--- layout: post title: Logs for the Monero Research Lab Meeting Held on 2019-05-06 summary: Sarang work, Surae work, and miscellaneous tags: [dev diaries, crypto, research] author: el00ruobuob / sarang --- # Logs **\<sarang>** OK, let's begin **\<sarang>** ping suraeNoether et al. **\<sarang>** First on the agenda, GREETINGS **\<sarang>** hello **\<sgp\_>** hello **\<sarang>** I'll wait a couple of minutes to see if others join **\<suraeNoether>** hey guys **\<suraeNoether>** thank you for your patience **\<sarang>** Since suraeNoether went first last time, I'll go first in the ROUNDTABLE **\<sarang>** the DLSAG signature paper has been submitted to a conference in a short form, and the IACR preprint is forthcoming **\<sarang>** Thanks to our coauthors for their excellent work on this **\<sarang>** The submission process is arduous and irritating **\<sarang>** Zcoin published an intriguing Zerocoin protocol flaw recently: https://zcoin.io/cryptographic-description-of-zerocoin-attack/ **\<sarang>** Sooooo we won't be switching to Zerocoin anytime soon! **\<sarang>** My monthly report is available on CCS: https://repo.getmonero.org/monero-project/ccs-proposals/merge\_requests/34#note\_5903 **\<suraeNoether>** is there an issue with DLSAG key images that will impact the publication process? **\<sarang>** I updated the CLSAG protocol code to reflect key prefixing, which had been left out mistakenly **\<sarang>** Doubtful **\<sarang>** It's an interesting construction regardless **\<sarang>** moneromooo asked about doing a CLSAG key image offset (like we do in BPs) to save time while avoiding subgroup issues **\<sarang>** Doing so would save ~315 us per signature on my test machine **\<sarang>** But it was also noted that there could easily be room for error depending on implementation **\<sarang>** Note that the CLSAG test code already performs this offset on the auxiliary key image, but this isn't used for linking anyway **\<sarang>** I had also been interested in BP generalizations to arbitrary input lengths **\<sarang>** I have code for it: https://github.com/SarangNoether/skunkworks/tree/pybullet-np2 **\<sarang>** Unfortunately this requires the verifier to compute all inner product rounds and loses computational efficiency **\<sarang>** It may be possible to modify the algorithm to do the single-round version, but it is not clear to me how to do so cleanly **\<sarang>** Currently, I'm working on updating some formal definitions for suraeNoether for CLSAG, and have been doing some code and timing tests for a paper that was presented to me **\<sarang>** Any particular questions on this work? **\<suraeNoether>** just curious when you sleep :D **\<sarang>** lol **\<sarang>** Go ahead, suraeNoether ! **\<suraeNoether>** my update is shorter: unforgeability proof for CLSAG is nearly complete, but I'm holding off on continuing to write on this before I get some comments back from sarang. some of my protocols as described have a few mismatches with our current approaches, and I don't want to write proofs for the wrong protocols. **\<suraeNoether>** i'm working on my talk for the magical crypto conference (i'm leaving tomorrow for that and I'll be back home on sunday) **\<sarang>** Well, they'd be correct for our implementation AFAICT, but not for a neat generalization you were working on **\<suraeNoether>** oh! well, still **\<suraeNoether>** since the proofs will be for the general case **\<sarang>** Right **\<suraeNoether>** anyway, i'm also trying to solve a problem with the dlsag key images that I thought had been solved, and I'm continuing to review a semi-secret paper for a colleague **\<suraeNoether>** (the last semi-secret paper ended up being DLSAG, which is the groundwork for monero lightning, so y'all know if we're keeping it semi-secret it's pretty neato burrito) **\<dEBRUYNE>** Is that semi-secrit paper related to Monero? **\<suraeNoether>** my action items for today involve a breaking monero episode, further DLSAG research, further semi-secret research, and writing my MCC talk **\<suraeNoether>** dEBRUYNE: yes **\<dEBRUYNE>** Cool **\<suraeNoether>** but i can't go further yet **\<sgp\_>** when is the earliest you expect to switch back to the bipartite graph paper? **\<suraeNoether>** in being public about the contents, I mean **\<suraeNoether>** sgp\_: thank you for reminding me about that, this is an ongoing project, sgp\_, and I've been putting in work regularly on that paper to try to get my simulations working appropriately. **\<suraeNoether>** actually putting work regularly into the simulations, because the paper is on hold until the sims are done **\<suraeNoether>** sarang and I are trading some projects back and forth; when i hand him clsag or dlsag, i work on MRL11 until he hands me something back, and it's like the tides **\<suraeNoether>** :P **\<suraeNoether>** i don't have a good timeline on completing it and getting results, however **\<sgp\_>** All I'm doing is making sure is that it doesn't fall by the wayside. There are a million things to do, I just