4rkal/monero-site
1
0
Fork 0
mirror of https://github.com/monero-project/monero-site.git synced 2024-12-04 23:51:11 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

posts: Add meeting logs for June 2020

Browse Source
This commit is contained in:
Matt Smith 2020-07-10 14:10:56 +01:00
parent e4ef03f2db
commit db16f9fcec
No known key found for this signature in database
GPG Key ID: D0EAC8943FB1B2C1
4 changed files with 802 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

238
_posts/2020-06-06-monero-community-meeting.md Normal file
View File

@ -0,0 +1,238 @@
---
layout: post
title: Logs for the Community Meeting Held on 2020-06-06
tags: [dev diaries, crypto]
author: asymptotically / sgp_
---
# Logs
**\<sgp\_\>** 0. Introduction
**\<sgp\_\>** We would like to welcome everyone to this Monero Community Workgroup Meeting!
**\<sgp\_\>** Link to agenda on GitHub: https://github.com/monero-project/meta/issues/471
**\<sgp\_\>** Monero Community meetings are a discussion place for anything going on in the Monero Community, including other Monero workgroups. We use meetings to encourage the community to share ideas and provide support.
**\<sgp\_\>** 1. Greetings
**\<ErCiccione\>** Hi folks
**\<msvb-mob\>** Hello.
**\<kinghat[m]\>** o/
**\<binaryFate\>** hello!
**\<sgp\_\>** ping needbrrrrrrr90 sarang
**\<sarang\>** Hi
**\<deedledea\>** Hi!
**\<sgp\_\>** hello everyone :)
**\<sgp\_\>** 2. Community highlights
**\<sgp\_\>** See Monero weekly highlights at https://revuo-monero.com
**\<sgp\_\>** Check out resources at https://communityworkgroup.org. It also has a calendar you can subscribe to for meeting reminders.
**\<sgp\_\>** We now have a Twitter! https://twitter.com/xmrcommunity
**\<sgp\_\>** If we have time during open ideas time, please comment on what you want to use it for.
**\<sgp\_\>** Diego spoke about Monero at the Messaris Mainnet 2020 conference. Hopefully they eventually distribute a recording.
**\<sgp\_\>** Does anyone have community (non-workgroup) updates to share?
**\<sgp\_\>** 3. CCS updates
**\<sgp\_\>** Funding required:
**\<sgp\_\>** Norwegian translation of webplate, footers, nav. Menu (1.16 / 6 XMR) https://ccs.getmonero.org/proposals/Norwegian\_translation\_core.html
**\<sgp\_\>** Research post-quantum strategies for Monero (550.06 / 576 XMR) https://ccs.getmonero.org/proposals/research-post-quantum-monero.html
**\<sgp\_\>** Ideas (to be discussed):
**\<sgp\_\>** Swedish cli wallet (3 XMR) https://repo.getmonero.org/monero-project/ccs-proposals/-/merge\_requests/147
**\<sgp\_\>** dEBRUYNE and ErCiccione[m] commented on Reddit: https://www.reddit.com/r/Monero/comments/gtjd6g/ccs\_proposal\_lets\_add\_support\_for\_swedish\_in\_to/
**\<monerobux\>** [REDDIT] [CCS Proposal] Lets add support for swedish in to monero cli wallet (self.Monero) | 21 points (82.0%) | 5 comments | Posted by writesofrust | Created at 2020-05-30 - 18:43:13
**\<sgp\_\>** no comments on this one?
**\<binaryFate\>** I don't see much value either, but don't see a reason not to pass it on to funding required
**\<binaryFate\>** donors can decide
**\<binaryFate\>** 3 XMR is very small, maybe it is a good test run of the CCS system by that person if nothing else
**\<sgp\_\>** is the gui and website already translated?
**\<ErCiccione\>** Not a big fan of that proposal. We don't even know about past experiences as translator and the proposal itself seems quite lazily written
**\<ErCiccione\>** let me check that
**\<sgp\_\>** if they have no past contributions, I think that's a reason to not advance
**\<ErCiccione\>** We don't have the website in swedish. We have the GUI, which is almost fully translated
**\<ErCiccione\>** i'm fine with people not having past experience with monero if they show some credentials
**\<sgp\_\>** did they show any?
**\<ErCiccione\>** To my knowledge, no.
**\<ErCiccione\>** but we didn't ask either
**\<sgp\_\>** I guess the proposal is on hold then until that is resolved
**\<sgp\_\>** final comments on this one?
**\<sgp\_\>** second one:
**\<sgp\_\>** Sarang: research funding for 2020 Q3 (492 XMR) https://repo.getmonero.org/monero-project/ccs-proposals/-/merge\_requests/148
**\<sarang\>** I'll revisit the amount prior to opening (if this is decided)
**\<sgp\_\>** I highly doubt anyone will comment against this one
**\<binaryFate\>** go go go!!!
**\<sgp\_\>** indeed
**\<sarang\>** Happy to take questions here or as CCS comments
**\<ErCiccione\>** I already left a thumb up on the MR
**\<sgp\_\>** 7 thumbs up now
**\<sgp\_\>** I think we can proceed since this obviously has universal support
**\<sarang\>** I'll check on the amount first
**\<sgp\_\>** of course
**\<sarang\>** So please don't merge just yet
**\<binaryFate\>** sarang did you discuss with luigi1111 about the proposed "stable USD amount" buffer?
**\<sarang\>** It was briefly mentioned, but not really in any more detail
**\<binaryFate\>** Let's discuss and finalize decision before you adapt amount
**\<sarang\>** ok
**\<binaryFate\>** (decision might be not to use it, no pressure!)
**\<sgp\_\>** CLSAG Audit with Teserakt and OSTIF (179 XMR) https://repo.getmonero.org/monero-project/ccs-proposals/-/merge\_requests/150
**\<sgp\_\>** Teserakt has already done half of the audit on their own decision
**\<monerobux\>** Test failed
**\<binaryFate\>** lol
**\<sgp\_\>** no comments?
**\<niocbrrrrrr\>** !donate [undisclosed\_amount]
**\<niocbrrrrrr\>** please and thank you
**\<sgp\_\>** haha nice
**\<sgp\_\>** Any other CCS comments before we move on?
**\<sgp\_\>** 4. Workgroup report
**\<sgp\_\>** is selsta here?
**\<selsta\>** yes
**\<sgp\_\>** sweet
**\<sgp\_\>** a. Daemon/CLI/GUI workgroup
**\<sgp\_\>** go ahead :)
**\<selsta\>** Will have to think :P
**\<selsta\>** v0.16 was a smooth release and with no major problems.
**\<selsta\>** I think we can soon prepare v0.17 with CLSAG
**\<sgp\_\>** selsta: do you have an ideal release date for 0.17? since it will require a hardfork
**\<ErCiccione\>** Good job btw. People are super happy with the new GUI and CLI
**\<selsta\>** Not yet.
**\<selsta\>** I want to release at least 1 month before the hardfork time.
**\<kinghat[m]\>** ya the gui is sexy af
**\<sgp\_\>** do you want it to happen before this fall?
**\<selsta\>** I would guess hardfork 2 months after the audit is done but that might be too optimistic.
**\<sarang\>** There will need to be Trezor/Ledger support in place from those teams
**\<sarang\>** and they'll probably want a testnet to try it out on
**\<selsta\>** We have to give exchanges and other wallets enough time to update.
**\<dEBRUYNE\>** Bear in mind that CLSAG also requires changes from wallet providers
**\<dEBRUYNE\>** Thus, we have to allow for more time arguably
**\<selsta\>** yep
**\<selsta\>** We are also thinking about signing the windows and macOS release but that might be a better topic for the dev meeting
**\<selsta\>** code certificate signing\*
**\<ErCiccione\>** yeah. The problem with the antiviruses needs to be at list mitigated somehow. Really bad UX
**\<selsta\>** might no not possible to mitigate, but we will see
**\<kinghat[m]\>** did one of those hw wallets monero integration get promoted to "full" or "proper" vs just being a side thing?
