Feature Request: Truly random subaddress generation by default about monero HOT 7 OPEN

what if you had previously sent the the address chosen at random to someone and no funds where sent to it.. this sounds like an opsec problem that could be solved with a pen and paper "i sent subaddress at index 13 to joe bloggs on the 22nd october".

from monero.

This is going to be difficult with the current way subaddresses are implemented. The wallet has to know which subaddresses where generated so that it can scan for transactions. Currently this works with a lookahead, but when a subaddress is chosen purely at random this won't work without a huge lookahead.

from monero.

This is going to be difficult with the current way subaddresses are implemented. The wallet has to know which subaddresses where generated so that it can scan for transactions. Currently this works with a lookahead, but when a subaddress is chosen purely at random this won't work without a huge lookahead.

I don't understand what you mean by lookahead, but are there any future plans for work arounds or fixes to mitigate these privacy concerns?

from monero.

what if you had previously sent the the address chosen at random to someone and no funds where sent to it.. this sounds like an opsec problem that could be solved with a pen and paper "i sent subaddress at index 13 to joe bloggs on the 22nd october".

Yeah, everyone knows that, but that's not the root of the problem. That's just like saying Bitcoins anonymous if you use coin mixing, at least that's more anonymous than Moneros subaddress system. Unlike pencil and paper, this approach is way more secure, convenient and untraceable.

from monero.

I don't understand what you mean by lookahead, but are there any future plans for work arounds or fixes to mitigate these privacy concerns?

The wallet has to know the indices of subaddresses so that they can be scanned. By default the wallet scans for the last subaddress that received funds + a lookahead of for example 200.

So if you received funds to subaddress with index 150 it will scan all subaddresses from 0 - 350. If the wallet would generate a truely random subaddresses at index 53489248 then the wallet wouldn't know about it without scanning all subaddresses from 0 - 53489248. While this would be technically possible, it would increase RAM usage significantly.

Seraphis plans to rework how subaddresses work, with it what you are suggesting would be easier to implement. Seraphis is still a couple years away.

from monero.

I don't understand what you mean by lookahead, but are there any future plans for work arounds or fixes to mitigate these privacy concerns?

The wallet has to know the indices of subaddresses so that they can be scanned. By default the wallet scans for the last subaddress that received funds + a lookahead of for example 200.

So if you received funds to subaddress with index 150 it will scan all subaddresses from 0 - 350. If the wallet would generate a truely random subaddresses at index 53489248 then the wallet wouldn't know about it without scanning all subaddresses from 0 - 53489248. While this would be technically possible, it would increase RAM usage significantly.

Seraphis plans to rework how subaddresses work, with it what you are suggesting would be easier to implement. Seraphis is still a couple years away.

https://github.com/seraphis-migration this right?

from monero.

For more information on how the new addressing scheme will work under Jamtis, you can read this gist, or the "Jamtis" chapter of Implementing Seraphis. Using Jamtis address indices, the default behavior for most wallets will be to generate a random address every time.

from monero.