---
layout: post
title: Overview and Logs for the Dev Meeting Held on 2017-12-03
summary: Discussion of open PRs and issues, Bulletproofs, Monero Research Lab, RNGs, 0MQ, and miscellaneous
tags: [dev diaries, core, crypto]
author: dEBRUYNE / fluffypony
---

# Overview  

An overview can be found on [MoneroBase](https://monerobase.com/wiki/DevMeeting_2017-12-03).  

# Logs  

**\<fluffypony>** 1. Greetings  
**\<fluffypony>** 2. Brief review of what's been completed since the previous meeting  
**\<fluffypony>** 3. Code + ticket discussion / Q & A  
**\<fluffypony>** 4. Any additional meeting items  
**\<fluffypony>** 5. Confirm next meeting date/time  
**\<fluffypony>** so 1. Greetings  
**\<fluffypony>** hi  
**\<ArticMine>** Hi  
**\<fluffypony>** luigi1111 (if you're back) / smooth / hyc / moneromooo etc.  
**\<moneromooo>** here  
**\<gingeropolous>** etc here  
**\<fluffypony>** 2. Brief review of what's been completed since the previous meeting  
**\<fluffypony>** lots of stuff  
**\<sarang>** MRL has working Java test code for complete multi-output bulletproofs  
**\<sarang>** It's being ported over to C++  
**\<moneromooo>** (not the multi output one)  
**\<sarang>** The Java part is complete  
**\<moneromooo>** Sorry, I meant just about the port ^\_^  
**\<sarang>** Discussions are ongoing about if/how the fee structure would be modified to prevent large-output txn DoS  
**\<fluffypony>** what's wrong with per-byte fees?  
**\<sarang>** You can load a txn with tons of outputs  
**\<sarang>** but verification is linear in the # of outputs  
**\<dEBRUYNE>** fluffypony: verification is linear, whilst size is log  
**\<dEBRUYNE>** basically  
**\<sarang>** So for low fees you can force the network to verify  
**\<fluffypony>** ah ok, makes sense  
**\<sarang>** So we need to incentivize the use of aggregate BPs while basically scaling the fee to the number of outputs etc.  
**\<sarang>** But things are looking good  
**\<sarang>** Verification is still quite efficient  
**\<sarang>** and with the multi-output setup, space savings are unreal  
**\<moneromooo>** In fact, the per byte fee needs to be done first, as per kB is way too coarse for this.  
**\<sarang>** Yeah a single output BP is about 704 bytes, while a 2-output BP is something like 768 bytes  
**\<sarang>** (including commitments)  
**\<sarang>** it's just too damn good  
**\<fluffypony>** nice  
**\<dEBRUYNE>** For clarification, a single output is currently \~ 6 kB, whereas a 2-output is \~ 12 kB  
**\<* hotoatmeal** was about to ask  
**\<sarang>** So we'll continue moving forward with porting and testing  
**\<manifest>** serhack here?  
**\<dEBRUYNE>** A typical Monero transaction has 2 ins + 2 outs  
**\<serhack>** yep manifest  
**\<manifest>** i was wondering who was the m8 that was gonna work on the go-library since i started on it myself a little bit swell  
**\<fluffypony>** dEBRUYNE: this would also be a major cost-saving for pool payments  
**\<fluffypony>** manifest: we're in a meeting  
**\<sarang>** For reference, the size of an M-output BP is 32\*(2\*log(64\*M)+9) bytes (this doesn't count the amount commitments)  
**\<sarang>** add 32 bytes for each of the M amount commitments if you want to include them  
**\<sarang>** (log is base 2)  
**\<rehrar>** manifest you can hop on mattermost.getmonero.org. Serhack is also there and you guys can PM and chat so as not to disrupt the meeting. Thanks. :)  