**\<selsta\>** you mean ledger?
**\<kinghat[m]\>** im not sure 🤔
**\<sarang\>** Ledger
**\<sarang\>** I'm in contact with the person now in charge of that
**\<selsta\>** I did not read from the announcement that they will work on Ledger Live.
**\<sarang\>** I do not know any details on that
**\<selsta\>** anyway Im done with the workgroup update
**\<sgp\_\>** thanks selsta!
**\<selsta\>** oh and one more thing
**\<selsta\>** google might add monero to their open source fuzzer: https://github.com/google/oss-fuzz/pull/3941
**\<sarang\>** IIRC moneromooo has been updating the fuzz tests in the codebase
**\<sgp\_\>** sweet
**\<selsta\>** this will help at find bugs in the monero codebase
**\<selsta\>** finding\*
**\<selsta\>** ok done now
**\<sgp\_\>** thanks!
**\<sgp\_\>** b. Localization workgroup
**\<sgp\_\>** ErCiccione any update?
**\<ErCiccione\>** Not much. About 50 people contributed to translate the GUI release
**\<kinghat[m]\>** this is what i read: https://www.reddit.com/r/Monero/comments/gwkmcn/ledger\_monero\_app\_new\_lead\_dev/
**\<kinghat[m]\>** \> Why? Until now Monero was still maintained as R&D project by myself. It is now moving in the coin integration team and will reach a new state level. That's as a good news.
**\<monerobux\>** [REDDIT] Ledger Monero App: New lead dev! (self.Monero) | 149 points (100.0%) | 38 comments | Posted by cslashm | Created at 2020-06-04 - 16:21:05
**\<ErCiccione\>** It's a good number, the highest amount of translators for a release was 60 IIRC, but don't quote me on that
**\<sarang\>** kinghat[m]: I've been recently put in touch with the dev who's now in charge of that
**\<sarang\>** I've reached out to get information on their required/desired timeline for a network upgrade
**\<sarang\>** waiting to hear back
**\<ErCiccione\>** also, Weblate is starting to catch up. People are using it every day and we have about 150 people on the platform
**\<ErCiccione\>** the activity: https://translate.getmonero.org/#activity
**\<ErCiccione\>** beside that, not much to report
**\<kinghat[m]\>** sorry for the interruption ErCiccione.
**\<ErCiccione\>** no problem :)
**\<sgp\_\>** glad to hear so many people helped with 0.16
**\<sgp\_\>** c. Outreach workgroup
**\<sgp\_\>** Monero Outreach recently shared their “We Accept Monero” campaign: https://www.monerooutreach.org/we-accept-monero.html
**\<sgp\_\>** d. Website workgroup
**\<sgp\_\>** lots of cool changes here :)
**\<ErCiccione\>** Yeah there is a lot of stuff in progress
**\<ErCiccione\>** I posted this on reddit today: https://www.reddit.com/r/Monero/comments/gxnqmf/lets\_improve\_the\_monero\_faq\_page\_on\_getmonero/
**\<monerobux\>** [REDDIT] Let's improve the Monero FAQ page on GetMonero. What questions/answers should we add? (self.Monero) | 35 points (95.0%) | 7 comments | Posted by ErCiccione | Created at 2020-06-06 - 09:17:52
**\<ErCiccione\>** I think we should improve the FAQ adding as many qestions as possible
**\<ErCiccione\>** if anybody has ideas, please post them on reddit or open an issue
**\<sgp\_\>** SE is definitely a good place to start
**\<ErCiccione\>** or write here if you want but there is a higher chance of me forgetting it :P
**\<ErCiccione\>** sgp\_ i used it when i remade the faq, but now i wanted to add questions that people are asking now
**\<selsta\>** I dont think trying to replace SE with the website FAQ makes sense. (Not sure if thats the intention)
**\<ErCiccione\>** I don't intend to replace SE at all. I just think that the website should be more a point of reference. Because people are more likely to look for answers there
**\<sgp\_\>** not replacing SE
**\<selsta\>** A lot of people google their question and get redirected to SE / Reddit. I doubt that many people will read to a huge FAQ but maybe thats just my opinion.
**\<selsta\>** through\*
**\<sgp\_\>** this is mostly for media/journalists imo
**\<midipoet\>** what's the story with #monero-defcon
**\<sgp\_\>** better for them to reference the site than SE
**\<selsta\>** But a FAQ makes sense in general, yes.
**\<dEBRUYNE\>** SE has quite good SEO fwiw
**\<dEBRUYNE\>** They will often appear on top for a search
**\<msvb-mob\>** midipoet: What do you mean what's the story with #monero-defcon?
**\<sgp\_\>** SE is good if someone googles a specific question
**\<sgp\_\>** FAQ is good if someone goes digging
**\<msvb-mob\>** midipoet: I see now, let me try to fix that.
**\<selsta\>** IMO FAQ is more for general questions about Monero, not too technical things.
**\<sgp\_\>** yeah agreed
**\<ErCiccione\>** selsta: yep, that's my point
**\<midipoet\>** msvb-mob: thankyou!
**\<kayront\>** question, there was some talk months ago about ring sizes increasing to epic quantities, is that still on the table?
**\<kayront\>** (hi everyone!)
**\<sgp\_\>** kayront: not with clsags
**\<sgp\_\>** longer term
**\<ErCiccione\>** For who is not aware of that. I'm changing the homepage, you are welcome to review and participate to the dicussion: https://github.com/monero-project/monero-site/pull/948
**\<ErCiccione\>** oh almost forgot
**\<ErCiccione\>** We are working on implementing the netlify previews on getmonero
**\<kayront\>** sgp\_: years?
**\<ErCiccione\>** Basically every time somebody open a PR, netlify will build it and show a preview. That's useful because people without a building environment can see how a PR will look like once merged
**\<ErCiccione\>** see https://github.com/monero-project/monero-site/pull/1016
**\<ErCiccione\>** That's something i look forward to and i hope will help increasing the activity on the monero-site repo
**\<dEBRUYNE\>** kayront: Realistically I think Triptych is 1-1.5 years out
**\<sarang\>** There are still some questions on multisig support due to some different math
**\<msvb-lab\>** midipoet: You (and all of us) can now again access #monero-defcon.
**\<midipoet\>** msvb-lab: thank you :-).
**\<selsta\>** ErCiccione: useful :D
**\<ErCiccione\>** i made a test PR that people can use as example
**\<ErCiccione\>** https://github.com/erciccione/monero-site/pull/17
**\<midipoet\>** msvb-lab: there might still be a permissions issue...as I get an error trying to post a message
**\<binaryFate\>** ErCiccione I'll get to the netlify thing tomorrow
**\<ErCiccione\>** I PRd the edited homepage. You can see netlify's comment with a link
**\<ErCiccione\>** that's the PR built and deployed
**\<ErCiccione\>** thanks binaryfate :)
**\<sarang\>** ErCiccione: any practical risk of an attacker fooling someone into thinking it's the real site?
**\<sarang\>** I suppose such an attacker could just deploy their own clone of the code, and the domain is netlify...
**\<kayront\>** asked this in -dev several mins ago before realizing there's a meeting going on, does anyone know if this would be possible: " another thing: would it technically be possible to have an "account viewkey", rather than a wallet-wide one? use cases would be services that require the viewkey to confirm payments, generate addresses etc, this is a fairly common use case; and for simplicity/backup/sanity reasons it's helpful to only have one
**\<kayront\>** underlying seed"
**\<ErCiccione\>** unlikely IMO
**\<ErCiccione\>** but even if they do think it's the real website, there are no downloads
**\<ErCiccione\>** and the links are hard to mistake. The homepage for example is built here: https://deploy-preview-17--frosty-jones-8df25a.netlify.app
