monero-site/_posts/2019-05-14-logs-for-the-Monero-Research-Lab-meeting-held-on-2019-05-14.md

159 lines
11 KiB
Markdown
Raw Permalink Normal View History

2019-06-03 07:43:14 +00:00
---
layout: post
title: Logs for the Monero Research Lab Meeting Held on 2019-05-14
summary: Surae work, Sarang work, and miscellaneous
tags: [dev diaries, crypto, research]
2019-06-03 07:43:14 +00:00
author: el00ruobuob / sarang
---
# Logs
**\<sarang>** Agenda: https://github.com/monero-project/meta/issues/344
**\<sarang>** Logs of this meeting will be posted there
**\<sarang>** GREETINGS
**\<suraeNoether>** howdy!
**\<suraeNoether>** how is everyone?
**\<suraeNoether>** who had fun at MCC? \*this guy\*
**\<suraeNoether>** okay
**\<suraeNoether>** well let's beign
**\<suraeNoether>** begin\*
**\<suraeNoether>** for the roundtable portion
**\<suraeNoether>** let's start with general questions from the audience, and let's go around and see if anyone has anything to present
**\<suraeNoether>** other than sarang and i anyway
**\<sarang>** Heh, I suppose we can move to presentations
**\<suraeNoether>** yup
**\<sarang>** go ahead suraeNoether
**\<suraeNoether>** go ahead sir
**\<suraeNoether>** ahah
**\<sarang>** jinx
**\<suraeNoether>** okay
**\<suraeNoether>** well, CLSAG paper is undergoing the final round the corner. sarang and i are working on the final details today with randomrun, and i hope we can make a public version of the paper available in the next several days (unless some flaw is found)
**\<sarang>** Yeah, just need that timing data and a definite answer on the hash coeffs in the proof
**\<suraeNoether>** DLSAG paper is undergoing further review, but I believe we are putting up an IACR version of that in the coming days also
**\<sarang>** Yep, waiting on all authors to sign off
**\<suraeNoether>** MRL11 is still in progress, but now that clsag and dlsag are off my plate, it's being cranked up in terms of priority
**\<suraeNoether>** i anticipate rapid progress on that as well
**\<suraeNoether>** May 20-24, sarang and endogenic and I are doing the Monero workshop, and I believe we may be having Gao from Clemson come give us talks on starks and fully homomorphic encryption in the RLWE setting
**\<suraeNoether>** (sarang, we should do some studying before then together on that)
**\<sarang>** of course
**\<suraeNoether>** I gave a talk, sat on a panel, and gave an interview at the magical crypto conference
**\<suraeNoether>** all of those are up on youtube; the talk was about four different branches of research here at MRL
**\<suraeNoether>** other than that, i guess i'd prefer answering questions rather than talking myself into a rabbit hole
**\<suraeNoether>** nioc and i have had some conversations about how long-winded i can be so i'm going to zip it unless folks want more details :D
**\<sarang>** Any questions for suraeNoether on this work?
**\<suraeNoether>** so, for the audience members who are new
**\<suraeNoether>** DLSAG = dual-recipient output signatures = work toward the claim-or-refund primitive that can underly smart contracts and lightning network. CLSAG = compressed signatures making the rate of growth on the monterion blockchain hopefully 25% smaller and faster to verify
**\<suraeNoether>** MRL11 = traceability resistance analysis
**\<suraeNoether>** so, work is important, hard, and slow going, but doing it right is very important to us
**\<suraeNoether>** anyway, sarang, how about yourself?
**\<sarang>** Plenty to mention
**\<sarang>** I had overhauled some definitions and such in the CLSAG paper, which suraeNoether has completed more edits on
**\<sarang>** In particular, some stuff on multi-asset transactions that could be enabled by this
**\<sarang>** I'll get timing data and then we can release for review
**\<moneromooo>** "multi-asset" being akin to coloured coins ?
**\<sarang>** ya
**\<sarang>** Not saying I'm recommending such a thing for us, but it's an easy application
**\<sarang>** I've been working on some draft protocols for how a Monero coinjoin could work
**\<sarang>** Right now the initial scheme requires a certain amount of trust in a dealer, but is very efficient
**\<sarang>** This is obviously not ideal
**\<sarang>** MoJoin, I call it
**\<sarang>** FWIW it doesn't leak spend data to the dealer, only the partition of inputs-and-outputs to each player in the join
**\<sarang>** sgp\_ and I did two Breaking Monero episodes, one on input/output counts and one on block explorers
**\<sarang>** that's the main stuff for me
**\<suraeNoether>** oh, guys: we are deciding to extend early-bird pricing for a few more days
**\<suraeNoether>** i'll be advertising it
**\<suraeNoether>** but don't forget to get your ticket at monerokon.com before prices change, if you are still coming
**\<suraeNoether>** students are especially encouraged to attend; there will likely be partial rebates at the door for student tickets
**\<sarang>** Any particular questions for me?
**\<suraeNoether>** how many rounds of interaction in mojoin?
**\<moneromooo>** The "Gao [...] fully homomorphic" thing makes me wonder if that could not be looked at in conjunction with dealerless coinjoin :)
**\<sarang>** 3
**\<sarang>** This is minimal because of the BP MPC
**\<suraeNoether>** yeah, that's cool. moneromooo i think that's probably a safe avenue of stuff for us to talk about
**\<sarang>** Er, no... 4 rounds now, sorry
**\<sarang>** I had to make a change
**\<suraeNoether>** oh
**\<sarang>** The extra round is to avoid commitment sums being used to brute-force the partition by an observer
**\<sarang>** Making the resulting transaction identical to one not MoJoined (although the output count is something of a giveaway)
**\<moneromooo>** BTW, something I've not done in the branch is merging outputs to the same destination (originally the intent was to make Alice + Bob atomically paying Carol).
