06:29:25 tevador: which rust code? you mean dalek lib or which? 06:29:52 https://github.com/darkrenaissance/darkfi/tree/master/script/research/zk/ecip 06:30:04 i already started writing benchmarks in halo2 now 08:22:17 narodnik: https://github.com/simonkamp/curve-trees 14:46:39 Meeting 2.25hr 16:18:44 Meeting in 45 minutes 16:26:43 "Meeting in 45 minutes" <- on matrix? 16:27:32 Yes, here 16:59:52 meeting time https://github.com/monero-project/meta/issues/811 hopefully the matrix bridge works 16:59:52 1. greetings 16:59:52 hello 17:00:08 hello 17:00:17 Hello 17:00:20 Hello 17:00:20 Hello 17:01:14 Hi 17:01:14 Hi! 17:02:13 2. updates, what's everyone working on? 17:02:29 hi 17:03:53 I am looking into the discussions happening in "Consider removing the tx_extra field" (issue #6668). I have to say it's a really long one 17:05:01 Due to the power of (research) persuasion, the average waiting time to first transaction confirmation has fallen by a full minute in the last two months: https://www.reddit.com/r/Monero/comments/11nu4aj/monero_transaction_confirmations_are_now_60/ . Thanks to DataHoarder, sech1, ofrnxmr, xmrack, plowsof, and gingeropolous for helping the research process and/or contacting mining pools. 17:05:17 me: merged and updated ghostway[m]'s block id checkpoint cache to be used in enote stores, then jberman[m] sucked me into some deeper design optimizations for balance recovery 17:06:35 Hi 17:06:48 Rucknium[m]: good work, quite an achievement 17:07:13 Thanks :) 17:07:42 Yes very good work 17:08:10 Yes, that's amazing 17:08:17 Somebody should calculate how many waiting years were wasted over the history of Monero :) 17:08:21 good work Rucknium! Lovera also joined the effort in contacting pools 17:09:12 Awesome Rucknium ! 17:09:44 rbrunner: The time savings will become apparent when Monero scales to it true potential 17:10:00 Hard to calculate now 17:10:49 Right. Transactions now confirm in Rucknium time. 17:13:00 3. discussion, today we return to the tx_extra topic 17:13:24 as a reminder, this is the choice matrix: 17:13:24 A) [remove tx extra]: tx utility flexibility tied to hardfork (or steganography) 17:13:24 B) [keep tx extra in some optimized form]: uniformity and scaling trade-offs depending on the solution 17:13:24 1) leave as unlimited-size TLV field 17:13:24 2) mandate maximum tx extra size (e.g. anything in 0 - 1000 bytes) (option: encrypted by default) 17:13:25 3) mandate optional fixed-length tx extra size + encrypt by default 17:13:25 4) mandate fixed-length tx extra for all txs + encrypt by default 17:13:26 5) other 17:14:30 Can we narrow this down to A and B3 17:15:50 I still against removing tx_extra field. Size limit/increase pricing for people trying to dump things inside this field sounds good. 17:15:51 (Basically choose B) 17:16:10 Ok for me to narrow down thus, I still stand at the same point regarding this. 17:16:14 To start the discussion, let's do a temperature check of the room. Let's have a period of 4 minutes where the only message people should post is in this format: LETTER [rating 0-5, 0 is abstain, 1 is strongly oppose, 5 is strong desire], for choices A and B3. If you have a strong opinion about something else, you may post that as well. 17:16:16 Starting now 17:16:40 me: A[2], B3[5] 17:16:50 Is there any support for B1, B2, B4 or B5? 17:17:27 A[2], B3[4] 17:17:30 B2 17:17:37 * B[2] 17:17:45 Me oppose anything other than A or B3 17:17:57 please follow the format 17:18:07 * B[2] / B[3] 17:18:45 Could we create a poll to simplify this? 17:18:51 A[5] (keep for coinbase) 17:19:01 A[4],B3[3] 17:19:20 A[4], B3[3] 17:20:44 A[3], B3[3] 17:20:44 A[3] B3[4] 17:21:08 A decidedly inconclusive poll 17:21:21 A[2], B3[5] (altho I'm not sure if my opinion is relevant. I'm just a pleb🫠) 17:21:24 A 17:21:46 A[5] 17:21:56 A[5] 17:22:28 B3[1] 17:25:29 Anyone feel like BRIEFLY summarizing the case for A? 17:27:27 I think of it simply as "No tx_extra, impossible to have any problems with it", fwiw 17:27:47 Still supports merge mining / p2pool etc. Doesn't incentivize other, unproven or malicious purposes 17:29:25 It's the simplest solution, and hypothetically the theoretical best for transaction uniformity. Steg, while possible, seems a bit unwieldy, costly, and unlikely to be commonly used. 17:30:30 The case for B3 is: reduces the chance of needing future hard forks to support arbitrary non-core functionality/innovations. Removing the tx_extra is an implicit commitment to perpetual future hard forks, which I view as a critical long-term weakness. 17:31:44 * A[1] / B[4] 17:31:49 Aka "painting yourself into a corner" 17:31:50 (Some) of the case for A:... (full message at ) 17:32:01 What would prevent us from adding it back? 17:32:01 Id like it removed sooner than later. And we can revisit when we do Seraphis (or another) hard fork. 17:32:51 The same thing that prevents its removal for almost 3 years already? Split dev community. 17:32:55 ofrnxmr[m]: it's much easier to move to e.g. B3 then to A at a later date than from A to B3 17:33:42 And no accepted decision process yet beyond "loose consensus" ... 17:33:44 from that standpoint alone, it is the more conservative choice 17:33:44 A would move data from Txextra to dedicated fields > wouldnt that be preferable to just leaving it in Txextra? 17:33:58 B3 is the more conservative approach* 17:34:52 B3 does follow the principle of: When in doubt, make the least adjustment necessary. 17:35:15 ofrnxmr[m]: not everything that makes sense to go in a tx should go in a tx. Subaddresses were an experimental feature not enforced by consensus, as a prime example. They are being formalized in jamtis after what, 6-8 years of experimentation and experience? 17:35:44 Agreed it is the more conservative approach. But being making compromises or concessions doesnt necessarily make sense when the damage from removing it = "use monero how you thought I was last week". 17:35:44 Leaving doors unlocked, or bridges down, just leads to abuse (see mrl logs on chain) 17:35:47 The case for A is that there is no application now outside of merged mining in coinbase. This discussion does not apply to coinbase. 17:36:11 not everything that makes sense to go in a tx should go in the consensus-enforced structure of a tx.* 17:36:38 The case for B3 is to allow for some protocol flexibility outside of hard dorks 17:36:46 "The case for B3 is: reduces..." <- Have you ever tried developing an enterprise application for Bitcoin? It's a nightmare of libraries and applications that are often mutually incompatible. Someone implements one BIP, someone else thinks that BIP is a scam and ideologically rejects it. Every wallet/app becomes its own little application island that requires all other users have to use the same wallet/app to get 17:36:46 the benefits. This is not good, this is awful. I feel like there's a case of dev blindness. Just because something makes life more exciting for a dev doesn't mean it will lead to more actual usage. Code is read much more that it is written, therefore it's more important for code to be readable that for a coder to write a one-liner that encompasses 15 different ideas. Similarly, protocols are implemented more than they are 17:36:46 extended. It's much more important for the application builders to have less complexity to deal with than for a protocol dev to have more soft forking capability 17:38:21 As a business that utilizes both Bitcoin and Monero, I can tell you that it's much easier to develop for Monero than for Bitcoin because there isn't a million soft forks that our devs need to deal with on a constant basis. 