**\<sgp\_\>** thanks ErCiccione
**\<sgp\_\>** anything else on the website?
**\<sgp\_\>** sarang: can you quickly give an update on MRL?
**\<ErCiccione\>** don't think so
**\<sarang\>** Sure
**\<sarang\>** The CLSAG audit process is proceeding nicely
\* midipoet realises there was a meeting
**\<sarang\>** I spent quite a bit of time re-running and correcting some tracing analysis that came out in a preprint
**\<sarang\>** The results are much better than the preprint had suggested
**\<sgp\_\>** that was just a class project afaict
**\<sarang\>** Yes, but it got some attention and was a good excuse to run updated analysis anyway
**\<sgp\_\>** thanks sarang
**\<sgp\_\>** there's one topic ErCiccione wanted to discuss at the meeting
**\<sgp\_\>** ErCiccione asked to reserve some time to make a decision of using “reasonably” in the homepage: https://github.com/monero-project/meta/issues/471#issuecomment-639582413
**\<sgp\_\>** https://github.com/monero-project/monero-site/issues/971
**\<ErCiccione\>** yeah let's get done with that
**\<sgp\_\>** I think it should be removed
**\<sgp\_\>** it doesn't convey the nuances it attempted to convey imo
**\<ErCiccione\>** I liked it, but i see why people prefer to have it removed. If it's controversial, let's just remove it
**\<ErCiccione\>** people wanted to change "slogan" anyway, no?
**\<sgp\_\>** yeah there were other ideas too
**\<kayront\>** fwiw i think it reads a bit like a cop-out
**\<deedledea\>** +1 for removing it
**\<kayront\>** i understand the idea behind it, but for the uninitiated it probably reads more like "it's probably not gonna keep my stuff private"
**\<sarang\>** The idea was that privacy and security always depend on risk and threat models
**\<sgp\_\>** who gets that from "reasonably" though if they don't already get that
**\<sarang\>** understood
**\<binaryFate\>** remove it please, it's only in geek circles that people might get the honest meaning. We're very honest if people dig more, no need to confuse on the homepage
**\<kayront\>** yeah sarang, iirc QubesOS used/uses "reasonably secure" as well, in reality that's what it is because nothing can be 100% safe
**\<kayront\>** but for new people the nuance will be lost i reckon
**\<sgp\_\>** any final comments?
**\<sarang\>** I'm not tied to that specific wording. As long as the presentation is honest and reasonable
**\<sgp\_\>** okay, we can wrap up then. thanks for your patience as we went over
**\<sgp\_\>** 6. Confirm next meeting date/time
**\<sgp\_\>** The next community meeting will be in 2 weeks on 20 June at 17:00 UTC.
**\<sgp\_\>** The next Coffee Chat is on Saturday 27 June at 17:00 UTC
**\<sgp\_\>** Conclusion
**\<ErCiccione\>** alright, i'll remove it tomorrow
**\<sgp\_\>** Thats all! Thanks for attending this Monero Community meeting, and we hope to see you on r/MoneroCommunity and #monero-community. Take care, STAY SAFE AND ISOLATED, and know that change starts with YOU.

213
_posts/2020-06-10-monero-research-lab-meeting.md Normal file
View File

@ -0,0 +1,213 @@
---
layout: post
title: Logs for the MRL Meeting Held on 2020-06-10
tags: [dev diaries, crypto, research]
author: asymptotically / Sarang
---
# Logs
**\<sarang\>** OK, just about time to start the meeting
**\<sarang\>** First, greetings!
**\<ArticMine\>** Hi
**\<sgp\_\>** hello
**\<Isthmus\>** Heya
**\<sarang\>** I suppose we can move to the roundtable, where anyone is welcome to share research of interest
**\<sarang\>** Does anyone want to go first?
**\<sarang\>** If not, I can share a few things
**\<sarang\>** Teserakt has sent me a draft of their analysis of the CLSAG preprint
**\<monerobux\>** Test failed
**\<sarang\>** bad bot
**\<sarang\>** The draft report indicates they did not find any major issues with the construction, but they had some comments and suggestions on the formalization that I'm working to update
**\<sarang\>** This shouldn't result in any changes to the code
**\<sarang\>** Separately from this, I started working on some output merging analysis on the Monero chain
**\<h4sh3d[m]\>** Hello
**\<sarang\>** I have preliminary data but am still checking it for a few questions I have
**\<sarang\>** I'll post a plot here, but note that it should not be relied on until checked more thoroughly
**\<sarang\>** https://usercontent.irccloud-cdn.com/file/EHmFolZV/data\_all.png
**\<sarang\>** An explanation...
**\<sarang\>** I look for "zero-hop" possible merges, where outputs from the same source transaction appear in separate rings in a later destination transaction, and filter only by post-CT confidential transactions
**\<sarang\>** Then, for each such possible merge, I look at the height difference of the source and destination transaction, and plot them here
**\<sarang\>** The x-axis represents block height difference, and the y-axis is fractional occurrence (note the log scale!)
**\<kiwi\_87\>** Hi. What you think about interoperability on Monero?
**\<sarang\>** kiwi\_87: one sec
**\<Isthmus\>** 👀
**\<Isthmus\>** Very interesting
**\<sarang\>** https://usercontent.irccloud-cdn.com/file/UPSZyk6P/data\_1k.png
**\<sarang\>** Here is the same data, but zoomed (and rescaled) to the low end of the x-axis
**\<sarang\>** Now, these are only possible merges; there's no good ground-truth data set on chain for post-CT confidential transactions
**\<atoc\>** hi
**\<sarang\>** So I'm going to run a simulation using the same input/output structure and the current decoy selection algorithm
**\<sarang\>** and see if/where the distributions diverge
**\<sarang\>** kiwi\_87: what do you mean by interoperability
**\<sarang\>** Oh, and for this data... about 2.3% of post-CT confidential transactions contained at least one possible merge
**\<sarang\>** (this data shows all such possible merges, not just a unique one from each transaction)
**\<Isthmus\>** @sarang if you want to go deep into the Bayesian weeds, could calculate the probability (always positive, but varying in magnitude) that a pair(+) of these ring members would be selected together if sampled from the standard algo
**\<UkoeHB\_\>** Isthmus: do you recall what proportion of transactions don't use the standard gamma distribution (approximately)?
**\<sarang\>** UkoeHB\_: note that this is \_all\_ post-CT confidential transactions, regardless of likely selection method
**\<sarang\>** I did a filter for that but may have a minor indexing issue that threw off the data
**\<sarang\>** Isthmus: yeah, I thought about that too (but didn't run the analysis)
**\<sarang\>** The distribution difference is intended to give a very rough idea of how non-ideal this distribution is
**\<ArticMine\>** The other question is ring size
**\<Isthmus\>** @UkoeHB\_ as of Konferenco (last June) about 1% of transactions used obviously uniform selection algorithm
**\<Isthmus\>** I haven't updated the analysis pipeline, so can't speak to recent months.
**\<UkoeHB\_\>** ah if sarang is already filtering those out it's not a big deal
**\<sarang\>** I'm not at the moment
**\<sarang\>** This is all post-CT confidential transactions
**\<Isthmus\>** @sarang what are you coding this in? I have python code to strip those out
**\<sarang\>** This is Python as well
**\<sarang\>** If you can link the code that'd be great, or I can write something up
**\<sarang\>** But uniform selection seems very unlikely to cause the long tail
**\<sarang\>** Anyway, this is the start of analysis that I hope will be useful to inform safer output selection
**\<UkoeHB\_\>** very cool thanks for you effort sarang :)
**\<sarang\>** Once I verify this indexing issue, I'll post both the analysis code and the data set
**\<Isthmus\>** https://www.irccloud.com/pastebin/BChX6gR9/
**\<sarang\>** I can't post \_all\_ the data (block, transaction, ring, ...) since it's far too big for GitHub
**\<kiwi\_87\>** @sarang, I mean the interoperability, if it can be made between Monero and other chains, there would be more room for the adoption of XMR. I learn about this from the fact that Bitcoin is entering Ethereum network with the amount that is way larger than which on the layer 2 of Bitcoin. It helps BTC to join the DeFi and increase the adoption for
**\<kiwi\_87\>** such crypto. Same thing can also happen with XMR, dont you think?
**\<sarang\>** But I can post the resulting possible merges, which are of reasonable size
**\<sarang\>** Thanks Isthmus
**\<Isthmus\>** https://usercontent.irccloud-cdn.com/file/fZgJlX2o/image.png
**\<sarang\>** kiwi\_87: operating between Monero and other chains is surprisingly tricky, and even moreso if the goal is to maintain uniformity of transactions
