[XMR] Monero - A secure, private, untraceable cryptocurrency

[OrientA]

btc is going down because it can not longer be used to buy in the markets of tor
All purchases of bitcoin are tracked by the FBI
then they can not use them on the markets
are caught immediately
so you have to do a bit of advertising on XMR
in these markets
buy bitcoins and exchange them for XMR
and then use them to do what you want
if XMR does not do so
will do it some other CN currency
they will
before XMR
and lose the boat
if we do this will stabilize the price of btc
and at the same time, XMR could rise to levels that we can not imagine
you have to convince the markets on tor
to use XMR
this is the best thing for Monero

Good thought. If you buy XMR with BTC and use XMR instead, then BTC price will fall, but not much as XMR market cap is not big.

[1715398343]

1715398343

[1715398343]

1715398343

[1715398343]

1715398343

[1715398343]

1715398343

[1715398343]

1715398343

[smooth]

Moneropool.com:

Network
 Hash Rate: 20.64 MH/sec
Our Pool
 Hash Rate: 9.04 MH/sec

35% not observed?

The hash rate is very concentrated.

Dwarf pool: 5.28 MH/s,
crypto-pool.fr: 3.5 MH/s.

So for those three total: 17.7MH/s, or 85% of total.

If those 3 were taken out, XMR is in trouble.

Good observation. Please move your hash rate off these pools if you are using one of them. See OP for a list of other pools, especially ones that donate to development.

Any pool that pays out at least a few blocks per day is big enough to produce reasonably low variance.

If you are running a wallet/node consider turning on solo mining (start_mining command in either daemon or wallet). Every little bit helps.

[OrientA]

Moneropool.com:

Network
 Hash Rate: 20.64 MH/sec
Our Pool
 Hash Rate: 9.04 MH/sec

35% not observed?

The hash rate is very concentrated.

Dwarf pool: 5.28 MH/s,
crypto-pool.fr: 3.5 MH/s.

So for those three total: 17.7MH/s, or 85% of total.

If those 3 were taken out, XMR is in trouble.

Good observation. Please move your hash rate off these pools if you are using one of them. See OP for a list of other pools, especially ones that donate to development.

Any pool that pays out at least a few blocks per day is big enough to produce reasonably low variance.

If you are running a wallet/node consider turning on solo mining (start_mining command in either daemon or wallet). Every little bit helps.

I wonder if there is a detailed instruction to set up own pool using Windows.

[smooth]

Moneropool.com:

Network
 Hash Rate: 20.64 MH/sec
Our Pool
 Hash Rate: 9.04 MH/sec

35% not observed?

The hash rate is very concentrated.

Dwarf pool: 5.28 MH/s,
crypto-pool.fr: 3.5 MH/s.

So for those three total: 17.7MH/s, or 85% of total.

If those 3 were taken out, XMR is in trouble.

Good observation. Please move your hash rate off these pools if you are using one of them. See OP for a list of other pools, especially ones that donate to development.

Any pool that pays out at least a few blocks per day is big enough to produce reasonably low variance.

If you are running a wallet/node consider turning on solo mining (start_mining command in either daemon or wallet). Every little bit helps.

I wonder if there is a detailed instruction to set up own pool using Windows.

I thought there was instructions for setting up the pool software. Anyone know?

If not we should create that.

[PlasticStool]

A miner here.

Currently I use Claymore's miner with AMD cards.  I pay a 5% dev fee, which I think is a bit too high, but I acknowledge that the dev deserves something for his/her efforts.

If XMR devs were to create an equivalent or better Windows64 AMD miner with a 4% fee going to the XMR devs I reckon that would be a win/win.


Something to think about.

[Odalv]

I was wrong, now I'm beginning to understand. :-) Thank you for your patience and responses. Monero looks fine.

I cannot find out where is the check  SUM of inputs == SUM outputs + transaction fee. 

There is no tx_fee stored in the transaction. tx_fee is computed as =(sum of inputs) - (sum of ouputs). If you are looking for that in the code and can't find it let me know and I'll point it out for you.