**\<ArticMine>** I have to give some thought to the fees to deal with  the verification issue  
**\<fluffypony>** ok so beyond BP is there anything else worth noting?  
**\<sarang>** We do require a power of 2 in the # of outputs  
**\<pigeons>** So sometimes you just create an additional change output, or how do you cause always a power of 2?  
**\<sarang>** We'll need to either pad with dummy outputs or split into power-of-2 proofs  
**\<ArticMine>** Split the change into two tx  
**\<pigeons>** OK  
**\<sarang>** The dummy output doesn't need to actually represent anything  
**\<sarang>** It just needs to be there for the proof  
**\<sarang>** It can be amount 0  
**\<ArticMine>** that will work also  
**\<sarang>** Anyway, that's my 3 cents  
**\<luigi1111>** Better to split  
**\<luigi1111>** Space is cheap gp  
**\<luigi1111>** Cpu is expensive\*  
**\<ArticMine>** We will have to price cpu  
**\<moneromooo>** There's a possible optimization for "filler" outs AIUI.  
**\<luigi1111>** Probably not as good as not using them :)  
**\<sarang>** There aren't any security proofs for a non-power-of-2 proof  
**\<moneromooo>** I was led to think it was not inherent in the scheme, though ?  
**\<sarang>** It is  
**\<moneromooo>** aw...  
**\<sarang>** At least for right now  
**\<sarang>** There's a recursive step that split arrays in half  
**\<ArticMine>** The issue I see is that the penalty only prices space  
**\<sarang>** The authors of the paper are looking into a generalization, but it doesn't exist yet  
**\<luigi1111>** That's interesting  
**\<fluffypony>** ok so  
**\<fluffypony>** anything else from the last two weeks worth noting?  
**\<sarang>** suraeNoether is completing review for multisig  
**\<sarang>** He is unable to be here today  
**\<Gdhhyfjjs467>** Has a code freeze date for the next for been set yet?  
**\<fluffypony>** Gdhhyfjjs467: yeah we'll be branching towards the end of the month  
**\<fluffypony>** assuming our comfort levels are ok  
**\<rehrar>** This was discussed briefly in MRL channel with the idea that if BPs are not too far off, would it be worth delaying the next hard fork by a couple months so it can be in?  
**\<dEBRUYNE>** The plan is to include multisig right?  
**\<dEBRUYNE>** \^ fluffypony  
**\<luigi1111>** Yes  
**\<fluffypony>** no need to delay the hard fork  
**\<luigi1111>** I don't think the upcoming fork does anything useful though  
**\<luigi1111>** So there's that  
**\<fluffypony>** if BP is ready it'll go into the Sept fork  
**\<dEBRUYNE>** Should we fork if there's nothing to fork for?  
**\<luigi1111>** Who knows ^\_^  
**\<fluffypony>** luigi1111: consistency, then  
**\<fluffypony>** well, that's what we committed to with the fork schedule  
**\<fluffypony>** "even if it's just bumping the block version number"  
**\<dEBRUYNE>** Sure, but didn't we also discuss slowing things down once the ecosystem got bigger?  
**\<moneromooo>** We did not commit to an exact fork schedule.  
**\<luigi1111>** And who is this we :)  
**\<moneromooo>** I, at least, did not :P  
**\<hotoatmeal>** does the wallet release schedule track the protocol fork schedule exactly?  
**\<hotoatmeal>** or do they have different cadences  
**\<moneromooo>** The wallet needs to update for a fairly large subset of consensus changes.  
**\<pigeons>** the wallet-cli and wallet-rpc are included with the daemon release that supports the fork  
**\<moneromooo>** So it's convenient to release at the same time.  
**\<fluffypony>** dEBRUYNE: I don't think we're at a point where we can go to annual  
**\<moneromooo>** Besides, the wallet and daemon rely on the same libs.  
**\<rehrar>** Isn't ZMQ also in the new release? Or has that been there for a while now?  
**\<fluffypony>** yes ZMQ is in the new release  
**\<moneromooo>** There's some of it in, but some of it's still missing.  
**\<pigeons>** there is some support for zmq over rpc, and more is comming, like tx/block notify and some changes to the existing zmq rpc  
**\<pigeons>** \*rpc over zmq  
**\<hotoatmeal>** moneromooo: yeah, mainly thinking about when I need to spend time to get those two memwipe patches (and the third I haven't written yet) reviewed/merged  
**\<pigeons>** the notify is what the people i hear from are waiting for, and tewinget told me a few weeks ago he's got the basics worked out  
**\<rehrar>** Are we still waiting on him for stuff?  
**\<moneromooo>** There's a patch waiting on changes IIRC.  
**\<moneromooo>** (for 0mq)  
**\<rehrar>** *sigh* tewinget, can you please get this stuff done? Seriously.  
**\<moneromooo>** Especially as I think some of the large pool speedups were lost.  
**\<moneromooo>** (not 100% sure)  
**\<hotoatmeal>** is there a way to detect that the network has forked, and your client hasn't gone with it?  
**\<moneromooo>** Kinda.  
**\<hotoatmeal>** my local daemon got left behind on the last one, because I forgot to update  
**\<fluffypony>** you can make an educated guess  
**\<hotoatmeal>** cue colorful headscratching  
**\<moneromooo>** Current daemon should moan if it sees blocks with a higher version than what it knows about.  
**\<fluffypony>** and there's auto-update records that notify  
**\<moneromooo>** The block verison thing is a bit vulnerable to someone mining a bad block on purpose to make you think there's been a fork though.  
