<k​ayabanerve:matrix.org> jeffro256: Expand your mind.

<k​ayabanerve:matrix.org> Have the signature itself be over a deterministic message and the signature be the key image.

<k​ayabanerve:matrix.org> /s but not /s

<k​ayabanerve:matrix.org> You can have anything do anything if you shove enough complimentary designs around your bad designs to effect the desired design.

<j​effro256:monero.social> Wouldn't that still require a migration? Or do we try to argue the security that it's A) intractable to create a collision of a WOTS signature with a cryptonote key image, and B) it's intractable to construct a onetime address where you both can know the discrete log and can use it a WOTS pubkey ?

could Monero be described as a "zero-knowledge blockchain"? If Monero cannot - are there any networks that can?

i found this, which seems to suggest ZKB is layer-2 EVM type stuff?

This is the context/quote: "The initial concept of blockchain includes transactions where the identities of the parties involved are visible to all. Some blockchains provide ways of hiding those identities to most people reading the chain using advanced cryptographic tools. While zero knowledge proofs are only one of the cryptographic solutions used for this, the blockchains using such tools are often called

“zero knowledge blockchains”."

<a​tomfried:matrix.org> have there been any attemts at proofing some parts of the monero cryptography using lean, coq or F*?

<s​yntheticbird:monero.social> using formally verifiable subset of Rust for critical piece of cryptography is an insult for some irreducible C++ devs around here

<s​yntheticbird:monero.social> also, might not particurly be worth it

-12

<r​ucknium:monero.social> atomfried: Not to my knowledge. This paper formalized Monero's cryptography in mathematical form: Cremers, C., Loss, J., & Wagner, B. 2023. A Holistic Security Analysis of Monero Transactions. moneroresearch.info/171

<r​ucknium:monero.social> gingeropolous: I meant to comment on this earlier: That question, roughly, has been on the list of open research questions for a while "Determine if miners increasing block size is incentive-compatible from a game theory perspective" monero-project/research-lab #94

<r​ucknium:monero.social> There are a couple related papers linked there in the Links column, including this one: Huberman, G., Leshno, J. D., & Moallemi, C. (2021). Monopoly without a Monopolist: An Economic Analysis of the Bitcoin Payment System moneroresearch.info/78

<r​ucknium:monero.social> That paper says that miners will fill BTC blocks if there are txs available because if a given miner doesn't do it, then the miner that mines the next block will, reaping the tx fee rewards.

<r​ucknium:monero.social> Monero's system, beyond the initial 300KB block size, is different, so you would want to make sure that the same ideas hold true there.

<r​ucknium:monero.social> The LLM output is interesting: It can make you reflect on your own biases about "scientific tone". Just because something has a scientific tone doesn't mean it has any value :D

<a​ntilt:we2.ee> as one redditor said: "It's unprofitable by design, if that's what you mean. It's to avoid the sort of treatment that bitcoin got."

<a​ntilt:we2.ee> game theory depends on how big your "bubble" is... if you know what I mean

<k​ayabanerve:matrix.org> jeffro256: By cryptonote-style key image, I just meant the signature simultaneously proves the key image. I didn't mean the DH construction.

<k​ayabanerve:matrix.org> What is CN styled? What isn't?

<k​ayabanerve:matrix.org> Expand your mind /s

<k​ayabanerve:matrix.org> Or define WOTS with Pedersen Hash so it is proving a (vector) diffie Hellman lol