---
layout: post
title: Logs for the Monero Research Lab Meeting Held on 2019-05-14
summary: Surae work, Sarang work, and miscellaneous
tags: [dev diaries, crypto, research]
author: el00ruobuob / sarang
---

# Logs  

**\<sarang>** Agenda: https://github.com/monero-project/meta/issues/344  
**\<sarang>** Logs of this meeting will be posted there  
**\<sarang>** GREETINGS  
**\<suraeNoether>** howdy!  
**\<suraeNoether>** how is everyone?  
**\<suraeNoether>** who had fun at MCC? \*this guy\*  
**\<suraeNoether>** okay  
**\<suraeNoether>** well let's beign  
**\<suraeNoether>** begin\*  
**\<suraeNoether>** for the roundtable portion  
**\<suraeNoether>** let's start with general questions from the audience, and let's go around and see if anyone has anything to present  
**\<suraeNoether>** other than sarang and i anyway  
**\<sarang>** Heh, I suppose we can move to presentations  
**\<suraeNoether>** yup  
**\<sarang>** go ahead suraeNoether   
**\<suraeNoether>** go ahead sir  
**\<suraeNoether>** ahah  
**\<sarang>** jinx  
**\<suraeNoether>** okay  
**\<suraeNoether>** well, CLSAG paper is undergoing the final round the corner. sarang and i are working on the final details today with randomrun, and i hope we can make a public version of the paper available in the next several days (unless some flaw is found)  
**\<sarang>** Yeah, just need that timing data and a definite answer on the hash coeffs in the proof  
**\<suraeNoether>** DLSAG paper is undergoing further review, but I believe we are putting up an IACR version of that in the coming days also  
**\<sarang>** Yep, waiting on all authors to sign off  
**\<suraeNoether>** MRL11 is still in progress, but now that clsag and dlsag are off my plate, it's being cranked up in terms of priority  
**\<suraeNoether>** i anticipate rapid progress on that as well  
**\<suraeNoether>** May 20-24, sarang and endogenic and I are doing the Monero workshop, and I believe we may be having Gao from Clemson come give us talks on starks and fully homomorphic encryption in the RLWE setting  
**\<suraeNoether>** (sarang, we should do some studying before then together on that)  
**\<sarang>** of course  
**\<suraeNoether>** I gave a talk, sat on a panel, and gave an interview at the magical crypto conference  
**\<suraeNoether>** all of those are up on youtube; the talk was about four different branches of research here at MRL  
**\<suraeNoether>** other than that, i guess i'd prefer answering questions rather than talking myself into a rabbit hole  
**\<suraeNoether>** nioc and i have had some conversations about how long-winded i can be so i'm going to zip it unless folks want more details :D  
**\<sarang>** Any questions for suraeNoether on this work?  
**\<suraeNoether>** so, for the audience members who are new  
**\<suraeNoether>** DLSAG = dual-recipient output signatures = work toward the claim-or-refund primitive that can underly smart contracts and lightning network. CLSAG = compressed signatures making the rate of growth on the monterion blockchain hopefully 25% smaller and faster to verify  
**\<suraeNoether>** MRL11 = traceability resistance analysis  
**\<suraeNoether>** so, work is important, hard, and slow going, but doing it right is very important to us  
**\<suraeNoether>** anyway, sarang, how about yourself?  
**\<sarang>** Plenty to mention  
**\<sarang>** I had overhauled some definitions and such in the CLSAG paper, which suraeNoether has completed more edits on  
**\<sarang>** In particular, some stuff on multi-asset transactions that could be enabled by this  
**\<sarang>** I'll get timing data and then we can release for review  
**\<moneromooo>** "multi-asset" being akin to coloured coins ?  
**\<sarang>** ya  
**\<sarang>** Not saying I'm recommending such a thing for us, but it's an easy application  
**\<sarang>** I've been working on some draft protocols for how a Monero coinjoin could work  
**\<sarang>** Right now the initial scheme requires a certain amount of trust in a dealer, but is very efficient  
**\<sarang>** This is obviously not ideal  
**\<sarang>** MoJoin, I call it  
**\<sarang>** FWIW it doesn't leak spend data to the dealer, only the partition of inputs-and-outputs to each player in the join  
**\<sarang>** sgp\_ and I did two Breaking Monero episodes, one on input/output counts and one on block explorers  
**\<sarang>** that's the main stuff for me  
**\<suraeNoether>** oh, guys: we are deciding to extend early-bird pricing for a few more days  
**\<suraeNoether>** i'll be advertising it  
**\<suraeNoether>** but don't forget to get your ticket at monerokon.com before prices change, if you are still coming  
**\<suraeNoether>** students are especially encouraged to attend; there will likely be partial rebates at the door for student tickets  
**\<sarang>** Any particular questions for me?  
**\<suraeNoether>** how many rounds of interaction in mojoin?  
**\<moneromooo>** The "Gao [...] fully homomorphic" thing makes me wonder if that could not be looked at in conjunction with dealerless coinjoin :)  
**\<sarang>** 3  
**\<sarang>** This is minimal because of the BP MPC  
**\<suraeNoether>** yeah, that's cool. moneromooo i think that's probably a safe avenue of stuff for us to talk about  
**\<sarang>** Er, no... 4 rounds now, sorry  
**\<sarang>** I had to make a change  
**\<suraeNoether>** oh  
**\<sarang>** The extra round is to avoid commitment sums being used to brute-force the partition by an observer  
**\<sarang>** Making the resulting transaction identical to one not MoJoined (although the output count is something of a giveaway)  
**\<moneromooo>** BTW, something I've not done in the branch is merging outputs to the same destination (originally the intent was to make Alice + Bob atomically paying Carol).  