**\<fluffypony>** yeah  
**\<moneromooo>** Losing 10 monero in the process or whatever it is :)  
**\<fluffypony>** ok let's move it along, then  
**\<fluffypony>** 3. Code + ticket discussion / Q & A  
**\<fluffypony>** are there any issues that could do with some input / resolution?  
**\<moneromooo>** The handful of oldest ones.  
**\<moneromooo>** The PRNG one.  
**\<moneromooo>** ones.  
**\<moneromooo>** For multisig, I think it's pretty much ready to go in, stoffu's done a lot of careful reviewing.  
**\<fluffypony>** ok - what's the blocker on switching to the Bitcoin one?  
**\<hotoatmeal>** moneromooo: what still needs doing / deciding on your part of the memwipe ones, and how can I help there?  
**\<moneromooo>** Mainly deciding whether we want to, or not.  
**\<moneromooo>** And bitcoin has two RNGs, the one I ported, and one that's closer to what we have. so there's the possibility of entropy attrition using only the "good" one.  
**\<moneromooo>** hotoatmeal: the only thing left IIRC was switching from std::vector\<char> to std::unique\_ptr\<char[]> and I feel more confident getting it right with vector.  
**\<moneromooo>** Other than that, nothing I think.  
**\<fluffypony>** moneromooo: by "good" one you mean the ported one?  
**\<moneromooo>** That can be done later by someoine who's familiar with how the refcounting works with operators though.  
**\<moneromooo>** Yes. The one that uses getrandom, etc.  
**\<fluffypony>** ok so I think if they haven't hit entropy attrition problems over the past few years it's unlikely we will - thoughts?  
**\<moneromooo>** Let me rephrase:  
**\<moneromooo>** Bitcoin has two RNGs: a good one using HW, and a... hmmm, less good ? one similar to our keccak based one  
**\<moneromooo>** Using the keccak based one does not deplete entropy nearly as fast as using the good one. Monero can use a lot of entropy (eg, range proofs).  
**\<moneromooo>** Therefore, I'm wondering whether using the good one all the time is worse than not.  
**\<hotoatmeal>** moneromooo: ok, I'll pick up the vector vs unique\_ptr part of that later this month  
**\<moneromooo>** Thanks  
**\<fluffypony>** ok so what if we used the good one for critical stuff like privkey generation  
**\<fluffypony>** and output selection  
**\<hotoatmeal>** and if you give me some pointers, can look at whatever that refcounted operators thing is in Jan  
**\<fluffypony>** and the stream one for range proofs  
**\<moneromooo>** Well, if I knew that, I'd know the answer to my question, since they're opposites.  
**\<moneromooo>** Anyway, to go back to multisig, I tihnk it's good to go now. If you haven't yet reviewed it, and want to do so, do so now.  
**\* hotoatmeal** drops out  
**\<fluffypony>** ok  
**\<fluffypony>** 4. Any additional meeting items  
**\<moneromooo>** When do we want bulletproofs on testnet ?  
**\<dEBRUYNE>** Tomorrow!  
**\<fluffypony>** hah hah  
**\<moneromooo>** A day may be a bit short to get people to update in time.  
**\<fluffypony>** are we going to wait for the multi output stuff?  
**\<sarang>** I think we should  
**\<moneromooo>** Not sure. This is not quite finished (multiple of 2 requirement), and has a non trivial impact on fees.  
**\<sarang>** Hrmm true, the fee thing  
**\<sarang>** :/  
**\<moneromooo>** And I'd really, really like to get smaller txes double plus quick.  
**\<fluffypony>** ok so how would this work  
**\<ArticMine>** A lot of people do  
**\<sarang>** In case it's relevant, every single-output proof is still a valid multiproof  
**\<moneromooo>** That's nice.  
**\<sarang>** (provided we define the Gi and Hi in the same order)  
**\<sarang>** (not sure if my extended code addressed that, will check)  
**\<moneromooo>** So, no clear votes for or against. Except me ^\_^ so that's 100% of expressed votes :P  
**\* sarang** checks the math on that  
**\<fluffypony>** moneromooo: I asked how it would work  
**\<moneromooo>** The fork ? I imagine similar to rct. Allow bulletproofs at fork f, optionally disallow borromean at f+1.  
