-
andreasromer
Will you HODL Monero or dump it for Tari when it comes out?
-
dEBRUYNE
sarang: Would it be worthwhile to have a specific meeting about -> 'there are considerations for important topics like multisignature support and output migration that warrant much more thorough discussion before a deployment ought to be considered.'
-
sarang
For sure, but as I've said a few times before, I don't know what computational requirements, if any, we should be targeting for multisig support
-
sarang
If we need/expect computationally-limited hardware wallets to be able to do this, that's a strong limitation
-
sarang
but I can't answer whether or not this is needed
-
jwinterm
do hardware wallets like trezor and ledger generally support multisig even for bitcoin?
-
moneromooo
Multisig a hw wallet cannot do is better than multisig noone can do.
-
jwinterm
I guess if they work with electrum?
-
sarang
We would need more general RSA group support, but a general library like OpenSSL would be able to handle it with some work
-
sarang
(the limitation is general RSA groups)
-
» moneromooo a bit puzzled about RSA appearing here
-
sarang
Meaning prime-product groups
-
sarang
It's not the RSA algorithms per se
-
sarang
for Paillier encryption/decryption needed for multisig
-
moneromooo
ty
-
sarang
Downside is that the primes are selected by the users; they aren't fixed globally
-
sgp_
I'd rather kill multisig for Ledger/Trezor than not have Triptych or Arcturus
-
dgoddard__
Ditto. Also... *how much* more computational requirement are we talking? If HW wallets will handle that in ~5 years' time, it's a limited problem
-
dEBRUYNE
sgp_: +1
-
dEBRUYNE
I think as long as we have 'standard' multisig support plus standard hardware wallet support, there will be little complaints
-
sgp_
right, people can still use non-multisig on those devices
-
dgoddard__
Cool
-
sgp_
sarang: what would it take for us to feel more comfortable in the atypical assumption in Arctutus? An audit?
-
dEBRUYNE
Why not play it safe and simply select Triptych? I think the advantages of Arcturus were not that substantial (I may be off here, sarang can clarify probably)
-
sarang
Space benefits; verification time is comparable
-
sgp_
-
sgp_
space benefits >10%
-
selsta
Would a Triptych -> Arcturus migration be possible at some point?
-
sgp_
for the record, I still support Triptych, but it would be interesting to see what extra effort Arcturus would take since the benefits are not something to dismiss entirely imo
-
dEBRUYNE
Not sure 10% is worth the risk of having atypical assumptions
-
dEBRUYNE
Space is arguably fairly cheap, especially in comparison to verification time
-
sgp_
I agree verification time is more important
-
sgp_
hard to tell exactly from the chart, but looks like ~20-25% smaller?
-
selsta
Isn’t this batching related?
-
sgp_
verification is effectively the same for both
-
sgp_
batched and unbatched
-
selsta
Right, I meant the space benefits only come with batching compared to Triptych IIRC
-
sgp_
maybe I'm missing something, but why is batching relevant for tx size?
-
selsta
I meant multiple inputs, batching was the wrong word
-
selsta
here are the charts sarang posted a while ago
-
selsta
-
selsta
-
selsta
-
sgp_
sarang would know for sure but that's how I would interpret those three charts
-
sgp_
the arcturus paper showed the verification times for Monero txs from 18 October 2018 to 14 February 2020
-
sgp_
if we switched to Arcturus, we'd probably have to change the txs fees to incentivize large-input-# transactions somehow
-
sgp_
obviously not too much incentive, but to enough to fairly encourage one tx with many inputs over several with fewer inputs
-
hyc
that sounds ike something of only temporary value. for people with lots of dust in their wallets
-
sgp_
makes batched payments cheaper too
-
hyc
batching is for multiple outputs, no?
-
hyc
why this focus on number of inputs?
-
sgp_
just because the cost of the verification is lower per input as the # of inputs increase
-
sech1
Many-input-# transactions are less private, see EAE attack
-
sgp_
sech1: well, "it depends" :)
-
sgp_
back to arcturus vs triptych, it's unclear to me what if anything we can do to feel comfortable with arcturus
-
sgp_
I clearly don't have the skills to assess that
-
dgoddard__
I have the same question as selsta about feasibility of Triptych -> Arcturus migration at some point
-
nioc
there are charts similar to above for verification time that I can't find at the moment dependent on the ringsize
-
nioc
I remember Arcturus have a verification time advantage but
-
nioc
*****there are charts similar to above for verification time that I can't find at the moment
-
nioc
I remember Arcturus have a verification time advantage but dependent on the ringsize
-
sarang
Arcturus and Triptych share the same key image format, so switching the required proof from one to the other in consensus is possible without an output set migration
-
sarang
Input count is indeed where you see Arcturus shine, since it requires only one proof per transaction... Triptych (like CLSAG and MLSAG) requires a proof per input
-
dEBRUYNE
Most transactions either have 1 or 2 inputs though, so for those Arcturus wouldn't have a significant impact, correct?
-
sgp_
dEBRUYNE: the chart at the bottom of the Arcturus paper showed the numbers for real Monero transactions over that 1.5 yr window
-
sgp_
average # of inputs is >2 iirc, but someone did the numbers on this at some point
-
sgp_
-
dEBRUYNE
Thanks
-
sgp_
2.7 average RCT only
-
sgp_
90% 1 or 2 in