So miner(or anybody) knows sum of all spent inputs and outputs ?

Who or what prevents me from ring-signing your input and send your money to my address(output).

You can't send the money without the private key corresponding to that output. Nothing about including an output in a ring signature gives you access to the private key. The whole point of ring signatures is that you can construct a ring signature using only the public, not private keys of the other possible signers.

You have only your own private key, so you can only spend your own outputs.

What this ring signature guarantees. (may I spend all inputs ? is this agreement of this group ? If it guarantees nothing (because anybody can create signature) then why is there (just "smoke screen" for propaganda we are untraceable?))  ... or I'm too stupid.

It guarantees that someone in the group has the private key that enabled him to sign a transaction spending the output. This allows an observer to verify that the output has been spent by the authorized party (someone with the private key) but does not allow the observer to determine which of the group is the authorized party.

Thank you.
Example:
I have(I know private keys) 2 unspent "addresses"  a1=5 XMR and a2=5 XMR, I want pay for goods 2 XMR (address g1.) and send the rest to a3. To confuse observer I'll use both input addresses.

Transaction
input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )
I'll ring-sign with  a1 private key, Is this correct ?

Almost. You will will sign with both a1 and a2 private keys, allowing you to spend both outputs.

If you want to ring sign (it is optional) you can also include in the ring sig additional public keys from other outputs that you don't control (you just pull them from the blockchain). The observer can't tell which of the outputs was the actual source (where you hold the private key) but can verify that there is a valid private key being used for each input.

Hope that helps!

Am I right ?

Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)

using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?

implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1

Am I missing something ?

[argentinx]

OrientA
to buy xmr with btc
you have to buy btc with money asd
so btc dont fall but may stabilize the price

I do not propose to make an exchange
XMR/USD or XMR/EUR
because then it could cause problems
to exchange
so if you use it in tune
btc and XMR
I think it's the best system
for maket in tor system
and at the same time
XMR will have a surge in the price

[sucksyd]

Price of XMR going down, it makes me cold.  The leaves of autumn turn dreary and my spirit sinks.  The winter of my discontent comes the morrow.

chill down with chillness lol

[smooth]

6. The whole point of a different tail emission is (like smooth mentioned just a few posts earlier) that miners do not depend on transaction fees. Taking this to the logical conclusion, we should assume zero transaction fees for the purpose of the tail. Furthermore, the other purpose of transactions fees if not miner reward is spam prevention. This can possibly be deflected with proof-of-work "fee" and monetary transaction fees eliminated. You keep repeating that miners should be rewarded from the fees; this is precisely what we're trying to prevent with this discussion.

Assuming zero fees is a reasonable conceptual model whether or not anti-spam fees are replaced by proof-of-work or some other such non-monetary mechanism.

All these and some of your earlier comments like the inclusion of rpietila or CZ in the group that decides how the devfund is spent (7) suggest you either are trolling or have ulterior motives.

7. There is no reason or moral ground for a representative of the large holders or a competing crypto-currency to have this kind of decision power on the devfund. If CZ joins the Monero core devs, he would be entitled to that position. Similarly, rpietila will already represent the large holders to some degree through the Workshop. Once the Workshop dispenses half of the vote cost to the devfund, the Workshop should have no decision power on those funds.

I'm calling you out.

I found the inclusion of CZ to be bizarre, but given that it is multisig for approval of disbursements and not even voting, the effect of someone like CZ being included is likely that he wouldn't even pay attention to this at all, and the multisig would revert to being 5/8 instead of 5/9. That isn't a disaster and might even be a good thing in terms of tighter control on spending, but its a bit of a silly way to do that.

I'd prefer to have outside approvers who don't even have anything to do with Monero or any other coin development but are charged to keep an eye on us and make sure (as a condition for continuing to approve spending) we aren't stealing the funding or using it for parties. I don't have any specific suggestions though.

But smooth, both for the crowdfunding attempt and as justification for the "loan", that spreadsheet needs to be done and it nobody but the core team that can do it.

