Geez I was so worried about how I would be anonymous in the future and it seems I have the opposite problem and can't even convince people who I am. Perfect. 
I am 60% sure I have an amplification to their paper which makes the attack much more plausible and pervasive.
I need to go eat, then I need to write some code for an algorithm for smooth to document more precisely what I mean by the amplification.
I am 60% sure I have an amplification to their paper which makes the attack much more plausible and pervasive.
I need to go eat, then I need to write some code for an algorithm for smooth to document more precisely what I mean by the amplification.
Okay. My guess though is that you'll came to the same conclusions we did independently too -- assuming that Hp is a cryptographically secure hash function that acts as a random oracle perfectly and that q values are generated totally randomly, that recovery of x (private key) is impossible so long as your PRNG isn't compromised. And, if your PRNG is, then you can't even generate non-ring signatures securely.
Let's get to that point (of whether the private keys can be discovered...which I also have my doubts but do note you have two modular equations P = xG and I = xH(P) once you know i == s when the anonymity is broken) after establishing whether or not my amplification concept radically reduces the anonymity as compared to the calculations in your paper. I am not sure yet, because takes some time to digest your paper. First I will write some code for an algorithm for my amplification idea. Doing that now. Will send via secure channel to smooth.
You do that, Boss.
Here is my public XMR addy so that you can test it and take all my XMR when you get it amplified.
47EApNcKagpN29JgcHh8RgV9odHzzdwMTYuwiE9kPxD7cPy4LWAMCTyhrRXKYxphGaaXSaqfmpZKPgH R3W9xn5HCLPgJb3b
I'm real worried.
