freenode #monero-dev

4 Feb 2021

Official repo: github.com/monero-project/monero || Don’t ask to ask, just ask:) || Non-dev questions -> #monero, please || Next dev meeting is detailed on the Monero meeting issue on Github: github.com/monero-project/meta/issues

• 04:19
  usamat
  thanks wowmario
• 04:19
  usamat
  *wowario
• 12:28
  peach34
  why are key images part of the tx prefix hash? Given that signatures offer the key image anyway
• 12:28
  peach34
  is it just for convenience in the code
• 12:29
  peach34
  simplicity
• 13:32
  peach34
  If I wanted to take a random hash (anything hash possible in the 32 byte space) and turn it into a valid EC point, which function should be used?
• 13:33
  peach34
  is
• 13:33
  peach34
  ge_fromfe_frombytes_vartime
• 13:33
  peach34
  sufficient?
• 13:34
  peach34
  or will that only work for valid hashes of *allowed *curve points
• 13:35
  moneromooo
  hashToPoint IIRC.
• 13:35
  moneromooo
  Basically hashes, multiplies by G and by 8.
• 13:36
  moneromooo
  You may want to add some "domain salt" to the data you hash.
• 13:41
  peach34
  when you say it hashes, do you mean it hashes and converts to scalar modulo l
• 13:41
  peach34
  then does * G * 8
• 13:41
  peach34
  the function reads:
• 13:41
  peach34
  void hash_to_point(const crypto::hash &h, crypto::ec_point &res) {
• 13:41
  peach34
    ge_p2 point;
• 13:41
  peach34
    ge_fromfe_frombytes_vartime(&point, reinterpret_cast<const unsigned char *>(&h));
• 13:41
  peach34
    ge_tobytes(crypto::operator &(res), &point);
• 13:41
  peach34
  }
• 13:46
  moneromooo
  Looks like I remembered wrong, hashToPoint does not exist...
• 13:47
  peach34
  doesn't the one above do the trick?
• 13:49
  moneromooo
  Ah, it got removed. There's hash_to_p3 now.
• 13:49
  moneromooo
  And it looks like it's doing what you say. Plus the *8.
• 13:53
  peach34
  am I right in thinking the p2 is the compressed point and p3 has the explicit sign
• 13:53
  peach34
  thanks btw will take a look
• 14:01
  peach34
  Would you mind explaining what you meant by domain salt?
• 14:01
  peach34
  in this context anyway
• 14:02
  moneromooo
  Some arbitrary data concatenated to your input, such that the same input will not yield hte same point for two different uses. Might or might not be useful in your case.
• 14:05
  peach34
  thanks but doesn't affect me
• 15:02
  UkoeHB
  peach34: key images are in the prefix explicitly, as opposed to implicitly in the round harsh
• 15:02
  UkoeHB
  hash*
• 15:04
  UkoeHB
  it’s probably more of a best practice than absolutely necessary
• 15:05
  peach34
  yes that's what I meant
• 21:24
  selsta
  .merges
• 21:24
  xmr-pr
  Merge queue empty
• 21:25
  selsta
  .merge+ 7308 7309
• 21:25
  xmr-pr
  Added
• 21:26
  selsta
  7309 needs an approval, 7308 (master equivalent) is approved by vtnerd