Before there is any formal proposal for crowdfunding or a post-mine or whatever there will definitely a specific list of tasks and priorities. There will also likely be some sort of statement about the need for flexibility and ability to adjust priorities in a changing environment, but that won't take the place of being explicit about what the funding is intended to be used for.

[smooth]

So miner(or anybody) knows sum of all spent inputs and outputs ?

The ins and outs each have amounts, so you can add that up.

Am I right ?

Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)

using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?

implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1

Am I missing something ?

I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.

And what does g1 (or a3 for that matter) denote on your output?

[Odalv]

So miner(or anybody) knows sum of all spent inputs and outputs ?

The ins and outs each have amounts, so you can add that up.

Am I right ?

Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)

using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?

implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1

Am I missing something ?

I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.

And what does g1 (or a3 for that matter) denote on your output?

yes I want use "foreign output used for a ring sig" to obscure transaction. I'll pull it from block chain.
g1(I pay for god) and a3(my new address)  does not matter.

[smooth]

So miner(or anybody) knows sum of all spent inputs and outputs ?

The ins and outs each have amounts, so you can add that up.

Am I right ?

Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)

using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?

implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1

Am I missing something ?

I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.

And what does g1 (or a3 for that matter) denote on your output?

yes I want use "foreign output used for a ring sig" to obscure transaction. I'll pull it from block chain.
g1(I pay for god) and a3(my new address)  does not matter.

Okay well like I said, each input will have it own set of foreign outputs used for mixing. Such outputs will all be of the same size, so this doesn't change the amount of the transaction, just its possible funding sources. Perhaps you want to revise your example?

[Odalv]

So miner(or anybody) knows sum of all spent inputs and outputs ?

The ins and outs each have amounts, so you can add that up.

Am I right ?

Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)

using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?

implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1

Am I missing something ?

I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.

And what does g1 (or a3 for that matter) denote on your output?

yes I want use "foreign output used for a ring sig" to obscure transaction. I'll pull it from block chain.
g1(I pay for god) and a3(my new address)  does not matter.

Okay well like I said, each input will have it own set of foreign outputs used for mixing. Such outputs will all be of the same size, so this doesn't change the amount of the transaction, just its possible funding sources. Perhaps you want to revise your example?

Please can you make example:
1) I have unspent output  5 XMR, I want to pay 3 XMR for goods and 1 XMR transaction fee.
2) I want obscure my payment with 1 foreign input what holds 6 XMR.

[smooth]

So miner(or anybody) knows sum of all spent inputs and outputs ?

The ins and outs each have amounts, so you can add that up.

Am I right ?

Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)

using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?

implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1

Am I missing something ?

I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.

And what does g1 (or a3 for that matter) denote on your output?

yes I want use "foreign output used for a ring sig" to obscure transaction. I'll pull it from block chain.
g1(I pay for god) and a3(my new address)  does not matter.

Okay well like I said, each input will have it own set of foreign outputs used for mixing. Such outputs will all be of the same size, so this doesn't change the amount of the transaction, just its possible funding sources. Perhaps you want to revise your example?

Please can you make example:
1) I have unspent output  5 XMR, I want to pay 3 XMR for goods and 1 XMR transaction fee.
2) I want obscure my payment with 1 foreign input what holds 6 XMR.

You can't do #2 with the the protocol works today. There is a modification from gmaxwell that allows using foreign outputs of different sizes but it isn't implemented anywhere AFAIK.

Your foreign ouputs need to be of the same size.

So we would have (borrowing some of your notation)

tx(input(ring(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR)) -> output(r1(3 XMR),c1(1 XMR)))

a1 = our own upspent output
f1..f3 = foreign outputs of size equal to a1
r1 = output owned by recipient
c1 = change output owned by us

We could also include additional inputs (and generate more change) if we wanted to further obscure the amount of the transaction.

[Odalv]

So miner(or anybody) knows sum of all spent inputs and outputs ?

The ins and outs each have amounts, so you can add that up.

Am I right ?

Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)

using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?

implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1

Am I missing something ?

I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.