**\<Isthmus\>** https://usercontent.irccloud-cdn.com/file/aQVzvAAq/image.png
**\<sarang\>** Isthmus: what are these plots?
**\<Isthmus\>** Let ring\_member\_ages be an array of ring member ages [0.5d, 0.7d, ...]
**\<Isthmus\>** offset-corrected median age = median(ring\_member\_ages - min(ring\_member\_ages)
**\<Isthmus\>** The correct decoy algorithm produces OCMA's around 100 - 10000 blocks
**\<Isthmus\>** I used 370000 as a conservative "absurdity limit"
**\<sarang\>** Small sample =\> high variance, I assume?
**\<Isthmus\>** Might also have to do with fact that algo reacts to txn vol changes
**\<Isthmus\>** Anyways, anything above 10^5 is suspect
**\<Isthmus\>** Red line is 370000 blolcks
**\<Isthmus\>** Anything above that is absolutely not from the correct decoy algo
**\<sarang\>** Examining the distribution with that filter will be very interesting
**\<Isthmus\>** And in most cases, when I spot checked, were due to apparent uniform decoy selectioin algo
**\<sarang\>** I'd expect that it wouldn't change much, but I like being proven wrong
**\<sarang\>** Any other speculation about the effects of these selections? (just curious)
**\<Isthmus\>** Hmm, I'm interested in the Bayesian analysis, which will tell us whether this is a novelty with 10% predictive power, or a damning tell with 95% predictive power
**\<sarang\>** Oh and Isthmus: what transactions does this account for? The entire chain?
**\<Isthmus\>** From introduction of RingCT until Konferenco
**\<sarang\>** Does it filter out non-CT transactions after the CT cutoff?
**\<sarang\>** These are low quantity, but are still present
**\<sarang\>** and have very different selection of course
**\<Isthmus\>** I usually ignore non-RingCT since I'm more interested in optimizing current privacy than studying historical easter eggs
**\<sarang\>** yeah
**\<Isthmus\>** I'll have to work my way back in the analysis pipeline to check
**\<sarang\>** I also filtered those in the plots above
**\<Isthmus\>** Sorry, by "ignore" RingCT, I mean "exclude them from my data set before analyzing"
**\<sarang\>** roger
**\<Isthmus\>** s/RingCT/non-RingCT
**\<monerobux\>** Isthmus meant to say: Sorry, by "ignore" non-RingCT, I mean "exclude them from my data set before analyzing"
**\<sarang\>** Oh, and I might have mentioned this last week (don't recall), but I'm still working with those CMU student researchers to confirm some updated deducibility analysis
**\<sarang\>** They plan to revise their preprint once again
**\<sarang\>** This is especially nice given that their "30% traceable" (or whatever it was) conclusion regarding spend age heuristics is incorrect
**\<kiwi\_87\>** @sarang. Yeah I know its the hardest part. Actually our research at Incognito project is currently on this direction.
**\<kiwi\_87\>** We have the idea of building a privacy chain learning the technology from Monero, thus allowing the high level of privacy for the chain.
**\<kiwi\_87\>** Then build a Portal connecting to Monero with a group of decentralized custodians holding & releasing XMR when users going in & going out the layer 2. The same design can be applied to BTC, which brings XMR & BTC to the same privacy layer.
**\<kiwi\_87\>** What do you guys all think?
**\<sarang\>** This might be a better conversation for after the meeting kiwi\_87 if it mainly concerns research for another project
**\<sarang\>** Unless the group disagrees
**\<moneromooo\>** Not this silent part of the group.
**\<sarang\>** Were there any other questions on the deducibility or output merging data?
**\<sarang\>** If not, does anyone else wish to present research of interest for this group?
**\<Isthmus\>** @kiwi\_87 cool, I like seeing these types of projects. 👍
**\<h4sh3d[m]\>** I can give some updates about the swap
**\<sarang\>** Please do
**\<sarang\>** (this may be relevant to you kiwi\_87)
**\<h4sh3d[m]\>** I started working on it, I plan to have an updated version of the paper next week
**\<h4sh3d[m]\>** So, the idea is still the same as before
**\<kiwi\_87\>** @sarang yeah sure. Ill talk more about what we are doing in the after-meeting time. Still, I think interoperability on XMR could be a very bright way to increase the Monero adoption. Would love to talk to other researchers who are also diving in the same direction
**\<h4sh3d[m]\>** split the monero spending key in two halfs, and "sell" one half or the other on the bitcoin chain depending if the swap success or not
**\<sarang\>** via multisig, I assume
**\<sarang\>** "You get the even bytes, and I keep the odd bytes!"
**\<h4sh3d[m]\>** Yes, kind of. Before there was the generic zkp for the hash preimage
**\<kiwi\_87\>** @Isthmus sure. Would love to share more in the after-meeting time. Now lets make the convo laser-focused on Monero
**\<sarang\>** h4sh3d[m]: but you're replacing with a cross-group DL equivalence proof via side channel, correct?
**\<kiwi\_87\>** @h4sh3d[m] would love to hear about this. Really want to know whats going on there with the cryptography challenge. Please update us :D
**\<h4sh3d[m]\>** Now, by combining dl equality across group + ECDSA one-time VES, we should be able to achieve the same
**\<h4sh3d[m]\>** ECDSA one-time VES: https://github.com/LLFourn/one-time-VES/blob/master/main.pdf
**\<h4sh3d[m]\>** (it's an ECDSA "adaptor signatures")
**\<sarang\>** Remind me: does this approach assume/require any particular timelock capability on the Monero side?
**\<sarang\>** If so, to what extent?
**\<h4sh3d[m]\>** No, nothing is required on the Monero side, that's the cool part
**\<sarang\>** OK, thanks
**\<sarang\>** Monero supports a very simple timelock of course
**\<sarang\>** but it's a bit inconsistent at the moment, and apparently infrequently used
**\<sarang\>** so if it were required, this could present a uniformity issue
**\<h4sh3d[m]\>** We create an address where Spend = Spend\_alice + Spend\_bob (same for view)
\<Spend, View\> corresponding address
**\<sarang\>** Does the address protocol have issues with key cancellation?
**\<h4sh3d[m]\>** Each participant has his own half, and one will get the second one
**\<sarang\>** Or is there precommitment to address parts?
**\<h4sh3d[m]\>** Not sure if I understand what you mean by key cancellation
**\<sarang\>** If you hand me a part of a key, maybe I maliciously generate my own "key" such that the sum is any value I want
**\<h4sh3d[m]\>** Ah yes, I thought about that
**\<sarang\>** If this is problematic, we can each commit to our key portions first, and then check that the keys received match the commitments
**\<sarang\>** it ensures that neither party change their mind
**\<sarang\>** Adds a communication round
**\<sarang\>** There are other methods involving random-oracle linear combinations too, depending on what you need
**\<h4sh3d[m]\>** I thought about the commit, but that also mean you don't know your correct "half" (only the destiantion priv/pub), and without priv half, you are not able to continue the protocol
**\<sarang\>** But sorry, I'm digressing here
\<\>other cryptos, we will need more atomic swap designs and Portal designs connecting layer 2 and Monero chain
**\<h4sh3d[m]\>** No, it's a good one
**\<sarang\>** kiwi\_87: let's discuss after the meeting
**\<sarang\>** h4sh3d[m]: ok, as long as it's either not necessary or taken care of via a communication round, I suppose
**\<sarang\>** But certainly worth a close eye after the paper is updated
**\<h4sh3d[m]\>** when we get the address, and the initialization phase is done (with zkp dl equality e.g.), one send Monero into it
**\<kiwi\_87\>** @sarang sure
**\<h4sh3d[m]\>** at the end, Alice or Bob, will learn the full private spend key = priv\_spend\_alice + priv\_spend\_bob
**\<h4sh3d[m]\>** So no, nothing fancy required on the Monero side
**\<atoc\>** nice
**\<h4sh3d[m]\>** You will import the full keys in you wallet and do a regular transaction
**\<sarang\>** Definitely look forward to seeing the updated paper h4sh3d[m]!
**\<atoc\>** same
**\<h4sh3d[m]\>** (keys that are generated withou a seed and a derivation function, so wallet must support "raw" keys)
**\<h4sh3d[m]\>** Right now, I'm in the one-time VES paper, and your MRL-0010 one
**\<sarang\>** got it
**\<h4sh3d[m]\>** \* I'm done, thanks for your inputs
**\<sarang\>** I might update MRL-0010 to specify that the Pedersen generators need an unknown DL relationship
**\<sarang\>** Apparently that wasn't listed specifically, but is generally true for Pedersen commitment security
**\<sarang\>** In the interest of time, were there any other research topics that need to be presented before the hour is up?
