05:45:18 hello i’m new around here. my background is in deep learning research engineering and software engineering, quite a bit different than the cryptography scene. 05:45:18 i’m interested in keeping up with and maybe contributing to the new optimizations/privacy techniques for monero. 06:11:30 Hi nollied welcome. Here is a list of topics some researchers have been looking into https://github.com/monero-project/research-lab/issues/94 06:43:52 "Hi nollied welcome. Here is a..." <- thanks! this is great. i just read the potential deanonymization attacks… it’s actually very concerning, particularly the flashlight attack. 06:43:52 i don’t think the community really understands the grave nature of these exploits. 06:44:07 (i sure didn’t) 06:48:49 it’s also interesting to note that, all of the exploits are rated as a 7/10 impact. is this because the divergence from ring signatures is a 10/10? 06:50:19 * > <@ajs_:matrix.org> Hi nollied welcome. Here is a list of topics some researchers have been looking into https://github.com/monero-project/research-lab/issues/94 06:50:19 thanks! this is great. i just read the potential deanonymization attacks… it’s actually very concerning, particularly the flashlight attack. 06:50:19 i don’t think monero users really understand the grave nature of these exploits. 07:32:09 nollied what they call "flashlight" attack we call "poisoned outputs": https://www.monerooutreach.org/breaking-monero/poisoned-outputs.html 07:32:22 I recommend reading the whole breaking Monero series 07:32:57 also note that they use ring size = 3 in their examples whereas it's actually 11 now and will be 16 after the next hard fork 07:33:29 single output churning is quite efficient against this attack, though there are still discussions on how to do churning properly 15:02:28 Meeting in 2hr 16:26:58 nollied: This machine learning project by xmr-ack may interest you: 16:26:59 https://github.com/MAGICGrants/Monero-Fund/issues/15 16:29:16 sech1: I updated the GitHub issue with Poisoned Outputs 17:03:07 Meeting time? 17:03:34 Meeting time! 17:04:20 ah my bad, meeting time 17:04:37 https://github.com/monero-project/meta/issues/677 17:04:37 1. greetings 17:04:37 hello 17:04:45 sorry, got distracted writing code :p 17:05:19 Hello 17:05:29 Hi! 17:05:34 Hi 17:05:38 Hello. (By the way, last meeting's issue (#674) needs to have the meeting log posted.) 17:06:06 :waves: 17:07:50 Rucknium[m]: done 17:08:00 2. updates, what is everyone working on? 17:09:57 been working mostly on background wallet scanning-related tasks in Monerujo, planning to provide Ruck with a step-by-step description of the decoy selection algo so they can potentially turn that into a mathematical definition 17:10:04 Im still working on my Monero Python Inflation Checker... I think I understand MLSAG txs now. I also have a Python script working to verify a simple tx. 17:10:11 I am proceeding with a two-pronged strategy to identify nonstandard decoy selection algorithms. The first is by asking wallet and service developers about their algorithms: https://github.com/monero-project/research-lab/issues/99 Thank you to those who have contributed so far. 17:11:06 me: Still working on multisig stuff. Yesterday I completed a 'multisig account conversion' workflow that lets you convert a group of cryptonote-compatible multisig accounts to seraphis-compatible accounts. This is necessary because the base spendkey of seraphis uses a different generator (generator U instead of G), so the multisig key must be recreated on the new generator. I had to implement a new dual-base vector 17:11:06 proof for robustly recreating keys, which is here: https://github.com/UkoeHB/monero/blob/seraphis_lib/src/multisig/dual_base_vector_proof.h. 17:11:45 The second prong is to partition transaction by certain nonstandard features, such as `unlock`_time` and `tx_extra` and examine the ring member age distribution of the different transaction classes. 17:13:44 3. Let's try something new today. What are things people want to do / plan to do in the coming weeks? 17:14:16 In the next few days, the MAGIC Monero Fund will have an announcement about xmr-ack (ACK-J)'s machine learning grant proposal. 17:15:53 As soon as the header files from the Seraphis wallet PoC stabilize and become available I intend to work on wallet migration strategies in earnest 17:16:48 me: I have some more work to do related to this PR https://github.com/monero-project/monero/pull/8220. I also want to get multisig seraphis txs implemented (all the pieces are ready now I think: aggregation signing, account conversions, composition proof multisig methods with a robust nonce handler). Monerotopia is coming up in 2 weeks, where I will be presenting about seraphis (still need to get the content figured 17:16:48 out). 17:17:38 rbrunner: yeah sorry, this multisig stuff has been taking a lot longer than expected 17:18:00 No problem :) You mean that 8220 will get some changes? 17:18:10 Thinking about testing that 17:18:13 only small ones 17:18:47 however, a workflow change to multisig messaging is coming 17:19:15 ? 