01:37:33 <DeanGuss> Any idea if the halo2 proving system zcash is implementing is good?
06:23:25 <Inge> Maybe it would be worthwhile to CCS a cryptographic researcher to really dig into it
10:16:55 <merope> First Zcash needs to sort out the BOSL licensing mess
15:04:34 <r4v3r23[m]> <hyc> "their advantage being, no..." <- agreed all this hype is unneccessary
16:10:23 <xmr-ack[m]> https://github.com/MAGICGrants/Monero-Fund/issues/15#issuecomment-1114446002
16:10:23 <xmr-ack[m]> Hey everyone. I just posted my April update for the MAGIC grant. Feel free to check it out and let me know if you have any questions. 
17:14:15 <sethforprivacy> So an update on exploring zk-SNARKs for Monero:
17:14:15 <sethforprivacy> 1. I have an offer from Amir Taaki (Dark.Fi) to provide all of the education necessary (he guesses 2wks for "mathy devs") to learn zk-SNARKs (a la Halo 2-style) and implement a rough PoC in C++
17:14:15 <sethforprivacy> 2. I have created an MRL meta issue to further explore and catalogue resources on trustless zk-SNARKs in Monero w/o Orchard code: https://github.com/monero-project/research-lab/issues/100
17:15:03 <sethforprivacy> I am directly in contact with Amir Taaki now and he has been extremely helpful, they want to provide whatever they can (sans funding, they don't have that flexibility with funding ATM) to help us in this exploration/PoC process if there are devs/researchers that can dedicate the time to exploring it.
17:17:54 <sethforprivacy> The main reason for making a concerted effort towards this now is that we very rarely get external offers of help and expertise in Monero, and I don't want this opportunity to go away for whatever reason while we wait. I know this won't necessarily be the most popular effort to drive, but note that this doesn't have anything to do with Zcash outside of their similar usage of trustless zk-SNARKs and work on developing some
17:17:54 <sethforprivacy> of the building blocks (but not all of them).
17:18:44 <sethforprivacy> This exploration I hope will not be tainted by "Monero v Zcash" issues, nor by my recent imperfect handling of other areas of exploration.
17:30:19 <sethforprivacy> s/I/We/
17:31:24 <sethforprivacy> As I am absolutely not a dev/cryptographer I would love any feedback, corrections, or suggestions for how we can better approach this, but am doing my best to bring together resources and people to give this a proper exploration (I hope).
17:33:03 <sethforprivacy> <merope> "First Zcash needs to sort out..." <- The above approach would preclude the need for worrying about Zcash's licensing or code, and the folks at DarkFi don't recommend their approach anyways (though of course I cannot validate their claims).
17:33:03 <sethforprivacy> CC Inge as well.
17:34:45 <sethforprivacy> <hyc> "we've talked at length in the..." <- Trustless zk-SNARKs via approaches like Halo 2 building on PLONK seem to hit the threshold for being both trustless and efficient, and are well worth exploring today, IMO. Lots of potential value, massive academic and developmental effort being poured into them across multiple ecosystems, and an active offer for help for Monero devs/researchers who are interested.
17:34:45 <sethforprivacy> Gone are the days of ridiculously inefficient and trusted-setup SNARKs, it seems.
17:34:50 <selsta> This seems 1-2 years too early :P
17:35:03 <sethforprivacy> selsta: Why?
17:36:41 <sethforprivacy> Again, not saying we deploy these today, just that we start the (long and slow) process of exploring them.
17:36:46 <hyc> "let's use zero knowledge" "let's use zk-snarks!"
17:37:04 <hyc> there's a lot more involved than just "use this"
17:37:19 <hyc> look at all the work going into seraphis/jamtis
17:37:31 <hyc> to define threat models, use cases, actual transaction protocol
17:37:45 <hyc> you can't just copy/paste zk-snarks into monero
17:38:19 <sethforprivacy> hyc: Have you bothered to read what I'm writing or the issue?
17:38:30 <hyc> I've read every word.
17:38:37 <sethforprivacy> How in the world could you interpret any of it to "let's just copy-paste zk-SNARKs into Monero"?
17:39:16 <sethforprivacy> The entire reason I'm walking down this road and pulling resources together is so we can at least understand the viability and changes necessary if we want to go this route at some point.