**\<Isthmus\>** Quick update: Im really happy to share that were officially beginning our audit of moneros security and privacy mechanisms against algorithms that could be exploited by hypothetical quantum adversaries. Thank you to everybody who contributed feedback or funds to our CCS 🙏
**\<Isthmus\>** The first step is a formalizing our adversary model and enumerating of mechanisms of interest.
**\<Isthmus\>** Right now the attack surface list looks like {Ring Signatures, RingCT, One-time "Stealth" Addresses, Pubkey derivation, Forge amounts?, Bulletproofs, RandomX proof-of-work, Block / Transaction hashing}.
**\<Isthmus\>** Please suggest other pieces that youd like to see audited. :- )
**\<Isthmus\>** Earlier I was looking at the wallet generation schematic shared to Reddit, and it has me pondering visual ways to communicate results. https://www.reddit.com/r/Monero/comments/gy0m1u/i\_made\_an\_infographic\_on\_how\_a\_monero\_wallet\_is/
**\<monerobux\>** [REDDIT] I made an infographic on how a Monero wallet is generated. Can you find any mistakes? (https://i.redd.it/tv98m10mbd351.png) to r/Monero | 163 points (100.0%) | 18 comments | Posted by Krakataua314 | Created at 2020-06-06 - 22:42:54
**\<Isthmus\>** https://i.redd.it/tv98m10mbd351.png
**\<Isthmus\>** For example, the ed25519 scalarmult (used for private view key → public viewkey) is a one-way function for traditional computers (assuming hardness of the discrete log problem) but can be reversed if you can apply Shors algorithm.
**\<Isthmus\>** So perhaps this could be visually annotated with directional arrow for traditional adversaries and bidirectional arrow for hypothetical quantum adversaries. Would that be an intuitive approach?
**\<sarang\>** I like that idea
**\<sarang\>** that's very clever
**\<sarang\>** Can you remind us of the expected timeline Isthmus?
**\<Isthmus\>** Will be working on this full time for the next 3 months
**\<sarang\>** (with the understanding that research often takes unexpected twists)
**\<Isthmus\>** Phase 1 should be quick
**\<sarang\>** The scope was modified to focus less on deliverable code, right?
**\<sarang\>** And more on solid understanding, possible mitigations and relevant work, and communication?
**\<Isthmus\>** Just setting the stage for our object of study and attacker, hoping to have a first "final draft" of that done by next MRL meeting
**\<sarang\>** Oh nice
**\<Isthmus\>** Yep
**\<sarang\>** That'll be great to see
**\<Isthmus\>** And then working systemically through the cross sections
**\<Isthmus\>** (table where each column is a quantum adversary and each row is a piece of Monero tech)
**\<Isthmus\>** My guess is that we'll be able to fill 80% of the squares in 20% of the time
**\<Isthmus\>** And then 20% of the squares will take 80% of the time
**\<sarang\>** Do you expect that the final results will be suitable for broader distribution? Like to journals, refereed conferences, or simply IACR archive?
**\<Isthmus\>** Throughout this entire project, the community will receive updates during the weekly #monero-research-lab meetings. During phase 3 however, several specific documents (the key deliverables from this research) will be freely published
**\<Isthmus\>** 1. User-friendly writeup: This community-facing writeup will provide an approachable explanation of how hypothetical quantum computers may impact Monero, and possible future mitigations. The writeup should minimize FUD and provide the context that these vulnerabilities apply to almost all cryptocurrencies (not only Monero).
**\<Isthmus\>** 2. Technical documentation: An MRL position paper to distill key information for (current and future) researchers and developers. The writeup should formally describe vulnerabilities, and highlight potential strategies and solutions, noting their tradeoffs. Code snippets may be included if appropriate for pedagogical purposes or clarity.
**\<Isthmus\>** 3. Non-technical 1-pager: An ELI5 / TL;DR summary will be provided for journalists, Monero Outreach, etc. This blurb will discuss risks and myths with no technical jargon, with key takeaways that a broad audience will appreciate.
**\<Isthmus\>** (Results and updates will be also disseminated via Twitter threads, Reddit posts, and Breaking Monero videos.)
**\<Isthmus\>** And yea, hopefully we can get a paper or two out of this
**\<Isthmus\>** Much of the research will be broadly applicable
**\<sarang\>** Great!
**\<atoc\>** Nice
**\<sarang\>** Getting a better sense of research trends in this direction, even if not presently applicable, will be intriguing to see
**\<sarang\>** e.g. there are plenty of ideas for post-quantum constructions, but there are generally huge barriers in efficiency that render them unusable
**\<atoc\>** btw Isthmus, this may be off topic but can you talk a little more about the Insight program?
**\<sarang\>** OK, we're just about out of time
**\<sarang\>** atoc: perhaps for right after the meeting?
**\<atoc\>** yes
**\<sarang\>** Are there any other last questions or comments about these research topics before adjourning?
**\<sarang\>** If not, thanks to everyone for attending and participating!

240
_posts/2020-06-20-monero-community-meeting.md Normal file
View File

@ -0,0 +1,240 @@
---
layout: post
title: Logs for the Community Meeting Held on 2020-06-20
tags: [dev diaries, crypto]
author: asymptotically / sgp_
---
# Logs
**\<sgp\_\>** 0. Introduction
**\<needbrrrrrrr90\>** If I end up afk just ping me repeatedly and my phone will buzz
**\<endogenic\>** o hi
**\<sgp\_\>** We would like to welcome everyone to this Monero Community Workgroup Meeting!
**\<needbrrrrrrr90\>** And I'll wake up
**\<binaryFate\>** hello
**\<endogenic\>** needbrrrrrrr90:
**\<sgp\_\>** Link to agenda on GitHub: https://github.com/monero-project/meta/issues/475
**\<needbrrrrrrr90\>** Hi!
**\<sgp\_\>** Monero Community meetings are a discussion place for anything going on in the Monero Community, including other Monero workgroups. We use meetings to encourage the community to share ideas and provide support.
**\<sgp\_\>** 1. Greetings
**\<needbrrrrrrr90\>** Sup
**\<sarang\>** Hello
**\<xmrscott[m]\>** Osu~
**\<endogenic\>** osssssu
**\<needbrrrrrrr90\>** Missed the last two meetings because I overslept and 10am is too early
**\<needbrrrrrrr90\>** Glad to be here :D
**\<rehrar\>** hi
**\<needbrrrrrrr90\>** Osu is great
**\<needbrrrrrrr90\>** Everyone dead :(
**\<endogenic\>** ossu
**\<needbrrrrrrr90\>** Should we ping
**\<midipoet\>** hello
**\<endogenic\>** needbrrrrrrr90:
**\<sgp\_\>** thanks everyone for being here!
**\<sgp\_\>** 2. Community highlights
**\<sgp\_\>** See Monero weekly highlights at https://revuo-monero.com
**\<sgp\_\>** Check out resources at https://communityworkgroup.org. It also has a calendar you can subscribe to for meeting reminders.
**\<sgp\_\>** asymptotically was an absolute champ and uploaded meeting logs for the past 6+ months to the getmonero.org website!
