mirror of
https://github.com/monero-project/monero-site.git
synced 2024-12-15 21:06:35 +02:00
ca61c34564
+ dev diaries tag added to all backlog + MRL 7/29, 8/5, 8/20, 8/26, 9/2 + Dev 8/11, 8/25 + Community 8/3, 8/17, 8/31 + tini2p 8/8, 8/22, 9/5
159 lines
11 KiB
Markdown
159 lines
11 KiB
Markdown
---
|
|
layout: post
|
|
title: Logs for the Monero Research Lab Meeting Held on 2019-05-14
|
|
summary: Surae work, Sarang work, and miscellaneous
|
|
tags: [dev diaries, community, crypto, research]
|
|
author: el00ruobuob / sarang
|
|
---
|
|
|
|
# Logs
|
|
|
|
**\<sarang>** Agenda: https://github.com/monero-project/meta/issues/344
|
|
**\<sarang>** Logs of this meeting will be posted there
|
|
**\<sarang>** GREETINGS
|
|
**\<suraeNoether>** howdy!
|
|
**\<suraeNoether>** how is everyone?
|
|
**\<suraeNoether>** who had fun at MCC? \*this guy\*
|
|
**\<suraeNoether>** okay
|
|
**\<suraeNoether>** well let's beign
|
|
**\<suraeNoether>** begin\*
|
|
**\<suraeNoether>** for the roundtable portion
|
|
**\<suraeNoether>** let's start with general questions from the audience, and let's go around and see if anyone has anything to present
|
|
**\<suraeNoether>** other than sarang and i anyway
|
|
**\<sarang>** Heh, I suppose we can move to presentations
|
|
**\<suraeNoether>** yup
|
|
**\<sarang>** go ahead suraeNoether
|
|
**\<suraeNoether>** go ahead sir
|
|
**\<suraeNoether>** ahah
|
|
**\<sarang>** jinx
|
|
**\<suraeNoether>** okay
|
|
**\<suraeNoether>** well, CLSAG paper is undergoing the final round the corner. sarang and i are working on the final details today with randomrun, and i hope we can make a public version of the paper available in the next several days (unless some flaw is found)
|
|
**\<sarang>** Yeah, just need that timing data and a definite answer on the hash coeffs in the proof
|
|
**\<suraeNoether>** DLSAG paper is undergoing further review, but I believe we are putting up an IACR version of that in the coming days also
|
|
**\<sarang>** Yep, waiting on all authors to sign off
|
|
**\<suraeNoether>** MRL11 is still in progress, but now that clsag and dlsag are off my plate, it's being cranked up in terms of priority
|
|
**\<suraeNoether>** i anticipate rapid progress on that as well
|
|
**\<suraeNoether>** May 20-24, sarang and endogenic and I are doing the Monero workshop, and I believe we may be having Gao from Clemson come give us talks on starks and fully homomorphic encryption in the RLWE setting
|
|
**\<suraeNoether>** (sarang, we should do some studying before then together on that)
|
|
**\<sarang>** of course
|
|
**\<suraeNoether>** I gave a talk, sat on a panel, and gave an interview at the magical crypto conference
|
|
**\<suraeNoether>** all of those are up on youtube; the talk was about four different branches of research here at MRL
|
|
**\<suraeNoether>** other than that, i guess i'd prefer answering questions rather than talking myself into a rabbit hole
|
|
**\<suraeNoether>** nioc and i have had some conversations about how long-winded i can be so i'm going to zip it unless folks want more details :D
|
|
**\<sarang>** Any questions for suraeNoether on this work?
|
|
**\<suraeNoether>** so, for the audience members who are new
|
|
**\<suraeNoether>** DLSAG = dual-recipient output signatures = work toward the claim-or-refund primitive that can underly smart contracts and lightning network. CLSAG = compressed signatures making the rate of growth on the monterion blockchain hopefully 25% smaller and faster to verify
