10:02:06 <h4sh3d[m]> I’m pretty sure I did a mistake with the VES sig, I’ll correct that ASAP
11:27:17 <h4sh3d[m]> Done. I was reasoning kind like homomorphic schemes when you encrypt and you decrypt later, but here you encrypt with the other participant key, so he must reveal it when going on chain.
11:28:23 <h4sh3d[m]> Comments and feedback are very welcome
12:06:03 <sarang> Interesting new preprint on determining bounds for Grin transaction amounts: https://eprint.iacr.org/2020/723
12:06:28 <sarang> (usual disclaimer that preprints are typically not externally reviewed for accuracy before posting)
12:25:31 <sarang> Oh interesting; the paper notes that the earlier linking work relating to Grin linking can apply to their analysis as well
14:12:54 <sgp_> Looks to me that for the most part, the flow ratios are quite good
14:13:15 <sarang> It's a clever way to quantify it
14:49:51 <sarang> sgp_ Isthmus_: I'm running deducible coinbase spend data for the Monero chain now
14:49:55 <sarang> Should have results soon
15:15:51 <dEBRUYNE> sarang: https://www.reddit.com/r/Monero/comments/ha5kod/is_the_curve_ed25519_really_a_secure_choice_for/
15:15:51 <monerobux> [REDDIT] Is the curve Ed25519 really a secure choice for Monero? (self.Monero) | 3 points (80.0%) | 0 comments | Posted by TheQuantumPhysicist | Created at 2020-06-16 - 14:57:17
15:15:54 <dEBRUYNE> If you feel like commenting :-P
15:16:13 <sarang> Already commmented
15:16:19 <sarang> the rho-complexity is nearly 2^126
15:16:25 <dEBRUYNE> Ah, missed that
15:17:05 <sarang> Commented just as you were sending your message!
15:17:20 <sarang> The answer to "could the curve order be made larger" is "yes"
15:17:32 <sarang> The answer to "should the curve order be made larger" is, IMO, "probably not at this point"
15:19:57 <sarang> Isthmus_ and friends' analysis of the protocol against hypothetical quantum adversaries may address other areas of the protocol that would be vulnerable to assumed future analysis in the event of computing breakthroughs
15:24:34 <sarang> I think OP confused the group order with the security level
15:25:02 <sarang> curve25519 group order is something like 2^252, so rho would give you around 2^126 (rounded)
15:31:51 <sarang> Unfortunately I think OP is still making this confusion :/
15:39:43 <sarang> confusion averted
15:43:45 <sarang> Interestingly, there are some nice designs for curves targeting higher security levels
15:43:51 <sarang> but you certainly pay for it
15:44:12 <sarang> and transitioning to a new curve for keys and getting the protocol to account for this sounds like a bit of a nightmare
15:44:24 <sarang> A fun thought experiment, but a nightmare in practice
16:27:46 <fluffypony> oh that's the guy that claims to be a Monero contributor (3 line PR) and a Bitcoin contributor (2 small PRs) and is now working on Mcafee's scamcoin
16:27:47 <fluffypony> Ghost
16:28:16 <fluffypony> which is just a Particl clone
16:28:33 <fluffypony> he's "lead dev"
16:29:33 <fluffypony> at least they didn't fork Monero