For some strange reason update check is saying there is no update available, even though I'm only running 0.16.0.0-release.

Steven_M: GUI?

niocbrrrrrr: cli

the update records for v0.16.0.1 haven't been pushed to DNS yet. will be soon.

I'm having a hard time understanding. When the sender sends xmr to the receiver, does the receiver create his/her own block?

No.

A miner (which may be the receiver, but likely not) will make a block which includes that transaction.

the sender creates a transaction

the receiver is not involved

until they spend the received funds, then they too create a transaction

OK. Thanks. So the link from the sender -> miner -> receiver links back to the sender? Every input spends an output? Like in bitcoin?

I'll try again with better clarity.

An input is a set of existing outputs (like in bitcoin, except bitcoin it's 1 to 1), one of which is the real one.

I don't know "the link from the sender -> miner -> receiver" is, you'll have to explain that.

If that helps: a tx is basically (assuming a single ring for simplicity) a proof that you have the right to spend one output among a set, a tag which is provably deterministically derived from that real output (preventing double spend) and a set of outputs which are set to being spendable only by the person who can derive the secret key (which can be done only by the person with the keys corresponding

to the address the sender sent to).

Sorry I'm a bit slow at typing. Please excuse me. And I'll try and get to the point. Please be patient.

I send 1 xmr to Bob. My block has two outputs. (1) Bob's output and (2) My change output. My spent input is hidden in the ring sig. But must equal to the output(s) and have genuine key image to verify the signature. What stops me from taking the code and create a valid transaction if the outputs aren't linked?

I assume you mean "My transaction has two outputs" ?

Or one. In my case I paid Bob and sent the change back to me.

What do you mean by "if the outputs aren't linked?"

Inputs spend outputs? So if I paid Bob does Bob or miner create a new block and link the output (address) from my block to the new block for Bob?

A miner creates a new block. This may be Bob or someone else. I don't understand "link the output (address) from my block to the new block for Bob?". This appears to be based on some misunderstanding somewhere.

Yeah you are correct. I don't understand. But I need to have clarity as I don't get how Bob won't create his own block and how there is no link from the output address to the new address.

Sorry not Bob creates his own block as you mentioned the miner does that.

I guess we also use confusing terms. "Address" is usually standard address (or nowadays subaddress), which is the base64 10x character thing you give others. But outputs also have a one time pubkey, also called a one time address, which has nothig to do with that.

Yes. address in this case being the one-time key.

You could try reading "zero to monero", a PDF which explains monero. I think it's more geared towards the crypto side, not sure if that's your cup of tea.

I've tried and the answer is not there or I don't understand it correctly.

In "there is no link from the output address to the new address.", both "address" there refer to output one time keys, not standard addresses ?

I get the point of the key image to prevent double spends. I also get that sender is anonymous inside the ring sig and receiver is protected with stealth address. But what proves that I don't create xmr's out of thin air? I can prove it from the senders side but what proves it from the recipients side if there is no link from the block where the output originated from to the destination block.

The sum of inputs and outputs (including fee) is checked to be 0 (even though they're encrypted).

So you burn X, and create X. There's a good explanation of this on monero.stackexchange.com IIRC.

I understand pedersen commitments and bullet proofs

to be equal*

Yes

Pedersen commitments and bullet proofs works really well when all the information is constructed in one block. My one block holds an output for X. Everything sums correctly and validates perfectly. What stops me from sending such a transaction into the network.

Nothing. It also works if everything is not in the same block.

Blocks are just a convenient way to bundle transactions for a miner to commit to.

;) So if I were to send you xrm as an output on my block i.e transaction. Regardless with all checks and correctness which must pass. Does the miner take the output that I sent and create a new block for you. Plus look back and see that the output is yours. And if it can do that miner then knows the you output comes from my block.

No. You're confusing blocks and transactions all the time. This might be the root cause.

Thank you for being patient. What I'm trying to find out is what happens under the hood. Can you simply explain what happens to the point when you spend the output? As this output is referenced inside my transaction.

If you want the crypto ops, then zero to monero, because I'm not super familiar with the crypto.

It would definitely have that.

Or wait and hope someone else picks up that's fluent with the crypto :)

Its not the crypo thats the issue for me. Not that I understand it. I'm just simply looking for how the recipient is not using the output from my transaction as the source and using it as prove in the new destination input transaction.

prove* proof

It does.

As I said above, a verifier checks sum(inputs) == sum(outputs). Inputs include the real input, wihch is the output of the tx sending it to you.

One of the outputs of...

Super! sorry I'm not more clear as it takes me a few goes.

hi, I can open my wallet with wallet-gui, but If I try with wallet-cli I get the message: key is is opened by another wallet program. But it is not.

Are you really opening the same file ? And does it have read permissions for hte user you're running as ?

fRit_^, Windows?

