00:00:05 not currently, besides the normal cryptography overhead, but carrot also improves on view tags 00:00:26 so the scan time is still constant 00:00:29 (per tx scanned) 00:00:35 Cool. 00:00:40 but 1/2^24 outputs are scanned on avg 00:01:01 currently it was 1/256 on avg 00:01:26 I still need to figure out things I'm curious about like the network's hypothetical maximum scale and capacity. 00:03:17 @jeffro256: This also makes the whole drama over the OVKs somewhat pointless. In a scenario where governments are already incredibly invasive and coercing people to hand over view key information, THEY DONT NEED OUTGOING VIEW KEYS. They could tell when you received money and didn't tell them the key image. You could try to [... too long, see https://mrelay.p2pool.observer/e/ssajjd8KWWhNX1Q1 ] 00:04:55 "oh no outgoing view key? cool, so next step... yeah give spend keys and we will just look around :)" 00:05:01 This is also assuming after FCMP++, because they REALLY don't need them before FCMP++ b/c of ring signature tomfoolery 00:05:08 Speaking of FUD, people were debating if Zachbxt's "news" was nothing more than market manipulation.. Apparently the timeline doesn't add up. 00:05:31 if they want to do X, they don't care it's not supported, they will ask for what gets X in the same process. or ofc, ask for ongoing key images 00:05:56 @pyratevevo:matrix.org: even ignoring the spike, monero's market price has already had an upward trend for at least a year before 00:06:14 governments will cry if they have to hit you with a wrench over a spend key 00:06:14 @pyratevevo:matrix.org: The idea of Monero being targeted from all fronts, spreading FUD and manipulating the market sound all too silly but highly plausible at the same time. 00:06:19 instead of a outgoing view key 00:07:05 @intr:unredacted.org: I think for the price spike specifically it's probably just a coincidence of many things happening, not just 1 bitcoin wallet getting stolen. 00:10:05 Cindy: Either way, it depends on you whether it comes down to the wrench or not. CARROT can't fix a weak mind 00:10:58 Like, let's say that a whole ass country starts using Monero. Millions of people start transacting in XMR mobile wallets. How "big" does the network need to be to accommodate the enormous amount of transactions ? > <@pyratevevo:matrix.org> I still need to figure out things I'm curious about like the network's hypothetical maximum scale and capacity. 00:16:19 1 million people X 5 txs per person per day X 365 days/year X 6300 bytes/tx = 11.5 terrabytes per year chain growth 00:17:38 6300 is after FCMP++ 00:18:02 Or are you asking about p2p network size ? 00:26:44 @jeffro256: Whoa, that's a lot. 00:27:18 @jeffro256: I was asking about how the network could handle that m any transactions at the same time. 00:27:24 Bandwidth, basically. 01:10:34 Light wallets are also obviously bad for mandatory privacy... for the same reasons. Most users will happily give their OVK to a large LWS provider for the convenience of not running their own > <@rbrunner7> The outgoing viewkeys allow much better "light wallets". You can entrust somebody running a server for that with your viewkey, or you can run such a server yourself. 01:56:09 @just_another_day:matrix.org: Like mymonero did for years 01:56:25 Lws should be not be made scalable 07:48:07 yall are insane 07:48:30 btw the niew viewkeys can offload most of the scanning without revealing everything 07:49:20 you could give coinbase your viewkey and have it scan 90% and still have better privacy and UX than we have right now 07:50:24 Its not like Monero is going to get relisted to build a fragile net of known viewkeys 07:51:14 we are already delisted pretty much everywhere, may as well have a better UX for the people that can still figure out how to find it 08:18:32 I'm not suggesting Monero developers are the ones to have to do this, especially as good information, technical information and explanations have already been published on official channels, but the community as a whole really needs an ELI5 / idiots guide to CARROT to clear away the FUD and absolute crap being circulated in the usual places (Reddit etc.) 08:53:26 @kaigoh:gohegan.uk: https://mrelay.p2pool.observer/m/gohegan.uk/tIxkJWnZuzmIFmmRSFojQxsd.png (image.png) 09:01:10 Something like that, yeah 09:26:44 @kaigoh:gohegan.uk: "anyone with the key can see" would be more correct 15:12:22 so will fcmp require me to create a new seed in the gui/cli wallets? or can i use an existing seed but change the derivation path or something in a new wallet 15:12:54 To use carrot features youll need a new seed 15:15:40 Unfortunate 15:17:22 @kiersten5821:matrix.org: Not required, you can still use the old wallet, albeit without the CARROT features. 15:27:18 16:12:54 To use carrot features youll need a new seed 15:27:20 to use carrot-native specific features* 15:27:50 legacy wallets still use the carrot addressing mode and gain some things, too, just not as much 15:52:19 is there like a big doc that will explain everything that changes with fcmp? 15:52:22 i searched but couldn't find 15:59:27 Fcmp and carrot are different things 15:59:41 There should be docs for each 16:02:22 i must have terrible search skill because i can't find these docs and can't even find how much bigger a 2 in 2 out tx will be after the upgrade... i'm sure that's been discussed 200x by now though 16:02:41 Carrot https://github.com/jeffro256/carrot/blob/master/carrot.md + ongoing https://gist.github.com/jeffro256/146bfd5306ea3a8a2a0ea4d660cd2243 16:02:45 Carrot is an addressing mode 16:09:43 thanks, still would like to know the tx size change though, i remember a long time ago it was more than double or something 16:10:22 a bit more than that :) 16:10:40 I can't remember if we have a single document for FCMP++ part 16:11:11 but you can peek around in my stressnet block explorer https://stressnet.p2pool.observer/ that has the current changes (and we are testing FCMP++/Carrot) 16:11:17 you can compare tx sizes 16:12:59 @kiersten5821:matrix.org: 2 in 2 out is about 7.3kb iirc 16:13:38 https://stressnet.p2pool.observer/tx/3ec7827d3241708fc95af81353d79fb101bf6b30d5f871e7349ed98c55097b01 16:15:14 DataHoarder: thanks, really cool 16:19:58 @kiersten5821:matrix.org: Are you trying to build something with Monero? 