Logs for the Monero Analysis Lab Assembly Held on 2019-10-14
October 14, 2019
<sgp_> Hi there
<sarang> Small crowd at the moment, apparently
<sarang> Even so, we supply on
<sarang> Let’s transfer to ROUNDTABLE
<sarang> I have been engaged on a couple of issues this previous week
<sarang> First is getting caught up with the same old literature evaluate
<sarang> Second was finalizing issues for World Crypto Convention and a few background analysis related to that
<sarang> Third was getting steadiness proofs working in Triptych, which is now profitable
<xmrmatterbridge> <serhack> hey
<sarang> Which means Triptych now helps a single proof displaying all spends, appropriate key picture building, and steadiness
<sarang> How about you, suraeNoether?
<suraeNoether> i have been furiously debugging my matching code as my major activity. there are some persistent issues. i needed to complete this weekend but it surely did not occur
<sarang> Earlier you had indicated some recognized bugs… are these the identical?
<suraeNoether> no… each downside i remedy reveals like… a small handful of latest bugs, however the newer and newer bugs have gotten much less frequent and fewer extreme
<suraeNoether> it *feels* like there is a single downside lurking that can trigger the home of playing cards to cease falling down
<suraeNoether> i am very shut.
<suraeNoether> i actually needed it to be at the moment
<suraeNoether> i am taking a break later at the moment to learn sarang’s WCC speak (sorry for the delay on that) and I’m taking a break later at the moment to work on *actually anything*
<suraeNoether> i am very annoyed with this mission
<sarang> Are the recognized bugs documented wherever, so others would possibly help you?
<suraeNoether> i am positive plenty of group members are additionally annoyed, however i that is nearing completion
<suraeNoether> “check X not working for unknown cause” shouldn’t be a useful doc to put in writing
<sarang> Hmm okay
<sarang> Effectively, I selfishly hope you’ll take time without work that mission at the moment and evaluate my speak 😀
<sarang> Maybe it’ll additionally aid you clear your head
<sarang> Does anybody else have attention-grabbing analysis to share as properly?
<sarang> In that case, let’s go forward and focus on ACTION ITEMS first, after which any lingering questions
<sarang> First, I’ve an environment friendly verifier for the inner-product argument in IACR/944 that I have been that means to implement in kenshamir[m]’s Rust code, which will probably be helpful for benchmarking… that is in progress however with some algebra issues that I am figuring out
<sarang> Second, Triptych wants a lot extra work: key aggregation, higher Fiat-Shamir challenges, and a few questions on proof parts and effectivity
<sarang> Third, I need to see if it is doable to backport a few of the new RCT3 modifications to the older model with out utilizing spend aggregation, to verify the ensuing effectivity
<sarang> and that is about it for now
<sarang> suraeNoether: ?
<suraeNoether> pushing this commit as soon as my code is flowing. studying your WCC speak. catching up on tryptychychch
<sarang> It positively stays to be seen how environment friendly we will make Triptych… however as I discussed final week, the underlying modifications to the Groth proving system are very attention-grabbing regardless
<sarang> and, as earlier than, there isn’t a safety mannequin for it but
<sarang> All righty, are there different questions on analysis?
<sarang> This assembly has gone fairly rapidly
<sarang> Oh, one notice about what Isthmus introduced up final week relating to transaction keys and subaddresses
<sarang> It’s apparently nonetheless the case that transactions to solely commonplace addresses retain a single transaction key
<sarang> Mandating separate transaction keys for all outputs would add 32 bytes to every further output
<sgp_> Customary = 4?
<sarang> however we’re already saving > 32 bytes per output after the final change to the Pedersen masks format anyway
<moneromooo> Might there be a technique to deterministically generate keypairs in such a approach that the sender generates the key keys from a seed, the recipients generate the pubkeys ? I believe Bitcoin has such a scheme for producing addresses.
<moneromooo> And hopefully the seed is <= 32 bytes 🙂
<sarang> Effectively, a giant promoting level of subaddresses is the environment friendly scanning throughout all addresses directly
<sarang> Isthmus: solely must learn up a couple of traces
<moneromooo> Would such a scheme invalidate the environment friendly scanning ? It appears uncertain because the tx keys are at present arbitrary.
<sgp_> How a lot effort is it to scan and see what quantity of transactions are solely to plain addresses?
<sarang> sgp_: to get a distribution of how widespread subaddresses are?
<Isthmus> @sgp_ I believe that @n3ptune by accident did that not too long ago
<Isthmus> Lemme see if the plots are on GitHub wherever
<sgp_> sarang: basically sure
<sarang> Presumably this is able to be affected by which massive gamers (like exchanges) help them
<sgp_> Thanks Isthmus
<Isthmus> Oh, non-public repo. Lemme seize the juicy components
<Isthmus> This may be the related one
<Isthmus> I believe the diagonal is transactions that embrace a subaddress, whereas the horizontal bands are primary-only
<Isthmus> Although I am open to alternate interpretations
<moneromooo> Oh I get it. The quick lookup would nonetheless exist, however verifiers must generate pubkeys, and *that* may be sluggish.
<Isthmus> If that’s the case, then I can slide a window over time and calculate fraction of transactions that seem to incorporate no subaddresses
<sgp_> I am not the one who can say sure or no to that :/
<sarang> Most likely price citing on the subsequent dev assembly to see what others consider it
<moneromooo> It’s trivial to know whether or not >= 1 subaddress was used as an output in a tx.
<moneromooo> If that was the query…
<moneromooo> Oh wait. Possibly not, there’s some funky occurring with change being handled otherwise…
<sgp_> A extra meta query: how did this occur? What might have been accomplished otherwise to assist stop this from taking place?
<sarang> That is in all probability a query for somebody like stoffu who was extra immediately concerned within the code
<sarang> I believe house saving was one consideration
<sgp_> knaccc too?
<sarang> but it surely’s fairly minor for probably the most half
<Isthmus> @sgp_ meta reply: we rolled out a brand new characteristic that:
<Isthmus> 1) you may inform use from blockchain as exterior observer
<Isthmus> 2) was optionally available
<Isthmus> Both a kind of alone is okay, however collectively we find yourself on this scenario.
<sgp_> I all the time assumed 1 wasnt the case. I used to be very misinformed and thus misinformed others
<Isthmus> Yeah, I believe we’re all simply placing 2+2 collectively on that now
<sarang> OK, one thing to debate at subsequent dev assembly, then
<sarang> Are there some other subjects to debate for this assembly?
<Isthmus> Oh yea, lemme seize a hyperlink
<Isthmus> The CryptoEconSec paper by hasu and all may be very attention-grabbing, and components are related to each Monero and our lock time dialog
<Isthmus> *et al
<Isthmus> I positively advocate studying it. Very approachable.
<Isthmus> Here is the writeup: https://uncommoncore.co/research-paper-a-model-for-bitcoins-security-and-the-declining-block-subsidy/
<Isthmus> And right here is my evaluation: https://twitter.com/Mitchellpkt0/status/1183581226357014528
<Isthmus> I will not rehash all of it right here. Simply take a cross by way of in your subsequent commute. :- )
<sarang> Thanks Isthmus
<sarang> Any final questions earlier than we adjourn and proceed discussions?
<sarang> Righto, due to everybody for attending!
Submit tags : Dev Diaries, Neighborhood, Cryptography, Monero Analysis Lab
Read the original article here