**\<moneromooo>** (the code currently does not do that second part)  
**\<moneromooo>** That might become a bit more complicated if we start allowing aggregated proofs at f+1.  
**\<moneromooo>** But not very much.  
**\<dEBRUYNE>** so moneromooo, you'd like to start with single output right? And then eventually switch to multioutput  
**\<moneromooo>** Yes.  
**\<rehrar>** Sorry if this was answered, but is there an ETA on multioutput port from Java?  
**\<moneromooo>** No. It doesn't appear to be a lot of work though.  
**\<fluffypony>** so then txs with more than 1 output would use borromean?  
**\<moneromooo>** No. They'd use two bulletproofs.  
**\<sarang>** yup  
**\<rehrar>** Which is still a savings.  
**\<sarang>** Still great space savings  
**\<sarang>** And no DoS issues  
**\<dEBRUYNE>** 2 bulletproofs is 1.3 kb give or take right?  
**\<fluffypony>** ok  
**\<dEBRUYNE>** And we can keep our current fee structure  
**\<sarang>** dEBRUYNE: yes  
**\<moneromooo>** Most of it, in fact. Txes are ~2.2 kB.  
**\<rehrar>** I think that's worth it. And then it can be enhanced even further with multioutput later. But the immediate savings would be appreciated.  
**\<rehrar>** And gives time for the fee dislogue  
**\<fluffypony>** and what's our confidence level like in this? like is it March-fork-worthy?  
**\<rehrar>** Dialogue\*  
**\<moneromooo>** Well, we can know better if we fork in a couple days on testnet :)  
**\<ArticMine>** I have an idea on the fee issue  
**\<rehrar>** It can be deployed to testnet asap no.  
**\<rehrar>** ?  
**\<moneromooo>** That's what I'm asking about, yes.  
**\<fluffypony>** could we fork testnet this coming weekend?  
**\<moneromooo>** Works for me. Gives time for review.  
**\<rehrar>** Exciting!  
**\<sarang>** Yes and the code should definitely be reviewed by others  
**\<endogenic>** who?  
**\<endogenic>** if you had your pick  
**\<JollyMort[m]>** could someone do me a favor and send me the log of this channel from 2017-04-18?  
**\<sarang>** Ideally andytoshi since he's a paper author  
**\<moneromooo>** If I had my pick...  
**\<sarang>** suraeNoether  
**\<fluffypony>** Satoshi  
**\<endogenic>** fluffypony: on it  
**\<sarang>** Someone who digs the maths  
**\<Gdhhyfjjs467>** So Evan duffield?  
**\<dEBRUYNE>** luigi1111 I guess  
**\<endogenic>** vtnerd hyc fyi  
**\<moneromooo>** Oh yeah, luigi1111 is a good one.  
**\<rehrar>** Let's just get all hands on deck for this?  
**\<endogenic>** ok that means you too rehrar  
**\<Gdhhyfjjs467>** Lol jk. I like andytoshi idea  
**\<sarang>** I'm sure we'll find additional optimizations... I know for a fact my implementation of scalar operations into vectors could be refactored  
**\<rehrar>** I will understand none of it, but I'll look at it and either nod approvingly or cringe based on a coin toss.  
**\<sarang>** but I didn't in Java in order to keep it clean and understandable  
**\<endogenic>** i move to instate rehrar as new RNG  
**\<moneromooo>** The slice op ? Yes, but I don't think it takes much time compared to the muls.  
**\<sarang>** Random Nod Generator?  
**\<sarang>** Well and operations involving many vector ops could run a single loop per element, instead of per operation  
**\<sarang>** but they're generally fast and it makes things clean  
**\<sarang>** I'm not a huge fan of sacrificing clarity for a tiny speedup  
**\<sarang>** I'd like to chat with moneromooo post-meeting about our basepoint selection, to ease the transition into multiproofs later  
**\<sarang>** For those who want to compare code to paper, this is the paper: http://web.stanford.edu/~buenz/pubs/bulletproofs.pdf  
**\<moneromooo>** I pushed the patch as 2883 if people want to start reviewing ^\_^  
**\<rehrar>** Can I make a Reddit post calling devs to review it?  
**\<moneromooo>** Reddit.. devs ?  
**\<dEBRUYNE>** \^ that lol  
**\<rehrar>** :P nvm then  
**\<dEBRUYNE>** The people able to review it will be watching Github  
**\<endogenic>** rehrar: answer is in the question :P  
**\<fluffypony>** oh  
**\<fluffypony>** I guess meeting ~done  
**\<fluffypony>** 5. Confirm next meeting date/time  
**\<fluffypony>** Sunday the 17th