17:38:35 A [1] from about the insinuation that "dev blindness" could be a major factor for those voting for B3 17:38:41 *from me 17:40:56 Alex|LocalMonero: that is a risk yes, but at the same time the tx_extra has not led to bifurcation of wallets after 8 years so it's not immediately clear that is a priority issue here 17:41:06 Communitues looking into tx extra, bar kaya and thorchain, are mostly looking into nfts, chat apps, and other stuff that I dont need in my blockchain storage devices 17:41:07 Wownero has Txextra πŸ‘ 17:41:36 For me the choose B:... (full message at ) 17:42:23 NFTs and chat apps? Now it gets a bit funny. 17:42:29 Alex|LocalMonero: This is a very valid point. The reason for Bitcoin's problems with multiple soft forks is a fundamental design flaw in Bitcoin that is not present in Monero 17:42:36 * For me the choose B:... (full message at ) 17:42:40 Exchanges can put your username in Txextra 17:43:14 Yes. Do they? Today? We have tx_extra now, lest somebody forgets. 17:43:26 Bitcoin cannot hard fork because it cannot face this flaw 17:45:14 And do people really think that if we go for B3 now, but come under a large-scale attack by somebody using it, we won't be able to react somehow? 17:45:29 Regardless of the decision between A and B3 I do not see Monero having Bitcoin's problems 17:45:29 React by doing A? 17:45:50 Yes, of course, depending on the severity of the attack. I am not stupid. 17:46:05 "Alex | LocalMonero | AgoraDesk..." <- Yeah, mass adoption is saving us from that issue, *for now*. 17:46:21 ^ 17:46:34 One can raise the fee on tx extra transactions via node relay to respond to such an attack 17:46:37 Everything is *for now*, no? 17:47:03 Which is why tx_extra needs to be removed rbrunner 17:47:16 And for now, there are no uses nor anything on the horizon that needs it 17:47:32 Do support 17:47:35 Sadly kayabanerve is not here to contradict you 17:47:40 ofrnxmr 17:47:40 Exchanges can put your username in Txextra 17:47:44 removing tx_extra doesn't prevent attacks, since the same kinds of attacks can be trivially done with steganography\ 17:47:46 Kaya doesnt need Txextra. 17:47:59 Its just a convenience 17:48:01 Yes and no. 17:48:14 I don't need it because of steganography. I do need it to be on-chain to ensure atomicity. 17:48:23 There's a loss of funds risk without on-chain data encoding. 17:48:39 *within my model which cannot be resolved without placing data on Monero in any model AFAICT 17:49:00 Putting username in txextra is alone against keeping it 17:49:13 Sending Monero, with no instructions on what to do with the Monero,, and no way to send it back, means the sender loses it. That requires some flow ensuring the Monero funds come with the data. 17:49:14 But tx_extra will be encrypted 17:49:34 I have an issue fully covering this discussion. While I do not need TX extra, I want to clarify it's only due to steganography tha's true. 17:49:53 That "putting username into tx_extra" seems to impress. 17:49:57 Right πŸ‘ @kaya 17:50:40 https://github.com/serai-dex/serai/issues/253 17:50:43 And because of stego everybody will wade through fake outputs. That's fun. 17:50:53 BawdyAnarchist[m: It can be encrypted to allow the recipient to read it 17:51:25 Instead of tx_extra that they can simply ingnore. 17:51:33 BawdyAnarchist: Enforcing "encryption" on tx_extra would not be easy. 17:51:33 It could already be encrypted. We already know they use funky ring members etc 17:51:33 This is a complete issue, on my end, discussing the lack of any data encoding. Please note the atomicity section specifically. 17:51:38 rbrunner: Having 0.01% extra outputs is better than having a loosy-goosy blockchain 17:51:55 :) 17:53:14 I estimate +4 outputs per TX. TC does thousands of BTC TXs a day AFAIK. 17:53:31 kayabanerve: Did you read in the backlog about the opinion poll? Where would you stand regarding A versus B3? That 0..5 story. 17:53:57 Sorry, I literally just got here. I'll read up no 17:54:00 *now 17:54:28 TC wont integrate monero til im 1063 year old. And they "promised" not to abuse tx extra 17:54:43 Sounds reliable. 17:54:44 TC being Thorchain? 17:54:51 Yes sir 17:55:03 Removing tx_extra kind of ensures that some people will use steg, doesn't it? Which harms the weakest part of XMR privacy - the # of ring members. 17:55:05 B2 is my preference, yet B3/B4 would also be fine. I think A is stupid yet I'll survive. 17:55:29 ... but someone else may fork TC 17:55:31 Which I say as a real world user while I also legitimately expect to be a significant real-world TX driver in the future. 17:55:46 Kaya ^ ArticMine @ArticMine:libera.chat: serai works like thorchain 17:56:07 Yes, I did mean THORChain. Specifically, I'm interested in: If Serai matches TC' BTC swap count, with XMR, then that may be thousands of 'poison' outputs a day without TX extra 17:56:30 Why is it a poison output if it's just a transaction? 17:56:32 The larger issue is we publish our entire wallet info, so the TX extra privacy issue is irrelevant. 17:57:00 Without TX extra though, we're now putting forth more bad outputs, assuming we haven't moved to a full chain membership proof yet 17:57:02 Alex | LocalMonero | AgoraDesk: Globally increased scan time + invalid decoy 17:57:30 Yeah, but will outsiders be able to determine they are invalid? 17:57:35 ... immediately defeatable decoy 17:57:41 rbrunner: We publish view keys and all TX data. 17:57:51 Either way ^ 17:57:55 That's not a TX extra issue, that's an accountability issue. 17:57:59 kayabanerve: and how exactly does having tx_extra prevent a malicious actor from poisoning everyone's decoys in the same way? 17:58:13 Aren't you conflating two separate issues? 17:58:14 It doesnt 17:58:25 Except instead of poisoning the one output to us, and noting the other output in the TX is a Serai user, we're now discussing poisoning 5 outputs and fingerprinting a sixth. 17:58:36 Alex | LocalMonero | AgoraDesk: It makes the issue 5x worse if I don't have TX extra. 17:58:59 Bro I'm not worried about Serai poisoning, I'm worried about an actual malicious actor poisoning the chain. 17:59:02 Which is counterproductive to doing it 17:59:19 Your DEX won't have any impact compared to a determined attacker. 17:59:41 "Use xmr for private swaps that hurt privacy" 17:59:43 Since TC has had 25k TXs today, if I assume they're all swaps, and BTC (tied for the largest pool) is just 20%... we're discussing 20k publicly revealed outputs if TX extra isn't available. 17:59:52 Without a full chain membership proof, that could be extremely damaging. 18:00:14 Haveno and bisq dont use Txextra, right? 