16:22:27 anyone here used haveno on tails? 16:31:23 @kiersten5821:matrix.org: Write the Qs of a FAQ and it can be filled in by knowledgeable people. Then it can be posted as a blog post to getmonero.org 16:33:58 @rucknium: yeah, but these are mostly just general questions out of curiosity. i asked the stuff i needed to know in the research lounge and dev chat a few days ago, haven't had many problem since then 16:35:08 Want to give any hints about what you're building or will it be a surprise later? :) 16:36:02 though there were a couple things not in the rpc docs that i had to dig into that i talked about in the monero-docs matrix chat, which is that the change address of a tx doesn't necessarily belong to you, and the pending transfers with the get_transfers rpc call include things in the mempool, but don't refresh it 16:39:44 @rucknium: i'm developing a multisig-based bridge for a guy. but yeah those questions about the fcmp stuff weren't related, just curiosity 16:52:50 @kiersten5821:matrix.org: FROSTLASS is an alternative multisig protocol for Monero: https://github.com/monero-oxide/monero-oxide/tree/main/audits/FROSTLASS 17:05:21 @rucknium: some of these have been answered by you guys already or are answered in the doc, but on the user level i think they will be helpful, of course there are many more i'm sure would be enlightening to average nontechnical users that i haven't thought of. most users are not in this chat after all. 17:05:21 as as side note, when devving, the docs for xmr seem to be pretty sparse on details so i have to ask a lot of questions here. also, a huge amount of stuff in https://www.getmonero.org/resources/user-guides/ is extremely outdated, like the multisig article, when docs.getmonero.org is the up to date version. overall i think the [... too long, see https://mrelay.p2pool.observer/e/-KvCqt8KLTR1WjhZ ] 17:05:22 Will I need to create a new wallet with a new seed to enjoy the benefits of the upgrade?[... more lines follow, see https://mrelay.p2pool.observer/e/-KvCqt8KLTR1WjhZ ] 17:11:05 @kiersten5821:matrix.org: Would like to see the answers to all these questions too, in a user friendly format. 20:45:25 And now they've stepped down precisely to push people away from this trust model > <@elongated:matrix.org> Like mymonero did for years 20:46:07 And yet monero-lws is deliberately made to be a high-performance lws server > <@elongated:matrix.org> Lws should be not be made scalable 20:48:20 I might be wrong but I don't believe the full view key is actually necessary for LWS 20:48:23 Lightweight wallets aren't all bad. I have a way better time with my self-custody wallet now that I can 1) connect over Tor and 2) not ever have to sync anything. For those who do self host, it's the best experience with zero compromise 20:49:26 good luck regularly syncing a full-local-sync wallet with a Tor node. It's slow 20:49:38 @sgp_: Does this mean MyMonero's decision to step down was wrong? 20:50:02 no, I'm just saying I love self hosting my own LWS :) 20:51:02 how necessary is it to sync fully if you already know you haven't gotten any new outputs since the last time you synced 20:51:12 so much so that MAGIC built our own wallet for it :p 20:51:34 Cindy: you need to sync to spend, at least at a high level 20:51:48 is it for decoy selection? 20:51:57 there are workarounds, but no wallets use those 20:52:08 at least no wallet I would recommend 20:52:21 on that note, I've been trying skylight + monero-lws but for some reason monero-lws is not giving out subaddresses despite having --max-subaddresses set to 500 or something 20:52:22 or just checking if the key images associated with the outputs have been spent 20:54:13 @intr:unredacted.org: are you on the latest skylight release, and did you install LWS recently? LWS only recently supported subaddresses correctly* 20:54:13 *there are still some quirks, but far fewer than there were a few months ago 20:54:38 yeah, monero-lws is lastest checkout, skylight is latest github release 20:54:46 latest as in, uhhh, 5 hours ago 20:54:49 IIRC there was a proposal for probabilistic view keys for light wallets that filter out 255/256 outputs 20:54:56 is it still a thing? 20:55:15 I can see from the logs from monero-lws that it's not allowing subaddresses 20:55:21 if you bump the lookahead to 20k, let me know if you still see issues with subaddresses 20:55:23 but I have no idea if it's a skylight issue or monero-lws issue 20:55:29 I'll try that, thank you 20:55:55 no ty for the report and testing it out 20:56:09 give me just a few mins 20:58:03 stupid question but I don't see any commandline options or mentions in monero-lws docs on lookahead, where do I set it πŸ˜… 20:58:04 21:51:48 is it for decoy selection? 