-
UkoeHBmilestone: bare-bones unit test of seraphis tx spending legacy inputs github.com/UkoeHB/monero/blob/21147…tests/unit_tests/seraphis.cpp#L1130
-
dangerousfreedom<UkoeHB> "milestone: bare-bones unit..." <- Awesome!
-
dangerousfreedomHello guys, I would like to share my new CCS. I'm pretty sure that it is something needed and this proposal looks much less scary to me than the moneroinflation when I didnt know much about the technicalities of Monero. Therefore I'm pretty sure I can do it and adapt if necessary to reach the expected goals. Please give me your thumbs up if you support it and feel free to share your thoughts too. Thank you very much!
-
dangerousfreedom
-
wimet[m]Correct me if I am wrong, but as I understand Monero uses RingCT to prove that the sum of the referenced outputs is equal to the sum of the current inputs (and hence that you are not spending more than what you have) and then uses range proofs to prove that all referenced outputs are positive (say that the limit is 2^{64}, then we prove that each outputs lies between [0,2^{64}-1]). Combining both we obtain that the sum of the
-
wimet[m]outputs equal the sum of the inputs and that each element of this sum is positive
-
wimet[m]Am I right?
-
UkoeHBwimet[m]: yes
-
wimet[m]The problem that I see is that there is not a correspondence between referenced outputs and inputs, right? So I could have as outputs 4,3,5 and inputs 6,5,1 and checks would pass anyways
-
grumblemobileModulo fee, yes.
-
UkoeHBwimet[m]: the input proofs show that referenced outputs -> pseudo-output commitments by a mask on G
-
UkoeHBso that amounts are conserved
-
grumblemobileI do not understand the concern. Why would order matter ?
-
UkoeHBorder ?
-
grumblemobileI understood the question to be about order. If it's not, then I understand even less...
-
grumblemobileNevermind, not important anyway.
-
wimet[m]UkoeHB: That's right, thanks!
-
wimet[m]grumblemobile: It's not about the order but about the outputs being differents than the inputs but still adding up to the same value
-
Rucknium[m]Wimet: If I understand you correctly, that's a feature, not a bug.
-
Rucknium[m]A feature Monero shares with all currencies: divisibility.
-
grumblemobileOK. This is about not "splitting" coins, like in the real world.
-
grumblemobileOr merging.
-
grumblemobileIf you could not split/merge, you wouldn't need range proofs in the first place.
-
grumblemobileIt'd make fees... very hard too.
-
UkoeHBhe is asking about how ring members and pseudo-output commitments are connected so that amounts properly travel from inputs to outputs