**\<moneromooo>** Would that be possible with the dealer based coinjoin ?  
**\<sarang>** So A+B generate a single joint output?  
**\<moneromooo>** yes.  
**\<sarang>** I don't think it's possible to do the BP MPC without leaking the full mask  
**\<sarang>** unless that's acceptable  
**\<moneromooo>** That's fine in that case since Alice and Bob to advertise what they're paying, since each of them verifies the other does pay.  
**\<sarang>** Would this assume another side channel between them that's outside of the join?  
**\<sarang>** So it'd be a plug-and-play operation into a join?  
**\<moneromooo>** I dunno. If you need one I guess.  
**\<sarang>** Hmm  
**\<sarang>** It's probably possible, under the right trust model between A+B  
**\<sarang>** Of course, "probably possible" is quite the weaselworld  
**\<sgp\_>** I'm here and caught up, sorry for being late  
**\<sarang>** hi  
**\<suraeNoether>** nbd  
**\<sarang>** talking coinjoin  
**\<fort3hlulz>** Whats the advantage for Monero in using a CoinJoin implementation? if its better to chat later about it Ill shutup :)  
**\<suraeNoether>** no, that's a great question  
**\<moneromooo>** It adds another layer of privacy. If Eve looks at one tx, she can't assume anymore than all the inputs are from hte same owner.  
**\<sarang>** Yeah, it tries to break the common-ownership assumption  
**\<fort3hlulz>** Ah, so its a mitigation of poisoning/EAE attacks specifically? How does it affect Tx size/blockchain bloat?  
**\<sarang>** My thought about the dealer model (if it's a necessity, which is yet TBD) is that under a malicious dealer assumption, you basically revert back to the current model  
**\<moneromooo>** If we're lucky, smaller txes since one single BP :)  
**\<sarang>** Another quick note that hyc and I had a call with Trail of Bits, an auditor who submitted a SoW  
**\<sarang>** they'll be updating their numbers, and noted that another project may be interested in helping fund RandomX  
**\<sarang>** We'll have a call with those folks tomorrow  
**\<hyc>** Hi, just finished my other call  
**\<sarang>** yo  
**\<hyc>** yeah, some good stuff from Trail of Bits  
**\<fort3hlulz>** Awesome, I'm excited to learn more about CoinJoin on Monero as well as CLSAG, thanks guys! Ill get out of your hair now :)  
**\<sarang>** Thanks for the question fort3hlulz   
**\<sarang>** The security of coinjoins in Monero is still very much in the air  
**\<hyc>** also for the benchmark freaks (like me) Huawei has offered to give me access to some servers with their newest chip, for benchmarking purposes  
**\<hyc>** will be getting efficiency numbers for CN/R and RandomX on ARMv8  
**\<suraeNoether>** ooooh  
**\<suraeNoether>** thats... fantastic...  
**\<sarang>** nice  
**\<hyc>** thes guys https://e.huawei.com/us/products/cloud-computing-dc/servers/arm-based  
**\<sarang>** We'll post the ToB updated SoW when they provide it  
**\<suraeNoether>** and MRL marches forward into tomorrow's yesterday of the future^tm  
**\<hyc>** general availability is end of June, early access is nice  
**\<hyc>** that's all for me  
**\<sarang>** Does anyone else have research to present?  
**\<sarang>** Or general questions at all?  
**\<suraeNoether>** whats the coolest plane you've flown?  
**\<luigi1113>** what kind of pie do you like?  
**\<suraeNoether>** berry berry  
**\<sarang>** suraeNoether: commercially, or piloting myself?  
**\<suraeNoether>** with greek yogurt  
**\<suraeNoether>** ^ both  
**\<sarang>** Commercially, Nepal  
**\<sarang>** Myself, in between buildings in downtown San Francisco and the Golden Gate  
**\<sarang>** which apparently is legal  
**\<suraeNoether>** not place, plane, but i'll accept your answer happily  
**\<suraeNoether>** that's awesome  
**\<sarang>** Oh heh, didn't see that  
**\<sarang>** Commercially, B787  
**\<sarang>** Myself, probably a DA40  
**\<sarang>** it's got the aerodynamics of a glider  
**\<sarang>** WEll  
**\<sarang>** Let's move to action items  
**\<sarang>** suraeNoether: ?  
**\<suraeNoether>** final dlsag review today  
**\<suraeNoether>** mrl11 rest of the week  
**\<suraeNoether>** uhmmm... and if anything else is handed back to me like clsag  
**\<sarang>** word  
**\<suraeNoether>** adjective  
**\<sarang>** I'll get those CLSAG timings into the paper and finalize the proof question we had  
**\<sarang>** Carry on with MoJoin  
**\<sarang>** etc.  
**\<sarang>** Any final words before we formally adjourn?  
**\<dEBRUYNE>** Perhaps a blog post from CLSAG could be written (similar to the one for Bulletproofs)  
**\<suraeNoether>** just excited for lunch  
**\<sarang>** "Signatures. They are smaller and faster."  
**\<dEBRUYNE>** I don't think many community members would understand CLSAG from the technical paper alone :P  
**\<sarang>** But yes, we could do that once we're satisfied with security  
**\<sgp\_>** People need these blog posts or else no one will know  
**\<suraeNoether>** dEBRUYNE: that would be good, yes.  
**\<sarang>** All righty, thanks to everyone for attending  
**\<sarang>** We are now formally adjourned; logs will appear shortly