20:58:06 for a wallet, or for a node? 20:58:08 wallet asks node for decoys 20:58:16 and ofc, for checking spent key images 20:58:40 but wallet syncing doesn't build up its own decoy db 20:58:42 it only tracks its own state 20:58:44 that's why you can "skip sync" at a specific height 21:00:08 @kiersten5821:matrix.org: Beta.monerodevs.org those user guides are essentially deprecated 21:00:46 The new keys are only relevant for new carrot wallets 21:01:07 The new address type is not visibly distinguishable from old ones 21:01:53 max_subaddresses in config 21:02:14 --max-subaddresses=20000 > <@intr:unredacted.org> on that note, I've been trying skylight + monero-lws but for some reason monero-lws is not giving out subaddresses despite having --max-subaddresses set to 500 or something 21:02:40 oh that is the same thing, fuck me, sorry 21:03:35 > they cannot see who sent the money, etc > <@kaigoh:gohegan.uk> https://mrelay.p2pool.observer/m/gohegan.uk/tIxkJWnZuzmIFmmRSFojQxsd.png (image.png) 21:03:35 > unless the sender has shared their view key as well 21:03:43 the servers default is 50:200 (50 accounts with 200 addresses = 10000 minimum) 21:08:32 gotcha, so I deleted the old monero lws database, cleared the wallet from skylight, recreated it, accepted the request 21:09:26 with monero-lws-admin debug_database, there's a boatload of "subaddress" objects, but even after I close skylight, open it up, wait for it to connect, hit receive, still only the main address with a warning that it can't use any more subaddresses 21:09:56 I'm also noticing a little bar below the wallet balance that's stuck loading 21:10:10 it's connecting over my lan, no tor 21:12:28 @intr:unredacted.org: do you select "No Tor" in Tor settings? 21:12:40 Yes, that's correct 21:12:52 22:03:35 > unless the sender has shared their view key as well 21:12:55 it's showing the "no tor" icon below the connected checkmark 21:13:05 they cannot see that 21:13:24 not directly 21:13:36 what do you mean? 21:13:37 but you can replace view key with "cex" 21:13:41 @sgp_:monero.social we can continue this in DM if you prefer 21:14:15 #skylight-wallet:monero.social 21:14:18 can you join #skylight-wallet:monero.social ? That's the best place for this discussion 21:14:19 still. in the case everyone shares their view (without balance) keys, you end up with similar issues AND you can tell the balance of each other 21:15:04 not carrot, today too 21:15:17 FCMP however does cover this 21:16:32 @sgp_: why this link is not in readme? 21:18:03 FCMP patches vulnerabilities of (current) incoming view keys, but CARROT simultaneously introduces outgoing view keys to undone this improvement (i'm assuming "less optional privacy is better") 21:18:34 FCMP++ is about removing rings 21:18:47 you don't need view keys, CEX can do this with outputs they sent you 21:19:16 if you sweep multiple of these at the same time in same tx, they can statistically attribute these back 21:19:18 this isn't only about CEX, merchants can also be pressured to require view keys from clients 21:20:14 what I mean. if you use CEX or merchants and they are just telling "I sent X tx with outputs to Y,Z" they can look back and do that 21:20:24 without view keys. you don't have to bring them to the conversation 21:20:48 it's hard to do, but on certain conditions you could pass this along and tag the outputs of the next tx 21:21:14 will it be the case with fcmp? 21:21:14 it still doesn't give you information on its own, attribution is what they are looking for 21:21:20 no, fcmp++ removes rings 21:21:39 so you cannot do stuff like https://p2pool.observer/sweeps 21:22:02 this is great 21:22:15 (p2pool outputs are known attributed to a specific miner, so you can tell when they sweep in a single tx, that's why we recommend using a different wallet for mining. solo miners also have unique signatures so the same rec also applies there) 21:22:38 but when fcmp is implemented, view keys become relevant 21:22:43 @basses:matrix.org: no good reason. omission 21:23:08 suddenly they NEED them to accomplish stuff like this, besides tracking source ips that dandelion++ attempts to make hard 21:23:39 or at least, attribution. they don't need keys 21:23:44 they may ask for a list of txid and "is this yours" 21:24:12 remember you can't outdumb this, they care about the end result not how it gets there 21:24:55 if you remove any viewkeys in a special wallet (by making a wallet like old bitcoin lol, you lose wallet.dat and it's all gone, no seeds), besides having issues with quantum opponents, you'd ... be asked to just provide proofs 21:25:21 and they can assume you providing these no more = you failed at providing and are evading 21:28:43 or, they ask for a spend key via some third party "safe system" :D 21:29:23 even worse, forced to do multisig with them! 21:31:38 it's harder for them to ask for a spend key 21:31:57 the right to self-custody is relatively well-established 21:32:06 but the right to privacy isn't 21:32:51 it's really a question of how many people will choose to comply with a specific request 21:33:15 i didn't get the "provide proofs" part 21:33:23 tx proofs 21:33:36 it can establish when you received funds like a view key 21:33:45 you can generate these with a view key, too 21:33:46 but how do they know what tx i have made 21:34:36 I'm assuming you gave them a no-balance view key (like a legacy wallet one) 21:34:47 so they know when you receive funds, or someone else sent them to you and they know 21:35:00 i think he means the system shouldn't have view keys at all, like cash 21:35:09 they can ask for key image of each one 