Hi. Here's my dev report for August work packages: reddit.com/r/Monero/comments/pi93d8/dev_report_august_2021 . Thanks :)

as I understand it Sarang paused work on multisig for triptych and it had gotten to the point where it was found that yes it was possible but complicated.

At this point a decision needed to be made by the community and devs on how to proceed.

There was some discussion and then.......nothing, it been several weeks now.

What needs to be done for a decision to made so that sarang can continue working on his present CCS

just checked MRL and it seems that a meeting about triptych was just brought up

Nothing has changed since the last time there was discussion - research is ongoing into alternatives.

UkoeHB: thx, if you say so then I'm sure it's happening. I just haven't seen that discussion recently

The new ideas are mostly stable, we are in the invisible 'finalizing research papers' stage.

thx for the update and your work :)

What is the best exchange to buy monero?

I am thinking of using Bisq.

I am looking for one that is safe and private.

bisq works for that

never used it myself

> <@pydev56:matrix.org> What is the best exchange to buy monero?

> I am thinking of using Bisq.

LocalMonero

Hey I didn't know Triptych was canceled.

Justin's comments here suggest that: teddit.net/r/Monero/comments/pi83hw…wondering_why_triptych_is_taking_so

Bummer, really. I was really hoping for the increased ring size.

With all the announcements that ciphertrace been pumping out, I think monero community needed some technical improvement to fire back at them.

So, what's the next line of improvement for Monero, then?

It is obvious that ciphertrace (and perhaps other chain analysis companies) are improving upon their PROBABILISTIC tracing techniques.

Left to their improvement, those probabilistic tracing perhaps get to some high percentage of accuracy (tracing the monero transactions with 80 percent of accuracy, etc.)

I don't know that Triptych is at a hard stop, it is just going to be somewhat inconvenient and it seems worth looking for an alternative

Current options that have been mentioned are Lelantus and Seraphis

Do Lelantus and Seaphis do away with decoy stuff? I know Firo is using Lelantus, right?

and it doesn't use decoys to obfuscate the trail of funds.

sgp_: "Look primarily into Lelantus Spark and Seraphis. #monero-research-lab is a largely drama-free zone to ask questions."

It's a bummer that the scientific and mathematical tools that monero deploy are pretty difficult for the layman to understand and have an accurate opinion of.

Me for example, have no idea whether Lelantus or Seraphis is better, or what do they add on top of the existing obfuscation methods.

They also mean a change in address format which has its own issues

Nothing has been decided. Others feel as justin does but from what was discussed in MRL today the direction is not clear to me

nioc: That sounds like a big change.

Many online merchants, wallet apps, etc. will have to update their code.

There was also something being discussed a few weeks ago regarding addresses.

Doing away with some parameter, something integrated number--I can't remember what its called.

Afaik, Seth and a few others supporting it believes that it is good for simplifying and unifying the addresses in monero.

I believe that is just using subaddresses

mechanic41turk: the big issue is that the move to Triptych would mean that our multisig is messed up. At present, we have ecosystem projects, like Haveno, that are trying to utilize multisig.

The new protocols mentioned above mean a new address format that is incompatible with the existing one

So switching over to a different protocol at all wili have a big effect on the ecosystem. AND this Triptych multisig is much more complex, so implementation would be too.

That, coupled with the fact that super exciting research is coming out that may be much better than Tripitcyh means that it may be wise to not swap over.

Because it'd be fairly difficult for the ecosystem to swap to one multisig and build for it, then swap to another not long after.

Haveno woodser said that triptych would not be an issue for them

nioc: They likely do, but there is a strong possibility (WIP) that they can work without address format change but with some minor drawbacks if that approach is taken.

Diego Salazar: Thanks for explaining.

But yes we need a long term plan weighing everything

But yes, I agree about the privacy increase. And I wonder if maybe, since Triptych is mostly done anyways, if it wouldn't be good to swap over for now, and then the ecosystem can suck it up when we swap over to another one.

Holding privacy for the sake of fledgling ecosystem seems like the wrong way forward, but that's just my opinion.

DiegoSalazar[m]: that would be painful for the ecosystem, the existing setups of the monero merchants, etc, no?

Afaik, Tryptich will be a hardfork.

So, the previous setups would be uncompatible.

However, that's my uneducated opinion now.

DiegoSalazar[m]: I think the implementation timeline is the biggest issue. If multisig must be supported by every hardfork, then the Triptych hardfork will need working multisig. How long would it take to implement and validate a Triptych-friendly multisig? It seems like a lot of high-expertise work that has no enthusiasm. By the time it is ready, maybe an alternate protocol would have been ready anyway.

