Monero Research Lab Meeting - Wed 10 January 2024, 17:00 UTC

[Rucknium]

Location: Libera.chat, #monero-research-lab | Matrix

Join the Monero Matrix server if you don't already have a Matrix account.

Time: 17:00 UTC Check in your timezone

Main discussion topics:

1. Greetings

2. Discuss: How to confirm security of Monero's multisignature protocol? Do we need mathematical security proofs, and can we get them? Info:

   • Brandon Goodell and Sarang Noether (2018) "Thring Signatures and their Applications to Spender-Ambiguous Digital Currencies"
   • Monero multi-signature patch review by Inference
   • Rust alternative implementation by @kayabaNerve

3. Discuss: Exploring Trustless zk-SNARKs for Monero's payment protocol. What are the bottlenecks for potential implementation?

4. Improvements to the decoy selection algorithm ( Decoy Selection Algorithm - Areas to Improve, Binning PoC, OSPEAD ) @j-berman @Rucknium

5. Seraphis. ( UkoeHB's Seraphis Proof of Concept work, Seraphis repo ).

6. MRL Meta: "Cat herding", i.e. prioritization of research areas and features. Active recruitment of technical talent, MRL structure, funding (@Rucknium & others) MoneroResearch.info repository of Monero-related research papers, Reddit discussion

7. Any other business

8. Confirm next meeting agenda

Please comment on GitHub in advance of the meeting if you would like to propose an agenda item.

Logs will be posted here after the meeting.

Meeting chairperson: Rucknium

Previous meeting agenda/logs:

951

[plowsof]

Logs

< r​ucknium:monero.social > MRL meeting in this room in 50 minutes

< r​ucknium:monero.social > Meeting time! https://github.com/monero-project/meta/issues/954

< r​ucknium:monero.social > 1) Greetings

< t​obtoht:monero.social > hi

< rbrunner > Hello

< r​ucknium:monero.social > 2) Updates. What is everyone working on?

< t​obtoht:monero.social > I integrated most of the MMS in Feather this week, with the new messaging service and some experimental changes. It's very much a work in progress and a lot more thought needs to go into security and gracefully handling every possible failure mode, but the groundwork is taking shape.

< t​obtoht:monero.social > Just finished a first iteration for a wizard that guides users through setting up a new multisig wallet: https://a.uguu.se/zrhtMwpK.mp4

< t​obtoht:monero.social > And here is an earlier proof of concept for sending a 2/3 transaction: https://a.uguu.se/eZxZwMxu.mp4

< t​obtoht:monero.social > I'll have more details to share in the coming weeks and hope to have a MVP ready soon so I can begin coordinating a testing group. I'm keeping a path towards future integration in the GUI (and other wallet_api wallets) in mind while I work on this.

< r​ucknium:monero.social > me: OSPEAD. I added about 20 recent papers to moneroresearch.info . PHCitizen performed the first BCH<>XMR atomic swaps on mainnets: https://monero.observer/phcitizen-executes-first-mainnet-bch-xmr-atomic-swap/ . There is a fundraiser for a BCH<>XMR atomic swap frontend: https://atomic-flip.pat.mn

< rbrunner > tobtoht: Looks quite promising already!

< r​ucknium:monero.social > 3) Discussion. What do we want to discuss?

< t​obtoht:monero.social > rbrunner: I have to say the MMS is beautifully written and the abundance of clearly written comments make it easy to understand and a joy to read. Can't believe I ever suggested "the nuclear option" in case we didn't find a replacement for PyBitmessage before the next hard-fork.

< rbrunner > Thanks. Good to hear.

< rbrunner > So it will live on after all :)

< rbrunner > Is there interest in the BCH community for those swaps?

< rbrunner > I mean, do you see people taking notice of the developments?

< r​ucknium:monero.social > Yes

< rbrunner > Nice

< r​ucknium:monero.social > e.g. https://old.reddit.com/r/btc/comments/190m3nf/first_ever_bchxmr_atomic_swap_on_mainnet/

< r​ucknium:monero.social > BCH developers created the swap implementation

< r​ucknium:monero.social > The BCH fundraiser for a front-end already has 101 BCH donated: https://atomic-flip.pat.mn . The fundraiser has been live for 4 days AFAIK

< r​ucknium:monero.social > I skimmed some of the papers I added to moneroresearch.info . AFAIK, nothing truly groundbreaking in that set, but I can give short summaries of a few of them if people want to hear.

< rbrunner > That's quite some money already then on that fundraiser

< rbrunner > Is anything directly about Monero?

< r​ucknium:monero.social > In the new moneroresearch.info papers?

< rbrunner > Yes

< r​ucknium:monero.social > Yes, a few

< rbrunner > Just had a look. Interesting what is all going on.