21:35:39 view keys are part of how you can have an efficient wallet and scan outputs, it's part of the design not just ... an extra feature 21:36:38 as an example from last conversation https://blocks.p2pool.observer/tx/9c78c972c295f31cf3b30240a22c300aff96ac9d4bd886ef96639fcf3b328271 21:37:08 they know you received a transaction in 9c78c972c295f31cf3b30240a22c300aff96ac9d4bd886ef96639fcf3b328271, they may or may not have view key for it 21:37:17 they can ask for an InProof that shows you indeed received it 21:37:19 but they would need to repeatedly ask for key images > they can ask for key image of each one 21:37:23 and for you to provide key images 21:37:32 and only one time for a full view key 21:37:42 yes. they'd force this and non-compliance would be same as you moving elsewhere 21:37:52 so on https://mrelay.p2pool.observer/m/gohegan.uk/tIxkJWnZuzmIFmmRSFojQxsd.png 21:38:14 "forced to share" it means the same that you got view keys or not 21:38:26 you should switch wallets 21:38:42 @kiersten5821:matrix.org: my point was that we should make the compliance as cumbersome as possible so that it's harder to compel people to do so 21:39:15 this is important specially around a PQ Turnstile https://gist.github.com/jeffro256/146bfd5306ea3a8a2a0ea4d660cd2243 21:39:17 which explicitly needs the generate image key 21:39:35 like, currently many wallets don't even support exporting key images 21:39:47 i hate whenever i make a transaction, i have to export the key images 21:39:54 you can import seed elsewhere :') 21:40:04 or give the server my spend key (which is retarded) 21:40:04 if someone asks to do so, most users will just go to another merchant 21:40:18 again, they will put the burden on you 21:40:19 this is just for a fundraising wallet 21:40:20 they don't care 21:40:22 Cindy: multisig too :D 21:40:24 That (we should make the compliance as cumbersome as possible so that it's harder) is an interesting way to see it. 21:40:25 but when we have a single button "make regulators happy", most will just press it 21:40:50 legacy wallets as they exist keep being supported 21:40:55 if i could have an outgoing view key, i would publish that in a heartbeat 21:40:59 rather than having to stick with a hack 21:41:03 for my fundraising wallet 21:41:05 If we assume a central auth wants to demand it, then: if it is at all possible, we can assume it will be demanded, wnether easy or not. 21:41:20 compliance as cumbersome -> also means you make using monero as cumbersome 21:41:22 so it can't be used efficiently for multisig, used with cold spend keys 21:41:25 Then making it hard to do will just mean fewer people will use monero. 21:41:53 which also means cycling wallets is harder 21:42:04 i'll copy my comment from reddit 21:42:06 Making things hard is effective with stuff like "should I use my node or a stranger's", not "can they demand this if it's a pain for me to do". 21:42:08 "The scenario: a merchant has started accepting Monero. A regulatory agency is unhappy about the inability to identify the source of clients' funds. It recommends that the merchant asks clients to provide the key images to ensure the funds are clean - or face complications. Not necessarily legal complications, maybe just a ban [... too long, see https://mrelay.p2pool.observer/e/hfK3st8KMXNyUlpE ] 21:42:08 The merchant faces a choice: they either comply with this recommendation or refuse. Now consider two hypotheses: the clients have a one-click solution to provide the key images, or no such tool exists. 21:42:08 In the first case, the merchant would likely choose the first option. Most users would comply. Regulators are happy.[... more lines follow, see https://mrelay.p2pool.observer/e/hfK3st8KMXNyUlpE ] 21:42:23 and again, it's not making it transparent and sharing these no longer allows looking at ring elimination as a risk factor 21:42:23 yeah, outgoing viewkeys would make multisig easier 21:42:25 (FCMP++) 21:42:37 wait, this will cook my multisig setup? 21:42:40 In case of coercion, what counts is outright impossibility. 21:42:55 there's already a one-click option, give seed wallet, and users comply for the scams :P 21:43:12 with outgoing view keys, everyone automatically gets the latest key iages 21:43:13 images* 21:43:17 In that case, the centrl auth decides whether they still wnt to demand, If they do, you can't legally use. But they might not demand in the face of impossibility. 21:43:25 22:42:37 wait, this will cook my multisig setup? 21:43:28 without ability to generate key images internally you can't see what's spent 21:43:30 without importing key images or making rounds for all participants 21:44:00 this also simplifies hardware wallets, too 21:44:30 which many can't export key images too 21:44:32 but hardware wallets already work well, don't they? 21:44:40 The salient point here is whether the party bearing the pain is the one making hte decision. 21:45:04 they don't work well, specially if you need to know balances 21:45:06 for that you need to have them online 21:45:29 @just_another_day:matrix.org: It’s not easy, you need the device connected while wallet syncs 21:45:35 not offline 21:45:37 you need to do this ... on each device you want to keep track of this 21:45:41 connect, sync, etc. 21:46:09 you can extract view keys atm, but that still gives no balance 21:46:37 when i'm using a hw, i just plug it when I want to interact with the wallet 21:46:49 i remember a long time ago i was using an airgapped setup 21:46:53 and the importation thing cooked me 21:47:01 and suddenly it couldn't send anything lol 21:47:04 For other coins too 21:47:09 so much more complicated than bitcoin 21:47:32 @just_another_day:matrix.org: For other coins you just need to connect when you want to sign a tx 21:47:38 how would a merchant know their balance in hw wallet in cold storage? 