whats the size of an ringsize equivalent triptych tx? i keep losing that image with the graphs

oh its in the paper sweet

well kindaq

What do you mean "size of ringsize equivalent" gingeropolous

ringsize 11 ,

Oh you'd need to use ringsize 16 or some other exponent decomposition

AFAIK triptych is log-size, the limiting factor is verification performance, not proof size

correct

gingeropolous: for `N=16` a CLSAG signature would be 576 bytes, while a Triptych proof would be 640 bytes

Sizes for other transaction elements (keys, linking tag, range proof, auxiliary data) would not change

For multi-input transactions you add additional signatures/proofs to accommodate

roight roight

So how's research today?

I'm rewriting a CLSAG proof :)

So after the info from Turtle Coin's IBurnMyCD I copied some code from here to try: github.com/turtlecoin/cs-turtlecoin…master/CantiLib/Cryptography/Native

Result: Works perfectly. Starting with a private key, I get everything else, the view key and both public keys.

So whatever this does, and does differently than the packages that I tried so far, being a more or less direct port of the Monero C++ code, this does "the right thing"

Too bad adding more code for MS' trojan is not "the right thing" though.

It will run on .NET core, on a Linux server. The whole C# stuff is still Microsoft of course however.

And for what it's worth, the C# compiler and the .NET framework are open source. Microsoft even switched to Git internally a while ago.

Why so?

Maybe time to switch to #monero :)

Anyone feel like reading over a security proof before I send it off to the CLSAG auditors for their comments?

They suggested expanding on the proof of Theorem 1 from the preprint, which I've done in much more detail

Updated proof of CLSAG Theorem 1: usercontent.irccloud-cdn.com/file/karoRzRt/proof-theorem-1.pdf

The only change of note is that in the first part of the proof, there are an extra `q` signing oracle queries