< r​ucknium:monero.social > There are a few that are "How can we create a Monero-like system, but allow a central authority info about tx information". A few that are "how can we embed message info in Monero." But a few that are useful:

< r​ucknium:monero.social > Vijayakumaran (2023) "Analysis of Cryptonote transaction graphs using the Dulmage-Mendelsohn decomposition" https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=39

< r​ucknium:monero.social > This one was released as a draft in 2021. It was presented/published at the Advances in Financial Technologies conference in 2023.

< r​ucknium:monero.social > There was not a big change to the results from the draft. The main result was that with RingCT and ring size 11+, chain reaction attacks on Monero are not effective unless you have additional info like users spending on a fork of the Monero blockchain. This could be relevant to Mordinal analysis when "black marbles" reduce the effective ring size.

< r​ucknium:monero.social > This new version was posted with MIT licensed code that performs the analysis with this nice documentation: https://www.respectedsir.com/cna/

< r​ucknium:monero.social > Wang, Lin, Huang, & He (2023). "Anonymity-enhancing multi-hop locks for Monero-enabled payment channel networks." https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=203

< r​ucknium:monero.social > This is N + 1 of payment channel network (PCN) on Monero. BTC Lightning is an implementation of PCN. I think there are 3 or 4 of these papers now. This one may have better privacy than other proposals.

< r​ucknium:monero.social > Buccafurri, De Angelis, & Lazzaro, (2023) "A traffic-analysis proof solution to allow k-anonymous payments in pseudonymous blockchains." https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=199

< r​ucknium:monero.social > This is a possible replacement for Dandelion++. But it is only two pages (I think it's just a summary for a conference). And the components seem too complicated.

< rbrunner > Is this the output of a few months of papers?

< r​ucknium:monero.social > Yes. I didn't update it since August 2023

< r​ucknium:monero.social > Scheid, Küng, Franco, & Stiller (2023) "Opening Pandora's box: An analysis of the usage of the data field in blockchains" https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=212

< r​ucknium:monero.social > This analyzed Monero and other blockchains for different filetypes embedded in transactions. The data they used stops in 2022 AFAIK. This paper could be useful for Mordinal analysis.

< rbrunner > Yeah, only that it seems Mordinals already went the way of the Dodo ...

< r​ucknium:monero.social > Dijk & Schröder (2023). "Proof of concept for a Ethereum virtual machine on Cryptonote."

< r​ucknium:monero.social > https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=198

< r​ucknium:monero.social > Schröder wrote a few papers about Monero. This is a paper for Beldex. I think this PoC is just embed plaintext Ethereum contracts in tx_extra. If anyone asks "how can smart contracts exist on Monero?", they can be sent this.

< r​ucknium:monero.social > Movsowitz Davidow, Manevich, & Toch (2023) "Privacy-Preserving Transactions with Verifiable Local Differential Privacy."

< r​ucknium:monero.social > https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=194

< r​ucknium:monero.social > This maybe could help with keeping file data out of Monero signatures and with requiring a specific decoy selection algorithm. But I think it requires a trusted setup.

< r​ucknium:monero.social > Those are the papers that I thought could be useful.

< rbrunner > Thanks, fascinating in a way.

< r​ucknium:monero.social > If anyone wants to add papers or write your own notes about the papers to put on the papers' webpages, I can create a user for you. Just ask me.

< r​ucknium:monero.social > Anything else that we want to discuss?

< rbrunner > Not from me.

< r​ucknium:monero.social > I saw your question, chaser , but I don't know the answer

< r​ucknium:monero.social > "could there be a method of of deriving Jamtis addresses such that once/if EdDSA is swapped for a post-quantum sig algo, the addresses remain the same? I'm very quietly hopeful because this would mean the migration could be undetectable from an end-user perspective"

< c​haserene:matrix.org > thanks for the paper summaries, some of these are very exciting, e.g. PCN. I propose putting some in the"Open Research Q's" GH issue

< rbrunner > No idea either about that question

< rbrunner > I guess "no", but that's just a gut feeling

< r​ucknium:monero.social > chaser: Good idea. IIRC already a few of the PCN are there. But I should add this one.

< c​haserene:matrix.org > yeah, I hope II hoped kayabanerve or @tevador may be able to answer it

< r​ucknium:monero.social > Yes, already there are three payment channel papers in the open research questions list : https://github.com/monero-project/research-lab/issues/94

< c​haserene:matrix.org > thanks. while there, could you look at the comments? I've been stacking there papers there that may belong there

< r​ucknium:monero.social > Sure. Thanks for that.

< r​ucknium:monero.social > We can end the meeting here. Thanks everyone.

Automated by this