01:47:50 <derpy_bridge> <[keybase] unseddd>: if you can guess, but have no way to verify your guess, does it really mean anything?
01:53:06 <derpy_bridge> <[keybase] unseddd>: maybefbi: MLSAG and CLSAG are needed for signer ambiguity/anonymity
01:53:36 <maybefbi> ok
01:54:01 <derpy_bridge> <[keybase] unseddd>: forces analysts to make a (ideally) 1/11 guess about the real signer, with current ring size
01:55:00 <derpy_bridge> <[keybase] unseddd>: those probabilities become more and more marginal the further one tries to trace the transaction graph
01:58:08 <derpy_bridge> <[keybase] unseddd>: please, any of the more knowledgable here, correct me if I am misunderstanding something
07:14:52 <Inge-> https://www.reddit.com/r/Monero/comments/gcpoby/curve_used_in_monero_a_subgroup_of_ed25519/
07:14:53 <monerobux> [REDDIT] Curve used in Monero - A Subgroup of Ed25519? (self.Monero) | 34 points (97.0%) | 15 comments | Posted by suyashbagad | Created at 2020-05-03 - 12:19:37
07:15:06 <Inge-> "My question is the following: Can we have a mapping from Ed25519 used in Monero to the Ristretto255 group? Will the relationship between private keys be preserved? Basically, if Monero has to be implemented using Ristretto255 in future for better performance, what would be the way to convert a Ed25519 curve point to a Ristretto curve point?"
08:27:40 <maybefbi> Inge-: there is a way to compress an Ed25519 point, get it as an array of bytes, hash it to generate the underlying field element, and then multiply it with the generator of Ristretto. But before doing so we still have to make sure the Ed25519 point is not in that cofactor group. So it will just slow down Monero in my opinion.
08:36:25 <Inge-> I don't really understand this stuff, but thought the question was interesting. Thanks :)
11:55:36 <UkoeHB_> What is the difference between Ristretto and the Ed25519 subgroup used in Monero?
12:07:35 <derpy_bridge> <[keybase] unseddd>: iiuc Ristretto is a point compression algorithm for mapping points onto a prime-order curve
12:09:21 <derpy_bridge> <[keybase] unseddd>: https://ristretto.group/
12:16:24 <derpy_bridge> <[keybase] unseddd>: UkoeHB_: "makes it possible for systems using Ed25519 signatures to be safely extended with zero-knowledge protocols, with no additional cryptographic assumptions and minimal code changes"