research-lab/meta/research-meeting-logs/ResMeetLogs-26-Mar-2018.txt

102 lines
13 KiB
Text
Raw Normal View History

2018-03-26 17:55:14 +00:00
[2018-03-26 10:58:00] <suraeNoether> good morning everyone. meeting in a few minutes. fluffypony knaccc luigi1111w sarang andytoshi chachasmooth dEBRUYNE endogenic gingeropolous hyc JollyMort[m] jwinterm kenshi84 medusa_ moneromooo MoroccanMalinois nioc pigeons rehrar sgp_[m] smooth stoffu TheCharlatan vtnerd waxwing
[2018-03-26 10:59:44] <rehrar> shttp://weknowmemes.com/generator/uploads/generated/g1386523484343400473.jpg
[2018-03-26 11:00:09] <hyc> morning
[2018-03-26 11:00:33] <endogenic> o/ hyc
[2018-03-26 11:00:47] → rex4539 joined (~textual@ppp-2-87-183-80.home.otenet.gr)
[2018-03-26 11:01:02] <ArticMine> hi
[2018-03-26 11:01:05] <andytoshi> hi
[2018-03-26 11:01:22] <scoobybejesus> hi
[2018-03-26 11:02:58] <suraeNoether> Sarang is apparently en route from an airport and is not expected to make it for the meeting. So today i'll just babble a bit
[2018-03-26 11:03:02] <suraeNoether> and answer questions
[2018-03-26 11:03:30] <rehrar> Remind me, was he presenting at that Blockchain conference?
[2018-03-26 11:03:38] <suraeNoether> yes, that's why he's en route from the airport
[2018-03-26 11:03:49] <suraeNoether> he took it upon himself to disabuse some folks of some certain notions about hashgraph
[2018-03-26 11:04:14] <suraeNoether> which I think is neat
[2018-03-26 11:04:54] <suraeNoether> specifically, he's been reading a lot about graph-based currencies, and someone gave a rather misleading presentation, but Sarang's presentation (I believe) preceded it and it was an educational moment
[2018-03-26 11:05:33] <suraeNoether> but I shouldn't speak for him, I wasn't there. the conference organizers flew him out to give a presentation on behalf of MRL and I have confidence he did a great job representing us
[2018-03-26 11:05:58] <rehrar> Will it be posted online?
[2018-03-26 11:06:58] <suraeNoether> he can answer that later today. I don't know.
[2018-03-26 11:07:11] <rehrar> ok, thanks
[2018-03-26 11:07:19] <suraeNoether> So, before we proceed, does anyone have any other general questions for MRL?
[2018-03-26 11:09:05] <sgp_[m]> Sorry I'm here but mostly distracted by class. Looking forward to hopefully viewing the presentation online
[2018-03-26 11:10:58] <suraeNoether> ok, neato burrito. So, basically this week I've 1) been putting some copy-editing changes into the multisig paper like spelling and references 2) working on models of the spend-time distributions vs. ring mixin selection distributions, and 3) while driving between albuquerque and denver, I think I came up with a novel ECC signature scheme from one-way functions (staring into the desert sun), but I'm not
[2018-03-26 11:10:58] <suraeNoether> putting a lot of effort into that until I have more of a handle on spend-time distributions
[2018-03-26 11:11:58] <suraeNoether> I've also 4) been building the MRL Research Roadmap for 2018. I need to discuss with sarang, but I think we'll be putting that out mid-May, because we want to have a complete look at what's going on
[2018-03-26 11:14:10] <suraeNoether> uhm, also I've spent an enormous amount of time this week on a certain project for MRL related to churning and the EAE scenario. details to come later on
[2018-03-26 11:14:20] <hyc> sounds cool
[2018-03-26 11:14:30] <rehrar> if hyc thinks it's cool, then it's cool
[2018-03-26 11:14:38] <suraeNoether> hyc and I have been chatting about an asic-unfriendly POW expansion, also
[2018-03-26 11:14:40] <sgp_[m]> I'm highly looking forward to seeing your work with EAE
[2018-03-26 11:15:12] <hyc> yes and I'm now digging back into the bulletproofs paper to try to get more solid understanding
[2018-03-26 11:16:08] <suraeNoether> namely, if instead of a POW game like: find nonce x such that H(block || x) * difficulty < target.... we can run a POW game like: find a nonce x such that, for a random bit of javascript J(x) that is loop-free, H(block || J(x))*difficulty < target
[2018-03-26 11:17:08] <suraeNoether> this was the idea hyc originally brought to my attention, but verification requires executing the code, so I was thinking instead it could be a random arithmetic circuit instead. then you can present bulletproofs that you know the nonce x such that H(block || AC(x))*difficulty < target efficiently
[2018-03-26 11:17:27] <rehrar> oh yeah, I remember you guys discussing something like that. Just to clarify for me cuz it was a bit confusing at the time. The idea is that CPUs and GPUs compile code better than ASICs would, correct?