18:00:17 *If Serai has that same usage as TC has accomplished with BTC 18:00:29 If 18:00:30 Off topic, sorry 18:00:30 No. They also don't publish view keys of participants. 18:00:56 Alex | LocalMonero | AgoraDesk: Sure, if. I generally bet on myself and I don't feel this is a totally out of this world estimation. 18:01:12 I think it's decently sane and should be noted. 18:01:27 would an attacker abusing tx extra to poison outputs be like, effectively a normal flood attack, except the data for bad decoys becomes public? 18:01:50 A really good DEX could become a success. If people doubt that, that would be strange. 18:01:51 The theoretical model is the actor keeps it to themselves/chosen accomplices, but yes. 18:02:14 I cited the real world numbers of an comparable product. 18:02:17 It's past the hour and y'all are getting into the weeds so I'll call it here. The meeting is over but you may continue the discussion. 18:02:26 Thank you Koe 18:02:33 +1 18:02:46 so they would need to create a vast majority of the outputs to be effective right? it seems then like whatever mitigations we do for normal flood attacks apply fairly well to TX extra as well 18:02:52 I guess we know what we'll all be chatting about in Mexico City in between talks, lol 18:02:56 B2. It doesn't force anyone to bloat the chain. It doesn't cause a flood of pointless outputs (harming scan times for everyone, always, and decoys for as long as we have them). 18:03:01 if we make TX extra even more expensive fee wise that could also help 18:03:13 It doesnt help 18:03:15 Thank you Joe. The meeting has made progress on tx extra 18:03:17 It helps fingerprint the tx 18:03:29 A flood attack is possible regardless of TX extra. 18:03:29 kayabanerve: you keep posing your DEX's exploit of membership proofs as an argument for tx_extra but it's the same argument as a robber makes by threatening you with a knife to hand over your wallet. The exploit needs to be fixed just like the robber needs to be disarmed. 18:03:30 LyzaL: To a point. Too high, and you incentivize steg 18:03:31 Thanks UkoeHB 18:03:36 My comment is without TX extra, Serai becomes a flood attack. 18:03:41 " It helps fingerprint the tx" it's already "fingerprinted" by containing tx extra data? 18:03:48 true 18:03:52 By the fee being non standard 18:04:06 kayabanerve[m]: So what? Regardless of Serai's or tx_extra's existence anyone can perform the same flood attack. 18:04:10 That argument is moot. 18:04:37 ... right. Stopping flood attacks is one discussion. Removing TX extra shifts an entire use class into a flood attack. That's my contribution to the discussion. 18:04:39 well, it would be the standard for all transactions with TX extra, which already stand out, so I don't quite follow 18:04:59 Your contribution is conflating two unrelated issues? 18:05:02 Tx extra will likely require the next level of standard fee 18:05:28 In any tx extra transactions will be identified in chain 18:05:44 Rucknium: You mentioned that enforcing encryption is tricky. What kinds of problems are we looking at? Will this increase verification times? 18:05:44 LyzaL: pooling tx. . So if I never use tx extra and I have 15 ring members that do. .? 18:06:04 Thanks to us all being divided, tx_extra has survived for another hour :) 18:06:07 Alex | LocalMonero | AgoraDesk: I don't believe so. 18:06:23 BawdyAnarchist: you cant tell and encrypted string from a non encrypted one 18:06:46 https://matrix.to/#/!toFcRZtpaiwiyapgVO:matrix.org/$IlV2tBw0Dt5-sL_ouo8ylpmExFUpgkA9hZyEsw34DbA?via=monero.social&via=libera.chat&via=matrix.org 18:06:46 Bawdy 18:06:50 ofrnxmr that's not a fee issue specifically though 18:07:11 No, its an issue period. 18:07:11 A[5] 18:07:20 anyway I'm feeling like I've been fairly well convinced to shift from leaning A to B2 or B3 18:07:21 LyzaL: Not exactly 18:08:00 BawdyAnarchist: AFAIK, and I've looked, there is no way to say that any data is encrypted if you don't have the ciphertext's public key at least. I assume tx_extra would not require publishing public keys or using a particular form of encryption for that matter. So the main way to "enforce" it is with a statistical test of uniform randomness of the data. 18:08:00 Removing TX extra, in your opinion, is beneficial for XYZ reasons. I'm saying it's detrimental as it makes data storage, which can be argued legitimate, an output flood attack. That's the downside I'm noting. 18:08:01 Encrypted data is approximately uniformly distributed. The statistical test is not a simple matter. Check previous meeting logs. 18:08:31 If localmonero promised to post view keys and make fake decoys, nobody would use it. 18:08:34 kayabanerve: if you just want to say "hey, don't remove tx_extra cuz I have this usecase for it" that's one thing. But what you're saying is "if there's no tx_extra I'll exploit the same exploit that someone else can use to poison potentially most of the outputs on the network" is only an argument to close the exploit, NOT to keep tx_extra. Don't you see? 18:08:35 Well, except for the same people who use mymonero 18:08:56 I don't see how you can disallow steg 18:10:03 ring sig tx extra lol 18:10:16 patenting it brb 18:10:29 Rucknium: That was my thinking. That some simple randomness test which produces a binary output, be consensus enforced. Altho I just read your comment about ChaCha20Poly1305. 18:10:29 Alex|LocalMonero: If I understand correctly there is a use case for tx extra and an exploit that can be used instead 18:10:57 randomness test :p 18:11:55 Alex | LocalMonero | AgoraDesk: Exploit/attack is possible in either case. So the debate seems to center around whether keeping tx_extra prevents degredation of outputs by honest users 18:11:59 ArticMine[m]: There certainly is a use case for tx_extra in kaya's case. I just have to reject the premise that a presence of an exploit is somehow an argument to keep tx_extra. The pointing out of an exploit's existence is only an argument for the expoit's elimination. 18:12:29 Tx extra is already an exploit (unlimited, unencrypted ). 18:12:29 Encrypting and limiting minimizes the tx extra attacks(s), but it doesnt stop someone from doing ordinals 18:12:50 Example. BTC went from 1-20 block backlogs, to 120+ and dropping tx from the mempool 18:12:59 BawdyAnarchist: I don't recall making any comments about ChaCha20Poly1305. Must have been someone else. 18:13:05 I don't think you can eliminate the possibility of steganography, maybe someone can tell me I'm wrong though 18:13:36 Rucknium: they are referring to the zcash quote 18:14:00 Rucknium: I think you were quoting someone from the zcash team 18:14:12 Oh. Right. 18:14:58 ArticMine[m]: There's a reason to store data on chain. TX extra offers that. Steganography also does. I care about a legitimate use case. That's my exact stance, yet your summary also works :) 18:15:00 BawdyAnarchist[m: First of all, it's only an exploit today and it may not be an issue in the future. Secondly, keeping tx_extra simply to discourage honest users poisoning outputs is a complete red herring because it's not the honest users that we should be worried about. 