Highest Voted 'ringct' Questions - Monero Stack Exchange

20

votes

1 answer

ELI5: How does RingCT work?

Can someone explain simply how RingCT can make sure that a user has the specified amounts without seeing it? My mind starts to pause as soon as i see formulas on a whitepaper.

ringct

asked Aug 08 '16 at 23:30

JollyMort

19,934
3
46
105

11

votes

1 answer

What are 3 types of Ring CT transactions?

In monero, there are three types of RingCT transactions: enum { RCTTypeNull = 0, RCTTypeFull = 1, RCTTypeSimple = 2, }; They can be observed in https://xmrchain.net/ But it's not clear what differences there are among the three types, and why…

ringct

asked Jan 14 '17 at 09:04

QuriousAboutRingCT

111
2

5

votes

1 answer

How does RingCT increase in transaction sizes affect people?

With the recent hardfork of RingCT there has been talk about the transaction sizes increasing to 25kb on average which is a lot more than before. My question is how does that affect people? Does it affect greatly people who run a full node? Does it…

ringct

asked Jan 11 '17 at 04:28

user202

199
1
6

5

votes

1 answer

Where is the encrypted mask value?

Checked this link: https://moneroblocks.info/api/get_transaction_data/4adb55cde1ffcc0ea639b6718355c48c0e574000306d95ef857e55d91ddabcf2 I could not find the encrypted mask value. I believe the encrypted amount is in the ecdh part: "ecdhInfo": [ …

ringct

asked May 26 '19 at 18:50

WeCanBeFriends

660
3
7

4

votes

2 answers

How is the used Pedersen commitment kept secret?

I understand one can have two commitments P and Q, and show the world that P - Q = 0 - communicating the commitment to only the recipient. In fact, it can be done with many input commitments P1 ... Pn. However, how do the other commitments remain…

ringct

asked Nov 12 '18 at 22:32

Nicholas Pipitone

101
6

3

votes

2 answers

How do I make RingCT transactions now after the recent hardfork?

As the title says. Can I make RingCT transactions now on mainnet. If so, how? What is the command or its options in simplewallet?

ringct

asked Jan 09 '17 at 22:24

NewRingCTuser

31
1

3

votes

1 answer

Where can I find the selection of the decoys (stealthy addresses) when constructing a transaction?

When constructing a new transaction, I have reached the function cryptonote_core/cryptonote_tx_utils.cpp/construct_tx_with_tx_key() and I am trying to understand where the decoys came from? How and when are they selected?

ringct

asked Sep 04 '18 at 13:06

adsl

315
1
8

2

votes

1 answer

How does a Monero node know to reject Borromean range proofs

Now that Bulletproofs have been deployed, how does a Monero node know to reject any Borromean range proofs? Is there something like a checkpoint, so that after block N, no more Borromean range proofs are allowed?

ringct

asked Jun 24 '19 at 23:56

WeCanBeFriends

660
3
7

2

votes

1 answer

How is there no key image for the commitment to zero in MLSAG?

zero to monero 5.7.2 mentions there not being a key image for the commitment to zero. How is this possible? Quote: "Recalling Section 5.6.3, there is no key image for the commitments to zero zjG, and consequently..." I was under the impression that…

ringct

asked May 04 '19 at 14:06

WeCanBeFriends

660
3
7

2

votes

1 answer

Key image forgery

Given a keypair (k,K); the key image is calculated as: KeyImage = k * H(K) What is stopping someone from giving a fake K in the hash function?

ringct

asked Apr 29 '19 at 13:17

WeCanBeFriends

660
3
7

2

votes

1 answer

Different MLSAG implementations across papers

In MRL005, See page9, they describe the signing key for a given ring as Sum public keys + SumInputs - SumOutputs In zero to monero, Page49 section "MLSAG signature for inputs", they describe it as SumInputs - SumOutputs Could someone explain the…

ringct

asked Apr 27 '19 at 21:09

WeCanBeFriends

660
3
7

2

votes

1 answer

How does commitment to zero work?

Given two inputs each with their respective committed amounts; P1, P2. Then given two outputs each with their own respective committed amounts; P3, P4. We want to prove that the inputs - outputs - fee * G = 0 P1 = a1 * G + r1 * H P2 = a2 * G + r2 *…

ringct

asked Apr 20 '19 at 19:47

WeCanBeFriends

660
3
7

1

vote

1 answer

Additional keys/commitments for MLSAG

There is one thing I don't understand about the MLSAG signature. The additional public keys mixed into the signature ring, must correspond to real unspent outputs in the blockchain, isn't it? Otherwise one could identify them as just obfuscating…

ringct

asked Nov 27 '17 at 23:23

Kurt

131
2

1

vote

1 answer

Why do we have MLSAG when we only need two keys?

If I understand correctly, MLSAG is being used only when we have two keys. Is it being used in other places when we have maybe three or more keys? To clarify, by two keys I mean we are trying to prove ownership of the private key for two public keys…

ringct

asked Jun 25 '19 at 16:08

WeCanBeFriends

660
3
7

1

vote

1 answer

What is the difference between tx version 1 and RingCT version 2?

What were the changes from version 1 to version 2? I think that version 1, did not have confidential txs, but was still based on cryptonote? I'm also guessing that in version 1, we did not have these different signature types like RCTTypeSimple and…

ringct

asked Jun 25 '19 at 15:39

WeCanBeFriends

660
3
7

Questions tagged [ringct]