\<3
**\<sgp\_\>** ErCiccione, fort3hlulz, xmrhaelan, geonic, wowario, and others have been sharing information about Monero with the #DidYouKnowMonero hashtag. Please participate if you are on Twitter https://twitter.com/search?q=%23DidYouKnowMonero
**\<sgp\_\>** Does anyone have community (non-workgroup) updates to share?
**\<rehrar\>** question regarding that. This week there wasn't much news. :( anybody have news to share?
**\<rehrar\>** Revuo for this past week not out yet. I'll put it out now. But there was only one news item (Iranian exchange)
**\<msvb-web\>** Hello everyone.
**\<needbrrrrrrr90\>** Hey Michael
**\<rehrar\>** so we did draw a Monero fox to compensate, but if anyone had another news item please let me know
**\<ajs-mob\>** hi
**\<sgp\_\>** rehrar: when will your Mainnet talk be public?
**\<rehrar\>** OH! Yeah! It is public, no?
**\<rehrar\>** or was the link I sent unlisted?
**\<sgp\_\>** the link you sent me was unlisted
**\<rehrar\>** oof, then idk
**\<sgp\_\>** did they get back to you on formatting?
**\<rehrar\>** no. I emailed. No response.
**\<rehrar\>** I'll email again.
**\<binaryFate\>** rehrar: website got netlify, maybe worth a news
**\<ErCiccione[m]\>** Sorry i'm late but i'm here
**\<rehrar\>** binaryFate: so any changes made are automatically pushed?
**\<binaryFate\>** no, but when people make a PR, a version of the website with that PR is automatically built
**\<sgp\_\>** rehrar: is the CLSAG audit being funded already represented?
**\<binaryFate\>** and linked from PR on github
**\<needbrrrrrrr90\>** That's neat
**\<rehrar\>** I haven't in the past used a proposal being funded as a news item, but I guess I can
**\<binaryFate\>** ErCiccione[m] knows details and took care of most of the netlify stuff
**\<rehrar\>** cool
**\<rehrar\>** ok
**\<sgp\_\>** haha idk, just trying to offer suggestions
**\<rehrar\>** want to see the fox?
**\<fort3hlulz\>** Netlify helps with docs updates, since we'll get to see a build with it correct?
**\<sgp\_\>** this workgroup has a Twitter, maybe shill that
**\<rehrar\>** it's cute
**\<sgp\_\>** yeah of course
**\<fort3hlulz\>** Rehrar it would be great to share about the twitter campaign in there too IMO
**\<rehrar\>** https://usercontent.irccloud-cdn.com/file/07BIwpc4/monerofox-sticker.png
**\<sarang\>** aww
**\<sgp\_\>** that's soooooooo cute!
**\<fort3hlulz\>** Hahaha
**\<midipoet\>** remind me of Mozilla. Maybe that's the idea though
**\<fort3hlulz\>** Well done
**\<sgp\_\>** I want a shirt
**\<binaryFate\>** cuty
**\<sgp\_\>** and a blanket
**\<ErCiccione[m]\>** I can give a quick update about what netlify is later when it's time to give updates about the website
**\<sgp\_\>** ErCiccione[m]: ty :)
**\<fort3hlulz\>** Could you also post about it in Reddit @erciccione?
**\<netrik182[m]\>** hi sgp\_. sorry for being late
**\<ErCiccione[m]\>** Does it worth to make a dedicated post? i was thinking of including it in my usual monthly (more or less) update
**\<sgp\_\>** I agree with that mostly
**\<sgp\_\>** anything else on this section?
**\<sgp\_\>** 4. Workgroup report
**\<sgp\_\>** is selsta here?
**\<sgp\_\>** a. Daemon/CLI/GUI workgroup
**\<selsta\>** yep for a short update at least
**\<sgp\_\>** sweet :)
**\<selsta\>** we are preparing v0.16.0.1 with small bug fixes
**\<selsta\>** also mooo managed to fix a super rare bug that has existed for ages
**\<selsta\>** (difficulty drift bug)
**\<rehrar\>** moneromooo is kinda bae
**\<selsta\>** apart from that nothing major
**\<sgp\_\>** I accidentally skipped the CCS section, so that will be after the workgroup updates
**\<msvb-lab\>** rehrar: What is 'bae'?
**\<rehrar\>** slang for 'baby'. It means he's awesome.
**\<sgp\_\>** thanks selsta
**\<sgp\_\>** b. Localization workgroup
**\<ErCiccione[m]\>** We have a lot of suggested strings on Weblate that need to be reviewed. So basically if you can, go on https://translate.getmonero.org and review the strigns people suggested
**\<ErCiccione[m]\>** It's only a matter of giving an upvote of a downvote
**\<ErCiccione[m]\>** it's a pity to see so many suggestions and lack of reviewers
**\<fort3hlulz\>** Do you normally need English reviews?
**\<ErCiccione[m]\>** some languages are compltely translated (for example norwegian), but need a reviewer to
**\<fort3hlulz\>** Or only other translations?
**\<ErCiccione[m]\>** Only other languages. If we want to change english strings we have to do it directly on the repo, whatever it is
**\<fort3hlulz\>** Ah, ok.
**\<ErCiccione[m]\>** forgot to complete the sentence earlier: "we need a reviewer to confirm and review the translations"
**\<ErCiccione[m]\>** if anybody needs help, support or have question, #monero-translations is the place to go
**\<ErCiccione[m]\>** That's it. Review review review :)
**\<sgp\_\>** c. Website workgroup
**\<sgp\_\>** keep going :p
**\<ErCiccione[m]\>** :P
**\<ErCiccione[m]\>** so, as binaryfate said, now we have a netlify integration
**\<ErCiccione[m]\>** which means that once a PR is opened, Netlify will build it and show a preview of how the website will look like
**\<ErCiccione[m]\>** then a bot will comment under the PR with a link to the preview
**\<ErCiccione[m]\>** you can see it working here: https://github.com/monero-project/monero-site/pull/1027
**\<sarang\>** What are the "neutral checks" on the CI?
**\<ErCiccione[m]\>** I think that's supr useful because allow peopel to immediately see how the changes will look like and will allow people without a build environment for the website to have an overview of the changes
**\<fort3hlulz\>** That's pretty awesome!
**\<fort3hlulz\>** Super important to get more docs/site contributions.
**\<fort3hlulz\>** Now I need to actually dig into the docs...
**\<ErCiccione[m]\>** sarang: neutral checks?
**\<sarang\>** The CI shows some checks labeled "neutral"
**\<ErCiccione[m]\>** fort3hlulz: yes that was my main goal: getting more people to take a look at the website repo :)
**\<sarang\>** Header rules, etc.
**\<ErCiccione[m]\>** ooh, ok, i don't see the neutral, but those are just some netlify standard checks. I deactivated most of them to have a superquick buld (2-3 minutes) and we don't need them anyway
**\<sarang\>** Got it
**\<ErCiccione[m]\>** What we car about it's mostly only the preview
**\<ErCiccione[m]\>** \*care
**\<ErCiccione[m]\>** can be optimized a bit, especially because we have limited build time (300 minutes)
**\<ErCiccione[m]\>** so we can remove builds for stuff we don't care about, like the readme
**\<ErCiccione[m]\>** i will look into it in the future. For now it's working exactly as it should
**\<fort3hlulz\>** Per month? Or what period?
**\<binaryFate\>** we could ask if they want to be listed as sponsor for giving us higher tier for free. That seems pretty useful and they would get some good noise from monero people on twitter etc
**\<ErCiccione[m]\>** per month, yes
**\<fort3hlulz\>** Good idea @binaryFate
**\<ErCiccione[m]\>** binaryFate: that's a good idea
**\<fort3hlulz\>** Or if not, we could do a CCS for it, would expect it to be funded.
**\<sarang\>** What would the cost be?
**\<ErCiccione[m]\>** yeah, the next tired is supercheap anyway
**\<ErCiccione[m]\>** looking that up
**\<binaryFate\>** 45$/month
**\<selsta\>** $7/500 minutes build minutes
**\<ErCiccione[m]\>** not supercheap but not expensive: $45 a month
**\<rehrar\>** Ok. I'll contact then.
**\<selsta\>** we dont need the next tier if we only use it for deploy
**\<ErCiccione[m]\>** https://www.netlify.com/pricing/
**\<selsta\>** for preview\*
**\<rehrar\>** selsta but we can have it!!!
**\<ErCiccione[m]\>** A "pro" plan would also allow us to add people to the team. It's not supr important, but would allow me to have aces to the settings