want to make sure this remains in the top 3 **\<suraeNoether>** ^ absolutely **\<suraeNoether>** i'll make a little descriptive blurb and make a link to it here later today so that people can see the current state of the thing **\<sarang>** perfect **\<sarang>** Any other questions for suraeNoether ? **\<suraeNoether>** i want to ensure that folks in the community are aware of the progress on each of these projects, and we definitely have a \*lot\* of projects/spinning plates **\<sarang>** If anyone else has relevant research to present, now is a great time **\<sgp\_>** none from me. looking forward to seeing the MCC recording/slides **\<sarang>** As am I **\<sarang>** Ok, how about ACTION ITEMS **\<sarang>** I'll be rewriting some definitions today to streamline suraeNoether's CLSAG generalization for the proofs **\<sarang>** Finishing up that timing data I mentioned earlier **\<sarang>** getting another couple of Breaking Monero out the door **\<sarang>** Reviewing some output selection stuff **\<sarang>** etc. **\<sarang>** Others? **\<suraeNoether>** I mentioned mine already **\<sarang>** that you did **\<suraeNoether>** and sgp\_ reminded me to re-add matching to my list **\<suraeNoether>** does anyone have any questions about konferenco or complaints or more action items to be added to the list of stuff to do for the research conference? **\<suraeNoether>** i'm asking this because sgp\_ just reminded me how human and fallible my memory is for big lists of stuff to do :D **\<sarang>** The speaking agenda for the conference is all set? **\<suraeNoether>** yep, i believe i'm waiting on two TBA titles. i need to add two sponsors to our list, Tari and Symas **\<sarang>** I'm excited to speak and serve as panel moderator **\<suraeNoether>** those sponsors are on the t-shirt design, but not the website **\<suraeNoether>** oh man that's going to be a good panel **\<suraeNoether>** i'm anticipating pretty rough questions for Voorhees and Gavigan actually **\<sarang>** FYI questions for the panel will be submitted by the audience and then selected by moderators **\<sarang>** to ensure quality and avoid the inevitable "a few follow-up questions..." **\<sarang>** Since we have time, here's an open question... now that the next point release is being finalized, any thoughts from the room about desired changes for the next network upgrade? **\<suraeNoether>** ^ i'm curious about this a lot **\<suraeNoether>** the other day sarang asked me what i want to see in the next upgrade **\<sgp\_>** another ringsize revisit. 2 output min. payment ID stuff **\<suraeNoether>** the next big change i want to see is CLSAG, since it'll be basically cutting our blockchain rate of growth by half **\<sarang>** 25% **\<suraeNoether>** but 2-out min and deprecating pay\_id is on my list also **\<sarang>** ish **\<suraeNoether>** oh yeah there are some constants **\<sgp\_>** any chance for dandelion++? I don't know how long this would take **\<sarang>** Probably not by fall, but it's not consensus **\<sarang>** any client release could do it **\<sgp\_>** right, jut curious **\<sgp\_>** are you anticipating any work on your end for RandomX? code is frozen and needs to be reviewed **\<suraeNoether>** i heard a rumor that tari is looking into ristretto and monero's protocol **\<suraeNoether>** i'm thinking we should invite someone from tari to give us an update on that for the meeting after next or something like that **\<sarang>** sgp\_: I'm working with hyc to solicit statements of work from reviewers **\<sarang>** We have 4 interested firms **\<sgp\_>** great! **\<sarang>** Once we get publicly-releasable statements we can put them on GitHub **\<sgp\_>** do you expect those within the month? **\<sarang>** yes **\<suraeNoether>** i'm very excited about that **\<suraeNoether>** are the firms all auditing firms? should we consider trying to bring in a hardware firm to assess that end of the implementation? **\<suraeNoether>** like, code-auditing i mean **\<sarang>** We're getting reviewers with backgrounds in hardware design **\<sarang>** It's tough because at some level "can this be built into hardware efficiently" is answered by designing such hardware **\<sarang>** Part of the process will be getting feedback on which reviewers' experience aligns most closely with our goals **\<suraeNoether>** fair nuff **\<sgp\_>** I don't have any other consensus-related questions and comments **\<sarang>** Anyone else have any? **\<sarang>** Righto! **\<sarang>** In that case, thanks to everyone for participating today. Logs will be posted shortly to the GitHub agenda issue **\<sgp\_>** I have a really quick announcement **\<sarang>** sure **\<sgp\_>** If you are interested in speaking, running a workshop, and/or volunteering at the Monero Village at Defcon in August, please fill out the CFP by June 3: http://monerovillage.org **\<sgp\_>** We already have some good submissions **\<sgp\_>** (done) **\<sarang>** When https? **\<sgp\_>** whenever rehrar gets the time **\<sarang>** :D **\<sarang>** OK, we are now adjourned