Bulletproofs(+) steganography

[kayabaNerve]

Currently, under BP/BP+, it's possible to use some of the scalars for steganography given a seeded RNG. The Monero library can explicitly code around this use case by using a distinct RNG for the scalars in question (preventing needing to generate the entire BP to do message recovery) and accepting a Scalar message to encode.

We do not need this under current plans, yet it'd be an interesting feature to support.

[kayabaNerve]

Please note I don't care to support the (much more vacant) CLSAG steganography at this time due to the feasibility of implementing CLSAG and potential privacy implications (reducing the amount of decoys). Implementing Bulletproofs isn't anywhere near as feasible and I don't believe (yet need to check) it has privacy implications.

To be clear:

• For either, without the decryption key (assuming the CLSAG message is encrypted), a third party sees nothing.
• With the decryption key, a receiver can eliminate CLSAG decoys if CLSAG. I don't believe they can recover amounts from BPs though.

[kayabaNerve]

BP+ steganography

1) Does require using the entire BP under RNG 2) Only works in the non-aggregated case, which isn't Monero's

I don't care to actively pursue this accordingly.