**\<binaryFate\>** right now we're good for ~100 PR / month
**\<binaryFate\>** probably ok?
**\<selsta\>** Seems okay for now.
**\<ErCiccione[m]\>** yeah calculated at the time and we should be good, with even some extra time
**\<ErCiccione[m]\>** iiirc we should be able to manage double the PR volume we currently have
**\<sgp\_\>** cool
**\<sgp\_\>** anything else?
**\<sgp\_\>** I don't think anyone is here from the outreach workgroup, so we can skip that section
**\<sgp\_\>** e. Monero Research Lab
**\<ErCiccione[m]\>** Since we are at it, i want to remind that the PR which changes the homepage is still open and waiting for reviews
**\<ErCiccione[m]\>** https://github.com/monero-project/monero-site/pull/948
**\<ErCiccione[m]\>** i will force push it to trigger the netlify preview
**\<ErCiccione[m]\>** that's it
**\<sgp\_\>** thanks :)
**\<sgp\_\>** sarang, do you have a quick update?
**\<sarang\>** I did a bunch of analysis work on transaction history, transaction types, and spend patterns in support of output selection updates
**\<sarang\>** and have been updating the CLSAG preprint in response to audit draft results
**\<sarang\>** We can use the results of the analysis work to better influence future decisions on building transactions safely
**\<sgp\_\>** let's get those coinbase-only rings :p
**\<sarang\>** The analysis suggests that coinbase spend patterns (in terms of age) don't differ from non-coinbase, which is an interesting and somewhat unexpected result
**\<sarang\>** I also know that Isthmus and friends have been working on their post-quantum research
**\<sarang\>** but I don't want to speak for them
**\<sgp\_\>** thanks, anything else?
**\<sarang\>** Nothing major that isn't boring math =p
**\<sgp\_\>** f. Monero Defcon Village
**\<sgp\_\>** msvb-lab
**\<msvb-lab\>** Hello, thanks sgp.
**\<msvb-lab\>** Those of us who have attended all the Monero Village (at #monero-defcon channel) meetings, can please decide if you want special privileges on the Defon Discord server.
**\<msvb-lab\>** If you do, please:
**\<msvb-lab\>** #1 Create a Discord account, #2 Navigate https://discord.gg/defcon, #3 Find me 'Michael' on the 'linecon' channel of the Defcon Discord server. #4 Say hello to me, please.
**\<msvb-lab\>** That helps me find your unique ID, and that is what Defcon Goons need to secure your place in the Monero Village channel of the Defcon Discord server.
**\<rehrar\>** Ok. I will do that. Thanks.
**\<msvb-lab\>** Any questions about that?
**\<sgp\_\>** He is Michael#7293
**\<sgp\_\>** no questions
**\<msvb-lab\>** sgp: Michael#7293 is a clonable id, any imposter can take that. The real ID requires green magic to obtain, and is 18 numbers long.
**\<msvb-lab\>** Okay, just please all village staff who want privileges try to help by doing this in the next days. I'll try to pay attention in EU timezones to the channel.
**\<sgp\_\>** any other Defcon updates?
**\<msvb-lab\>** Or find out your real 18 digit ID and send me email michael⊙go
**\<msvb-lab\>** sgp: Only updates about the intervillage electronic badge, but it takes too long to report.
**\<msvb-lab\>** So it might be best to go to the next agenda topic sgp? Or no?
**\<sgp\_\>** only things that are relevant for a community meeting I guess. Defcon has its own meetings too obviously
**\<sgp\_\>** okay, moving on then
**\<sgp\_\>** 3. CCS updates
**\<sgp\_\>** The CLSAG Audit funds transfer to OSTIF has occurred without unforeseen issues. OSTIF converted ~172 XMR to USD. The excess XMR were donated to the Monero General Fund.
**\<sgp\_\>** Funding required:
**\<sgp\_\>** Sarang: research funding for 2020 Q3 (487.73 / 518 XMR) https://ccs.getmonero.org/proposals/sarang-2020-q3.html
**\<sgp\_\>** Defcon equipment storage for one year (6 / 13 XMR) https://ccs.getmonero.org/proposals/defcon-storage.html
**\<sgp\_\>** Ideas (to be discussed):
**\<sgp\_\>** ErCiccione: 3 more months part time work on Getmonero.org (July-Sept) (132 XMR) https://repo.getmonero.org/monero-project/ccs-proposals/-/merge\_requests/153
**\<sgp\_\>** approved, next :p
**\<ErCiccione[m]\>** 😛 I'm here for any question
**\<sgp\_\>** people have 5 seconds to add an objection, else I'm assuming unanimous approval
**\<rehrar\>** Ye
**\<sgp\_\>** ok, done with CCS stuff
**\<sgp\_\>** 5. Open ideas time
**\<sgp\_\>** Its open ideas time. Whats something we should be doing better?
**\<ErCiccione[m]\>** Superquickly before the next point, i forgot to post the link to my reddit post with the recent updates to the website: https://www.reddit.com/r/Monero/comments/h86mof/getmoneroorg\_updated\_1\_new\_user\_guide\_1/
**\<monerobux\>** [REDDIT] GetMonero.org updated: 1 new user guide, 1 Moneropedia entry and 1 user guide rewritten, 1 new FAQ, 'Reasonably' removed from the header and more (self.Monero) | 42 points (95.0%) | 12 comments | Posted by ErCiccione | Created at 2020-06-13 - 12:28:45
**\<midipoet\>** ErCiccione[m]: just curious, what does "triaging" mean in the context of websites? I only have ever heard it being used in the field of medicine...
**\<msvb-lab\>** Not really an open idea, but I'm still confused if there is a migration plan from Gitlab, Github, standalone, cloud, or back and forth.
**\<sgp\_\>** most stuff will stay on Github
**\<sarang\>** Sounds like CCS stuff is intending to stay on GitLab
**\<sgp\_\>** the CCS stuff will stay on gitlab
**\<ErCiccione[m]\>** midipoet: It means that when an issue is open, i assign it a label and determine how important it is (to define how quick we need to work on it)
**\<midipoet\>** ErCiccione[m]: makes sense. Thanks
**\<msvb-lab\>** sgp sarang: Shoulnd't we add Bitbucket and maybe get a fourth or fifth server so we don't seem too consistent?
**\<msvb-lab\>** That was a joke.
**\<ErCiccione[m]\>** midipoet: it's a fancy ways to say "i keep track of what issues are open and what we have to do with them" :)
**\<midipoet\>** ErCiccione[m]: i always approve of a bit of fancyness here and there
**\<ErCiccione[m]\>** 😛
**\<xmrscott[m]\>** As a treat
**\<sgp\_\>** looks like not many people had fancy ideas, and that's time :)
**\<sgp\_\>** 6. Confirm next meeting date/time
**\<sgp\_\>** The community meeting on the 4th of July is CANCELLED. The next community meeting will be in 4 weeks on the 18th of July.
**\<sarang\>** Fancy idea: support key-based pushes on GitLab :D
**\<sarang\>** (I know this is apparently some cloudflare thing)
**\<sgp\_\>** The next Coffee Chat is on Saturday 27 June at 17:00 UTC. Sadly, I will need to miss this one again. rehrar, can you moderate?
**\<msvb-lab\>** Great meeting sgp, thank you very much for moderating it.
**\<rehrar\>** Ye
**\<sarang\>** cheers
**\<sgp\_\>** thank you, apologies everyone
**\<sgp\_\>** Conclusion
**\<sgp\_\>** Thats all! Thanks for attending this Monero Community meeting, and we hope to see you on r/MoneroCommunity and #monero-community. Take care, STAY SAFE AND ISOLATED, and know that change starts with YOU.

111
_posts/2020-06-24-monero-research-lab-meeting.md Normal file
View File

@ -0,0 +1,111 @@
---
layout: post
title: Logs for the MRL Meeting Held on 2020-06-24
tags: [dev diaries, crypto, research]
author: asymptotically / Sarang
---
# Logs
**\<sarang\>** First, GREETINGS
**\<ArticMine\>** Hi
**\<I3^RELATIVISM\>** 0/
**\<Isthmus\>** Greetings
**\<sarang\>** All right, on to ROUNDTABLE, where anyone is welcome to share research of interest
**\<sarang\>** Who would like to go first?
**\<sarang\>** Isthmus:?
**\<Isthmus\>** Heyo
**\<Isthmus\>** Update on quantum audit, here is our preliminary analysis existing vulnerabilities. (Results subject to change as research progresses!)
