-
nollied[m]
hello i’m new around here. my background is in deep learning research engineering and software engineering, quite a bit different than the cryptography scene.
-
nollied[m]
i’m interested in keeping up with and maybe contributing to the new optimizations/privacy techniques for monero.
-
ajs_[m]
Hi nollied welcome. Here is a list of topics some researchers have been looking into
monero-project/research-lab #94
-
nollied[m]
<ajs_[m]> "Hi nollied welcome. Here is a..." <- thanks! this is great. i just read the potential deanonymization attacks… it’s actually very concerning, particularly the flashlight attack.
-
nollied[m]
i don’t think the community really understands the grave nature of these exploits.
-
nollied[m]
(i sure didn’t)
-
nollied[m]
it’s also interesting to note that, all of the exploits are rated as a 7/10 impact. is this because the divergence from ring signatures is a 10/10?
-
nollied[m]
* > <@ajs_:matrix.org> Hi nollied welcome. Here is a list of topics some researchers have been looking into
monero-project/research-lab #94
-
nollied[m]
thanks! this is great. i just read the potential deanonymization attacks… it’s actually very concerning, particularly the flashlight attack.
-
nollied[m]
i don’t think monero users really understand the grave nature of these exploits.
-
sech1
nollied what they call "flashlight" attack we call "poisoned outputs":
monerooutreach.org/breaking-monero/poisoned-outputs.html
-
sech1
I recommend reading the whole breaking Monero series
-
sech1
also note that they use ring size = 3 in their examples whereas it's actually 11 now and will be 16 after the next hard fork
-
sech1
single output churning is quite efficient against this attack, though there are still discussions on how to do churning properly
-
UkoeHB
Meeting in 2hr
-
Rucknium[m]
nollied: This machine learning project by xmr-ack may interest you:
-
Rucknium[m]
-
Rucknium[m]
sech1: I updated the GitHub issue with Poisoned Outputs
-
rbrunner
Meeting time?
-
Rucknium[m]
Meeting time!
-
UkoeHB
ah my bad, meeting time
-
UkoeHB
-
UkoeHB
1. greetings
-
UkoeHB
hello
-
UkoeHB
sorry, got distracted writing code :p
-
rbrunner
Hello
-
dangerousfreedom
Hi!
-
wernervasquez[m]
Hi
-
Rucknium[m]
Hello. (By the way, last meeting's issue (#674) needs to have the meeting log posted.)
-
jberman[m]
:waves:
-
UkoeHB
Rucknium[m]: done
-
UkoeHB
2. updates, what is everyone working on?
-
jberman[m]
been working mostly on background wallet scanning-related tasks in Monerujo, planning to provide Ruck with a step-by-step description of the decoy selection algo so they can potentially turn that into a mathematical definition
-
dangerousfreedom
Im still working on my Monero Python Inflation Checker... I think I understand MLSAG txs now. I also have a Python script working to verify a simple tx.
-
Rucknium[m]
I am proceeding with a two-pronged strategy to identify nonstandard decoy selection algorithms. The first is by asking wallet and service developers about their algorithms:
monero-project/research-lab #99 Thank you to those who have contributed so far.
-
UkoeHB
me: Still working on multisig stuff. Yesterday I completed a 'multisig account conversion' workflow that lets you convert a group of cryptonote-compatible multisig accounts to seraphis-compatible accounts. This is necessary because the base spendkey of seraphis uses a different generator (generator U instead of G), so the multisig key must be recreated on the new generator. I had to implement a new dual-base vector
-
UkoeHB
-
Rucknium[m]
The second prong is to partition transaction by certain nonstandard features, such as `unlock`_time` and `tx_extra` and examine the ring member age distribution of the different transaction classes.
-
UkoeHB
3. Let's try something new today. What are things people want to do / plan to do in the coming weeks?
-
Rucknium[m]
In the next few days, the MAGIC Monero Fund will have an announcement about xmr-ack (ACK-J)'s machine learning grant proposal.
-
rbrunner
As soon as the header files from the Seraphis wallet PoC stabilize and become available I intend to work on wallet migration strategies in earnest
-
UkoeHB
me: I have some more work to do related to this PR
monero-project/monero #8220. I also want to get multisig seraphis txs implemented (all the pieces are ready now I think: aggregation signing, account conversions, composition proof multisig methods with a robust nonce handler). Monerotopia is coming up in 2 weeks, where I will be presenting about seraphis (still need to get the content figured
-
UkoeHB
out).
-
UkoeHB
rbrunner: yeah sorry, this multisig stuff has been taking a lot longer than expected
-
rbrunner
No problem :) You mean that 8220 will get some changes?
-
rbrunner
Thinking about testing that
-
UkoeHB
only small ones
-
UkoeHB
however, a workflow change to multisig messaging is coming
-
rbrunner
?
