00:00:23 <moneromooo> You can use peerlists to get a rough idea. It only lists those who accept external connections though.
00:00:37 <UkoeHB_> google answers 1330 https://monerohash.com/nodes-distribution.html
00:00:37 <moneromooo> One of the pools keeps a count, I dunno which one though.
00:02:21 <nioc> also xmr.to has a node page somewhere
00:02:47 <selsta> https://community.xmr.to/network/
00:03:23 <nioc> I believe that 1330 is the number of nodes that allow incoming connections
00:04:03 <nioc> well not all of them as it doesn't pick up mine for a while although it used to
00:04:42 <UkoeHB_> doesnt fluffypony live in south africa? I may have found his house :p
00:05:15 <moneromooo> I believe he lives on planes.
00:06:21 <nioc> that one shown is not him
00:06:47 <UkoeHB_> interesting map anyway
03:10:06 <sarang> The original view/spent key idea is broken, but there is another way to do opt-in spend detection: https://github.com/monero-project/research-lab/issues/58#issuecomment-581090326
03:10:29 <sarang> First idea could be gamed by someone holding only the view key to artificially lower the apparent balance
03:10:53 <sarang> but by using PRNGs for all non-signing MLSAG/CLSAG scalars (very carefully), the remaining scalar must correspond to the spend
03:11:31 <sarang> A non-compliant or malicious wallet with full spend authority can always refuse to participate in this and fail to report a spend, but that was always a problem with these opt-in approaches
03:12:06 <sarang> Advantage: no changes to tx structure, no distinguishability
03:12:23 <sarang> Disadvantage: not suitable for audit (a convenience feature only)
03:13:00 <sarang> Possibly-an-advantage: reduces reliance on RNG
03:15:06 <sarang> It would require retooling of the plumbing, since the MLSAG/CLSAG routines would require public data unique to signatures/transactions to avoid issues with scalar repetition and transaction reconstruction
03:24:30 <UkoeHB_> CLSAG is oddly familiar to the RMLSAG bullshit I came up with back in march 2018
03:26:23 <sarang> orly
03:26:59 <UkoeHB_> I thought it was an unsolvable but maybe the hidden insight is here
03:27:42 <sarang> It's key aggregation across multiple bases, which requires auxiliary linking tags (not used for spend detection)
03:28:30 <sarang> If you're reading the current preprint, note that the security model has been improved
03:29:05 <UkoeHB_> dont worry Ill never understand it :)
03:29:17 <sarang> Because it's one aggregated key, you get away with a single set of scalars and an extra linking key per key vector dimension
03:29:37 <sarang> so the scaling of a `d`-LRS goes from O(n*d) to O(n+d)
03:29:58 <sarang> Usual tx is a 2-LRS; with timelocks it's a 3-LRS
03:46:32 <UkoeHB_> lmao I think it's the damn domain separation that solved it
03:49:03 <UkoeHB_> gahhh such a simple method 😩
03:51:57 <sarang> ?
03:52:10 <sarang> You mean the aggregation coefficients?
03:52:49 <UkoeHB_> I couldn't figure out how to prevent key cancellation without requiring d*d auxiliary linking tags
03:54:38 <sarang> It does the trick
05:39:42 <UkoeHB_> oh maybe it's the shared base that works so well
06:40:20 <UkoeHB_> Yeah pretty sure RMLSAG is a d-linkable generalization of CLSAG. Will post my old PDF tomorrow for my ego
19:29:34 <UkoeHB_> it's pretty cool that randomrun discovered CLSAG independently, which is actually useful for Monero. https://www.pdf-archive.com/2020/02/02/untitled-pdf-document/untitled-pdf-document.pdf