18:15:14 ofrnxmr[m]: What does monero do? Rush and kill off the new businesses? They would be using xmr how it was designed, after all 18:15:27 kayabanerve: if you care find a way to do it without tx_extra or exploits. 18:16:07 You cant really call xmr a privacy coin and at the same time poison outputs intentionally. Id rather use Binance (?) 18:17:00 Alex | LocalMonero | AgoraDesk: I posted an issue detailing how it's endangering to users to not use on-chain data. 18:17:05 ofrnxmr: BTC is seeing 4MB jpegs in a single txn. Is a 1Kb tx_extra ordinal comparable to that? 18:17:10 Specifically, the lack of atomicity. 18:17:24 ordinals don't work on XMR anyway 18:17:36 BawdyAnarchist: it is is you spam tx in order to inflate the block size because you want to send more 18:17:40 Or you use use stego 18:17:55 kayabanerve: xmr is not your application database, nor should it be 18:18:14 ofrnxmr: How is that any different than a run of the mill flood attack? 18:18:32 All the same elements are there. All the same arguments against the prolonged viability of a flood attack are still valid in that case 18:18:38 Ordinals etc flooded btc with like 95% bullshit tx. Hows that for output poisoning? 18:18:54 Knowing 95% of tx came from some nft farm 18:19:32 like, the data storage part works, but then to "track" the ordinal you use accounting to follow a single satoshi that was the output for the inscribing transaction. the second part is obviously not possible with XMR 18:19:48 You can sent single outputs in monero 18:19:48 you can inscribe data but not create an nft from it 18:20:03 you can but, you know, ring sigs 18:20:23 Alex | LocalMonero | AgoraDesk: Yet it is what I connect with and if it does not carry data, there is atomicity issues. 18:20:25 you can't follow the whole trail of ownership to verify authenticity afaik 18:20:50 It makes it a lot easier to trail afaik 18:20:51 LyzaL: I'm pretty sure that it's viable with both tx_extra and steg. Altho steg is unweildy. I doubt we'll ever see a flourishing NFT ecosystem using steg, ever. 18:21:37 I do not care to further argue this with you when I do not believe we'll agree. I believe it's legitimate. You do not. I am here to advocate my position and discuss practicalities. 18:21:59 kayabanerve @kayabanerve:matrix.org: monero is used for this _because_ its the coin providing liquidity, right? 18:22:06 kayabanerve: not everything should be possible with XMR. This isn't Ethereum. You're free to advocate and I'm free to take down any red herrings and non-sequitors. 18:24:00 I just want to point out again, that when in doubt, the least change to the ecosystem is preferrable. Since everyone agrees that action is needed, if we can't agree to remove it, then the default should be to limit size and encrypt (if possible). 18:24:21 Compromises dont get you anywhere imo 18:25:00 It's not a compromise. It's going with a principle used in all large projects 18:25:16 What principal is that? 18:25:29 Bitcoin never hard forks. Monero does 18:25:48 ofrnxmr[m]: When in doubt, make the least amount of change necessary to a running system. 18:26:02 The least change is removing it. 18:26:06 Its currently not used. 18:27:01 The current state of XMR has tx_extra. Thus, "no change" is keeping it. The least amount of change is to limit the size. 18:27:02 ofrnxmr: When a user swaps XMR, they send XMR to Serai. Serai has to be told what to *do* with that XMR, else the user just sent their funds away for nothing. Accordingly, they must specify data. 18:27:14 There is no safe way to specify data other than including it with the sent XMR due to the fact that is the only atomic data transfer method. 18:28:01 (the funds are only sent if the instructions for it are explicitly sent, to prevent sending funds without instructions) 18:28:01 BawdyAnarchist: If someone declares a standard of using another part of a transaction as an one-time pad for tx_extra, they can publicly enter data that passes statistical tests as they please. 18:28:02 Even if the statistical tests are assumed to be perfect, they can only inconvenience the behavior, not ban it. 18:28:02 Then again, convenience can be all the difference in the world. 18:28:06 kayabanerve: Is there a way to use a reserve proof like MProve+? 18:28:50 Rucknium: It is computationally infeasible for a multisig to perform transaction scanning. 18:29:13 *with a shared view key, instead of a globally known view key 18:29:13 spackle_xmr: Yes, they theoretically could. But large parts of the ecosystem (like TC) almost certainly wont do that, so long as tx_extra meets their needs. 18:29:38 Again, we're susceptible to steg / attack regardless of tx_extra 18:32:33 Again:... (full message at ) 18:33:44 "almost no one using it" - that would mean nobody is using integrated addresses still? 18:33:45 Alex | LocalMonero | AgoraDesk: Wait I'm unclear on something. If (3 - no one's using it) is true; then is (1 - pandora's box) really an issue? 18:34:09 Hasn't that box been open for years now? 18:34:13 BawdyAnarchist[m: Yes because after mass adoption comes assuming tx_extra is not removed then the pandora's box will come. 18:34:28 plowsof11: Integrated addresses have been discouraged for years 18:34:34 pretty much everybody uses subaddresses 18:34:37 plowsof11: They need to stop 18:35:00 Some still do though, and they shouldnt. 18:35:06 plowsof11: Integrated addresses have been discouraged for years and yes, they're rarely used. 18:35:31 aslong as we are aware that alot of projects are using them - and make them aware theyre being dumb 18:36:07 Alex | LocalMonero | AgoraDesk If it does come, and it's a problem, then we can still remove it later. 18:36:17 ?? 18:36:39 Dejavu, is thus zcash? 18:37:01 "Spam is a problem. Dont worry. It wont come yet... oh shit.. out wallets dont work" 18:37:08 Isnt* a problem 18:37:08 BawdyAnarchist[m: Later when pandora's box is already open removing it would break the ecosystem and would be universally considered a rugpull. If we remove it, now is the time to remove it. 18:37:21 ^^^^^^^ 18:37:44 As I said, you cant wait for people to build on it, then say "hey, I dont like that" 18:38:13 We have Kaya here telling us that without tx_extra, he will use steg. This will harm the output set - the weakest part of XMR privacy. While keeping tx_extra isn't a hard stop against steg, it will reduce 99% of the cases of people who use it. The overall effect is that we have cleaner output selection 18:38:41 (*who would otherwise use it) 18:39:07 There is nothing magical about kayabanerve. If he or Serai didn't exist someone else can still poison the network. 18:39:08 And he WILL attack the network and be bsing on his exchange about privacy, since he himself will be ruining the privcacy if the chain. 