Open kenshi84 opened 8 years ago
luigi1111
commented
8 years ago Yes the paper should be updated, I think. There may be some ASNL updates needed as well.
Note that the second key image is already elided, added (er, removed) by https://github.com/monero-project/monero/commit/c5be4b0beaaa7a703d4e2b84aa9f3c727bf992df
kenshi84
commented
8 years ago Thanks Luigi!
I really appreciate if you could answer my another question on SE.
ghost
commented
8 years ago Yes the paper should be updated, I think. There may be some ASNL updates needed as well.
Note that the ASNL were moved to an appendix sometime this summer in correspondence during the Ledger Journal Review, and finally removed from the paper in response to issue #4 . However I think the simplified version or other modifications would be more appropriate in their own writeup / blog post / whatever - that change to the code was added by request of the monero dev community based on sybil-resistance concerns, and I personally prefer the full key matrix style due to efficiency. https://github.com/ShenNoether/MiniNero/blob/master/RingCT0.5_copy.pdf
luigi1111
commented
8 years ago However I think the simplified version or other modifications would be more appropriate in their own writeup / blog post / whatever
I think I agree with this.
For the ASNL stuff, maybe it makes sense to update the MRL document to match the more recent one, though I don't know if a procedure exists to do so. @fluffypony
After asking this question on SE and getting answer from Luigi pointing me to the code, I think I finally figured out how the simplified version of RingCT works, as in the note below (which is a modification to MRL-005):
https://www.overleaf.com/read/xyhymkfjfqmn
If my understanding is correct, shouldn't this be formally published under MRL?
My second question: As I see it, each ring has a 2x(q+1) matrix containing pairs of (P,C), and also has 2 key images. I think the second key image corresponds to the commitment to zero, which seems unnecessary (we've already checked the double-spend with the first key image). Can't we skip the second key image to make the signature size even smaller?