UkoeHB

A [semi-stable branch](https://github.com/UkoeHB/monero/tree/multisig_addr_v2_boost) to resolve this issue is prepared. It is waiting on [this PR](https://github.com/monero-project/monero/pull/7877).

Hi @AAH20, thanks for your interest in this topic :) > both arguments will be swapped with a fresh generated obfuscated secret key alternatives using the permutation method The 'Wagner...

Fixing this should be a lot easier than expected with FROST-style binonce signing. [Here](https://github.com/UkoeHB/drijvers-multisig-tech-note) is a technical note I wrote discussing the problem and solution.

Yes

Since it's usually obvious when ancient outputs are spent in a modern transaction, we can mess around with ring membership to better hide them. This technique actually facilitates that, by...

[context](https://libera.monerologs.net/monero-dev/20220518#c97036) from @hyc > fyi, my linode monerod has ~5 years worth of logs, 1082 reorgs. all but 4 had size 2, those 4 had size 3.

Would this imply all inputs are at the same index? IIRC RCTTypeFull was never really used much due to that problem.

Time locks are especially cool since they rely on concepts already present in Monero's transaction protocol. 1. Given a commitment to lock time `t` (the tx outputs can be spent...

The implementation would also benefit from (based on the paper): robust key aggregation, and domain separated hashing with prefixes depending on application. It would also benefit from: aggregation signing instead...

From what I can tell in the current version partial key images are unsigned (see export_multisig() in wallet2.cpp), which means a cosigner could send a fake partial key image to...