Remember how long it took to get multsig for our current stuff? :D

mechanic41turk: I agree that probabilistic tracing is a major threat. One thing to keep in mind is that a rise in the ring size only helps insofar as the additional "camouflage" from having more decoys is put in the right places.

Rucknium: When it comes to monero, we have no other choice of defence but increase the decoys.

The current decoy (mixin) selection algorithm does not do a great job of putting the camouflage where it is needed. See

As far as I understand monero, that's the thing that obfuscates the sender.

the only thing.

> <@rucknium:monero.social> The current decoy (mixin) selection algorithm does not do a great job of putting the camouflage where it is needed. See

> monero-project/research-lab #86

Yeah, I heard that, too. I think jberman is currently working on fixing that.

Unfortunately, you only have it half right. The age of the decoy inputs constitutes metadata that cannot be eliminated.

I am working with jberman to fix it. I have a draft of a roadmap for a research plan to fix it. I will submit a CCS proposal in the next two weeks to fund the labor for executing the roadmap.

If the distribution that the mixin selection algorithm uses to draw mixins from does not closely resemble the distribution of real spends, the danger to user privacy is high. This was made clear in Moser et al. (2018)

sciendo.com/article/10.1515/popets-2018-0025

ouch

sounds scary.

" First, about 62% of transaction inputs with one or more mixins are vulnerable to “chain-reaction” analysis - that is, the real input can be deduced by elimination. Second, Monero mixins are sampled in such a way that they can be easily distinguished from the real coins by their age distribution; in short, the real input is usually the “newest” input."

" We estimate that this heuristic can be used to guess the real input with 80% accuracy over all transactions with 1 or more mixins. "

Rucknium[m]: I am sure that one of the last things that surae was working on was that problem. isthmus also has interest in it as well.

Rucknium: What can I do NOW to mitigate that probabilistic tracing?

mechanic41turk: Moser et al. proposed a fix (see the countermeasures section). It was implemented in 2018 I believe and is still the algorithm that is used. The fix has shortcomings that must be rectified, however

Rucknium: Got it.

midipoet: isthmus and I are in communication about this

yeah that 80% number is surely wrong (today)

mechanic41turk[m]: You may also want to read: getmonero.org/2018/03/29/response-t…rical-analysis-of-traceability.html

tobtoht: Nice. Thanks.

Rucknium[m]: great :-)

mechanic41turk: I am hesitant to issue a specific recommendation since rumors can spread, the message distorted, etc. I am super new to the Monero community so I do not know how things should proceed.

Alright.

wehn ringsize 100

done

/join #grapheneos and meet the most secure mobile OS ever existed. Its developer strcat aka Daniel Micay is the best hacker ever existed challenges Linus Torvalds himself for linux kernel security debate.

<bestsec> "/join #grapheneos and meet the..." <- The best hacker ever existed just like Terry, the smartest programmer who has ever lived.

<nioc> "At this point a decision..." <- This is a conversation for MRL. No need to have cryptography discussions in this channel imo. Only discussions as necessary. Frankly doing it here would invite a waaaaay to high noise to signal ratio

Fwiw, it's totally fair though to share and ask questions about what will change and why

But it's just too difficult to talk in full detail here about everything. That's what MRL is for, which anyone can join of course :)

Triptych has severe multisig drawbacks, which is unfortunate, but luckily new options have arisen

I didn't feel like bringing my ignorant noise there

So the takeaway imo is to take the BP+ and ringsize bump win ASAP, and then move to whatever ends up making the most sense late 2022 / early 2023

love how matrix cuts off your quote, now I get to scroll back

and yes there has been little discussion there for weeks and not many that are in this channel are there

is the discussion happening on github sgp_[m] ?

I think it was mostly at the last MRL meeting

That said, I think the whole process there is shaky and should be improved for easy following. I've advocated for that for years also :)

That was my entire Defcon 2019 talk

that feels like a lifetime ago

sgp_[m]: Whole process where?

More MRL regular meetings, easier roadmaps, easier summaries

One of those things that needs buy-in though from the contributors, and needs a champion

cue song

I can champion for MRL but there's some skepticism of worthiness, at least in my observation

It's simple, we just need a genius c++ coder cryptographer community organizer who can chair regular meetings while producing digestible summaries of the merits of various transaction models and doing daily AMAs on Reddit.

Surely the field of candidates is vast 😭

Hit the nail on the head lmao

I hope geonic is banned on Matrix/IRC/Reddit. It's obvious he is nothing but destructive reddit.com/r/Monero/comments/pi83hw/slug/hbquf2y

them's fightin' words sgp. that song really pumped you up.

