UkoeHB
UkoeHB
@Sirmadeira this PR originally died because one of the rendering SMEs blocked it. You'll want to get consensus/full approval from the rendering guys before putting any work in.
> @UkoeHB If you dont mind me asking what was the reason for the block? Something about it being too complicated or 'we don't really need this'. If you can...
> One, since we are providing s1sr outright, there is no way to prove that it was actually derived correctly and that the receiver would normally recover that enote if...
> It does not matter how we obtained those x, y, or z, though that method will usually be the Jamtis addressing protocol. It does matter how we obtained them....
> This is possible since Mallory sent only two plain enotes in that transaction, so they shared the same xK_e and destination, and thus the same DHE_1/2/3, and thus the...
I believe this may be a typo on my part.
Actually the burning bug is prevented by completely ignoring duplicates. See section 8.3.2. Using input contexts and requiring uniqueness of K_e just reduce the vectors for burning funds, they don't...
However, I will update the document in the next version to clarify section 8.2.2.
@coinstudent2048 Wrote a [short proof](https://raw.githubusercontent.com/coinstudent2048/writeups/main/proof1.pdf) that linking tags are uniquely defined by one-time addresses if the DL assumption is held.
Sounds good, thanks! I will let this marinate for a couple weeks, then incorporate it into the paper. Do you have a name/pseudonym and email address I can add to...