Monero logs

02:14:04 louislibre:matrix.org: I want to share this idea for off-chain zero-trust crypto notes.

02:14:18 BoBeR182: like tornado cash?

02:14:22 BoBeR182: but for monero?

02:14:41 louislibre:matrix.org: Basically the user supplies half the entropy for the final keys. So you can trust neither the user nor the issuer have the full private key ( unless removing the secure element of the note )

02:15:03 louislibre:matrix.org: https://mrelay.p2pool.observer/m/matrix.org/lxiiTFwPdKrvCsBhGrGHJUty.jpg (unnamed.jpg)

02:15:09 louislibre:matrix.org: https://mrelay.p2pool.observer/m/matrix.org/nrsmOpdtIlsrjKspOqgrPkbm.jpg (unnamed4.jpg)

02:15:22 louislibre:matrix.org: I also made the AI generate a monero design

02:15:29 louislibre:matrix.org: https://mrelay.p2pool.observer/m/matrix.org/VnqgfSsjTiXNlQIWBlovzmFi.jpg (unnamed5.jpg)

02:16:40 BoBeR182: you still have to trust the issuer to my understanding

02:16:54 BoBeR182: since the private key is precreated and hidden under the scratch part

02:18:28 louislibre:matrix.org: Only half of it. Plus the issuer has no idea what entropy the user will supply into the note so they don't even know what final public address was generated.

02:20:18 louislibre:matrix.org: A standard 12 word seed is 128 bits, which is what you can get by 128 dot grid. It would be as secure from the issuer as any 12 word wallet.

06:30:40 jeffro256: > <@louislibre:matrix.org> Basically the user supplies half the entropy for the final keys. So you can trust neither the user nor the issuer have the full private key ( unless removing the secure element of the note )

06:30:41 jeffro256: This is an interesting idea, and one of the more thought out concepts for paper crypto notes I have seen. However, I have a couple issues with this. First, since the address spend pubkey is not known until the first user creates entropy, the note cannot be funded automatically, as the first user must first send the entropy to [... too long, see https://mrelay.p2pool.observer/e/ub-n1u0KMlNERm5f ]

06:40:58 jeffro256: Third issue: QR codes can be tampered with , so the issuer pubkey QR code is a point of failure since a counterfeiter could take a real note, and then paste on another QR code of a pubkey that they control, then rug the fund after they use the note to purchase something. What you would need to do to add a "note ID", some numbe [... too long, see https://mrelay.p2pool.observer/e/l8bN1u0KM3hzVVBp ]

06:53:17 jeffro256: Fourth issue: if the issuer ever encounters this note in the wild, they now know the entire secret key

06:59:46 jeffro256: Fifth issue: 64 bits is far too little to prevent collisions, and even with 128 bits, to prevent birthday attacks, y should be calculated as a hash binding a note-specific piece of information (e.g. the X pubkey and/or note ID), so e.g. y = H_n("User-provided secret key" || X || note ID || user entropy bits). Thus, the the a [... too long, see https://mrelay.p2pool.observer/e/8K-S1-0KMTZzYkxq ]

07:00:10 jeffro256: https://en.wikipedia.org/wiki/Birthday_attack

07:56:52 321bob321: Happens once a year ?

08:03:28 jeffro256: Sixth issue, related to the first issue: is 2 users "claim" a note by submitting entropy tied to a specific note, how does the issuer know which one is telling the truth, and which is lying? Which version of the address should be funded?

08:03:43 jeffro256: *if 2 users

08:07:50 jeffro256: The issuer can take the policy of "first come, first serve", and hope that it works, but that may let a previous holder of the note "burn" the money contained in the note. At least, with interaction from the issuer, this can be resolved of race conditions ...

10:19:17 monerobull:matrix.org: whats up with the mempool?

10:19:29 monerobull:matrix.org: just an exchange managing outputs or spam attack?

10:45:28 louislibre:matrix.org: > <@jeffro256> This is an interesting idea, and one of the more thought out concepts for paper crypto notes I have seen. However, I have a couple issues with this. First, since the address spend pubkey is not known until the first user creates entropy, the note cannot be funded automatically, as the first user must first s [... too long, see https://mrelay.p2pool.observer/e/tOPM3e0KSXp2S2VM ]

10:45:28 louislibre:matrix.org: Thanks for the feedback jeffro256.

10:45:28 louislibre:matrix.org: 1. The notes can be reworked as a crypto checkbook, so yes they are only funded after providing entropy.

10:45:28 louislibre:matrix.org: 2. For the QR tampering the note would have a serial number you can verify in the hypothetical issuer website.[... more lines follow, see https://mrelay.p2pool.observer/e/tOPM3e0KSXp2S2VM ]

10:45:43 louislibre:matrix.org: https://mrelay.p2pool.observer/m/matrix.org/nZcljmbxjIAPRCZyKTQLYjYh.jpg (unnamed11.jpg)

10:46:34 louislibre:matrix.org: That would be the checbook, user buys the set of checks, fills them with entropy and the funded amount. Receiver can verify the funds are there by following the instructions on the back.

10:54:47 Guest3468: hello

20:01:36 tradex:matrix.org: Hey > <Guest3468> hello