[2018-03-26 11:17:39] <hyc> compile and execute
[2018-03-26 11:18:13] <suraeNoether> the idea is that if the code is random, then an asic will presumably not even be able to compile the code, let alone execute it, but a cpu is built to deal with arbitrary code
[2018-03-26 11:18:54] <suraeNoether> maybe this is a bad analogy, but I think of an ASIC as a big manufacturing factory, fully automated. it makes lemon cakes. the random code you just spit out asked for a rotisserie chicken
[2018-03-26 11:19:04] <rehrar> making it so that an ASIC would have to be built with a CPU, which defeats the purpose because might as well have a computer at that point, right?
[2018-03-26 11:19:21] <hyc> that's the general idea yes
[2018-03-26 11:19:31] <rehrar> great, I understand now. Thank you for explaining. :)
[2018-03-26 11:19:35] <suraeNoether> yeah, it shifts the bottleneck away from the highly asic'able hash to finding the nonce for the hash, kinda
[2018-03-26 11:19:46] <suraeNoether> which is quite clever
[2018-03-26 11:20:10] <endogenic> hack the planet!
[2018-03-26 11:20:14] <rehrar> if this idea pans out, we can even do some looking into seeing if the random stuff can do something useful as well?
[2018-03-26 11:20:23] <hyc> useful?
[2018-03-26 11:20:41] <rehrar> never mind, this is something I know too little about. Sorry. Plz continue.
[2018-03-26 11:20:45] <hyc> the code must be highly random and unpredictable
[2018-03-26 11:20:55] <hyc> if it does something useful, that can be ASIC'd
[2018-03-26 11:22:07] <endogenic> rehrar: use the heat to warm your chickens
[2018-03-26 11:22:17] <hyc> there ya go
[2018-03-26 11:23:30] <rehrar> can the chickens consume the arbitrary code?
[2018-03-26 11:23:38] <ArticMine> The random code can provide space heating and in many parts of the world that is useful
[2018-03-26 11:24:01] <suraeNoether> does anyone have any other questions? i can sketch out my new signature scheme if folks are curious, but it'd be more of an algebra discussion. :D
[2018-03-26 11:24:06] — suraeNoether waggles eyebrows
[2018-03-26 11:24:14] <ArticMine> Sure
[2018-03-26 11:25:04] <suraeNoether> Cool. So, definition: a cartesian square of groups is a set of four groups and four group homomorphisms arranged in a square satisfying *one weird property*
[2018-03-26 11:25:18] ⇐ KnifeOfPi_ quit (uid257314@gateway/web/irccloud.com/x-jowmyyhckogdqhvs): Quit: Connection closed for inactivity
[2018-03-26 11:26:03] <suraeNoether> https://www.irccloud.com/pastebin/XXZjHHp0/
[2018-03-26 11:26:12] <suraeNoether> So the square looks like this
[2018-03-26 11:26:35] <suraeNoether> and the property is this: if group elements from B and C end up *at the same element* in D, then they must have *come from* the same element in A
[2018-03-26 11:26:55] <endogenic> scientists hate it!