They are. I'm not holding back anymore. Your actions today were completely terrible and you deserve to not have a voice here

haha. ok, Champion.

I've shared similar thoughts: reddit.com/r/Monero/comments/pi83hw…g_why_triptych_is_taking_so/hbpkdrv

The post was blatantly false and used to be the means to an end at any cost, a regularly recurring theme with geonic across Matrix, Reddit, and Twitter.

+1000

it's insane how much drama a single person can cause

let's see how many Diego fans can pile on to retaliate for having their friend fired.. genuinely curious.

Fan club meetings are on Tuesdays.

sarang won't be the last person to quit if geonic continues with his games

DiegoSalazar[m]: Honestly, stfu.

selsta: maybe you forgot your comment? "sarang hasn't worked for monero for a year"

geonic: Honestly, stfu. This has nothing to do with Diego, and everything to do with your continued hostility towards the people who do real work around Monero.

I'm done with the "sarang will quit if" threats tbh. that was half of what this thread was about

Your supposed reason is asinine.

If you have researchers begging to work on Monero for CCS funds, then stfu and bring them in.

Sarang is a victim but it's not just that either (though it is part of it)

Using lies and slander and misinformation to "create discussion" is insane and a massive cause of division and hostility in the community where none should be.

sgp: I know you like playing the victim, but don't assume everyone does

Geonic it's really strange how you use the nuclear option every time. You could have asked for and scheduled a meeting. And no, it doesn't take anyone who's a part of the "in crowd" to do that.

If your only way of getting things done is swinging a hammer wildly around, then it's a net negative for the community, regardless of what little good it does in the short term.

TIL that me as a 19 yo responding as MRL to the Monerolink paper was me being carefully selected by the powers that be

100% agreed.

So many simple and useful ways to contribute and drive positive change.

if one sentence and a screenshot gets your panties in bunch so much... I can't imagine how you'd deal with a real threat

Aggressive and hostile lies, entrapment, and witch hunting is something that should not be tolerated.

geonic: You are a pest and I want to get rid of it

DiegoSalazar[m]: it seems to me that others are reaching for the nuclear option :)

sgp_[m]: I'm waiting for the verdict.

No, you did.

You chose this, like you always do.

You could have been a civilized human being and chosen to engage in a reasonable way.

sethsimmons: you've become the witch hunter you despise

LOL

Sure thing bud

Yeah that's so stupid

You're the first person I've actively supported getting banned.

And I have tried countless times to reason with you in DMs and publicly.

reason with me by asking me to delete my thread? if my thread broke any rules you would've deleted it

Everyone else I have had conflicts with I have been able to resolve it quite easily via DMs.

You use a talent for purely hostile and negative reasons.

so no I won't self-censor because you don't like what I'm saying, Seth.

geonic: I asked instead of deleting it.

That is reason.

I have the power and mod support to delete it.

Because it's a blatant lie and an attempt to mislead redditors.

I chose instead to attempt to reason with you in DMs and explain my thinking.

"No lying" isn't a subreddit rule, and retracting provably inaccurate statements is not self censorship

>As a fellow community member and someone who knows you mean well, you should really delete this.

> I obviously will not as a mod, but this is blatantly false and just stirring up unnecessary drama.

This is all I said for those interested in DMs.

let me know when the lynching is so I can be there on time

his goal of baiting everyone into discussions is working again

Then lets get this over with and move to action.

Enough is enough.

hahaha

There is nothing to be gained with further discussion with geonic, as he has made clear over the years I have tried to reason with him.

He has some good intentions but using a malicious and hostile approach to accomplish them.

Mods, if blatant lies are now on the table and not reason to be banned, I won't be surprised if people come in and accuse others of being plants, FBI, or aliens, and the precedent set here is that the voices should be allowed to stand.

It's unfortunate, but he has made it clear he will not stop or change both privately and publicly.

DiegoSalazar[m]: I was accused of being an FBI agent today. reddit.com/r/Monero/comments/pi83hw…g_why_triptych_is_taking_so/hbqfbxo

impending ban?

Geonic, we can have someone talk to him and explain its not appropriate. He may remove after being talked to. You, absolutely still not.

geonic: "there is nothing like a friend who can tell you you're just pissin in the wind"

I am basically no one, but I support a temporary ban for no other reason than to improve the signal to noise ratio across reddit and matrix

I normally would say temp as well.

But over the years I have engaged with geonic he has made it clear he has no intention to change.

Temp until genuine apology tbh

If others are for a temp ban I am fine with that, but I would prefer perm.

If that never comes so be it

sgp_[m]: That would be fine with me.