18:39:08 Its not exactly an option 18:39:09 The argument is moot and needs to stop being repreated 18:39:10 * We have Kaya here telling us that without tx_extra, he will use steg. This will harm the output set - the weakest part of XMR privacy. While keeping tx_extra isn't a hard stop against steg, it will reduce 99% of the cases of people who would otherwise use it. The overall effect is that we have cleaner output selection 18:40:44 If I claim "ok, fine, ill spin up 4000 nodes and rent 5GH if hashrate" is essentially the same as saying "ill intentionally poison my customers outputs while im supposed to be a better option than a cex" 18:41:05 One of the (weak) defenses against a malicious attempt at de-anonymization through flooding (black marble) attacks is that it is expensive, i.e. the attacker has to have enough financial resources to pay the tx fees. With DEX steganography, the "flood" is self-incentivized. There is a difference there. With Seraphis-size rings, de-anon flooding efficacy reduces even further than now, by the way. 18:42:21 Not to take shots at kaya. Im just saying, if the result is steg + poisoned outputs, its not realistic and that is why he wants a route that allows him to work more freely. 18:42:21 The issue isnt serai. Its others who might take advantage 18:42:27 Alex | LocalMonero | AgoraDesk: And yet you want to practically force me into poisoning the network or having users of a legitimate serve lose the safety of atomicity. 18:43:03 kayabanerve[m]: Just like I'm practially forcing the robber to stab me because I don't want to hand over my wallet? What? 18:43:14 Alex|LocalMonero: Theoretically, yes. Anyone *could* try to poison outputs. But practically speaking, no. 99.9% of the times that people would resort to that, will be alleviated by keeping tx_extra. 18:43:45 BawdyAnarchist[m: Stop assuming only honest actors exist. 18:43:54 Honest actors aren't the issue. 18:43:56 Bawdy, you must have missed mrl logs being on chain? 18:44:21 Alex | LocalMonero | AgoraDesk: I'm not presuming honest actors. Malicious actors can poison outputs REGARDLESS of tx_extra 18:44:25 I believe a severely limited, increased fee TX extra, will prevent malicious actors from using Monero from data storage. 18:44:30 Encrypted or not, you can pass cables on chain. 18:44:30 BawdyAnarchist[m: Exactly. 18:45:29 What we're attempting to solve, is to not incentivize honest actors into behaving in ways that resemble malicious ones 18:45:31 kayabanerve: you are practically forcing us to turn XMR into ETH just because you can't think of a way to setup your DEX without writing things into XMR. 18:45:47 Threatening us with exploits 18:46:07 I would like to remind people that Alex|LocalMonero couches his arguments in emotive terms. See beyond this. 18:46:10 What 18:46:52 moneromooo: he started it 18:46:54 Hehe πŸ„ 18:47:00 I don’t understand why you won’t take the net improvement of minimizing tx_extra. One way or the other, people will impact fungibility. 18:47:17 Integration is important. 18:47:31 If legit services required some arbitrary data field, they should have it 18:47:55 Its not a small improvement. But.. also just moving the goalpost with no change to utility. 18:47:55 The only thing now, is instead of putting a beescript in 1 tx, it will have to be many 18:48:02 Here here. 18:48:04 Just give it some limit, not like kt ks rn 18:48:13 s/kt/it/, s/ks/is/ 18:48:16 if this where a game tx_extra feels like a public cheat, that we all can use. if you bring in an anti cheat that totally bans tx_extra - then we're gunna get people snooping around in CLSAG's and what not to enable it again? like poking the hornets nest? dunno 18:48:43 Security through obscurity is absolute nonsense 18:50:17 You dont just poke the hornets nest, youre supposed to be immune to it. 18:50:17 Allowing people to take inches until they get miles is what ruins chains 18:50:22 > <@ofrnxmr:monero.social> Its not a small improvement. But.. also just moving the goalpost with no change to utility. 18:50:22 > 18:50:22 > The only thing now, is instead of putting a beescript in 1 tx, it will have to be many 18:50:22 That runs into fees. There's a natural disincentive to do that. 18:50:39 we're not immune though? thats the problem? 18:51:28 Look at it like this 18:51:38 Txextra is currently unlimited. Where are the attackers? 18:51:44 They dont even care about us. 18:51:46 As a small aside, the atomicity concern I have would be work around able if return addresses existed. That way, if data wasn't made available, it could be returned. 18:52:06 Just because we arent being slammed with 100kb tx for the past few years, doesnt mean the door isnt wide open 18:52:12 *the funds could be returned 18:52:15 That's actually feasible with Seraphis, as you probably know already 18:52:59 Why don't we work on encrypted return addresses? It's on the getmonero.org roadmap 18:52:59 "we fixed i 18:52:59 It could be feasible in the next hard fork 18:53:02 With the removal of Txextra 18:54:18 That sounds like a great solution if kayabanerve can make it work. 18:54:29 Abuse of tx extra is not an attacker problem, it is a tragedy of the commons problem. This is why removing tx extra is not a great solution: 18:55:13 The argument that tx extra allows an attacker to degrade ring signatures is untenable, since an attacker has a better way to do so: simply make the secret data for their txes public. 18:55:54 A well meaning user of custom data, however, will not do the latter (make secret data public on puropse), but will do the former (use extra in ways that are fingerprintable). 18:56:14 So helping well meaning users have data in a way that minimizes risk is good. 18:56:52 While removing extra does not help against attackers (excecpt maybe very dumb dones) while it kneecaps well meaning people with a use for it. 18:57:46 Let’s listen to the moo 18:57:49 Yep. But its the dumb ones who will flood the chain using Txextra and not know how to steg.. 18:57:50 Thank you for the well written words. 18:57:55 moneromooo: πŸ‘πŸ‘πŸ‘ 18:58:07 moneromooo: and what do you see as the trade-off for keeping tx_extra? 18:58:30 Also 18:58:30 Txextra pre seraphis vs post 18:58:59 I like the optional encrypted 256 (or whatever) byte addon. My preference would be steg in CLSAG, but I hear it doesn't work with seraphis :( 18:59:17 (and yes, encrypted here is just a strong suggestion, cannot be enforced) 18:59:39 moneromooo: It also reduces sender privacy :/ steg is sender private. 18:59:53 Only to the recipient though. 19:00:17 Most recipients likely won't be attackers (who'd leak the info to Eve). 19:00:18 Sure, yet that may be everyone, as in my case. 19:00:57 Ah, you'd make the data public ? 19:02:37 If so, how many ring members become mooted ? 19:03:08 I did not read the meeting logs before I popped in, apologies if this was mentioned abive, feel free to tell me to RTFM :D 19:04:48 Not sure if this helps https://libera.monerologs.net/monero-research-lab/20230315#c217398 19:09:50 "If so, how many ring members..." <- ~1 per 30 bytes, presumably 3, or ~20β„… 19:16:37 So, if Seraphis has 128 ring size, you bring it down to 125 with that system. Right ? 19:17:00 Grootle proofs don't have the same method. 19:17:01 Or is that pre-Seraphis only ? 