**\<moneromooo>** Would that be possible with the dealer based coinjoin ?
**\<sarang>** So A+B generate a single joint output?
**\<moneromooo>** yes.
**\<sarang>** I don't think it's possible to do the BP MPC without leaking the full mask
**\<sarang>** unless that's acceptable
**\<moneromooo>** That's fine in that case since Alice and Bob to advertise what they're paying, since each of them verifies the other does pay.
**\<sarang>** Would this assume another side channel between them that's outside of the join?
**\<sarang>** So it'd be a plug-and-play operation into a join?
**\<moneromooo>** I dunno. If you need one I guess.
**\<sarang>** Hmm
**\<sarang>** It's probably possible, under the right trust model between A+B
**\<sarang>** Of course, "probably possible" is quite the weaselworld
**\<sgp\_>** I'm here and caught up, sorry for being late
**\<sarang>** hi
**\<suraeNoether>** nbd
**\<sarang>** talking coinjoin
**\<fort3hlulz>** Whats the advantage for Monero in using a CoinJoin implementation? if its better to chat later about it Ill shutup :)
**\<suraeNoether>** no, that's a great question
**\<moneromooo>** It adds another layer of privacy. If Eve looks at one tx, she can't assume anymore than all the inputs are from hte same owner.
**\<sarang>** Yeah, it tries to break the common-ownership assumption
**\<fort3hlulz>** Ah, so its a mitigation of poisoning/EAE attacks specifically? How does it affect Tx size/blockchain bloat?
**\<sarang>** My thought about the dealer model (if it's a necessity, which is yet TBD) is that under a malicious dealer assumption, you basically revert back to the current model
**\<moneromooo>** If we're lucky, smaller txes since one single BP :)
**\<sarang>** Another quick note that hyc and I had a call with Trail of Bits, an auditor who submitted a SoW
**\<sarang>** they'll be updating their numbers, and noted that another project may be interested in helping fund RandomX
**\<sarang>** We'll have a call with those folks tomorrow
**\<hyc>** Hi, just finished my other call
**\<sarang>** yo
**\<hyc>** yeah, some good stuff from Trail of Bits
**\<fort3hlulz>** Awesome, I'm excited to learn more about CoinJoin on Monero as well as CLSAG, thanks guys! Ill get out of your hair now :)
**\<sarang>** Thanks for the question fort3hlulz
**\<sarang>** The security of coinjoins in Monero is still very much in the air
**\<hyc>** also for the benchmark freaks (like me) Huawei has offered to give me access to some servers with their newest chip, for benchmarking purposes
**\<hyc>** will be getting efficiency numbers for CN/R and RandomX on ARMv8
**\<suraeNoether>** ooooh
**\<suraeNoether>** thats... fantastic...
**\<sarang>** nice
**\<hyc>** thes guys https://e.huawei.com/us/products/cloud-computing-dc/servers/arm-based
**\<sarang>** We'll post the ToB updated SoW when they provide it
**\<suraeNoether>** and MRL marches forward into tomorrow's yesterday of the future^tm
**\<hyc>** general availability is end of June, early access is nice
**\<hyc>** that's all for me
**\<sarang>** Does anyone else have research to present?
**\<sarang>** Or general questions at all?
**\<suraeNoether>** whats the coolest plane you've flown?
**\<luigi1113>** what kind of pie do you like?
**\<suraeNoether>** berry berry
**\<sarang>** suraeNoether: commercially, or piloting myself?
**\<suraeNoether>** with greek yogurt
**\<suraeNoether>** ^ both
**\<sarang>** Commercially, Nepal
**\<sarang>** Myself, in between buildings in downtown San Francisco and the Golden Gate
**\<sarang>** which apparently is legal
**\<suraeNoether>** not place, plane, but i'll accept your answer happily
**\<suraeNoether>** that's awesome
**\<sarang>** Oh heh, didn't see that
**\<sarang>** Commercially, B787
**\<sarang>** Myself, probably a DA40
**\<sarang>** it's got the aerodynamics of a glider
**\<sarang>** WEll
**\<sarang>** Let's move to action items
**\<sarang>** suraeNoether: ?
**\<suraeNoether>** final dlsag review today
**\<suraeNoether>** mrl11 rest of the week
**\<suraeNoether>** uhmmm... and if anything else is handed back to me like clsag
**\<sarang>** word
**\<suraeNoether>** adjective
**\<sarang>** I'll get those CLSAG timings into the paper and finalize the proof question we had
**\<sarang>** Carry on with MoJoin
**\<sarang>** etc.
**\<sarang>** Any final words before we formally adjourn?
**\<dEBRUYNE>** Perhaps a blog post from CLSAG could be written (similar to the one for Bulletproofs)
**\<suraeNoether>** just excited for lunch
**\<sarang>** "Signatures. They are smaller and faster."
**\<dEBRUYNE>** I don't think many community members would understand CLSAG from the technical paper alone :P
**\<sarang>** But yes, we could do that once we're satisfied with security
**\<sgp\_>** People need these blog posts or else no one will know
**\<suraeNoether>** dEBRUYNE: that would be good, yes.
**\<sarang>** All righty, thanks to everyone for attending
**\<sarang>** We are now formally adjourned; logs will appear shortly