Is there a reason MyMonero couldn't use SGX enclaves, so that MyMonero wouldn't see its users' plaintext tx data unless SGX is broken?

How about the fact that SGX is broken? (Look up SGAXE attack)

Well while it is broken a lot of it require physical access and while I don't like SGX as a tech in certain scenarios can be useful where threat level isn't so high .

Intel claims SGAxe was patched here (blogs.intel.com/technology/2020/06/…s-security-advisories-for-june-2020), but ya, SGX seems pretty shitty to rely on. Maybe a small step above security by obscurity/using plaintext data, but probably valid to think not

SGX enclaves have very small hot storage, so it wouldn't be feasible to store all user view keys in the enclave.

Just as a thought exercise, I assumed a user's client generates view keys, and passes them encrypted over to wherever the enclave sits so that the enclave operates on it. Is that an incorrect view of how they work? Aka couldn't the view key be stored encrypted outside the enclave?

they could be but I'm guessing performance would be a lot lower than present

yeah, plus you have to make everything constant time or it's pointless

I assumed this is what mobilecoin was doing, but seems like they're tagging outputs on-chain with a sort of hint that can only be decrypted by the SGX to determine which outputs are a user's (github.com/mobilecoinfoundation/mobilecoin/tree/master/fog), which I guess is more performant?

I see Mechanics of Mobilecoin explains this pretty in detail, will read there

:p

How easy it would be to even hide the xmr transaction time stamps such that it's not possible to even determine what time a transaction took place? This can be done by swapping a random transaction from the blockchain by the current transaction or shuffling the blockchain periodically , are there any other solutions that can be implemented to achieve timestamp anonymity?

And shuffling operation itself can be a useful proof of work

Transaction are mined in blocks and it's known when each block was mined

active network observer could also store timestamps when each transaction enters the mempool

sech1: How about not disclosing when a block is mined unless after say a few hours and then notifying a shuffled block

that's not how mining works

I read some where that it's possible for rougue entity to delay informing mined block etc, this is usually used for a 51% attack.

May be mining algo needs to be modified for this?

Just brainstorming though

Is there no way we can obfuscate timing info , such that an observer too can't decipher

If this is done then it will give it a very strong privacy and security to the blockchain

The temporal order of blocks is pretty much what makes a blockchain a blockchain. Everyone knows that the average time between blocks is 2 minutes. If blocks didn't have timestamps, you could still figure out an approximate time by counting backwards (2 mins per block until you get to the one you're interested in)

The blocks need to be in the specific order for the blockchain to function, so you can't shuffle them

<carrington[m]> "The temporal order of blocks..." <- No you could not figure out block times, because without timestamps there could be no difficulty adjustment, so you wouldn't know how long a block took to mine because you would have no real way to measure it

not having difficulty adjustment is an even worse problem lol

I meant if we hid the timestamps afterwards as the dude above suggested (obviously there other problems with that idea)

Can't hide timestamps afterwards either, since they are part of the blocm header that gets hashed (and they have to be hashed, otherwise anyone could modify them after the block gets mined and retroactively mess with the difficulty adjustment

Also blocks are not ordered by timestamps, they are ordered by the hash reference to the previous block

right, timestamps are not authoritative

In fact, you can have block N+1 with an earlier timestamp than block N

(Within some limit)

the limit is the median timestamp of the last 60 blocks

<carrington[m]> "The blocks need to be in the..." <- Shuffle it such that the cryptography behind it still remains valid. Maybe recompute it as a separate job and designate it as Pow job for which people get rewarded.

Maybe instead of using randomx we use "shuffle the blockchain" as a PoW algo. It will be much tougher then random x and asic resistant too

brilliant aberdeenik[m]. go code it up and come back when you're done.

I am just brainstorming for record. See if it helps the future monero versions. We need to make monero atleast as fungible as cash.

Most of the attacks happen through social engineering methods. So if say a malificient state siezes your private keys using malware etc. The state should not be able to get more information apart from the amount recovered. Timing information of transactions can lend itself to forensics.

Dude, stop reposting the same stuff in different channels and using multiple accounts

Say If cash is siezed then no one can determine the timings of individual cash notes. If monero is siezed we can know everything based on timings.

merope: It's an interesting research question.

And highly relevant.

it is the nature of blockchains. they are an immutable ledger. and they are built in a sequential order.

You're pulling stuff out of thin air

yeah, brainstorming really isn't productive on its own. you have to also reach evaluation/prioritaztion step, and weed out impossible ideas.

And this room is for actual research talk. Your random brainstorming is better suited for #monero-research-lounge:monero.social

(If anywhere at all)

And you definitely don't need multiple matrix accounts to do that

hyc: So you think it is impossible to hide timestamps if monero private keys are siezed?

he's already brought it up in -lounge

def doesn't belong in here tho

Well there are already regulations coming up which require you to submit your private keys. Timestamps would allow them to compute tax outgoing.

Private keys ? Or view keys

selsta : I've been reviewing the multisig patch, but it takes me a while for a couple of reasons

probably like 1/3 of the way through

ok thanks

Announcing the MAGIC Monero Fund to support research and development: reddit.com/r/Monero/comments/r8vbqj/announcing_the_magic_monero_fund

All of you should apply to be voters, and committee members also if you have the time!