19:17:08 You can spoof the decoys selected so the selected ring members embed data. 19:18:00 If you select a decoy by offset, you can +- 128 to find a potential member with a leading byte you want. With it, you can include one byte per decoy with minimal privacy leakage. 19:18:28 I just don't dare suggest the privacy implications of doing so, though there was a paper on this concept under CLSAG. 19:18:28 cc Rucknium 19:18:54 "One of the (weak) defenses..." <- Flooding the network isn't that expensive, if I recall the stats about the most recent attack that happened. The fact that this exploit can be self-incentivized is, again, only an argument to close the exploit. If, for example, tx_extra is kept this, again, doesn't stop an attacker that's pretending to be an honest actor to build something like Serai that exploits the 19:18:55 output in a self-incentivized way. 19:19:15 So, again, the argument is moot. 19:19:48 I think you're not understanding that the "exploit" cannot be closed using our current understanding of cryptography. 19:20:29 But that's a temporary issue. Just like the 10-block-lock. 19:22:01 Or are you saying that this problem is provably permanently unfixable? 19:23:18 To be clear, if you intended to select output #500 under some distribution, and then offset it by 64 to get an output with some desired leading byte, that may be enough of a deviation from whatever DSA is used to greatly enable fingerprinting the real spend. This method may remove sender privacy. 19:23:51 *Not a response to whatever the last few messages are, a comment on the alternative 'solution' I mentioned to mooo. 19:25:22 I don't think we have tried to prove whether steganography can actually be eliminated through some clever cryptographic trick. 19:26:59 Surely if output poisoning is an unfixable problem then Monero has big problems in store if/when somebody decides to be serious in taking down Monero's privacy/fungibility guarantees? 19:27:38 "If you select a decoy by offset,..." <- Fascinating 19:28:12 I'll caveat minimal to minimal, per my non-statistician non-reviewed opinion 19:28:35 Absolutely. Transaction flooding attacks have been known as a weakness of ring sigs since almost the beginning. It is in MRL research bulletin #1 IIRC 19:31:23 The solution for that of course being full chain membership proofs. 19:31:58 kayabanerve: would Serai be locked out of XMR given full chain membership proofs and no tx_extra? 19:32:15 No, we could steg outputs. 19:32:16 AFAIK, the only real defense to a flooding attack with a huge resource budget would be a decentralized counterattack. The main downside is massive chain bloat. With ring size 128+, an attacker would need to own an enormous share of outputs to make the attack minimally effective 19:32:24 And that wouldn't be harmful to everyone since full chain membership proofs defeat output spam attacks. 19:32:30 Eh. It'd still increase scan time... 19:33:01 Since it's essentially a tx I don't see it as an illegitimate scan time increase. 19:33:43 And if 20% of the XMR chain txs come thanks to Serai then that's great and I'll only be grateful to Serai. 19:42:53 It's a TX with 4 unspendable outputs being treated as spendable 19:43:26 That could be 20k extra scans a day per prior numbers 19:44:27 How much would that be in terms of proportion of total scans? 19:52:02 What's our current tps? 19:53:22 Around 16'000 per day maybe? https://bitinfocharts.com/comparison/monero-transactions.html#3m 19:53:42 XMR has ~20k txs per day, which is ~0.25 TPS 19:54:57 Uhhhh 40k current outputs, if we're discussing 5k swaps a day from Monero -> * via Serai, under Seraphis, would mean a ~60β„… increase in scan time 19:55:36 Which makes me wonder if we'd actually have that many. I'll have to do a deeper dive into TC's TX breakdown... 19:55:51 That's maybe a sane reaction :) 19:57:06 To be clear, I explicitly added a flow for high frequency swappers to *not* burden external chains. 19:57:20 You can add XMR to Serai once and use it in as many actions as you want. 19:57:43 High frequency swappers? 19:57:44 The on-Monero flow is only for people looking for an experience a la StealthEx. 19:57:52 I'm not *trying* to nuke Monero. 19:58:03 TradeOgre has got indicatively less than 500 trades a day in the XMR-BTC market, I doubt Serai would get more than that any time soon 19:58:12 rbrunner: Anyone who doesn't want to move to another coin, yet move back and forth while gaming the market. 19:58:36 TradeOgre's fee is 0.1+0.1 = 0.2% 19:58:48 Recent outputs per tx is about 2.4 according to bugfixed monero-blockchain-stats :) 19:59:07 xfedex: While I think our competition is StealthEx and Trocador, not TradeOgre, that'd still be 6β„…. 19:59:07 what would Serai's swap fee be? 19:59:07 Undecided. 19:59:15 Rucknium: I assumed 2. 20:00:09 ... Can we all agree tx extra has some positive value now? 20:00:17 I know. Close enough 20:00:30 I feel even those still calling for its removal should have that Ack. 20:00:44 I don't think anyone ever denied that tx_extra has uses kayabanerve , that's not the issue here. 20:01:56 The issue is that it opens up the protocol to other arbitrary data as well, which is undesirable for many different reasons which were hashed out many times over these discussions. 20:05:07 ETH is, perhaps, the most extreme mainstream version of prioritizing protocol extensibility. Monero's design principles are on the opposite side of that spectrum. 20:07:50 Protocol extensibility isn't free. In increases complexity exponentially. There's a reason why everyone is abandoning the very extensible OpenVPN for the lean and narrow WireGuard. 20:08:51 And why maxis are coping so hard right now. (Hard to put it any other way). 20:09:33 Not that there isn't a place for extensibility in the world, kayabanerve , it's just not in Monero. 20:10:17 Monero is here for one reason and one reason only: being digital cash. 20:10:30 Decentralized. Electronic. Fungible. 20:10:31 At least, extensibility shouldnt be a focus or burden of monero until we actually get the core done right. 20:15:14 Alex | LocalMonero | AgoraDesk: Monero has extensibility, and it seems intractable to the core protocol itself. So the question isn't about eliminating extensibility, because that's impossible. It's about minimizing the harm done, by people using the core protocol in an extensible way. 20:15:58 * that's impossible for the foreseeable future. It's 20:18:33 1. Monero without tx_extra has less extensibility than with tx_extra 20:18:33 2. Mitigating exploits is a separate issue from this one, honest actors are irrelevant for this discussion 20:18:33 3. Have you ever developed any enterprise application for Bitcoin and Monero? The difference will be very clear to you. 20:21:11 I disagree with the framing of the issue as an "exploit." 20:22:29 Or you could also say that tx_extra is the "exploit mitigation" 20:23:28 BawdyAnarchist[m: In the same way that giving everyone a key to your house is a mitigation to losing your house keys. 20:23:59 People can still break your window. 