@hundehausen - hundehausen hundehausen at @hundehausen
32 Tweets 5 minutes, 21 seconds read

🧵 Huge twitter thread about the future of Monero Monero plans to implement a new transaction protocol called Seraphis, which allows for larger ring sizes than the current RingCT protocol.

However, because Seraphis uses a different key image construction, it is not compatible with CryptoNote addresses. As a result, each user will need to create a new set of addresses using their existing private keys.

This presents an opportunity for Monero to improve its addressing scheme, and Jamtis is a new addressing scheme that was developed specifically for Seraphis to address the limitations of CryptoNote addresses.. ### Disclaimer I can not guarantee that all information are correct.

Things are changing quickly, and I am not always having all information. For some features I am not sure about whether they belong to Seraphis or to Jamtis or to both. I copied some sentences out of presentations or GitHub repos.

Seraphis in addition with Jamtis are huge updates for Monero. I don’t think there have ever been such big updates in Monero. In this thread I think I will cover up the main features of Seraphis and Jamtis, but for sure not all of them. # Seraphis ## Description

Seraphis is a 'transaction protocol abstraction' that developer [koe](

github.com/UkoeHB

Rather than update individual building blocks of the existing RingCT transaction protocol, it introduces a different protocol that can take advantage of different building blocks and offer improved functionality. Seraphis is a major change to the Monero ecosystem.

While it involves modifications to addresses and transaction building blocks, its design offers flexibility and useful functionality that aren't possible with today's RingCT protocol.

While much of the design is finalized and being developed into [an implementation](https://t.co/71F2RURJAV), address design and security analysis are ongoing. ## Features ### View Balance Key

github.com/UkoeHB/monero/…

Currently, a Monero Wallet can provide a shareable Secret View Key (Cryptonote view key), which can be used to see incoming transactions for a wallet.

However, it does not show outgoing transactions, so the actual balance of a wallet is likely to be incorrect if it has had outgoing transactions.

What many people do not realize is that Cryptonote view keys can accurately identify the full balance for most users with a success rate of 95% or higher.

When a transaction is made, each of the inputs will have at least one ring member from the user's stored funds, and at least one of the outputs will be owned by the user (the change output).

Most transactions with outputs sent by other people will not satisfy both of these conditions, so the input transactions that match the user's stored output in those transactions are likely to have been spent by the user.

Seraphis introduces new „View Balance Keys“: they can view all incoming and outgoing funds. Pros: - Enables a safer, fully featured watch-only wallet - Vastly improves the offline cold signing, hardware wallet, and multisig user experience

- Has materially similar privacy properties to today’s view key - Enables light wallets with stronger privacy properties Cons: - After ring sizes increase a significant amount, view balance keys can be more powerful surveillance tools than view keys at that point

### Light wallets gain stronger privacy To identify transactions belonging to a user, he has to scan all transactions on the blockchain since wallet creation. This can be slow.

An existing workaround are light wallets, that are connecting to a light wallet server that is constantly scanning new blocks for transactions of a specific wallet. This can be done on a Raspberry Pi for example.

But with the current implementation of Monero, light wallet server can see a user’s outputs and amounts. This can lead to a privacy problem.

With Seraphis it will be possible to use a light wallet server, that will not be able to see amounts and can definitively not identify a user’s outputs, so long as a user does not reuse an address to receive Monero.

If a user reuses an address, they reveal to the light wallet server which enotes were received to that address. # Jamtis Due to a different key image construction, Seraphis is not compatible with CryptoNote addresses.

This is why we need Jamtis which comes with a new address scheme. Its original inventor is @tevador. ### New address schema Jamtis has lots of improvements that address several issues that Monero addresses have right now.

Monero currently has three address types: primary address of a wallet (starts with a 4), subaddress (starts with an 8) and integrated addresses which contain a payment id. Jamtis proposes eliminating the differences between the primary address and subaddresses.

A Jamtis address starts with xmr1 and typically consists of 181 characters. There is no longer any "primary address" - all Jamtis addresses are equivalent to a subaddress. Jamtis addresses are base-32 all lowercase encoded.

They mitigate the Janus attack, which can be used to link two subaddresses to one wallet. Jamtis addresses can be generated randomly and offline. Jamtis addresses can be recovered without needing a lookahead.

### Certified addresses Currently, Monero still has integrated addresses, which can be useful for merchants who want to integrate a unique payment identifier for each order, while maintaining a single address for repeat customers.

But integrated addresses are meant to be deprecated soon, because there are problems that come with them: - Can’t send to >1 integrated address in a single transaction - All transactions have an 8-byte payment identifier on chain (possible problem for privacy)

This is why Jamtis comes with the proposal of certified addresses. They are uniquely generated Jamits addresses that are signed by a single private key.

Users can add a merchant’s Recipient Identifier (RIDs) to their address book, and all future payments made to the certified address will be marked as safe. There is no MITM-attack risk.

Recipient Identifier (RIDs) are like easily readable short hashes of a long 181 character long Jamtis address and make the identification much easier for humans. An example for a use case: When Alice and Bob meet, Bob can write his RID on a piece of paper and give it to Alice.

When Bob sends Alice an address in the future, Alice will know the address belongs to Bob because it is signed with a key that matches the RID Bob gave her.

author avatar
Followers 443 Following 493
Twitter : @hundehausen
Top