17:19:23 basically you need to re-broadcast the final key generation messages to other participants, once your account is complete 17:19:42 I was wondering if I can open a CCS proposal for that project that I am working on. From my side, it would be awesome at this moment of my life, to work in this project. I believe I can evaluate the workload and the expected results now. From the community side, I believe I could address many of the questions about inflation that people come with frequently. I would also to have closer contact with you guys as I certainly 17:19:42 will need your support for the questions that appear. Do you guys think it is doable? If you guys, think it is a nice idea, I will write the proposal of what I would like to do tonight and send here. Otherwise, I would continue still working on this project but in my pace and answering only my concerns for now. :) 17:20:08 They can be ignored if you already got those messages from someone else, but this 'rebroadcast' step is necessary for robust/reliable results in the generic case. 17:21:26 dangerousfreedom: I think the work you have done so far is very impressive, and demonstrates you have the skill and perseverance to get a good end result. 17:21:34 "Do you guys think it is doable?" I don't see what speaks against it. I think you could people getting intererested. 17:21:42 In the next weeks, I will hopefully be setting up the scientific review panel from my OSPEAD CCS proposal, since I am getting close to finishing the completed research plan for exactly how the real spend age distribution will be fit. Right now my working list is Artic Mine, isthmus, binary Fate, jberman, and Syksy. I am open to others joining, but note that members of the panel have to be trusted members of the community. That 17:21:42 way, I will be ready to "hit the ground running" once the hard fork takes effect on mainnet. 17:24:39 UkoeHB: Certainly progress, a more robust workflow, I just wonder whether how much farther into the future that may push the hardfork if we want to include such a heavy change 17:24:40 dangerousfreedom: The question of auditability of the supply and worries about counterfeiting bugs appear pretty frequently on Reddit and Matrix/IRC, so I think you could get support for an independent effort so that we could point to it when the questions come up again 17:25:00 Awesome! I feel confident now to give timelines and expected results. I believe I have a minimum understanding of what should be done, the difficulties and how to get people interested in solving/understanding this issue. It would also be great to address people's concerns and give some good resources for debating this question :) 17:25:28 rbrunner: it won't affect the RPC interface, but may require changes in MMS, guess we will see 17:25:50 dangerousfreedom: Just mentally prepare for quite a number of people that don't want to get convinced :) 17:26:57 Hahahaha I'm just trying to understand as the others do also :p 17:26:57 If there are questions that I dont understand I will turn to you guys haha 17:27:13 Yeah, after the multisig address gets known, the MMS currently thinks all is well and stops ... 17:28:06 I'll clarify more about why rebroadcasting is necessary in the PR 17:28:15 heavy +1 to dangerousfreedom ! What you're working on I think is an awesome complement to educational materials out there like ZtM/Mastering Monero, I think people who want to understand Monero better will find solid value in it, myself included 17:28:25 I don't have an overview anyway where hardfork preparation currently stands ... 17:30:42 still kinda stuck on multisig stuff sadly 17:31:08 Such a rebroadcast might mess up current MMS workflows pretty badly, if I think about it. Need to check after you documented. 17:31:50 Not that anybody uses the MMS, but hardforking and not having it working at all would be ... suboptimal :) 17:33:46 should be ready later today 17:34:04 4. we can move on - any other topics to discuss? questions/comments? 17:34:07 Splendid. 17:34:49 Maybe this is a -dev topic, but is there a sense of how long the "grace period" should be in the "double fork" where both 11- and 16-size rings are allowed? 17:35:38 Hmmm, as short as possible? I think a former such grace period was only a single day 17:36:49 yeah, a single day was used in the past. i think its just meant to cover txs that are in the txpool at time of fork 17:37:18 I would like to let everyone in MRL know that MoneroKon venue is confirmed and we would really appreciate if researchers would think about presenting some of their research. The CfP is found at monerokon.com 17:37:22 For this, even a day should be generous 17:38:44 The goal is to present as high quality research as possible, so it would be great if some here thought about putting in a proposal. Can be for a talk, a workshop, or even a panel discussion. Remote presentations are also possible, if traveling is an issue. The event is June18-19 in Lisbon, Portugal. 17:42:41 midipoet: Thanks! The 1000 character limit for the abstract seems a bit short. Is there an opportunity for applicants to submit an additional attachment explaining the proposed talk/workshop? 17:44:16 Rucknium[m]: that is a good question. if you are having trouble with the limit, you could just paste a url in the abstract section, that points to a pdf, etc. 17:44:52 we do prefer brevity, but perhaps the 1000 character limit is a bit too concise 17:48:02 It seems like we are at the end of the meeting. Thanks for attending everyone. 17:54:20 Rucknium: character limit increased to 2000 18:34:09 Below the requested tsqsim benchmark: 18:34:09 https://www.reddit.com/r/Monero/comments/tl5w1b/tsqsims_benchmark_new_tool_designed_for_monero 19:13:52 rbrunner7[m]: ok here https://github.com/monero-project/monero/pull/8220#issuecomment-1076724880 21:28:22 "[Zcash] NU5 activation and Halo Arc release delayed for remediation of consensus bug in testnet" 21:28:23 https://electriccoin.co/blog/nu5-activation-and-halo-arc-release-delayed-for-remediation-of-consensus-bug/ 21:57:01 This makes me so frustrated: https://zcash.github.io/orchard/user.html 22:01:57 I guess that page is just for api-like stuff... I really want something like section 3.1 of my seraphis paper.