-
UkoeHB
basically you need to re-broadcast the final key generation messages to other participants, once your account is complete
-
dangerousfreedom
I was wondering if I can open a CCS proposal for that project that I am working on. From my side, it would be awesome at this moment of my life, to work in this project. I believe I can evaluate the workload and the expected results now. From the community side, I believe I could address many of the questions about inflation that people come with frequently. I would also to have closer contact with you guys as I certainly
-
dangerousfreedom
will need your support for the questions that appear. Do you guys think it is doable? If you guys, think it is a nice idea, I will write the proposal of what I would like to do tonight and send here. Otherwise, I would continue still working on this project but in my pace and answering only my concerns for now. :)
-
UkoeHB
They can be ignored if you already got those messages from someone else, but this 'rebroadcast' step is necessary for robust/reliable results in the generic case.
-
UkoeHB
dangerousfreedom: I think the work you have done so far is very impressive, and demonstrates you have the skill and perseverance to get a good end result.
-
rbrunner
"Do you guys think it is doable?" I don't see what speaks against it. I think you could people getting intererested.
-
Rucknium[m]
In the next weeks, I will hopefully be setting up the scientific review panel from my OSPEAD CCS proposal, since I am getting close to finishing the completed research plan for exactly how the real spend age distribution will be fit. Right now my working list is Artic Mine, isthmus, binary Fate, jberman, and Syksy. I am open to others joining, but note that members of the panel have to be trusted members of the community. That
-
Rucknium[m]
way, I will be ready to "hit the ground running" once the hard fork takes effect on mainnet.
-
rbrunner
UkoeHB: Certainly progress, a more robust workflow, I just wonder whether how much farther into the future that may push the hardfork if we want to include such a heavy change
-
Rucknium[m]
dangerousfreedom: The question of auditability of the supply and worries about counterfeiting bugs appear pretty frequently on Reddit and Matrix/IRC, so I think you could get support for an independent effort so that we could point to it when the questions come up again
-
dangerousfreedom
Awesome! I feel confident now to give timelines and expected results. I believe I have a minimum understanding of what should be done, the difficulties and how to get people interested in solving/understanding this issue. It would also be great to address people's concerns and give some good resources for debating this question :)
-
UkoeHB
rbrunner: it won't affect the RPC interface, but may require changes in MMS, guess we will see
-
rbrunner
dangerousfreedom: Just mentally prepare for quite a number of people that don't want to get convinced :)
-
dangerousfreedom
Hahahaha I'm just trying to understand as the others do also :p
-
dangerousfreedom
If there are questions that I dont understand I will turn to you guys haha
-
rbrunner
Yeah, after the multisig address gets known, the MMS currently thinks all is well and stops ...
-
UkoeHB
I'll clarify more about why rebroadcasting is necessary in the PR
-
jberman[m]
heavy +1 to dangerousfreedom ! What you're working on I think is an awesome complement to educational materials out there like ZtM/Mastering Monero, I think people who want to understand Monero better will find solid value in it, myself included
-
rbrunner
I don't have an overview anyway where hardfork preparation currently stands ...
-
UkoeHB
still kinda stuck on multisig stuff sadly
-
rbrunner
Such a rebroadcast might mess up current MMS workflows pretty badly, if I think about it. Need to check after you documented.
-
rbrunner
Not that anybody uses the MMS, but hardforking and not having it working at all would be ... suboptimal :)
-
UkoeHB
should be ready later today
-
UkoeHB
4. we can move on - any other topics to discuss? questions/comments?
-
rbrunner
Splendid.
-
Rucknium[m]
Maybe this is a -dev topic, but is there a sense of how long the "grace period" should be in the "double fork" where both 11- and 16-size rings are allowed?
-
rbrunner
Hmmm, as short as possible? I think a former such grace period was only a single day
-
gingeropolous
yeah, a single day was used in the past. i think its just meant to cover txs that are in the txpool at time of fork
-
midipoet
I would like to let everyone in MRL know that MoneroKon venue is confirmed and we would really appreciate if researchers would think about presenting some of their research. The CfP is found at monerokon.com
-
rbrunner
For this, even a day should be generous
-
midipoet
The goal is to present as high quality research as possible, so it would be great if some here thought about putting in a proposal. Can be for a talk, a workshop, or even a panel discussion. Remote presentations are also possible, if traveling is an issue. The event is June18-19 in Lisbon, Portugal.
-
Rucknium[m]
midipoet: Thanks! The 1000 character limit for the abstract seems a bit short. Is there an opportunity for applicants to submit an additional attachment explaining the proposed talk/workshop?
-
midipoet
Rucknium[m]: that is a good question. if you are having trouble with the limit, you could just paste a url in the abstract section, that points to a pdf, etc.
-
midipoet
we do prefer brevity, but perhaps the 1000 character limit is a bit too concise
-
UkoeHB
It seems like we are at the end of the meeting. Thanks for attending everyone.
-
ajs_[m]
Rucknium: character limit increased to 2000
-
mj-xmr[m]
Below the requested tsqsim benchmark:
-
mj-xmr[m]
-
UkoeHB
-
Rucknium[m]
"[Zcash] NU5 activation and Halo Arc release delayed for remediation of consensus bug in testnet"
-
Rucknium[m]
-
UkoeHB
-
UkoeHB
I guess that page is just for api-like stuff... I really want something like section 3.1 of my seraphis paper.