**\<Isthmus\>** https://usercontent.irccloud-cdn.com/file/RKKVcmGZ/image.png
**\<Isthmus\>** https://usercontent.irccloud-cdn.com/file/ZPskux3i/image.png
**\<Isthmus\>** It's kind of a mixed bag, tbh.
**\<sarang\>** To be expected, I suppose
**\<sarang\>** There are many components of interest
**\<Isthmus\>** Our reliance on DLP is the biggest weak spot right, as expected
**\<sarang\>** ya
**\<Isthmus\>** That's all on that, any Q's?
**\<sarang\>** By "ring signatures" I assume you mean a quantum adversary identifying signing indices via key images?
**\<Isthmus\>** Yea (or via any mechanism)
**\<Isthmus\>** Oh, one thing that we started wondering about
**\<Isthmus\>** If you're creating a multisig transactions and one of the signers has a quantum computer, can they gain any extra information about their co-signers
**\<sarang\>** Well, you can just derive the whole private key
**\<sarang\>** if that's what you mean
**\<Isthmus\>** Yea. I need to sit down with ZtM2 to figure out what's passed around, and what should be unknown, just crossed my mind yesterdy
**\<sarang\>** That's a good point
**\<sarang\>** I don't think anyone had specifically mentioned the multisig process during the planning stages of your analysis
**\<Isthmus\>** Yea, we just added it. Will probably realize 1 or 2 more aspects to check throughout the next few weeks
**\<Isthmus\>** Keep dropping us your ideas :- )
**\<sarang\>** Are there particular assumptions made about whether or not the adversary has a public key already?
**\<sarang\>** e.g. the adversary suspects a particular address as a destination
**\<Isthmus\>** I'm assuming that the adversary is a co-signer on the multisig transaction. They would know the public key with or without a quantum computer, right?
**\<Isthmus\>** [erm, well we can consider the adversary both ways, this is just what I had been wondering about yesterday]
**\<sarang\>** I mean in general, sorry
**\<sarang\>** Not specific to multisig
**\<Isthmus\>** Ah yea, quantum computer with your public key and quantum computer without your public key are two adversary models that are considered separately.
**\<Isthmus\>** Though TBH the first one is pretty (sadly) easy
**\<Isthmus\>** Public key --\> [shor's algorithm] --\> private key --\> init wallet --\> game over
**\<sgp\_\>** sorry I'm late
**\<sarang\>** And not even "your" public key
**\<sarang\>** But just looking at a given transcation on chain
**\<sarang\>** If the adversary's goal is to identify as much as possible about keys, addresses, etc.
**\<sarang\>** Sending wallet address, receiving wallet address, etc.
**\<Isthmus\>** Yea, if an outside observer plucks a transaction at random from the blockchain, with no further knowledge, what can they ascertain about 1) the sender, 2) the transaction, 3) the recipient
**\<sarang\>** Right. And then what can they learn if they have an idea of possible addresses
**\<Isthmus\>** Bingo
**\<sarang\>** I assume that there is (or will be) a more specific write-up with details on what relates to this chart?
**\<UkoeHB\_\>** Earlier I argued you could brute force output amounts if the DLP is broken (assuming recipient address is unknown), however I'll retract that. Output amounts are information-theoretically secure.
**\<Isthmus\>** Gotcha
17:23:44 \* Isthmus makes a note
**\<Isthmus\>** Yeah, this will all be in the research writeup, and more intuitive parts will be included in the general audience writeup
**\<sarang\>** Anything else to consider about your analysis at this point Isthmus?
**\<Isthmus\>** We were thinking about some medium articles throughout, just for good measure
**\<Isthmus\>** Nope, that's all on the quantum end for now
**\<sarang\>** OK great!
**\<Isthmus\>** I started going down a rabbit hole of subliminal channels this morning, but will save those thoughts for later
**\<sarang\>** Did anyone else wish to present research of interest?
**\<UkoeHB\_\>** This means even if both DLP and hash preimage are broken, there should not be a way to extract the recipient's address from an output.
**\<Isthmus\>** That's a huge relief, or else we could recursively apply Shor's algorithm and move forward through the transaction tree breaking everybody's wallets
**\<sarang\>** I'll share a few things
**\<sarang\>** Here's a time-windowed CDF of spend age: https://usercontent.irccloud-cdn.com/file/5EccXpmE/cdf\_window.png
**\<sarang\>** Still tracks the gamma distribution pretty well, but there are differences over time (pre-CT)
**\<sarang\>** Related to this, I posted my tracing code: https://github.com/SarangNoether/skunkworks/tree/tracing
**\<sarang\>** It now supports iterative updates, which may be useful
**\<sarang\>** Unrelated to this, I'm still working with the CLSAG auditors
**\<sarang\>** I rewrote the proof for Theorem 1 that relates unforgeability to non-slanderability, and it now addresses the auditors' suggestions
**\<sarang\>** There are a bunch of other non-security-related updates to it
**\<sarang\>** and I'm now in the process of overhauling the linkability anonymity proof to use a better hardness assumption and method, which is a tedious process
**\<sarang\>** but I think that will address their comments and be a stronger result
**\<sarang\>** The auditors' conclusion is that the construction seems secure, and that the security model seems appropriate to the use case
**\<sarang\>** This was the overall goal of the audit; suggestions relating to presentation, formality, etc. are very useful for later submission, but don't appear security-related
**\<UkoeHB\_\>** Sounds like the audit is moving along well
**\<sarang\>** It is! The code review portion has not begun yet, but there are no changes in code to be made as a result of the preprint audit at this point
**\<sarang\>** Any questions on these research topics?
**\<sarang\>** OK, did anyone else have anything to share before we move on?
**\<sgp\_\>** nope
**\<sarang\>** If not, we can move on to ACTION ITEMS for the coming week
**\<sarang\>** I will be finishing up this linkable anonymity overhaul and incorporating it into the preprint, which will complete the updates needed for the auditors
**\<sarang\>** Once that's done, I'll get the preprint in a submittable state
**\<sarang\>** Anyone else?
**\<sgp\_\>** I'll be opening a GitHub issue for segregating coinbase outputs into coinbase-only rings
**\<sarang\>** It's a good time to discuss this, with an upcoming network upgrade for CLSAG at some point
**\<sgp\_\>** yeah I think so too
**\<sarang\>** especially given the spend-age data
**\<sarang\>** I'd still love to see the corresponding data for bitcoin
**\<sarang\>** but I don't have that dataset
**\<sarang\>** all the Monero data is necessarily pre-CT because of deducibility
**\<sarang\>** and any post-CT deducible data spends old funds and is therefore basically useless for those kinds of distributions
**\<sgp\_\>** I've been pretty clear that I think this BTC data would be nice but isn't necessary to make this change
**\<sarang\>** understood
**\<sarang\>** OK, anything else before we adjourn?
**\<UkoeHB\_\>** Isthmus I have to walk back my walkback (sorry for the interruption sarang). You can definitely brute force it if the DLP and hash preimage are broken. Information-theoretic security means nothing in the face of brute forcing all possibilities (64 bits worth). You'd 1) get the DLP of generator H and the commitment C, 2) pick an amount, 3) compute the possible derivation to scalar, 4) get its hash preimage,
**\<UkoeHB\_\>** 4a) use the key sequence of bits from the preimage to test the encoded amount and only continue if it matches the guessed amount (very unlikely to match if the guessed amount isn't correct) 5) use the key sequence of bits from the preimage to compute the one time address derivation to scalar, 6) subtract it from the one time address private key to get the nominal private spend key, 7) get the DLP of the
**\<UkoeHB\_\>** preimage key with respect to the tx pub key to get the nominal private view key, 8) test if the spend key can produce the view key directly (normal address) or if any reasonable sub address index can be used to extract a spend key that produces the view key, 9) repeat 2-8 until you get a match (step 4a will probably catch most mistaken guesses). Let's blame this mishap on a stray synapse.
**\<sarang\>** hmm
**\<Isthmus\>** ohhhhhh
**\<sarang\>** IIRC preimage on keccak is something like O(2^100) or so
**\<sarang\>** but I'd have to check on that
**\<Isthmus\>** Unrelated: Does ZtM2 talk about variable types or just math? Trying to figure out if fees are uint64 or what
**\<UkoeHB\_\>** They are varints, which I mention in section 6.3 footnote iirc
**\<Isthmus\>** Ah, perfect. Thanks!
**\<sarang\>** Righto, let's go ahead and adjourn since it's now 18:00 UTC
**\<sarang\>** Thanks to everyone for participating!