As far as I have understood, a unique MLSAG wasn't used in transactions with multiple input UTXOs because of information leakage risk due to the unique index of actual, not decoys UTXOs. I know that's the past because now we are on a different path with CLSAG and maybe Triptych in the future, anyway I wonder if a MLSAG flavour with random different index for actual UTXO on each level was ever evaluated, and if so why it hasn't been a suitable choice. Thanks!
Asked
Active
Viewed 51 times
0
-
Sounds like you're asking about the prior decision to use RCTTypeSimple (per-input MLSAG) for multi-input transactions instead of RCTTypeFull (one MLSAG over all inputs)? Assuming that's what you are referring to, the decision seemed to be made based on a concern rather than some formal proof it was needed. But as you say, that's in the past, Monero has moved onto CLSAG (current) and Triptych (upcoming), so the discussion is mute. – jtgrassie Feb 10 '21 at 01:50
-
@jtgrassie thanks, yes that was the right formulation of my question. I asked because I'm studying SAGs flavours and when I met MLASG and its "common real-UTXOs' index problem" I have thought that randomizing that index value on each layer could have been a simple effective mitigation. But I'm a rookie, so I'm trying to understand if it could have been a good idea or not (and in case why), so for me to dig a bit deeper on this topic is a way to check my learning of this stuff... so any opinion/infos about it really appreciated! – baro77 Feb 10 '21 at 08:19