serai/coins/monero
Luke Parker a25e6330bd
Remove DLEq proofs from CLSAG multisig
1) Removes the key image DLEq on the Monero side of things, as the produced
   signature share serves as a DLEq for it.
2) Removes the nonce DLEqs from modular-frost as they're unnecessary for
   monero-serai. Updates documentation accordingly.

Without the proof the nonces are internally consistent, the produced signatures
from modular-frost can be argued as a batch-verifiable CP93 DLEq (R0, R1, s),
or as a GSP for the CP93 DLEq statement (which naturally produces (R0, R1, s)).

The lack of proving the nonces consistent does make the process weaker, yet
it's also unnecessary for the class of protocols this is intended to service.
To provide DLEqs for the nonces would be to provide PoKs for the nonce
commitments (in the traditional Schnorr case).
2024-04-21 23:01:32 -04:00
..
generators monero: match monero's stricter check when decompressing points (#515) 2024-02-17 23:16:16 -05:00
src Remove DLEq proofs from CLSAG multisig 2024-04-21 23:01:32 -04:00
tests monero: reference updated PR in fee test comment 2024-03-22 22:29:55 -04:00
build.rs Further expand clippy workspace lints 2023-12-17 00:04:49 -05:00
Cargo.toml Remove DLEq proofs from CLSAG multisig 2024-04-21 23:01:32 -04:00
LICENSE Update licenses 2023-01-11 23:05:31 -05:00
README.md Update Monero README 2023-03-31 07:02:57 -04:00

monero-serai

A modern Monero transaction library intended for usage in wallets. It prides itself on accuracy, correctness, and removing common pit falls developers may face.

monero-serai also offers the following features:

  • Featured Addresses
  • A FROST-based multisig orders of magnitude more performant than Monero's

Purpose and support

monero-serai was written for Serai, a decentralized exchange aiming to support Monero. Despite this, monero-serai is intended to be a widely usable library, accurate to Monero. monero-serai guarantees the functionality needed for Serai, yet will not deprive functionality from other users.

Various legacy transaction formats are not currently implemented, yet we are willing to add support for them. There aren't active development efforts around them however.

Caveats

This library DOES attempt to do the following:

  • Create on-chain transactions identical to how wallet2 would (unless told not to)
  • Not be detectable as monero-serai when scanning outputs
  • Not reveal spent outputs to the connected RPC node

This library DOES NOT attempt to do the following:

  • Have identical RPC behavior when creating transactions
  • Be a wallet

This means that monero-serai shouldn't be fingerprintable on-chain. It also shouldn't be fingerprintable if a targeted attack occurs to detect if the receiving wallet is monero-serai or wallet2. It also should be generally safe for usage with remote nodes.

It won't hide from remote nodes it's monero-serai however, potentially allowing a remote node to profile you. The implications of this are left to the user to consider.

It also won't act as a wallet, just as a transaction library. wallet2 has several non-transaction-level policies, such as always attempting to use two inputs to create transactions. These are considered out of scope to monero-serai.