21:47:40 you putting it online is a no-no 21:48:05 @elongated:matrix.org: no. You need to get the address from the hw wallet too 21:48:10 that is no longer a "cold storage" setup 21:48:12 ^ 21:48:22 to receive funds to it 21:48:32 or maybe the saved address was altered 21:48:41 if you don't reverify it 21:48:42 it makes all offline and multisig work as intended 21:48:44 nope 21:48:46 wallet extracts view key 21:48:50 nope 21:49:18 that is an extra check 21:49:20 i'm talking about other coins 21:49:47 like ledger app doesn't allow you to receive funds without plugging the hw wallet 21:49:49 if you copy these elsewhere like bitcoin xpub, you can generate the full tree 21:49:51 this is also how electrum or so work with wallets 21:49:53 and how multisig works. you can generate it all ahead of time 21:50:01 because you need to check the address on the device 21:50:21 across all members, then ask for sigs 21:50:23 for monero: if you have the main address + view key, you can generate the account trees 21:53:15 that feature is broken on current hw wallets in monero btw when sending funds to integrated addresses 21:55:51 cexes demand kyc. dexes don't. when dexes are easier to use than cexes, most people will choose them. When cexes are easier, most choose to do kyc > Making things hard is effective with stuff like "should I use my node or a stranger's", not "can they demand this if it's a pain for me to do". 21:57:53 no one wants to loose their coins, but less people care about privacy > there's already a one-click option, give seed wallet, and users comply for the scams :P 22:03:42 so yeah, you want to make Monero impossible to migrate to a quantum-proof system? we need to place the pieces for this nowadays (and that is why the PQ Turnstile is carrot-native only) 22:04:25 the second people with quantum computers counterfeit coins 22:04:28 monero becomes dead 22:05:46 DataHoarder: are outgoing view keys required for migration? 22:05:54 yes, see my previous link 22:06:39 well, they would be frozen before that. then turnstile would allow migrations to happen, then frozen 22:06:41 https://gist.github.com/jeffro256/146bfd5306ea3a8a2a0ea4d660cd2243 22:07:46 note this is not set in stone nor expected, but in the chance it has to be done, the way addresses and outputs are derived (Carrot) need to be done now, not later 22:08:10 "generate key image" is that just_another_day 22:08:40 monero being quantum-safe is really really important 22:08:52 see hierarchy https://github.com/jeffro256/carrot/blob/master/carrot.md#52-new-key-hierarchy 22:08:53 vs old 22:08:54 i agree with that 22:09:24 i just don't understand why a key that allows viewing balance but not spending it is required for post-quantum Monero 22:09:44 it might not be safe now Cindy but this is what allows a migration and not a restart 22:09:47 it's required for migrating the outputs 22:09:53 not after 22:10:01 can i deposit funds to subaddress infinity+1 to hide from quantum hackers 22:10:13 DataHoarder: at a certain point, does migration become impossible? 22:10:18 read gist :) 22:10:41 you're my AI!!! 22:10:43 i mean 22:10:45 i'll read i guess 22:10:48 again what it says there is not set in stone (they way it'd work) 22:10:49 >_> 22:11:20 > i just don't understand why a key that allows viewing balance 22:11:20 because it allows proving you control certain outputs in a quantum opponent safe way 22:11:51 as the derivation chain is not something a quantum opponent can walk backwards 22:12:21 you also need to prove the key image is not spent 22:12:23 quantum opponents could fake this for any output otherwise 22:12:45 smh, i can't get unlimited free monero hack 22:12:50 damn you jeffro 22:12:50 and DataHoarder 22:15:35 hey kid, want some Quantum Monero β„’ 22:16:39 i pointed this idea out in my reddit post btw. It would be good in my opinion, but it seems unrealistic. > <@kiersten5821:matrix.org> i think he means the system shouldn't have view keys at all, like cash 22:16:53 you can do this already 22:17:12 you can generate random target addresses with random spend/view keys 22:17:14 then scan for them 22:17:26 no seeds, all randomly generated 22:18:13 result: you need to continously backup. if you move some stuff around, and don't have the last backup, you lose everything that was returned in change or touched 22:18:22 ofc, no hw wallets 22:18:27 also it's all online/live! 22:19:24 yeah this trade-off is obviously in favor of current system 22:23:09 this upgrade essentially brings two things: 22:23:09 1. adds a new method to disclose your transaction history in one-click into every wallet (which can be implemented with the current protocol, but probably shouldn't be implemented) 22:23:09 2. this new method also allows the other party to passively monitor your wallet without any additional input from you, unless you change the address (which is currently impossible) 22:23:32 no you can 22:23:39 just sweep all to another wallet 22:23:55 don't disclose your keys 22:24:05 no i mean the passive monitoring impossible 22:24:26 unless we count statistical heuristics as a feature 22:25:46 > unless you change the address (which is currently impossible) 22:25:58 Dude if you are forced to give keys, you stop using that wallet 22:25:59 that'd mean changing that key, which