Any idea of implementing sharding after seraphis

SanadaYukimura[m: there hasn’t been any discussion of that that I’ve heard

Doesn't the safety problem with multisig wallets come having only a partial number of authorized signatures sign off on a transaction? Examples are 1 out of 2, 2 out of 4, etc. Would it not be better to split a wallet key, how many number you wish to set up, so that everyone has to present their key portion for the wallet to sign off on a transaction?

Being able to sign with fewer members than possible is expressly intended.

Also, even for N/N, raw secret sharing means someone at some point gets hte whole set and can act alone from that point on.

If you can get the whole set at some point with N/N, wouldn't it be easier to do the same with a partial number of authorized signatures?

one-horse-wagon[: I'm not sure you understand how multisig works

The point of threshold multisig, as mooo said, is for an authorized threshold to be able to create signatures

Your idea, which is presenting keys to a wallet, is insecure as its dealing with raw keys. That lets "the wallet", a central instance, acquire the entire private key.

Such secret sharing is available, I have a tool for it, but its intended for recovery. I give shares to my family and if necessary, can bring them together to get back my key.

With threshold multisig, it's an adversarial model, where everyone is trying to steal the key for their own benefit, yet since they can't, they work together as per their own benefit.

That's why not bringing the key together is important.

It's not easier to do with a partial number of authorized signatures because the signatures don't leak the keys.

While yes, its easier to acquire a sufficient amount of keys, as you only need t, not n, that's why thresholds are chosen carefully. A common example would be 3-5.

Its double-fault tolerant with a majority rule.

Thank you for the explanation. The secret sharing tool you built is something I was thinking about too after mooo's response. is it not possible to incorporate such a tool for N/N multisig wallets?

* multisig wallets?kayabaNerve

You can do n-n multisig as you can do t-n multisig. The question is about where you want the key.

The first is multisig. The second is secret sharing.

Multisig doesn't reveal your private key when you sign. Recombining secret shares, which requires knowledge of the secret shares, does recover the key onto the computer in question.

So whoever owns the computer, then owns the key.

<UkoeHB> "Sanada Yukimura: there hasn’t..." <- eprint.iacr.org/2018/1188.pdf

Sharding is the next hot topic is the list. Hope MRL would have taken in the checklist

It sounds like every user wallet would have to maintain an accumulator state in order to spend their enotes - in addition to proving that ring members are on the chain. That sounds very expensive for both wallets and the network.

It would be great if we could have an anonymous group membership proof that uses an accumulator, but a) we don’t even have a proof of concept right now, b) afaik such proofs are still very bulky.

UkoeHB: certainly preparing POC. If it is tested well shall I share paper.

SanadaYukimura[m: you are working on a PoC? that sounds amazing :)

Yes.. but I didn’t know long it take

if you haven't seen, we do have this open issue monero-project/research-lab #100

I have already seen this issue. I want to know why zksnark. Will it ruin monero uniqueness

zk-SNARKs aren't required, it's just the most prominent technology for doing those kinds of proofs, so it's worth exploring

Sure thing.. if is ask-SNARKs then plonk 2 will be better. I haven’t gone through full paper.

s/ask/zk/

UkoeHB: shall I explorer more on that issue.

s/explorer/explore/

In general, knowing more is better. So if you are interested in something in particular, do feel free to investigate.

Thanks moneromooo

If you're asking for what would be most helpful for monero, then I don't know. But if you're asking "would it be helpful if I researched this thing I am planning to research", then yes.

SanadaYukimura[m: if you feel inspired and enthusiastic, then go for it :) you don't need anyone's permission lol

* UkoeHB: thanks, could you please any help

* UkoeHB: thanks. Really appreciated working with MRL.

if you have questions or need help, feel free to ask

Sure