A ring signature is a group of cryptographic signatures with at least one real participant, but there is no way to tell which in the group is the real one as they all appear valid, while the key image prevents double spends.
Questions tagged [ring-signatures]
100 questions
2
votes
1 answer
Duplicate ring members
A Monero transaction input's ring signature contains a set of one time output keys corresponding to the outputs of some previous transactions. Such a transaction can have multiple inputs, and therefore multiple sets of old outputs. It would not make…
koe
- 379
- 1
- 9
2
votes
1 answer
How do miners verify the Ring Signature of a transaction?
As from I have understood, a Ring Signature is created manipulating the true one time spend key of the sender with some set of keys that are actually "decoys" (precisely some random old keys taken from the blockchain).
Ok, so how do the miners check…
giacom0c
- 187
- 1
- 7
1
vote
0 answers
How do I validate the signature of a Monero transaction manually?
I'm trying to figure out how to validate the signature of a Monero transaction manually.
I've read this question: How to verify MLSAG sign with a real transaction and I am trying to recreate this example. It looks like the transaction is hashed to…
ieatpizza
- 121
- 2
1
vote
1 answer
How to get the r value for commitment in mlsag sign
Refer to ZtM2 chp3.5, we can see that in step 5
rπ = α − cπ * kπ (mod l)
It's fine for public-key-ring part because there is private key kπ.
But what if it is commitment-ring? How to do with no kπ?
Please help to answer it. Thanks!
Mooooo
- 459
- 2
- 8
1
vote
2 answers
How to do MLSAG signatures with vin of type 0 (miner)?
Commitments(outPK) are required when doing a MLSAG signature. However, there is no outPK in a type 0 transaction. example
What should I do as facing this kind of transactions?
I've checked rctSigs.cpp but still don't get it..
Many Thanks!
Sorry…
Mooooo
- 459
- 2
- 8
1
vote
1 answer
How to verify MLSAG sign with a real transaction
I'd like to verify a MLSAG signature with a real transaction but it doesn't work..
I chose a transaction 886687fdd30ad46ef1f7c7c18402d82212b4ae1fd2cf6b4dfc549e46be7e22f6
And here is the code written with mininero
import MiniNero
def MLSAG_Ver(msg,…
Mooooo
- 459
- 2
- 8
1
vote
1 answer
What is a scenario when the other members of the ring signature would have multiple keys?
Looking at the algorithm for ring signature, n members of the ring can have m keys associated with them.
What is a scenario where the other members, not the signer, would have multiple keys associated with them.
In other words, why would the decoys…
WeCanBeFriends
- 660
- 3
- 7
1
vote
1 answer
Identifying the *real* public keys of ring signatures
Since a ring signature uses |R-1| decoy outputs for a ring of size R, is it possible to retrieve from them the real (which reveals the true wallet) A,B values from those stealth addresses?
user1387682
- 367
- 1
- 5
0
votes
1 answer
Do ring signatures sometimes leak "X definitely did not pay Y" info?
I'm trying to understand how privacy in Monero compares to shielded transactions in Zcash. I understand that with Zcash's zk-Snarks, there's no information about sender, receiver or amount.
I think I understand that with Monero, these data are…
Andrew Arnott
- 101
- 2
0
votes
0 answers
Ever thought to improve MLSAG with a RANDOM index for actual UTXO on each level?
As far as I have understood, a unique MLSAG wasn't used in transactions with multiple input UTXOs because of information leakage risk due to the unique index of actual, not decoys UTXOs.
I know that's the past because now we are on a different path…
baro77
- 1