makes all addresses generated invalid 22:26:12 and also makes the seed words invalid 22:26:22 i don't get the people being worried 22:26:34 when i generated my wallet, there wasn't a creep breathing down my neck for the view key 22:26:43 Cindy: Same gang coming from z 22:27:13 tbh as I said, all stuff that is trying to weaken or delay FCMP++/Carrot specially around quantum security is basically playing against Monero 22:27:18 also btw, you could do this in the same system 22:27:23 Jamtis also had this 22:27:26 Carrot had this 22:27:34 today you could be forced to do this too 22:27:36 if a hypothetical authority forced everyone to give up their view key (CryptoNote scheme) 22:27:47 they could correlate transactions from everyone 22:27:50 (Carrot-native could exist *today* but they aren't bothering) 22:27:51 no outgoing view key needed 22:27:59 some chains are already using Carrot as-is 22:28:06 just match up TXIDs 22:28:27 Cindy: or they could ask people to make such key in an exchange compliant wallet (tm) 22:29:10 carrot is an addressing system, which is entirely local to your wallet to some degree 22:29:12 you can ... basically make a different one for your own usecase 22:29:30 for example for a subset of p2pool outputs I'm looking at that, and it's compatible with the network 22:30:22 if you had everyone's view key, you could track down every XMR down to its codebase transaction 22:30:31 so i don't get this argument 22:30:42 if this is the reason OVKs are bad, then why haven't they done it now 22:30:57 ^ cause generating a new wallet and sweeping is too easy 22:31:41 when they have to they will just bring the book on you and either you comply or else 22:31:43 and you can comply in many ways regardless how you have set it up 22:31:49 including givin just an excel spreadsheet :') 22:32:20 but you can drop entries from the spreadsheet 22:32:45 then they'd point that out, and flag destruction of evidence/non-compliance 22:33:24 like. they courts would get the spend keys as they already do nowadays 22:33:42 they'll ask for the spend keys anyway 22:33:44 first thing they do in seizures is get keys, export all data, then move wallets 22:33:50 it's like CEXs 22:34:20 you don't have to disclose the spend key to the court, do you? 22:34:26 uhh yeah you do 22:34:36 if things are this bad 22:34:37 if that's what it takes, then yes 22:34:43 if they are not certain you have complied? yep 22:34:48 they will go as far as needed 22:34:59 do you think they'll stop before? 22:35:04 no, they'll go as far as they can 22:35:13 i mean, i lost my wallet in a boating accident 22:35:31 they'll ask you when 22:35:31 then they will assume destruction of evidence/non-compliance 22:35:55 if they are asking for it, they are certain you have had it up till x 22:35:57 if they see that the TX history doesn't match up with the events of your "boating accident" 22:36:00 it'll be even worse 22:36:16 they don't ask things they don't know the answer to :D 22:36:24 anyway, bringing someone to court is more expensive for them than just asking a view key to get accessed to a cex/merchant 22:37:41 is it so? how do you know the specific output a ring spends? > if you had everyone's view key, you could track down every XMR down to its codebase transaction 22:37:58 you can correlate TXIDs 22:38:04 it doesn't have to be harder than that 22:38:09 Why would you give out the view key to a third party ? > <@just_another_day:matrix.org> this upgrade essentially brings two things: 22:39:06 like you could correlate the change output of a transaction 22:39:13 and then the main output of the same transaction 22:39:29 to find who sent it, and who received it 22:39:33 i see 22:39:35 (that is, if the transaction has change) 22:40:10 but it's a flaw of the current system 22:40:19 fcmp fixes this 22:40:25 but OVK brings it back 22:40:42 How's FCMP++ moving along by the way ? Still on track for some time this year ? > tbh as I said, all stuff that is trying to weaken or delay FCMP++/Carrot specially around quantum security is basically playing against Monero 22:41:11 23:40:25 but OVK brings it back 22:41:13 you can have ovk right now or later 22:41:16 even if not added and we lose the ability to migrate to a quantum safe system 22:41:26 they can just make an "exchange-approved" wallet 22:41:47 see stressnet ongoings, soon beta stressnet 22:42:18 they have been fixing old monero issues, not so much fcmp++ issues as the tech debt is showing 22:42:29 the ability to migrate to a quantum safe system is a strong argument for not delaying anything 22:45:05 DataHoarder: true. but again, it'll go smoother for them if they get all wallets to automatically support this feature without the need to migrate users to their wallet 22:46:48 well it seems unrealistic to change the direction at this point 22:47:06 IMO adding more optional transparency features is a dangerous slippery slope 22:47:34 thank you for responding to my questions 22:48:11 there is a guy on github who wants optional transparency in monero 22:48:43 well it's against the core essence of the projects 22:49:08 i guess many guys in three letter agencies also want this 22:49:35 i am starting to agree with this on a directional level, it should be made as hard as possible to surrender your privacy (of course, no clue on a technical level of the feasibility of this) 22:51:01 how hard 22:51:45 do i have to keep exporting key images myself 22:51:54 for an accurate balance on my fundraising wallet? 