|
|
**\<suraeNoether>** MRL11 = traceability resistance analysis
|
|
**\<suraeNoether>** so, work is important, hard, and slow going, but doing it right is very important to us
|
|
**\<suraeNoether>** anyway, sarang, how about yourself?
|
|
**\<sarang>** Plenty to mention
|
|
**\<sarang>** I had overhauled some definitions and such in the CLSAG paper, which suraeNoether has completed more edits on
|
|
**\<sarang>** In particular, some stuff on multi-asset transactions that could be enabled by this
|
|
**\<sarang>** I'll get timing data and then we can release for review
|
|
**\<moneromooo>** "multi-asset" being akin to coloured coins ?
|
|
**\<sarang>** ya
|
|
**\<sarang>** Not saying I'm recommending such a thing for us, but it's an easy application
|
|
**\<sarang>** I've been working on some draft protocols for how a Monero coinjoin could work
|
|
**\<sarang>** Right now the initial scheme requires a certain amount of trust in a dealer, but is very efficient
|
|
**\<sarang>** This is obviously not ideal
|
|
**\<sarang>** MoJoin, I call it
|
|
**\<sarang>** FWIW it doesn't leak spend data to the dealer, only the partition of inputs-and-outputs to each player in the join
|
|
**\<sarang>** sgp\_ and I did two Breaking Monero episodes, one on input/output counts and one on block explorers
|
|
**\<sarang>** that's the main stuff for me
|
|
**\<suraeNoether>** oh, guys: we are deciding to extend early-bird pricing for a few more days
|
|
**\<suraeNoether>** i'll be advertising it
|
|
**\<suraeNoether>** but don't forget to get your ticket at monerokon.com before prices change, if you are still coming
|
|
**\<suraeNoether>** students are especially encouraged to attend; there will likely be partial rebates at the door for student tickets
|
|
**\<sarang>** Any particular questions for me?
|
|
**\<suraeNoether>** how many rounds of interaction in mojoin?
|
|
**\<moneromooo>** The "Gao [...] fully homomorphic" thing makes me wonder if that could not be looked at in conjunction with dealerless coinjoin :)
|
|
**\<sarang>** 3
|
|
**\<sarang>** This is minimal because of the BP MPC
|
|
**\<suraeNoether>** yeah, that's cool. moneromooo i think that's probably a safe avenue of stuff for us to talk about
|
|
**\<sarang>** Er, no... 4 rounds now, sorry
|
|
**\<sarang>** I had to make a change
|
|
**\<suraeNoether>** oh
|
|
**\<sarang>** The extra round is to avoid commitment sums being used to brute-force the partition by an observer
|
|
**\<sarang>** Making the resulting transaction identical to one not MoJoined (although the output count is something of a giveaway)
|
|
**\<moneromooo>** BTW, something I've not done in the branch is merging outputs to the same destination (originally the intent was to make Alice + Bob atomically paying Carol).
|
|
**\<moneromooo>** Would that be possible with the dealer based coinjoin ?
|
|
**\<sarang>** So A+B generate a single joint output?
|
|
**\<moneromooo>** yes.
|
|
**\<sarang>** I don't think it's possible to do the BP MPC without leaking the full mask
|
|
**\<sarang>** unless that's acceptable
|
|
**\<moneromooo>** That's fine in that case since Alice and Bob to advertise what they're paying, since each of them verifies the other does pay.
|
|
**\<sarang>** Would this assume another side channel between them that's outside of the join?
|
|
**\<sarang>** So it'd be a plug-and-play operation into a join?
|
|
**\<moneromooo>** I dunno. If you need one I guess.
|
|
**\<sarang>** Hmm
|
|
**\<sarang>** It's probably possible, under the right trust model between A+B
|
|
**\<sarang>** Of course, "probably possible" is quite the weaselworld
|
|
**\<sgp\_>** I'm here and caught up, sorry for being late
|
|
**\<sarang>** hi
|
|
**\<suraeNoether>** nbd
|
|
**\<sarang>** talking coinjoin
|
|
**\<fort3hlulz>** Whats the advantage for Monero in using a CoinJoin implementation? if its better to chat later about it Ill shutup :)
|
|
**\<suraeNoether>** no, that's a great question
|
|
**\<moneromooo>** It adds another layer of privacy. If Eve looks at one tx, she can't assume anymore than all the inputs are from hte same owner.
|
|
**\<sarang>** Yeah, it tries to break the common-ownership assumption
|
|
**\<fort3hlulz>** Ah, so its a mitigation of poisoning/EAE attacks specifically? How does it affect Tx size/blockchain bloat?
