1

There is one thing I don't understand about the MLSAG signature.

The additional public keys mixed into the signature ring, must correspond to real unspent outputs in the blockchain, isn't it? Otherwise one could identify them as just obfuscating keys.

But in that case traceability will increase over time, at the pace those additional outputs are spent.

S. Noether's paper is not very clear at this respect, so perhaps I'm not interpreting this correctly ... Is there another source that could shed light on this issue?

Kurt

Kurt
  • 131
  • 2

1 Answers1

2

There are in-depth ways to answer your concerns, but it seems like you probably already understand most of it already, and it's just a matter of stepping back and seeing the whole picture.

There are very, very few instances now where outputs can be shown to be provably spent. For this reason, it's not fair to assert that traceability will increase over time.

It is true that there are cases where outputs can be shown to be provably spent. One such example would be when ring members were all outputs from a prior ring with only one ring member. This type of situation did happen prior to the enforcement of a mandatory minimum ring size.

Since the hard fork / protocol upgrade in September 2017, there has been a manadatory minimum ring size of 5. Though through mere chance the occasional output in a post-Septemer 2017 transaction may be shown to have been provably spent, a series of events allowing for that would be exceedingly (though, for me, unquantifiably) rare.

scoobybejesus
  • 5,515
  • 21
  • 42