Lelantus disabled temporarily

Hi!
Great to read about the progress so far, thanks for being transparent and taking the time to post updates.

Yet there is some aspect in using the CLI-wallet which seems related to the currently disabled Lelantus protocol that I don’t understand: Similar to user darkfusion (see above), I chose a rather unfortunate time to run firo-cli mintlelantus to about half of my wallets funds before noticing this thread.
I understand that the to-be-minted part of my funds is now locked until this is resolved but what remains unclear to me is that I also cannot seem to transfer any of the remaining funds (sendtoaddress returns with code -6 and message Insufficient funds), so basically my whole wallet went into some kind of locked state.

This might probably be not the right place to ask but is there a cli-equivalent to what anwar proposed as a temporary workaround (choosing Abandon transaction in the gui-wallet)?

Thanks for any hints on this and good luck for the upcoming implementation tasks!

You can use abandontransaction "txid". A successful abandon will return a (null). You might need to restart for it to show up as abandoned properly.

sendtoaddress most likely did not succeed because it is waiting for change from the now disabled Lelantus transaction.

Trail of Bits has also agreed with the opinion of the team to add the additional proof for safety even if there is no obvious weakness.

An excerpt of their comment:

That being said, given that this extra proof seems pretty cheap, I’m definitely on board for adding it for defense-in-depth purposes. It sounds like we’re all not 100% certain on the balance proof being secure without it. Beyond that, it could protect from some unforeseen malicious behavior in the sigma proof itself, or it could potentially mitigate some exploit that relies on some yet to be discovered weakness.

The current timeline is deploy code on testnet on Monday, test/review and hopefully binaries end of week with a one week activation time.

that was a good hint, thanks!
after locating my mint-transaction with listtransactions to get the txid and applying it to abandontransaction i can now use my wallet normally again. yet i’m looking forward to trying out lelantus minting capabilities!
thanks again for your guidance!

We are going to be testing the fixes on testnet later today.

We have made public the code

List of Changes:

• Initialize all Fiat-Shamir transcripts with a domain separator
• Initialize the 1-of-many proof transcript with a hash of the input anonymity set, and with all spent serial numbers
• Initialize the Schnorr proof transcript with all statement group elements
• Added Schnorr representation proofs for the Q_k to properly argue the polynomial cancellation needed for showing balance
• Initialize the range proof transcript with all input commitments
• Do not use a separate transcript for range proof inner products
• Check for number of serials/proofs mismatch
• Check serial not to be 0 in scalar randomize()
• Include public keys into 1-of-many proof transcript
• Include version number into 1-of-many proof transcript and range proof transcripts
• Include data from 1-of-many proof also in balance proof transcript
• Use Hash256 instead of Shas256, which is more secure, it does sha256(sha256(m)), and don’t use length extension
• Added check to verify that n-th power is not returning 1
• Removed unused functions in SigmaExtendedProver/Verifier

We are deployed on testnet keep you guys posted.

The fixes were deployed on testnet and we found a few performance related issues which we are diving into. They aren’t serious (they are related to UI transaction list lags and fee calculation lags) but we are proceeding to make sure it’s in a good state for launch and should be fixed soon.

Thank you for you patience and understanding.

鲁公子 啥时候来中国 开开宣传 中国欢迎你

PR is under review status now. Tests are going well.

Wish us luck!

Any news about lelantus?

等待一切都是好消息 我们将稳步前进

Hi we are resolving some internal comments and Sarang and the blackhat are giving it one more look before we finalize. Thank you for the patience!

In China, we say "delicated work yields fine products. " Looking forword to more applicaiton layer from FIRO !

在中国，我们说：一代一路，寻求共赢。期待来自Firo的更多应用层！

Quick update.

Sarang has verified that all the proposed fixes have been implemented properly but has recommended two small changes that would result in slightly more efficiency and a fixed-size prepend when updating transcripts with vectors This is best practice to mitigate any concatenation collisions as part of a defense in depth strategy.

1. Add vector size into transcript
2. Move inner product domain separator further up

The changes are small enough that it can be implemented today though testing should still be done. The testnet would need to be rewound a bit to incorporate this change.

This delays by a few days but sets long term improvements so I took the decision to do it. Appreciate the patience.

Levon also got into a bad car accident a few days ago but is thankfully okay just a bit shaken up so we gave him a few days off but is now back at work.

Fixes are done. Rolling changes out on testnet first thing tomorrow and doing in depth testing.

Release. Please update asap.

This is a mandatory release that patches Lelantus and hardens it.

Please update before block 365544 (Approx April 22, 20211, 2:00 PM UTC).

Lelantus started? not send money from private balance

8000×4000

With the release of Firo v14.6.0 and the hard fork completed, Lelantus private transactions have now been re-enabled.

Read more here.