22:53:30 think about monero as a digital cash 22:53:43 if you have a box for physical cash donations 22:53:54 then you don't have view keys to prove everything 22:53:59 here's the problem 22:54:05 if i take money out of the box 22:54:22 the balance may either appear the same or higher than what's actually in the box 22:54:36 (because change outputs fuck up the balance) 22:54:46 usually key images correct this, but if there isn't any 22:54:53 you are stuck looking at a inaccurate balance 22:55:18 sometimes the balance appears 2x inflated than what is actually in the wallet 22:57:13 You will need a new wallet for all benefits of the upgrade. You will not a need wallet to spend your existing outputs via a FCMP, regardless of their age. 22:57:13 Old addresses will continue to work and new addresses will look indistinguishable. It's how they're sent to that changes. 22:57:13 New wallets have the option of sharing outgoing view keys which allow the holder to calculate a received output's key image, allowing them to detect when it's spent. This can already be reasonably done probabilistically, but now it entirely removes the need to access your private spend key just to sync/restore your bala[... more lines follow, see https://mrelay.p2pool.observer/e/jvvKtN8KS3lWMUct ] 22:57:14 i mean, people still have to trust you that you won't misspend the funds from the box 22:57:45 you don't get what i mean 22:57:49 so you they can also trust you to publish the remaining balance without a cryptographic proof 22:57:57 me taking money out of the box counts as an addition to it 22:58:03 because of change outputs 22:58:26 Cindy: Without being able to see spends via identifying key images, it isn't 2x in theory but infx πŸ˜… 22:58:36 exactly :P 22:58:42 A wallet which constantly sends itself its own balance which constantly appear to be making more and more money. 22:58:48 (without doing anything) 22:58:49 i could make my balance look like i have 1000000000 XMR 22:58:58 if i keep sending myself the same amount of XMR over and over again 22:59:00 I know that's your point Cindy, just restating a bit due to the confusion. 22:59:09 @kayabanerve:matrix.org: dont expose my kuno fundraising strategy 22:59:11 i know, thanks 22:59:28 I have 20m Monero, here's my view key /s 23:00:04 i wonder can i get negative amount of monero this way 23:00:16 you can't 23:00:27 i think that's one of the proprieties of ring signatures 23:00:33 the amount must be above zero or something 23:00:39 RingCT* 23:00:45 Eh. Only showing where you sent Monero, without claiming you received Monero? Any reasonable person would call you out on that 23:00:56 no i mean cause an overflow in the UI 23:01:17 by repeatedly transfering the funds to myself 23:01:42 well you need to do that so many times that you'll probably run out of monero from the fees 23:01:56 Serai had to design a lot of interesting solutions to achieve accountability when we can't verify when coins are spent _without_ an interactive protocol. OVKs massively simplify such designs. Just any time you want accountability, whether for yourself, for your audience, or for your users, OVKs are _another option_ which can be incredibly useful. 23:03:07 OVKs make it easier to publish an accurate balance 23:03:19 because incoming view keys alone make it easy to overly inflate it 23:03:25 but in practice a custodial bridge on Hyperliquid has beaten serai by a big margin 23:03:50 (Serai doesn't require OVKs and may actually be slow to adopt them due to how we'd have to spend the time updating πŸ˜… ) 23:04:20 Yes, centralized solutions without review are faster to develop and deploy than decentralized protocols with external review. 23:04:36 Should I have not bothered with Serai due to the existence of Kraken? 23:04:40 just_another_day: you mean a proprietary program? 23:04:49 that nobody can audit? 23:04:51 They already handle Monero swaps. 23:04:54 the bridge doesn't require KYC :) 23:05:12 btw, someone had reverse engineered hyperliquid's binary 23:05:20 and discovered there were some backdoors within it 23:05:24 that allowed admins to fake liquidity 23:05:29 and do other shit i couldn't remember 23:05:34 Neither do a variety of instaswap services. 23:05:44 where can I read about it? 23:05:49 Until they suddenly go down of have issues, and users are left holding the bag o' liability 23:06:05 @kayabanerve:matrix.org: instaswap services set a high fee and have less liquidity than HL 23:06:12 https://blog.can.ac/2025/12/20/reverse-engineering-hyperliquid/ 23:06:19 I think another way to avoid confusion is to refer to the new feature as something other than the loaded "optional transparency". 23:06:33 this is what they found from reverse engineering the node binary that hyperliquid ships out 23:06:44 00:03:25 but in practice a custodial bridge on Hyperliquid has beaten serai by a big margin 23:06:46 it's literally a centralized wallet 23:06:52 You are welcome to choose an option you like. I am working on a decentralized option which achieves certain properties I don't believe any existing solution offers. You're welcome to care or not. 23:06:53 ^ 23:06:54 so yeah. 23:07:00 Maybe call it Personal or Local transparency, to better communicate its purpose. 