-
m-relay
<chaserene:matrix.org> thoughts about transaction uniformity and the numbers of inputs/outputs:
monero-project/research-lab #114
-
m-relay
<rucknium:monero.social> chaser: It looks like requiring 2 inputs minimum would increase tx size by 45% for 1in/2out txs. I'm not sure how much privacy gain we get for the larger tx size.
-
m-relay
<rucknium:monero.social> The number of tx inputs do not persist in a wallet like nonstandard tx fees do. For example, if a user creates a tx with 1 input, their next tx may be a 2 input tx, and vice versa. But if they use a wallet that produces nonstandard fees, that fee is stamped on every tx they make, which can help an observer narrow down the possible real spend in their chain of txs.
-
m-relay
<rucknium:monero.social> You can calculate the privacy loss from wallet-persistent fungibility defects using the formula I developed:
github.com/Rucknium/misc-research/t…o-Fungibility-Defect-Classifier/pdf
-
m-relay
-
m-relay
<rucknium:monero.social> I don't know how you could calculate the privacy gain from requiring all txs to have at least 2 inputs.
-
m-relay
<rucknium:monero.social> IMHO, the biggest privacy loss from allowing different numbers of inputs is when user consolidate a large number of outputs. An adversary may know that some of those outputs are owned by a single user. The probability is low that those sets of outputs all appear in several rings in the same tx because they were decoys. The probability that they were the real spends is high.
-
m-relay
<rucknium:monero.social> See "Juraj Bednár - Analysing Monero Merchants‘ Traffic Using Simple Chainanalysis"
piped.video/watch?v=-sTT84Up7FY
-
m-relay
<rucknium:monero.social> You point out that restricting the number of tx inputs to just 2 would severely impact usability.
-
sech1
But what if there's physically only one input available in the wallet?
-
m-relay
<rucknium:monero.social> tevador's dummy tx inputs idea:
monero-project/research-lab #96
-
m-relay
<rucknium:monero.social> "Turns out that the RingCT protocol can support dummy inputs if we make the following consensus change: All transaction input rings implicitly include the pseudo-amount commitment C as one of the ring keys."
-
m-relay
<rucknium:monero.social> But: "(Unfortunately, the dummy input idea doesn't work with Seraphis AFAICS.)"
-
m-relay
<kayabanerve:matrix.org> FCMPs can offer a dummy input. the concern is about cost and the linking tag of the dummy (so that it doesn't burn a legitimate enote)
-
midipoet
Anyone know any papers/research on energy usage estimation methods for PoW algos? I know the Cambridge methodology, and the Seidlmer (spelling) et al paper, but wondering if anyone knew any other good ones?
-
m-relay
<rucknium:monero.social> endor00 may know
-
m-relay
<endor00:matrix.org> I don't know about the other methodologies, but mine makes two fundamental assumptions: one is that miners are (overall) rational and don't go below 0% profitability, and the other is about the average cost of electricity for the whole network. Based on these, you can calculate the breakeven efficiency, and thus the (maximum) power usage for the whole network
-
m-relay
<endor00:matrix.org> I do recall watching a talk that mentioned some estimate for the power usage of Bitcoin, and my estimate was pretty close to theirs
-
m-relay
<endor00:matrix.org> I typically assume 0.10 $/kWh - mostly because it's a nice round value and makes calculations easy (electricity price and breakeven efficiency are directly proportional), but also because it feels like a reasonably "in the middle" value
-
m-relay
<endor00:matrix.org> `breakeven_efficiency = (difficulty * electricity_cost) / (coin_price * block_reward * 1000 * 3600 ))`
-
m-relay
<endor00:matrix.org> `network_power_consumption = nethash / breakeven_efficiency`