20:24:07 Like it or not, extensibility is part of the core protocol, and there doesn't seem to be any real fix for that. It doesn't mean we have to maximize extensibility. In the face of numerous tradeoffs, it seems like minimizing the harm done by the fact of this extensibility, by incentivizing honest actors to use a less harmful option. 20:24:20 And that protecting your house is easier if you let the burglar guy move in and feed him 20:24:28 * Like it or not, extensibility is part of the core protocol, and there doesn't seem to be any real fix for that. It doesn't mean we have to maximize extensibility. In the face of numerous tradeoffs, it seems like we should minimize the harm done by the fact of this extensibility, by incentivizing honest actors to use a less harmful option. 20:24:35 Extensibility is nit a part of the core protocol. 20:24:48 It is. It's called steg 20:24:51 Data transfer is and storage is. 20:24:53 BawdyAnarchist[m: Not really, no. Monero's protocol is very narrow and that's been a huge blessing. 20:25:24 Design intention is not the same as what actually is possible with the end product. 20:25:45 If the idea is "like it or not". Brb while I go collect my 625k bounty 20:26:46 BawdyAnarchist[m: That's true, but the design intention guides what you do with your product. If the design intention is to make Monero do one thing and be good at it then tx_extra needs to be removed. The other exploit needs to be closed regardless of whether you keep tx_extra or not. 20:26:46 I'd be 100% with you, if it weren't for the fact that people can still use the core protocol without tx_extra. I'd at least be 50/50, if we had full chain memebership proofs. 20:27:07 Its not like it or not. Its "I would attack you if I knew, and im going to use the easiest methods in addition to the hard ones" 20:27:52 Nothing against serai, but would you fund an exchange via ccs that planned to post view keys? 20:28:14 Thats like.. would you use mymonero uf Mymonero publicslly posted the view keys? 20:28:45 The idea of an exchange that needs to do so, is an extension that doesnt benefit monero 20:29:06 That's all theoretically palatable. But you can't ignore the practical world of attackers, or just people leveraging the protocol for what it's capable of. 20:29:16 Its not theoretical 20:29:25 Its "I can flood the chain right now" 20:29:38 That's always been true 20:29:39 And why arent I? Because we were asked nicely to stop. 20:30:01 The practical world of attackers is exactly why the output exploit bears no weight on the tx_extra issue. 20:30:42 We have chat logs on chain. Encrypted or not, we dont need matrix built on xmr 20:30:59 The confusion is that you're conflating malicious attackers with people who want to use/leverage the protocol for various use cases. 20:31:24 No im not 20:31:33 One in intentional, one is unintentional 20:32:47 This isnt a "guns dont kill people, people kill people" arguement, its handing the keys to your house to everyone in the neighborhood and assuming they're all nice people 20:33:03 The group of people who aren't malicious, and want to build products with Monero, will gladly not pollute the output set, if given another option. 20:33:23 Like Haveno? 20:33:25 Group of 1 who will steg if necessary and post view keys 20:33:33 If you incentivize them to act similarly to malicious attackers, that's what will happen. 20:33:44 Where is this large group of Txextra devs that dont hope to hurt privacy in the process of their developments? 20:34:19 BawdyAnarchist[m: No 20:34:27 Harming the output set is the worst harm to privacy. 20:34:44 So why would you base tour exchange on xmr and then ruin xmr? 20:34:55 Kaya is right here, using _extra instead of steg already. You're talking about incentivizing him into steg, which hurts privacy the most 20:35:00 You wouldnt. Unless youre houdiniswap 20:35:04 BawdyAnarchist[m: You're arguing that Monero, by being lean and sexy, is incentivizing people to rape it? Sorry, couldn't help myself 😁 20:35:12 Im not incentivizing him! 20:35:16 An exchange is a for profit venture 20:35:22 Just been posted in #monero:monero.social : 20:35:22 https://mordinals.org/ 20:35:36 These comparisons aren't helpful 20:35:36 How is killing your own exchange an incentive? 20:35:39 BawdyAnarchist[m: I know I'm sorry, just a jest. 20:35:40 Thanks boog 20:36:50 The tx_extra of such a transaction seems to be around 1 KB 20:37:04 https://xmrchain.net/search?value=bb02d0fc30ba79dd5580bbbba347c2a8193a9b346be93c18d8fcc570c72ec3d0 20:37:16 > <@boog900:monero.social> Just been posted in #monero:monero.social : 20:37:16 > https://mordinals.org/ 20:37:16 I gotta admit I find that humorous. 20:37:34 BawdyAnarchist[m: Well, that's tx_extra. 20:37:44 I find the timing suspiciously convenient :) 20:37:51 Block 2841136 20:37:59 Go check your nodes 20:38:06 Nodes logs and see if you see what I see 20:38:32 (Weird behavior) 20:38:54 ofrnxmr[m]: Which log level? 20:39:15 > <@boog900:monero.social> Just been posted in #monero:monero.social : 20:39:15 > https://mordinals.org/ 20:39:15 TIHI 20:39:26 it's not even done well 20:39:42 I don't want ordinals on xmr but if you're going to do them, do them right 20:39:52 kayabanerve[m]: So, you're with us now? 😁 20:40:11 kayabanerve[m] Do you have a link on Serai? I want to understands how it works and would make use of tx_extra 20:40:18 Oh, wow, they even offer a doctored CLI wallet with a new mint command :) https://github.com/mooonero/mordinals 20:40:52 I'd be willing bet that without extra, Mordinals will never be a thing using steg alone. Like, it might get developed and we might see a few, but it'll never catch on. 20:41:04 Alex | LocalMonero | AgoraDesk: I never encouraged ordinals 20:41:45 kayabanerve[m]: Doesn't really matter what you encourage. We must assume ordinals if tx_extra exists. 20:41:56 Yeah 20:42:10 BawdyAnarchist[m: πŸ’’ 20:42:17 This is what ive said 500x 20:42:33 It's what we've been saying all along :( 20:42:35 Now, lets wait for the flooding and the dropping of tx 20:42:38 Then scramble to find a solution 20:42:59 Ordinals aren't the only extensibility though. I think it's a mistake to look at this problem in terms of ordinals alone. 20:42:59 And kill off a devs new project while were at it 20:43:17 So finally the sky is falling, right? 20:43:23 No 20:43:34 It fell years ago. We just dont listen 20:43:42 Even better, lol 20:43:49 Cant transfer ownership of an 'ordinal' on monero 20:43:52 Like bitcoin was surprised when ordinals popped up 20:44:05 tx_extra is from CryptoNote, Anno Domini 2012 20:44:14 Lying and cheating the code πŸ’€ 20:44:14 I have a crazy idea. Is it possible to add a bit in the transaction to signal that "This is a bad output used for dirty Mordinals. Don't use in your ring" 20:44:14 Now Peter Todd talks about how to make ordinals work 20:44:15 Since they cent hard fork them away 20:44:19 And they soft forked them in 20:44:45 BawdyAnarchist: delete tx extra. Do research. Add back when we have an answer 20:45:08 Research what? 20:45:30 How best to incorporate an arb data field, that doesnt include voting 20:45:45 Or how best to handle data data is essential to the ecosystem 20:45:55 That* is essential 20:46:14 And who decides that, what is essential? Permission free system my ass :) 20:46:31 ArticMine @ArticMine:libera.chat: Not a link, but it's just a NONCE LEN 127 *data* where data is a return address + swap info (coin, dest addr, min amount). About 100b 20:46:46 Alex | LocalMonero | AgoraDesk: I could do ordinals without tx extra 20:47:00 I for one gladly welcome the new Mordinal overlords. That fad will vanish in a few weeks. 