I would like help or reassurance that I understand these aspects about monero.
Let’s say I have a subaddress that has received 1 XMR, and another subaddress that has received 5 XMR.
I spend all 6 XMR in the same transaction.
How does this work?
As I understand it, each subaddress effectively has its own private key for themselves, which are derived from the master private key, and both of them would need to sign the same transaction/ring signature?
Say I wanted to create a coinjoin, two separate people participating in the creation of the same transaction but with their own private keys: could this be done without either party revealing their private keys to one another, and ensure both sends their coins if the transaction is included in a block?
If I understand monero correctly, it could be done like this:
1. Alice provides a list of 4 decoy outputs + their actual output which holds 1 XMR
2. Bob provides a list of 5 decoy outputs + their actual output which holds 5 XMR?
This creates a ring signature of 9 decoy outputs and 2 outputs that actually correspond to Alice and Bob’s output and subsequent private keys.
Once this ring signature is generated, bob signs it and sends it to Alice, who also signs it. It is submitted to the network to send funds from both Alice and bobs wallets.
However: what would stop the partially signed transaction from being submitted and being valid so that only bobs and not Alice’s transactions sends?
Would it be the range proof? I.e the transaction would only be valid if the amount of monero is equal to 6 XMR?.