", which is widely used.
14:53:03 <moneromooo> ie, coin control, aka selecting which output to use as input.
14:53:55 <moneromooo> Could use ecoin to seem fancy. After all, a coin is just a metal note. Or maybe a note is a paper coin. Or, nowadays, a plastic one. Though plastic money has a different meaning usually.
15:06:18 <UkoeHB> a coin embodies itself, a 'note' is a substitute for the real thing (in our case a mathematical idea)
16:55:22 <gingeropolous> "ledger entry". done
17:05:32 <rbrunner> Hmmm. My very first reaction was dismissal, but now I must say "ledger entry" grows on me. Also de-emphasizes the somewhat strained "wallet" concept itself.
17:09:17 <hyc> yeah wallet kinda sucks. it's more like a checkbook
17:10:25 <hyc> tho perhaps the US is the only country left in the world that still uses checks
17:10:55 <rbrunner> Can't be worse than the floppy disk icon for "save" :)
17:11:52 <hyc> there was at least a decade where that icon was directly relevant ;)
17:12:04 <rbrunner> Ok. In "checkbook.h" we have "struct Ledger_Entry { ... } ". That will be a hit.
17:13:42 <hyc> which is even weirder since they seem to be called "drafts" here in Ireland. not even cheques.
17:36:05 <Rucknium[m]> UkoeHB: Do you think that 128 is the most likely candidate for Seraphis ring size at the moment?
17:45:20 <UkoeHB> Rucknium[m]: that's the current setting
17:45:36 <UkoeHB> might be worth discussing 256 at some point
17:47:19 <UkoeHB> a ledger entry isn't an entry until a tx is mined, but a tx can stand outside the ledger (while pending, or in an offchain context)
18:13:49 <gingeropolous> im curious to see how the discussion goes re: increased ringsize might make it easier to spot the distribution 
18:33:30 <Rucknium[m]> I think within a year we may be able to quantify fairly precisely the risk to user privacy from [substantially increased ring size] + [no binning] + [no enforcement of a canonical decoy selection algorithm at the protocol level].
18:34:28 <Rucknium[m]> My intuition tells me that the risk may be fairly high.
18:36:16 <Rucknium[m]> In that case, we would want to do binning and/or DSA enforcement by the time that Seraphis goes on mainnet. I am more enthusiastic about DSA enforcement.
18:37:52 <Rucknium[m]> Of course, binning is a type of enforcement. If we have binning, DSA enforcement would mean enforcement of the "meta distribution".
18:39:38 <Rucknium[m]> To be clear, the risk that I'm thinking of would come from defects in transaction uniformity. The "anonymity puddles".
20:58:58 <ArticMine[m]> With respect to the scaling algorithms a 256 ring size with Seraphis is possible without changing the 3000 byte reference transaction size. So there is also no need to make a change to the 300000 byte minimum for long term median ML. A ring size above 256 with Seraphis would require changes to the reference transaction size and the 300000 byte minimum.
21:02:29 <ArticMine[m]> As for the risk associated with the decoy selection algorithm l will wait until Rucknium 's research is complete before commenting. 
21:07:26 <ArticMine[m]> At least before commenting in public