14:08:21 <chaser> once Seraphis activates, will users be forced to switch to Polyseed mnemonics, or will it be possible to derive Seraphis+Jamtis addresses from their existing 25-word mnemonics?
14:20:17 <rbrunner> The latter. You just continue with your 25 word seed.
14:20:51 <rbrunner> There is no immediate technical link between Seraphis and Polyseed, by the way, we might introduce it even earlier
14:21:00 <rbrunner> In fact, Feather Wallet supports it already now
14:21:48 <rbrunner> Whether with Seraphis you will be able to generate *new* wallets giving you a new 25 word seed will probably be matter of the wallet app
14:21:53 <rbrunner> Maybe, maybe not
14:23:02 <rbrunner> I wrote an entry in the FAQ about it: https://github.com/seraphis-migration/strategy/wiki/FAQ:-Will-my-seed-still-work-with-Seraphis%3F
15:07:31 <chaser> excellent, thank you
15:34:43 <chaser> so it doesn't matter if the mnemonic is a legacy or a Polyseed one, as long as the hexadecimal seed (in xmr.llcoins.net terms) is the same, they will yield the same addresses as long as they use the same transaction protocol and address derivation scheme (CryptoNote vs. Sefaphis+Jamtis). is that correct?
15:35:14 <chaser> *Seraphis
15:39:08 <rbrunner> Yes, the 256 bits of your spend secret key is what really matters, and that will live on and give you access to all your coins, pre-Seraphis and post-Seraphis
15:39:39 <rbrunner> And these bits also ultimately give you your addresses
16:06:58 <chaser> I see
16:11:23 <chaser> however, IIUC, in Polyseed the mnemonic words and private spend key bits no longer have a bidirectional relationship (unlike in legacy mnemonics), so e.g. you can't construct a Polyseed that has the same private spend key you had in your legacy mnemonic. not that this would be a goal of Polyseed, just noting
16:14:18 <rbrunner> I think so, yes. But like you, I think that's not a problem for anything important.
16:35:52 <chaser> not for anything important at the moment, just something that would have been cool (to be able to switch from legacy to Polyseed and preserving addresses). however, if at a future point support goes away for legacy mnemonics in wallets, then people won't be able to restore hardware wallet balances in regular Monero software wallets. right now that's possible, thanks to the bidirectional relationship
17:01:45 <rbrunner> I really don't expect support for any kind of seed ever going away. For me that goes against anything that Monero stands for: You can depend on it.
17:02:21 <rbrunner> Anyway, the algorithms are all known, and should wallet really drop something, it should be no problem to build stand-alone rescue tools
18:09:23 <chaser> I really like this principle. "Monero: You can depend on it." I hope it will survive for a very long time!
20:59:41 <kayabanerve[m]> tevador: Regarding 2-adicity, https://zcash.github.io/halo2/concepts/arithmetization.html
21:03:53 <kayabanerve[m]> https://zcash.github.io/halo2/background/fields.html#multiplicative-subgroups for the theory, and for the pasta commentary https://zcash.github.io/halo2/design/implementation/fields.html