And what does g1 (or a3 for that matter) denote on your output?

yes I want use "foreign output used for a ring sig" to obscure transaction. I'll pull it from block chain.
g1(I pay for god) and a3(my new address)  does not matter.

Okay well like I said, each input will have it own set of foreign outputs used for mixing. Such outputs will all be of the same size, so this doesn't change the amount of the transaction, just its possible funding sources. Perhaps you want to revise your example?

Please can you make example:
1) I have unspent output  5 XMR, I want to pay 3 XMR for goods and 1 XMR transaction fee.
2) I want obscure my payment with 1 foreign input what holds 6 XMR.

You can't do #2 with the the protocol works today. There is a modification from gmaxwell that allows using foreign outputs of different sizes but it isn't implemented anywhere AFAIK.

Your foreign ouputs need to be of the same size.

So we would have (borrowing some of your notation)

tx(input(ring(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR)) -> output(r1(3 XMR),c1(1 XMR)))

a1 = our own upspent output
f1..f3 = foreign outputs of size equal to a1
r1 = output owned by recipient
c1 = change output owned by us

We could also include additional inputs (and generate more change) if we wanted to further obscure the amount of the transaction.

Did you forgot to add  keyImage for a1 ? Or how can be this transaction verified ?

[smooth]

So miner(or anybody) knows sum of all spent inputs and outputs ?

The ins and outs each have amounts, so you can add that up.

Am I right ?

Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)

using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?

implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1

Am I missing something ?

I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.

And what does g1 (or a3 for that matter) denote on your output?

yes I want use "foreign output used for a ring sig" to obscure transaction. I'll pull it from block chain.
g1(I pay for god) and a3(my new address)  does not matter.

Okay well like I said, each input will have it own set of foreign outputs used for mixing. Such outputs will all be of the same size, so this doesn't change the amount of the transaction, just its possible funding sources. Perhaps you want to revise your example?

Please can you make example:
1) I have unspent output  5 XMR, I want to pay 3 XMR for goods and 1 XMR transaction fee.
2) I want obscure my payment with 1 foreign input what holds 6 XMR.

You can't do #2 with the the protocol works today. There is a modification from gmaxwell that allows using foreign outputs of different sizes but it isn't implemented anywhere AFAIK.

Your foreign ouputs need to be of the same size.

So we would have (borrowing some of your notation)

tx(input(ring(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR)) -> output(r1(3 XMR),c1(1 XMR)))

a1 = our own upspent output
f1..f3 = foreign outputs of size equal to a1
r1 = output owned by recipient
c1 = change output owned by us

We could also include additional inputs (and generate more change) if we wanted to further obscure the amount of the transaction.

Did you forgot to add  keyImage for a1 ? Or how can be this transaction verified ?

I wasn't including an actual signature here at all. I thought we were discussing transaction fees.

The tranasction prefix -- which consists of what we normally think of as the tranasction (inputs and outputs) -- gets signed using public keys from a1,f1..f3 and a key image derived from the private key of a1

sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(a1)) -> signature

There is one such signature for each input. These are then included in the transaction along with the transaction prefix.

[Odalv]

So miner(or anybody) knows sum of all spent inputs and outputs ?

The ins and outs each have amounts, so you can add that up.

Am I right ?

Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)

using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?

implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1

Am I missing something ?

I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.

And what does g1 (or a3 for that matter) denote on your output?

yes I want use "foreign output used for a ring sig" to obscure transaction. I'll pull it from block chain.
g1(I pay for god) and a3(my new address)  does not matter.

Okay well like I said, each input will have it own set of foreign outputs used for mixing. Such outputs will all be of the same size, so this doesn't change the amount of the transaction, just its possible funding sources. Perhaps you want to revise your example?

Please can you make example:
1) I have unspent output  5 XMR, I want to pay 3 XMR for goods and 1 XMR transaction fee.
2) I want obscure my payment with 1 foreign input what holds 6 XMR.

You can't do #2 with the the protocol works today. There is a modification from gmaxwell that allows using foreign outputs of different sizes but it isn't implemented anywhere AFAIK.