|
|
**\<sarang>** My thought about the dealer model (if it's a necessity, which is yet TBD) is that under a malicious dealer assumption, you basically revert back to the current model
|
|
**\<moneromooo>** If we're lucky, smaller txes since one single BP :)
|
|
**\<sarang>** Another quick note that hyc and I had a call with Trail of Bits, an auditor who submitted a SoW
|
|
**\<sarang>** they'll be updating their numbers, and noted that another project may be interested in helping fund RandomX
|
|
**\<sarang>** We'll have a call with those folks tomorrow
|
|
**\<hyc>** Hi, just finished my other call
|
|
**\<sarang>** yo
|
|
**\<hyc>** yeah, some good stuff from Trail of Bits
|
|
**\<fort3hlulz>** Awesome, I'm excited to learn more about CoinJoin on Monero as well as CLSAG, thanks guys! Ill get out of your hair now :)
|
|
**\<sarang>** Thanks for the question fort3hlulz
|
|
**\<sarang>** The security of coinjoins in Monero is still very much in the air
|
|
**\<hyc>** also for the benchmark freaks (like me) Huawei has offered to give me access to some servers with their newest chip, for benchmarking purposes
|
|
**\<hyc>** will be getting efficiency numbers for CN/R and RandomX on ARMv8
|
|
**\<suraeNoether>** ooooh
|
|
**\<suraeNoether>** thats... fantastic...
|
|
**\<sarang>** nice
|
|
**\<hyc>** thes guys https://e.huawei.com/us/products/cloud-computing-dc/servers/arm-based
|
|
**\<sarang>** We'll post the ToB updated SoW when they provide it
|
|
**\<suraeNoether>** and MRL marches forward into tomorrow's yesterday of the future^tm
|
|
**\<hyc>** general availability is end of June, early access is nice
|
|
**\<hyc>** that's all for me
|
|
**\<sarang>** Does anyone else have research to present?
|
|
**\<sarang>** Or general questions at all?
|
|
**\<suraeNoether>** whats the coolest plane you've flown?
|
|
**\<luigi1113>** what kind of pie do you like?
|
|
**\<suraeNoether>** berry berry
|
|
**\<sarang>** suraeNoether: commercially, or piloting myself?
|
|
**\<suraeNoether>** with greek yogurt
|
|
**\<suraeNoether>** ^ both
|
|
**\<sarang>** Commercially, Nepal
|
|
**\<sarang>** Myself, in between buildings in downtown San Francisco and the Golden Gate
|
|
**\<sarang>** which apparently is legal
|
|
**\<suraeNoether>** not place, plane, but i'll accept your answer happily
|
|
**\<suraeNoether>** that's awesome
|
|
**\<sarang>** Oh heh, didn't see that
|
|
**\<sarang>** Commercially, B787
|
|
**\<sarang>** Myself, probably a DA40
|
|
**\<sarang>** it's got the aerodynamics of a glider
|
|
**\<sarang>** WEll
|
|
**\<sarang>** Let's move to action items
|
|
**\<sarang>** suraeNoether: ?
|
|
**\<suraeNoether>** final dlsag review today
|
|
**\<suraeNoether>** mrl11 rest of the week
|
|
**\<suraeNoether>** uhmmm... and if anything else is handed back to me like clsag
|
|
**\<sarang>** word
|
|
**\<suraeNoether>** adjective
|
|
**\<sarang>** I'll get those CLSAG timings into the paper and finalize the proof question we had
|
|
**\<sarang>** Carry on with MoJoin
|
|
**\<sarang>** etc.
|
|
**\<sarang>** Any final words before we formally adjourn?
|
|
**\<dEBRUYNE>** Perhaps a blog post from CLSAG could be written (similar to the one for Bulletproofs)
|
|
**\<suraeNoether>** just excited for lunch
|
|
**\<sarang>** "Signatures. They are smaller and faster."
|
|
**\<dEBRUYNE>** I don't think many community members would understand CLSAG from the technical paper alone :P
|
|
**\<sarang>** But yes, we could do that once we're satisfied with security
|
|
**\<sgp\_>** People need these blog posts or else no one will know
|
|
**\<suraeNoether>** dEBRUYNE: that would be good, yes.
|
|
**\<sarang>** All righty, thanks to everyone for attending
|
|
**\<sarang>** We are now formally adjourned; logs will appear shortly
|