Logs for the Monero Research Lab Meeting Held on 2018-06-11
June 11, 2018
Logs
<suraeNoether> Greetings everyone!
<endogenic> ??
<suraeNoether> I'm Surae, and I'll be accompanying you on this mathematical journey today
<suraeNoether> Our agenda today is simple. 1. Greetings. 2. I'll give a brief update on the multisig paper, giving a brief update on MAGIC, and a brief talk about the recent paper on constant-sized ring sigs that made its rounds on twitter this morning.
<suraeNoether> 3. I'll open it up for any updates or projects anyone else is officially or unofficially working on
<suraeNoether> 4. Q&A
<suraeNoether> So, 1. Greetings everyone! say hello if you are sitting in on this one or lurking
<suraeNoether> okaaaaaaaaaay 2. Multisig paper will be done later this week, I'm just putting finishing touches on it before i send it out for review by some smarter parties than myself. it's a lot more clear and correct and compact now, and it actually makes some sense re: simulations and signing oracles. some details are still lacking, but that's what the rest of this week is for. https://v2.overleaf.com/read/bfjfkdgnhgvh
<oneiric_> oh hi
<suraeNoether> MAGIC and MRL are going to have a presence at defcon this year, and I was hoping sgp_[m] could say something about that, but it looks like I'm alone today, and that's okay. Hopefully we can sell some MAGIC t-shirts and start accepting donations.
<suraeNoether> We had some speedbumps to overcome in terms of getting MAGIC off the ground. *****As and lawyers who didn't really have time for new clients who thought they could waste our time, etc.
<binaryFate> bonsoir
<suraeNoether> howdy oneiric_ and binaryFate
<suraeNoether> I mentioned earlier about a constant-sized ring signature scheme in the random oracle model. it's actually a really neat scheme, but it uses bilinear pairings and takes a lot more verification time than our current set-up, so it isn't really suitable as a replacement. i did a little tweetstorm on it this morning you can see here. https://twitter.com/BGGoodell/status/1006203923827343361
<UkoeHB> Is there a white paper for it?
<suraeNoether> https://link.springer.com/article/10.1007/s11390-018-1838-z
<suraeNoether> not white
<endogenic> i linked it earlier
<suraeNoether> Let's see here, in addition to that, I have a script for a white-board video on cryptocurrencies that i am fleshing out. rehrar mentioned he would be willing to help when he gets back, and that could be fun and cool.
<binaryFate> I was quite offline last 3 days, didn't see the twitter storm. It's constant-size in space, right? How does it scale for verification time?
<suraeNoether> in the meantime, i'm interested in doing a plausibility analysis of a RLWE-based version of Monero instead of a discrete logarithm-based version, but that's a longer-term thing. I've been taking notes on all the multisig papers i've been reading for a comprehensive literature review that i plan on publishing later this summer, too, and that's coming along nicely (although no links available yet)
<suraeNoether> binaryFate: it's a lot slower
<suraeNoether> same nubmer of exponentiations, but also a linear number of pairings operations
<binaryFate> Ok. First time someone comes up with a constant-size scheme without any sort of setup no? Neat even if not usable for us
<suraeNoether> yep!
<suraeNoether> Other than that, sarang and I posted the roadmap on github a few weeks ago, and we are still hoping for discussion and/or comments about additions or expansions to the topics listed. https://github.com/monero-project/research-lab/issues/29
<binaryFate> Sorry if I'm behind the curve, what's RLWE?
<suraeNoether> Ring-Learning-With-Errors, it is a hardness assumption that is thought to be resistant to quantum computers, and a lot of "lattice-based" crypto schemes rely on it
<suraeNoether> a lot of "lattice-based" ring signature schemes are available, too
<binaryFate> So that would be to use ring sigs resistant to quantum computers?
<oneiric_> That's awesome surae, find anything interesting/potentially usable there?
<suraeNoether> oh, i don't know yet, i just know that most of the frameworks are available to be assembled together carefully
<suraeNoether> it's an interesting route of inquiry, but htat's all at this point
<binaryFate> How does that relate to plausible deniability (if a ring remains a ring, just using different underlying math)
<suraeNoether> binaryFate: the hope is merely to replicate all of monero's current capabilities in a setting where an adversary with a quantum computer is trying to peek in on amounts, or to cheat the system to mint money, or to try to forge signatures.
<suraeNoether> the signatures would still be ring signatures with plausible deniability as we currently have, just built with a scheme with a different hardness assumption
<suraeNoether> there's almost no point in having ring signatures in that setting though, even if they are QC-resistant to forgery, becuase a QC computer can enumerate the spending tree and find true spenders very efficiently; a QC-resistant privacy-focused currency, I think, really has to be built on large-anon set technology
<suraeNoether> otherwise you could use far less exotic QC-resistant signatures to accomplish the same deal
<suraeNoether> anyway, since we are probably going to have to switch to pairings or starks or something weird eventually anyway in order to get our large anon sets, i started thinking a little more broadly
<suraeNoether> UkoeHB: do you want to update us on ZTM?
<suraeNoether> maybe later today :D
<suraeNoether> Does anyone have any questions for me or MRL in general?
<UkoeHB> mostly proofreading and edits
<suraeNoether> Okay, well, if anyone has any questions or concerns for me, I'll be here for most of the rest of the day and you an always e-mail me at [email protected]
<suraeNoether> </\meeting
<suraeNoether> <.,>d;fhadlf
<oneiric_> lol, thanks for the information suraeNoether
<UkoeHB> here is latest draft https://www.pdf-archive.com/2018/06/11/zero-to-monero-first-edition-v0-20-3/zero-to-monero-first-edition-v0-20-3.pdf
<suraeNoether> thanks UkoeHB
<suraeNoether> and thanks to endogenic for throwing that link in earlier
<UkoeHB> aiming to close proofreading sunday night, then PR getmonero, for publish ~1 week later
<UkoeHB> unless proofreaders more time, then ill push it out
<oneiric_> really tremendous work coming out of the research lab, as always. much excite for 2018-2019!
<binaryFate> thanks suraeNoether for the updates!
Post tags : Dev Diaries, Cryptography, Monero Research Lab