Your foreign ouputs need to be of the same size.

So we would have (borrowing some of your notation)

tx(input(ring(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR)) -> output(r1(3 XMR),c1(1 XMR)))

a1 = our own upspent output
f1..f3 = foreign outputs of size equal to a1
r1 = output owned by recipient
c1 = change output owned by us

We could also include additional inputs (and generate more change) if we wanted to further obscure the amount of the transaction.

Did you forgot to add  keyImage for a1 ? Or how can be this transaction verified ?

I wasn't including an actual signature here at all. I thought we were discussing transaction fees.

The tranasction prefix -- which consists of what we normally think of as the tranasction (inputs and outputs) -- gets signed using public keys from a1,f1..f3 and a key image derived from the private key of a1

sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(a1)) -> signature

There is one such signature for each input. These are then included in the transaction along with the transaction prefix.

Are you trying to confuse me ?


tx{
  prefix= {
     input(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR))
     output(r1(3 XMR),c1(1 XMR), keyimage(priv(a1)))
  }
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(a1))
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(f1))
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(f2))
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(f3))
}

[Quicken]

It has been tricky to follow the various sub-threads here over the last couple of days, but here are a few points regarding development funding.

1) As a moderately large holder, I am planning to join MEW ASAP with a 100 XMR donation, half of which will go to the devs. Hopefully MEW will raise a fair chunk collectively.
2) As a miner, I'd be happy if more of the mining fees, and/or transaction fees went to the developers rather than miners directly. I do mine on a pool that donates to the devs.
3) I mine based not on the current value, but the potential future value of XMR (say 10x current value). Perhaps the devs could consider donations in the same light (assuming you're able to hold)?
4) I'm not in favour of changing the emission schedule at this stage.

Q

[smooth]

Are you trying to confuse me ?


tx{
  prefix= {
     input(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR))
     output(r1(3 XMR),c1(1 XMR), keyimage(priv(a1)))
  }
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(a1))
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(f1))
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(f2))
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(f3))
}

No there is one signature for each input and the key images are not included in the outputs

That transaction above has one input (with a mix factor of 4), so it would have one sig. Some corrected examples:


tx{
  prefix= {
     input(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR))
     output(r1(3 XMR),c1(1 XMR)) ; fee 1 XMR
  }
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(a1))
}

Different version with two inputs:

tx{
  prefix= {
     input(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR))
     input(a2(4 XMR),f4(4 XMR),f5(4 XMR),f6(4 XMR))
     output(r1(3 XMR),c1(5 XMR)) ; fee 1 XMR
  }
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(a1))
  sign(tx_prefix,pub(a2),pub(f4),pub(f5),pub(f6),keyimage(priv(a2))
}

[Odalv]

Are you trying to confuse me ?


tx{
  prefix= {
     input(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR))
     output(r1(3 XMR),c1(1 XMR), keyimage(priv(a1)))
  }
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(a1))
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(f1))
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(f2))
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(f3))
}

No there is one signature for each input and the key images are not included in the outputs

That transaction above has one input (with a mix factor of 4), so it would have one sig. Some corrected examples:


tx{
  prefix= {
     input(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR))
     output(r1(3 XMR),c1(1 XMR)) ; fee 1 XMR
  }
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(a1))
}

Different version with two inputs:

tx{
  prefix= {
     input(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR))
     input(a2(4 XMR),f4(4 XMR),f5(4 XMR),f6(4 XMR))
     output(r1(3 XMR),c1(5 XMR)) ; fee 1 XMR
  }
  sign(tx_prefix,pub(a1),pub(f1),pub(f2),pub(f3),keyimage(priv(a1))
  sign(tx_prefix,pub(a2),pub(f4),pub(f5),pub(f6),keyimage(priv(a2))
}

In this case (key images are not included in the outputs), how do you want to prevent DOUBLE spend ?

whitepaper LNK

LNK: The verifer checks if "keyImage" has been used in past signatures (these values are stored in the set ).
Multiple uses imply that two signatures were produced under the same secret key.

I will sign again and again same input.