Mochi101, linux

moneromooo, the same file, the same user, the same computer

And yo're *really* sure nothing else has it open ?

the process with GUI is killed

I'll take that as a yes. Does it work if you copy the wallet to another name and open that ?

moneromooo, I'll check it

moneromooo, the same :( Error: failed to load wallet: internal error: "/home/orwus/Monero/wallets/test/test.keys" is opened by another wallet program

fuser /home/orwus/Monero/wallets/test/test.keys

:) I get that I hope a verifier checks sum(inputs) == sum(outputs) which I need to do correctly for it to pass. As I create the transaction I add the inputs and the outputs. I send it happily off to the miner and he then checks for correctness. Pass/fail. For recipient he/she scans for a payment. Finds payment and collects. Recipient has now and increase and is very happy. Now we roll the dice and it's the recipients

turn to be the sender. My wallet can prove I have the funds but how does the miner know I actually have the funds if I can't prove the source of the fund? And this is where I might be missing the point.

moneromooo, still the same

Did fuser print anything ?

moneromooo, no

Run with strace: strace -o monero-wallet-cli.strace monero-wallet-cli --wallet-file /home/orwus/Monero/wallets/test/test.keys

Then check what syscall fails with what errno.

sugardingdong: the miner checks that the ring signature is valid (this proves you have the secret key for one output in the ring) and that the key image was not already used.

moneromooo: Hope Monero looks after you. You doing a great job. I do appreciate it. But what will happen if I can produce such a transaction without owning any xmr and hand it to the miner? Will it pass/fail? And if it fails then why?

The miner will reject the transaction. Why depends exactly how you made the tx. Unless you find a bug in the verification.

It's a perfect transactions. Valid in every way. Nothing wrong. No bugs. It should just pass.

Then it passes :)

You're flip flopping between "I don't have the monero I'm spending" and "The tx is valid". But a monero spending an output you don't have is invalid. So your question is nonsensical. Fix this first.

(unless bug, which you said you assume there isn't one)

sugardingdong: what did you do to produce the transaction? you chose an arbitrary output on the chain, obviously, because you can't spend something that doesn't exist. so you brute forced the private tx key for that output, which is in an extraordinarily large space. that is already implausible/~impossible. assuming you did that, then you were only able to spend the amount in that output. i'm pretty sure...

I'm not here to raise any alarms. I'm just trying to look at something that is not making any sense. Maybe one of the top guns can help me?

moneromooo is the top gun

lol

I dunno, I just browser the grass here.

browse

it's the equivalent of cracking uncrackable passwords...

lol. I don't have any xmr and my tx is valid. will it work? and if not why?

crypto math is not as intuitive as you may be assuming it is

and if there is no linkability between transactions then how do we prove it if the output has no source?

Or my next input spends that output I received?

sugardingdong: explaining everything about Monero in IRC chat is a big ask; you might want to explore the answers on your own web.getmonero.org/library/Zero-to-Monero-2-0-0.pdf

Thanks, But I have read both versions.

is there some specific point you are unclear about? your questions seem quite open-ended

And ignoring what I've said at least twice, so I think it may be a troll now...

sugardingdong: you said "how does the miner know I actually have the funds if I can't prove the source of the fund?" if you have read them, then please refer again to section 6.2.2; miners verify the MLSAG signatures contained in transactions

my brain is unclear but not a troll. promise. I can create a verified MLSAG signature without owning any xmr. i've added the inputs plus my hidden input and added the outputs. one for x and one for change. i generate a valid mlsag and key image. will it pass/fail?

Fail.

Wait.

You say "I can create a verified MLSAG signature without owning any xmr". Define "verified".

And technically it might not fail. You could double spend an old outut of yours, you don't own it anymore, but the MLSAG cechk will pass.

(but the key image check will)

(assuming the code even gets to the MLSAG check, I don't remember which test comes first)

I don't understand how you can say "without owning any xmr" and then say "plus my hidden input". If you don't own anything, then you can't have a hidden input.

OK

er, tht was meant for another chan

if i use the same code that is monero's core lib. I chalk up a transaction and apply inputs and outputs. everything the algo needs to gen a valid MLSAG.

"everything the algo needs to gen a valid MLSAG." the algo needs you to own an output...

Ah, so you're just saying "imagine I can make an invalid mlsag that verifies", rather than "I make the mlsag that way and it verifies" ?

Then it makes your reasoning circular.

you could invent an input, which would allow MLSAG to technically be a legitimate signature; however, to verify it the verifier will use output indices included with the transaction to look up the output on the block chain; since the output it finds won't correspond with the one you used to make the MLSAG, then verification will fail

refer section 6.3 'ring member offsets'

or section 6.2.4 for more of an explanation

We getting closer thanks UkoeHB_

I'll give that a quick read

a transaction only stores _new_ outputs directly; so-called 'inputs' are just references to previously-created outputs that exist in the blockchain

Yes, obviously you can't give your own arbitrary message, pubkey *and* signature to verify.

UkoeHB_: Your the man.

These offsets are used by verifiers to find each MLSAG signature’s ring members’

output keys and commitments in the blockchain

Each output's, not MLSAG's.

Well each MLSAG has a ring of members, and each one has an offset

Sorry for the run around but obviously i couldn't see the wood for the trees. Yes I do now understand. Ty.

glad we got it sorted :)

p

moo.!

Tomorrow Monday 6th, 20:00 UTC (1pm PDT / 4pm EDT) the demo of the Locha Mesh off-grid Monero transaction will take place. Join us! Check @Locha_io replies to this tweet tomorrow for the confirmation of the livestreaming link: twitter.com/Locha_io/status/1279097687921561601

sounds cool rdymac