20:47:32 I'm miffed at 1) on chain file storage (not using ipfs) 2) the lack of value to monero 20:47:39 Also the lack of a documented cryptographic transfer 20:47:59 "Ordinals aren't the only..." <- Monero should be as narrow as possible, regardless of exploits and stuff. Monero has a clearly-defined purpose: digital cash. Anything more makes it less efficient at its core purpose. You cannot be a master of all trades, see ethereum, you can only be a jack of all trades. Monero is a master of money, that's the design goal. Are there exploits that need to be patched? 20:47:59 Absolutely. Does the existence of these exploits serve as a sufficient condition for abandoning Monero's design principles? The burden of proof is on you. 20:48:12 Hey, kaya, it's not more than a prank, a joke, a "look, we can too" 20:49:20 tevador: Issue with your indirect cycle. 20:49:32 Alex | LocalMonero | AgoraDesk: It's not an abandonment of design principles. Regarding the "exploits", you'd have a better case if there was any real way to prevent that exploit. We can't just assume that some unknown "future dev" will solve that problem. 20:49:32 We need to prove an ecc op *and* membership. 20:49:35 I found something https://old.reddit.com/r/Monero/comments/vudljh/announcing_serai_a_new_dex_for_monero_bitcoin_and/ 20:50:24 BawdyAnarchist[m: We also can't assume that it's unfixable. Accepting tx_extra means "we accept that this issue is unfixable so at least let's redirect honest devs to tx_extra". 20:50:48 ... and this https://github.com/serai-dex/serai 20:50:50 The burden of proof is on your proving that this is unfixable. 20:50:51 So if an Ed25519 point is promoted to an X point then used in a YZ cycle, I don't think we can. The EC op would have to be performed on X yet maintain ZK into YZ. 20:50:57 Since we can't fix the exploit, the best we might be able to do is mitigate it, by encouraging honest users to behave in a way that is less harmful, until some fix is dreamed up (whenever that might be). 20:51:02 I'll write this onto the github issue when I'm home. 20:51:41 ArticMine @ArticMine:libera.chat: Those links work. I also gave you the exact usage of extra :p 20:51:47 BawdyAnarchist[m: It's not as simple as that! Tx_extra isn't just a bandaid on an exploit, it's a dimension of protocol extensibility and a redifinition of Monero's design goals to serve as arbitrary data storage. 20:52:02 Alex|LocalMonero: You're asking me to prove a negative. If there is some fundamental fix in the pipe, that makes steg impossible or totally impractical, then please show it to us. 20:52:18 Proving negatives is very normal in math 20:52:23 https://github.com/serai-dex/serai/blob/develop/docs/integrations/Instructions.md is our exact object ser ArticMine @ArticMine:libera.chat: 20:53:21 Can we please be practical? I'm sure you can admit that no one really has any ideas that can be implemented on any reasonable timeframe, to cut off extensibility via the core protocol alone. 20:53:26 Someone put some effort in: https://github.com/mooonero/mordinals 20:53:55 If/when we do, then by all means, let's come back to this and potentially remove tx_extra 20:54:03 But until then ... 20:55:02 kayabanerve[m] Thank you. So for Seraphis this would need over 128bytes because of the longer address. This is important in my view 20:55:10 BawdyAnarchist[m: 1. Monero means money 20:55:10 2. tx_extra means arbitrary data (not money) 20:55:10 3. Want arbitrary data? Must redefine Monero's design goals. 20:55:10 4. Removing tx_extra after an ecosystem is built around it will result in the greatest rugpull in the history of any successful crypto project, there is no "we can remove it later". We either remove it now when pretty much nobody is using it or never, because then its too late 20:57:07 ArticMine: Yes. ~110b for Seraphis, 32b for ext addr, 8b for amount... 4b for structure/misc? 160b total? 20:57:23 Sorry I have to go BawdyAnarchist , you can PM me if you want to continue. 20:57:32 > <@alex:agoradesk.com> 1. Monero means money... (full message at ) 20:57:44 It's not a redefinition 20:58:11 Alex|LocalMonero: Thanks. I think we both got our points out there. I understand where you're coming from. 20:58:43 kayabanerve[m]: Only if you believe that arbitrary data storage is an essential component of money. 21:00:08 I must say I puke at Alex|LocalMonero's way of constantly couching arguments in emotive and manipulative ways. Jerk. 21:00:37 It's intellectually dishonest, and make at least me want to do the opposite just because of it. 21:01:06 your argument is moot! 21:01:43 mooot. 21:01:52 xD 21:02:19 Intellectually dishonest? I'm not saying anything that I don't believe to be true. 21:02:40 Nor am I intentionally saying it in a way that intends to deceive people 21:03:24 I mean the couching of so much in appeal to fear, ridicule, etc. It's just... worded in manipulative ways, regardless of the belief or truth of it. It is of course a subjective reading, but it is mine, consistently. 21:03:35 And I do not like it one bit. 21:05:51 If I'm misunderstanding something fundamental about this question then I apologize, but I harbor no ill intent towards anyone in this discussion. I apologize to moneromooo if anyone had the same reading as moneromoo. 21:06:04 And to anyone else that had the same reading as moneromoo* 21:06:40 Thanks. Since you're being level about it now, I'll give examples of what I mean in the spirit of good faith. 21:06:56 It'll be a bit, I'll look at the scrollback to copy. 21:07:02 kayabanerve[m] The info you provided on Serai is very helpful. I want to do some more research on how this works with ETH, Polygon (Matic) and similar smart contract chains that are in many respects complementary to Monero 21:07:11 Or I can do that by /query actually. Won't spam further. 21:07:35 Alex|LocalMonero: While I wasn't offended, it was a bit distracting. I can give you credit that it wasn't your intention, but it did come across that way. 21:07:35 moneromooo: Would you please PM it to me so that we don't occupy this room? 21:09:22 Sidenote: would it be possible/make sense to resurrect blackballing to ignore "moordinals"-related outputs? 21:10:05 Doing smart contracts on Monero is of course a big no no, but providing the hooks on the Monero's side so that one can move efficiently in a DEX between XMR and a smart contract chain is a plus in my view 21:10:40 Agreed ^ 21:11:35 Being isolationist and cutting Monero out of the general crypto ecosystem is not a good principle 21:11:56 (Within reason, of course) 23:40:53 Sorry, late to the party. Was reminded in another room and worked myself through he backlog.... (full message at )