ccs-proposals/fcmp++-research.md

88 lines
5.7 KiB
Markdown
Raw Normal View History

---
2024-04-29 14:26:09 +00:00
layout: wip
2024-04-25 21:15:26 +00:00
title: "Full-Chain Membership Proofs + Spend Authorization + Linkability Research CCS"
author: kayabaNerve
date: April 13, 2024
2024-04-25 21:15:26 +00:00
amount: 2000
milestones:
2024-12-19 12:00:35 +00:00
- name: MAGIC/Veridise write proofs for divisor technique (Segment of 'Provide a soundness proof for the proof using Elliptic Curve Divisors')
2024-05-30 17:13:34 +00:00
funds: 70
2024-12-19 12:00:35 +00:00
done: 30 May 2024
status: finished
- name: Veridise R1CS circuit review + negative coefficients and an extended review of the use of logarithmic derivatives (Segment of 'Provide a soundness proof for the proof using Elliptic Curve Divisors')
2024-12-19 12:06:34 +00:00
funds: 38.5
done: 25 November 2024
2024-12-19 12:00:35 +00:00
status: finished
- name: CypherStack divisor technique proofs review (Segment of Provide a soundness proof for the proof using Elliptic Curve Divisors)
funds: 198
done: 22 May 2024
status: finished
- name: Formally verify the gadgets
2024-04-25 21:19:29 +00:00
funds: 0
done:
status: unfinished
2024-12-19 12:06:34 +00:00
- name: CypherStack (Prove the composition to be unlinkable, unforgeable, and non-malleable)
funds: 38
done: 13 August 2024
status: finished
- name: Brandon Goodell (Segment of 'Review GBP security proofs')
2024-12-19 12:00:35 +00:00
funds: 118.5
done: 13 December 2024
status: finished
- name: Audit the Implementation of GBPs
2024-04-25 21:19:29 +00:00
funds: 0
done:
status: unfinished
- name: Audit the Elliptic Curve Divisors Library
2024-04-25 21:19:29 +00:00
funds: 0
done:
status: unfinished
- name: Audit the implementation of the gadgets
2024-04-25 21:19:29 +00:00
funds: 0
done:
status: unfinished
- name: Audit the implementation of the circuit
2024-04-25 21:19:29 +00:00
funds: 0
done:
status: unfinished
- name: Audit the implementation of the Towering Curve Cycle
2024-04-25 21:19:29 +00:00
funds: 0
done:
status: unfinished
- name: Audit the implementation of the Generalized Schnorr Protocol
2024-04-25 21:19:29 +00:00
funds: 0
done:
status: unfinished
payouts:
2024-05-22 20:07:03 +00:00
- date: 22 May 2024
amount: 198
2024-05-30 17:13:34 +00:00
- date: 30 May 2024
amount: 70
2024-08-13 23:44:21 +00:00
- date: 13 August 2024
amount: 38
- date: 25 November 2024
amount: 38.5
- date: 13 December 2024
amount: 118.5
- date:
amount:
- date:
amount:
- date:
amount:
- date:
amount:
---
This CCS is to prove, review, and audit Full-Chain Membership Proofs (a trustless solution based on Generalized Bulletproofs) into Monero under RingCT, replacing the existing CLSAG. This is distinct from prior intents to integrate FCMPs into Monero with Seraphis, and was prior discussed in a MRL meeting with well reception. That same meeting organized the [funding of security proofs for Generalized Bulletproofs](https://ccs.getmonero.org/proposals/cypherstack-gbp-security-proofs.html), a critical component for FCMPs (under both this proposal and Seraphis). The review and audits here would also lay the ground work for FCMPs with Seraphis as well.
All of these milestones have "?" for their required funds. The goal of this CCS is to raise the funds necessary to contract various external parties. All XMR will be held per the usual CCS policy, by core, until the necessary agreements are made for each milestone. The intention of this is to prevent needing to file several CCSs (addng delays) and to minimize the amount of confusion re: funding efforts. I do not want to have to justify to the community, after 5 CCSs for audits, why a 6th one is still justified and FCMPs aren't a black hole of endless fundraises for audits.
Unfortunately, that last note cannot be completely unavoided. Since there are not auditors ready for each and every milestone, this CCS may run out of funds prior to completion of all milestones (requiring another CCS). The amount chosen (2000 XMR, roughly 230k USD) was chosen on the belief it's reasonable for the scope described. Due to the subject matter (ZK proofs and circuits) currently being one of the hottest fields in the cryptocurrency space at large, with both startups and VCs, I'm unable to provide any such guarantee.
With that note, it may sound optimal to do individualized CCSs. That'd not only add weeks/months to the process (as some of these audits are serialized, so a delay in one adds to the delay in the next), it'd risk being unable to contract certain auditors. In my experience, auditors schedule as long as months out *from time of agreement*. In the time it takes to discuss the proposal and raise the funds, auditors' availability schedules may shift dramatically, including in rates (shifting the amount necessary/adding a deadline for the discussion and fundraising). Hence this proposal.
kayabaNerve and jberman are the people primarily expected to find such parties, with the actual agreement on parties and amount to be by their endorsement, and a general agreement within MRL that the proposed expenditure is reasonable. The word choice of reasonable means that the proposed parties are reasonably trusted to be able to adequately perform the work proposed, the amount to be paid is understandable and amenable, and if there are other potential parties, none are clearly, completely, and definitively better choices.
If the work within this CCS for any reason fails, or completes with a remaining balance, the funds raised and remaining (held by core, per the rules of the CCS) will roll over into a general MRL research fund to sponsor further research and development, such as proofs for and review of Seraphis. The direction of and process for this new fund will be decided and agreed upon such a roll over occurring by core and discussions within MRL. The idea for this was premised on the idea of hiring researchers, Cypher Stack specifically, on retainer with MRL having discretion over how those hours were spent. That was discussed at the same meeting as this proposal (proposal as in cryptographic idea, not proposal as in CCS proposal) with sufficiently well reception for me to propose it as the fallback here.