23:07:07 It isn't something I have to defend myself on. 23:07:18 kayaba does a lot of hard work 23:07:21 and i like them for doing it 23:07:25 so does DataHoarder 23:09:28 @kayabanerve:matrix.org: sure. it wasn't a personal attack 23:09:33 + 23:09:56 TBC, I don't feel personally offended. I just want to clarify I think there are reasons for Serai but if you feel other solutions have achieved usable, valuable servicing of users, good for you. 23:10:05 It kinda fell into a back and forth but it doesn't have to be. 23:10:30 Yeah, allg, we're on the same page there :) 23:13:11 or have a large balance > well you need to do that so many times that you'll probably run out of monero from the fees 23:13:43 you'll redistribute your XMR to the miner 23:13:44 you are trying to max out 64-bit? 23:13:44 miners* 23:14:01 yes 23:14:06 DataHoarder: 64-bit from the piconero denomination? 23:14:14 lol 23:14:20 yeah let's take a look 23:14:50 16 * 10^18 / 10^12 = 16'000'000 23:14:56 18446744.073709551616 23:15:15 18446744073709551615 generated coins 23:15:21 but 23:15:23 is that correct? 23:15:26 that's 64-bit :P 23:15:31 limit 23:16:19 so there are more piconeros than 64-bit integer fits? 23:16:27 in circulation 23:16:48 no 23:16:51 it just means tail emission 23:18:02 hrmm 23:18:19 wait, yeah, the piconeros is a big shift 23:18:21 19 bits 23:18:59 1000000000000 is 39 bits 23:19:21 well, 40 with rounding 23:19:52 a bit above 24 bits of moneros indeed 23:19:54 so yep, more piconeros than 64-bit 23:20:17 interesting 23:23:44 does it mean that if someone own all the supply, he wouldn't be able to transfer it in one go? 23:32:35 https://github.com/grease-xmr/grease 23:33:15 what's your opinion of payments channels for Monero? 23:34:03 it would be similar to lightning btc network 23:36:02 imo lightning btc is a failure 23:36:27 monero should scale onchain 23:45:41 why do we even need this 23:45:46 XMR is so cheap to send? 23:46:27 xmr is only cheap to send if youre talking about fiat 23:47:20 And the fees that you're used to, are low-usage fees. Once there is a backlog, to get confirmed, your fees need to be at least 4x as high 23:47:37 there are probably other ways to do L2 than how btc does it 23:48:00 Ethereum does L2s 23:48:13 But it has turing-complete VM 23:48:21 dunno about you 23:48:28 So it's easier for them 23:48:29 0.00003 sounds low, but in bitcoin terms thats $3. The fees when there is a backlog is 0.0012 aka $12 at bitcoin value 23:49:09 can we make the fees lower if monero becomes more expensive? 23:49:32 Yea. Fees arent consensus, theyre a relay rule 23:49:57 but my last trasaction my fee was 0.0247% of my transaction 23:50:01 so it's a non-problem then? 23:50:24 even at 4x at 0.1% 23:50:33 i'm okay to pay 1$ to move 1000$ 23:50:58 much cheaper than credit cards, bank drafts, cash (cost of visiting an ATM, going to the other party etc,) 23:51:08 for a privacy preserving digital asset 23:51:13 i guess if monero mentally costs like bitcoin to you, then it could be a problem... 23:51:18 0.1 - 0.025% fees is great 23:51:20 but then you're rich af 23:51:43 BoBeR182: Again, its about min $12 per tx at btc volume and valuation 23:51:58 br-m: can you explain how you got that number? 23:52:10 That means youre paying 12% for a $100 tx, and 2.4% for $500. 2.4% ia about the same as credit 23:52:22 if XMR magically cost more, the fee % still doesn't change 23:52:42 BoBeR182: 0.00012 xmr for a 1 in 2 out tx 23:52:46 you mean $120? > <@ofrnxmr:xmr.mx> 0.00003 sounds low, but in bitcoin terms thats $3. The fees when there is a backlog is 0.0012 aka $12 at bitcoin value 23:53:20 @kiersten5821:matrix.org: I misses a 0. Meant tp say 0.00012 23:53:23 when we 100x our transaction volume, i'm sure new ways of sending transactions will appear 23:53:27 right now it's really really low 23:53:46 seems like this a non issues to everyone unless you're sending under 10$ 23:53:51 so if the fcmp transactions are 7.2 kb and the block size is still at 300 then it's cooked in terms of tps right? 23:54:21 the block size is dynamic 23:54:25 it can grow 23:54:37 @kiersten5821:matrix.org: the blocks expand 23:54:42 the last time there was a spam attack it was growing extremely slowly remember 23:55:13 thats because the spam was at low fees ( 0.0003 for 1in/2out) 23:55:29 is there a way to buy XMR directly with no kyc and with just a prepaid visa card purchased using cash? would be a lot faster than just using cash by mail. think about it: you put some money on a card, someone accepts the offer, you give them the code to the card, you get the XMR. 23:55:54 probably doable on p2p exchanges 23:55:56 Wallets are supposed to automatically bump up to the "normal" fee tier when there is congestion 23:56:03 but how do you prevent double spends on the credit card 23:56:05 doable on P2P, but very high risk 23:56:13 what if the credit card gets revoked 23:56:21 you give them the code, they can just go into walmart and empty the CC and keep your BTC 23:56:26 XMR* 23:56:27 In actual numbers, "unimportant" aka low is 20000 piconero per byte, normal is 80000 23:57:23 @cranial_luminance:matrix.org: Sure but what's stopping the prepaid card from being swept after you get your xmr? 23:57:37 Its the easiest way to scam people 23:57:51 the multisig 23:58:01 and trader bonds 23:58:08 how do you multisig a creditcard? 23:58:15 oh yeah you mean the card? 23:58:18 yeah that's the problem 23:58:19 Cindy: That doesnt prevent anything 23:58:22 that's why it's high risk 23:58:22 Cindy: Yea 23:58:28 so lets say I have a $100 visa gift card 23:58:32 I sell it to you for XMR 23:58:39 then you revoke the card 23:58:48 if it gets spent, how would a 3rd party know it was me or you who spent it 23:58:50 who's scamming who 23:58:59 I can give you the code to the visa, but i also have the code and i can just spend it 3 seconds after you send me my xmr 23:59:30 BoBeR182: Exactly. Its the easiest way to scam ppl on p2p, using a gift card