any cryptographers around?

has anyone ever heard of a low-level attack which involves changing the ciphertext parameters on an externally connected drive, effectively rendering it unable to be decrypted by the proper key?

s/sdb/sdx/

<emolesimbra[m]> "has anyone ever heard of a low-..." <- Depend of the tech utilized.... (full message at libera.ems.host/_matrix/media/r0/do…34a756ab3a88b934e48cdd162c5073f0437)

s/sdb/sdx/, s/rig/rid/

They real disk key is derived from a key that is in the header + the password so getting rid of the header is irreversible.

s/disk/encryption/

right, so have you heard of any attacks that do this? what is the strategy?

emolesimbra: This is off topic for this channel. Please take this to #monero-research-lounge:monero.social or somewhere else.

this attack may have implications for monero. i don't see how it is off topic

a drive containing a large amount of crypto currency may have been attacked using this type of technique. i was wondering if anyone has heard of anything similar happening to help understand what the attack is beyond sabotage.

Well, anything having access to root can do that.

That's why backup exist (you can also backup the LUKS header)

Just keep you're seed phrase safe.

does anyone know of techniques/technology to read data that was overwritten on thumb drive? does physical location in memory change on some of these overwrites?

This has nothing to do with crypto and all to do with backups, as said above. If you keep your stuff unencrypted, someone can also zero it for the same effect.

you can't separate crypto currency security from crypto. it's the most important aspect, especially with privacy oriented ones which rely even more heavily on encryption

If you go to #monero-research-lounge then people will stop complaining about off-topic. Simple as that

endo

Hi my friends, this is Lazarus, an undergradd at Brown University

Sup

Good to meet you!

I am an undergrad at Columbia University

Spicypunk

👋

excellent username Lazarus. If only I had chosen that myself :) welcome

hello spicypunk, also a nice username haha

feel free to ask any questions, Especially if they're about monero research. there are lots of topics that can be contributed to

endogenic: is anyone actively looking at research into better cryptographic alternatives than ring signatures - e.g. Halo/Orchard (are there any other candidates out there?)

I guess you could say I'm attempting to organize research on that. but yes the Stanford Blockchain conference this week was quite full of talks on technology that will eventually become a good enough replacement for ring signatures. Things are not quite there yet but we're certainly getting closer

I'm not aware of other candidates yet

ok cool

<endogenic> "I guess you could say I'm..." <- any talks/links you can share?

hm idk where theyre posted but i know someone was stream-watching them, live. check out Benedikt's talk, and Pedro was on a bunch of papers too

a possible quantum-secure output migration method that can be enabled with Seraphis by adjusting how private keys are generated: monero-project/research-lab #105#issuecomment-1235825699

also recommend "Conservative crytographic design" by Lindel on day 2

The very first question in the Q and a session at the end asks about snarks and it is noted that they rely upon nonfalsifiable assumptions

The reply is that if you're only relying on it for a very low stakes operation like a rollup then maybe it's OK but certainly not something you would want to use for a very high stakes transaction

<endogenic> "The reply is that if you're only..." <- yes. i didnt understand the rush to beg zcash for permission for it

Well it is an extremely powerful technology and it would certainly solve a lot of our problems in one go, if it were actually suitable. A lot of progress has been made so we need to keep an eye on it, but probably more importantly, we need to make sure we prioritize supporting the people who are qualified to actually keep an eye on it

We are dead in the water without them

In my personal and hopefully humble opinion we failed to prioritize the well-being of those people who are most critical to the community so if I have an opportunity to say something publicly then I'll use it for that

publicly as in right here fwiw

powerful, yes potentially. i like monero's somewhat conservative approach, but if a version of snarks/starks comes around that is tailor made for monero and vetted etc then its a no brainer.

ill check out those links you shared, thanks

With ring size around 128 with Seraphis plus the results of my improved decoy selection research, Monero will be in a very good position. The only remaining risk I think would be EAE/EABE attack.

Plus eliminating various source of transaction non-uniformity like too-precise fees

un

um

so, a lot of issues

many we dont even know clearly about yet

there's no good reason for you to argue against my comments Rucknium[m]

and i have also raised a concern about seraphis which no one who is still here seems to pay attention to

yet

so excuse me while i ignore you

endogenic: remind me?

i've written about it before

so no

link then?

Maybe that's why people do not pay attention to it...

I've worked on a bajillion things for this project, throw me a bone...

i guess we have something in common then

moneromooo i get it

but i'm not here to defend technical points against giants

i'm here to cause this culture to change from a dangerous one into one where we can welcome humans safely

i am not blind or as foolish as it sounds and i have to accept that for now

one where we allude to concerns but won't elucidate? this seems hostile

Go study some Carl Jung then

I think it's time for me to stop commenting here for now

What did Carl Jung say about Seraphis?

Yeah. 40% speed-up means you can recover a private key in 1.7 trillion years instead of 2.4 trillion.

That's not what the bitcoin collider does. I'm shocked and saddened that you would misrepresent the issue

I mean the very premise of your statement is flawed in the first place so I can only assume you're just attempting to create drama. The bitcoin collider does not get a specific key. There's no way an attacker would even know if they had guessed the right key unless they knew things like the amounts before hand. It just has any key. How many wallets can there possibly be? And what percentage of those have any money in

them, now and in the future? That is the actual amount of time it will take to guess something that will harm someone. Are you saying you have some calculus about how many wallets we can sacrifice to gain a certain % scan speed increase? come out and say it

you're just arguing my above point for me so thanks

has -> guesses

the point about the unsafety and insanity so many left here now rationalize

wake up

<Rucknium[m]> "With ring size around 128 with..." <- I agree and suspect poisoned outputs (EABE) to be the biggest threat to Monero's strong privacy claims. Most merchants who accept XMR use the Kraken API to auto cash out into fiat. I was discussing this earlier with SGP which prompted the twitter poll. Does anyone know if there has been any research into mitigations which do not use "churning" (vulnerable to mergine outputs) or

cause chain-bloat?

merging*