17:39:35 <sethforprivacy> I am not saying it will be easy, nor that it's a minor migration (it's massive), nor that we. should do it today without understanding the implications.
17:39:48 <sethforprivacy> I have no idea where you're getting this idea of "let's just use this!" from.
17:40:11 <moneromooo> So someome is willing to look at the tech and whether it can be applied to monero ? Sounds like a good idea to me.
17:40:37 <selsta> I'm not sure who is supposed to do this.
17:41:00 <hyc> nobody has said they're going to investigate it, so far. Amir Takki has offered to mentor someone.
17:41:20 <moneromooo> Oh. Too bad,
17:41:56 <sethforprivacy> hyc: Seraphis was first proposed in June 2021 (almost a year ago) and is 2y out most likely. That means if we want to even have the opportunity to implement something like zk-SNARKs in Monero in the next 5y we need to start exploring it ASAP as we are not even in the "clear proposal is made" stage.
17:41:56 <hyc> I agree with selsta, seems 1-2 years premature
17:42:40 <selsta> working on a PoC now when things can majorly change in 1-2 years seems like a waste, especially if it takes dev power away from Seraphis
17:42:50 <sethforprivacy> moneromooo: A team implementing trustless zk-SNARKs wants to provide education/bootcamping to Monero devs/researchers who are interested in learning to implement zk-SNARKs and build a PoC for Monero to explore the concept for potential future use.
17:42:59 <hyc> sethforprivacy: it's stupid to plan it now. assuming we deploy seraphis, it will be at least several months of operational experience before we know what shortcomings we want to fix.
17:43:00 <selsta> (that is if someone is even interested in doing this)
17:43:03 <moneromooo> Then if someone around who has a clue about crypto wants to do this, more power to them. Can always be useful, and if not, nothing lost.
17:43:46 <moneromooo> (sure, opportunity cost, but I assume time will not be the bottleneck)
17:44:30 <hyc> yeah, ideal research project for a grad student who is not currently busy contributing to monero project
17:44:31 <selsta> anyway if someone is interested (and they have the necessary skills) they can comment on the issue
17:44:33 <sethforprivacy> hyc: Again, not "plan", explore.
17:44:43 <sethforprivacy> No one is planning a migration to zk-SNARKs now, obviously.
17:45:57 <sethforprivacy> I'm in no way suggesting this get done today, just trying to start the convo and see if anyone is initially interested in the current offer from DarkFi folks. If no one is I'll continue compiling useful info and resources and learn what I can on the side.
17:46:19 <sethforprivacy> I've also (hopefully) been very clear I don't want this to supplant or delay Seraphis.
17:47:11 <sethforprivacy> selsta: So your proposal (and hyc's, it seems) is just to sit on it for 1-2y until Seraphis is live for some time?
17:47:39 <selsta> sethforprivacy: no, if someone is interested in exploring this they can obviously do this now
17:48:01 <sethforprivacy> Understood
17:50:24 <sethforprivacy> My main concern with this not getting any traction now is that the known flaws in ring-signatures might grow worse through some unforeseen circumstances and we would have no alternatives even explored, much less in the pipeline. I know Seraphis will reduce some of the active attacks effectiveness and provide greater protection against probabilistic heuristics, I just worry that if we bank on that entirely we'll be 3-5y away
17:50:24 <sethforprivacy> from something like trustless zk-SNARKs still at that point.
17:50:24 <sethforprivacy> Don't want all of our eggs in the ring-sig basket in the meantime, if we can help it.
17:51:33 <sethforprivacy> I know we're always tight on dev/researcher resources but am hoping maybe someone would be interested in exploring this further who can better assess the tradeoffs and implications before we deploy Seraphis.
17:51:50 <sethforprivacy> s/maybe//
18:01:10 <sethforprivacy> If nothing else the issue can act as a compendium we can refer back to and grow over time to give us a good future base to launch from.
20:24:47 <amd_psp[m]> Seth For Privacy so I'm just a uni student who recently got into Monero, but I love cryptography so I'm willing to look into this :)
20:30:34 <sethforprivacy> <amd_psp[m]> "Seth For Privacy so I'm just a..." <- Great! Please let me know if you have further questions past what's in the repo, or come across useful resources as you're exploring -- and if you decide to take on one of the open questions let me know if you jot down notes in another issue or gist and I can link to it.