-
moneromooo
It occurs to me that we do not actually need the intra ring randomness. We could have a function that's always gamma like, just with an offset/seed.
-
moneromooo
That would essentially make every ring encoded as 4 or 5 bytes.
-
moneromooo
We'd just twiddle the offset so the generated curve hits the real output.
-
moneromooo
However, this sounds too good to be true. What stupid thing am I doing ?
-
moneromooo
(beyond leaking some info about the rough age of the real spend, which is something that can be addressed by making offsets larger too for more recent spends)
-
sethsimmons
Do you mind explaining what that would mean for transaction efficiency/new things able to be done with transactions, etc?
-
sethsimmons
I'd also love to get more eyes on:
monero-project/research-lab #84
-
moneromooo
Was that question for me ?
-
sethsimmons
Yes, not sure the implications of what you're suggesting with the offset/seed function
-
sethsimmons
It's a bit over my head but I'd like to understand it 😅
-
moneromooo
If so, it'd mean smaller txes, since rings are > 4 or 5 bytes now. It'd be especially good with larger rings.
-
sethsimmons
Ok, that's what I figured!
-
moneromooo
A bit of circular explanation but there's nohting more to it really.
-
sarang
This is the sort of thing proposed by Chator and Green:
ieeexplore.ieee.org/abstract/document/8406559
-
sarang
-
moneromooo
Ah, I didn't realize they just removed the function too. Thanks.
-
zkao
ArticMine, luigi1111w: can you give voice to h4sh3d?
-
NickvanSaberhagn
I think leaking the rough age of the real spend is a big deal, and should be carefully considered if privacy is simply being reduced for saving space
-
NickvanSaberhagn
Alice buys a religious text from Bob in a country where it was illegal. Alice uses an output that is aged long ago, early enough where fewer transactions occurred, or perhaps the age of the output can be correlated to some other piece of info, perhaps her receiving an inheritance or some other financial windfall
-
NickvanSaberhagn
The age of the output helps with probabilistic guesses on the purchaser of the illegal religious text
-
NickvanSaberhagn
But maybe my concerns are trivial to address :D
-
UkoeHB
moneromooo: regional bins (random selection in clumps) are useful in case your gamma distribution isn’t perfect, or in case an adversary has specific timing data about your tx. Adding more members along the gamma distribution has diminishing returns as well.
-
gingeropolous
just to clarify, the idea is to select ring members around the real output instead of the whole blockchain?
-
UkoeHB
You can’t offset a gamma distribution directly. I.e. if you have a gamma distribution and a real index, if you randomly select a member of the distribution and offset all members so that one lands in the real index, then the resulting members will no longer be on a gamma distribution that matches against the true selection distribution (probability profile of a real spend). This lets you directly analyze the true
-
UkoeHB
spend’s index.
-
UkoeHB
gingeropolous: the idea is to select eg 11 bins from the gamma distribution, and in each bin are eg 11 ring members selected from a small region of the chain
-
gingeropolous
so total ringsize would be 11^11? sorry if im being a dumbass
-
UkoeHB
That crowd paper has the idea to randomly select from a uniform distribution, put the offset in that uniform distribution so the offset is also uniform, then map the distribution onto a gamma distribution.
-
UkoeHB
Yes
-
moneromooo
Wicked! Better than zcash.
-
UkoeHB
No
-
UkoeHB
Yes sorry
-
moneromooo
Unless you meant xor
-
UkoeHB
11^2
-
UkoeHB
A bit fuzzy headed
-
UkoeHB
-
gingeropolous
yeah meant 11x11. sorry
-
sarang
You can set whatever parameters you want; they don't have to be the same
-
UkoeHB
My proposal has floor(sqrt(ring size)) as number of bins, and ring members are distributed among the bins