[2018-03-26 11:27:30] <suraeNoether> denoting the top map f, the left map g, the rihgt map h, the bottom map j, this means: if there exist some b in B and c in C such that j(c) = h(b), then there exists some a in A such that b = f(a) and c = g(a)
[2018-03-26 11:28:08] <suraeNoether> so I'm going to set A to be my private key group Zq, and D to be my public key group G
[2018-03-26 11:28:50] <suraeNoether> and i'll just assume the middle groups B and C are also equal to my public key group
[2018-03-26 11:29:11] → thrmo joined (~thrmo@unaffiliated/thrmo)
[2018-03-26 11:29:46] <suraeNoether> then a message M can give me a signature this way: from M, build a one-way map from Zq (private keys) to G (signatures) called SIGN and a one-way map from G (signatures) to G (public keys) called VER
[2018-03-26 11:30:20] <suraeNoether> to sign the message, I evaluate my private key SIGN(x) and get a group element, my signature. To validate this game from me, I evaluate VER at my signature and check that the result is my public key, VER(SIGN(x)) = X
[2018-03-26 11:31:05] <suraeNoether> so my signature is SIGN(x) and the function VER
[2018-03-26 11:31:20] <suraeNoether> each message M has a different pair of one-way functions SIGN and VER
[2018-03-26 11:32:02] <suraeNoether> to forge this, I need to find a group element S such that VER(S) = VER(SIGN(x)) for someone's honestly computed SIGN(x), but that requires breaking the one-way-ness of all the arrows in my square
[2018-03-26 11:32:23] <suraeNoether> *this is all great in theory, but i have no implementation yet. :P*
[2018-03-26 11:33:16] <suraeNoether> oh, i missed a word: in the definition of the cartesian square, the diagram has to be commutative. so if I traverse from A to D along one path (through B), I get the same result as if I had traversed the other path (through C)
[2018-03-26 11:33:20] <suraeNoether> and that is *critical*
[2018-03-26 11:34:38] <suraeNoether> so, to construct an implementation, I need a way to map from message space to the space of one-way group homomorphisms to get SIGN and VER, and then I need to mod out by the ideal generated by all the functions that don't satisfy the cartesian property
[2018-03-26 11:35:54] <suraeNoether> more recently cartesian squares (mid-late 20th century terminology) have been called "pullback diagrams," and I haven't found any descritpions in the literature of EC-based digital signatures based on them
[2018-03-26 11:36:45] <suraeNoether> that doesn't mean that this is a novel signature scheme, only that I haven't found any old references to them. I'm emailing around asking folks, and if anyone comes across anything, please let me know
[2018-03-26 11:37:46] <suraeNoether> to forge this... <--- also, i need to find a message M such that VER is the one-way function derived from M to compute a forgery
[2018-03-26 11:37:59] <suraeNoether> okay, abstract algebra/category theory lecture done. :P hehe
[2018-03-26 11:38:13] <hyc> whew ;)
[2018-03-26 11:38:20] <suraeNoether> ikr what a blowhard
[2018-03-26 11:38:48] <suraeNoether> also s/game/came
[2018-03-26 11:38:50] <hyc> I think I missed a part, can you explain again the bit after "now listen carefully" ?
[2018-03-26 11:39:45] <suraeNoether> "i think a few pages back, you missed a negative and the error propagates. I would have said something, but you were so excited about proving P=NP"
[2018-03-26 11:40:05] <hyc> lol
[2018-03-26 11:40:55] <suraeNoether> does anyone have any questions for MRL? I believe sarang is going to be posting another FFS to fund the third audit later today or something?
[2018-03-26 11:41:48] <rehrar> how much extra is going to be needed?
[2018-03-26 11:41:58] <rehrar> and did we sign off on anyone getting started already?
[2018-03-26 11:42:58] <suraeNoether> rehrar I don't know, and I don't know. i believe nioc was encouraging us to not worry about getting it funded and to just post it so we can get the process moving, but I don't want to speak for him.
[2018-03-26 11:43:13] <rehrar> got it
[2018-03-26 11:43:15] <suraeNoether> and sarang will be back later today to talk about that
[2018-03-26 11:43:58] <suraeNoether> days like today, i want to hire a suresh noether
[2018-03-26 11:45:01] <suraeNoether> okay, next meeting, I want to talk about planning the first monero conference, and planning travel for sarang and i to other conferences between now and then
[2018-03-26 11:45:36] <suraeNoether> i'm actually attending a bitcoin/blockchain event on april 25 in denver at one of the venues i'm looking at for the monero conference
[2018-03-26 11:45:50] <suraeNoether> and I have a few meetings next week about it too
[2018-03-26 11:46:04] <suraeNoether> other than that, I got nothing left to chat about
[2018-03-26 11:46:36] <nioc> rehrar: I believe Bunz and QuarksLab have already been signed
[2018-03-26 11:47:39] <suraeNoether> i also want to chat next week about how is everyone satisfied with MRL. I want to gauge the community on direction, depth, breadth, leadership, funding models/goals etc.
[2018-03-26 11:47:39] <rehrar> cool, thanks nioc
[2018-03-26 11:47:51] <suraeNoether> so, with that, i want folks to think about what you would say to me if you had me face-to-face. :D
[2018-03-26 11:47:59] <rehrar> oy, I need to talk with the two of you fairly soon. It's already Revuo time again.
[2018-03-26 11:48:30] <suraeNoether> rehrar i believe i'm dragging sarang out to denver for that blockchain event. make it up here around that time and maybe we can make it a MAGIC board member meeting + revuo intervuo.
[2018-03-26 11:48:43] <suraeNoether> we'll drag mike from the moneromonitor by. :P it'll be historic~
[2018-03-26 11:48:59] <suraeNoether> </meeting>