14:08:00 any cryptographers around? 14:09:00 https://dontasktoask.com/ 14:10:05 has anyone ever heard of a low-level attack which involves changing the ciphertext parameters on an externally connected drive, effectively rendering it unable to be decrypted by the proper key? 14:27:35 s/sdb/sdx/ 14:27:35 "has anyone ever heard of a low-..." <- Depend of the tech utilized.... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/afbcf34a756ab3a88b934e48cdd162c5073f0437) 14:27:43 s/sdb/sdx/, s/rig/rid/ 14:28:29 They real disk key is derived from a key that is in the header + the password so getting rid of the header is irreversible. 14:28:36 s/disk/encryption/ 14:31:25 right, so have you heard of any attacks that do this? what is the strategy? 14:34:30 emolesimbra: This is off topic for this channel. Please take this to #monero-research-lounge:monero.social or somewhere else. 14:36:26 this attack may have implications for monero. i don't see how it is off topic 14:37:30 a drive containing a large amount of crypto currency may have been attacked using this type of technique. i was wondering if anyone has heard of anything similar happening to help understand what the attack is beyond sabotage. 14:39:57 Well, anything having access to root can do that. 14:39:57 That's why backup exist (you can also backup the LUKS header) 14:39:57 Just keep you're seed phrase safe. 14:59:29 does anyone know of techniques/technology to read data that was overwritten on thumb drive? does physical location in memory change on some of these overwrites? 14:59:50 This has nothing to do with crypto and all to do with backups, as said above. If you keep your stuff unencrypted, someone can also zero it for the same effect. 15:01:16 you can't separate crypto currency security from crypto. it's the most important aspect, especially with privacy oriented ones which rely even more heavily on encryption 15:05:28 If you go to #monero-research-lounge then people will stop complaining about off-topic. Simple as that 16:51:56 endo 16:52:37 Hi my friends, this is Lazarus, an undergradd at Brown University 16:52:58 Sup 16:53:02 Good to meet you! 16:53:42 I am an undergrad at Columbia University 16:54:06 Spicypunk 17:00:37 👋 17:10:36 excellent username Lazarus. If only I had chosen that myself :) welcome 17:12:08 hello spicypunk, also a nice username haha 17:13:51 feel free to ask any questions, Especially if they're about monero research. there are lots of topics that can be contributed to 17:27:37 endogenic: is anyone actively looking at research into better cryptographic alternatives than ring signatures - e.g. Halo/Orchard (are there any other candidates out there?) 17:29:06 I guess you could say I'm attempting to organize research on that. but yes the Stanford Blockchain conference this week was quite full of talks on technology that will eventually become a good enough replacement for ring signatures. Things are not quite there yet but we're certainly getting closer 17:29:22 I'm not aware of other candidates yet 17:29:59 ok cool 18:35:26 "I guess you could say I'm..." <- any talks/links you can share? 18:55:39 hm idk where theyre posted but i know someone was stream-watching them, live. check out Benedikt's talk, and Pedro was on a bunch of papers too 19:08:10 https://cbr.stanford.edu/sbc22/ 19:21:00 a possible quantum-secure output migration method that can be enabled with Seraphis by adjusting how private keys are generated: https://github.com/monero-project/research-lab/issues/105#issuecomment-1235825699 19:59:42 also recommend "Conservative crytographic design" by Lindel on day 2 20:09:01 The very first question in the Q and a session at the end asks about snarks and it is noted that they rely upon nonfalsifiable assumptions 20:09:55 The reply is that if you're only relying on it for a very low stakes operation like a rollup then maybe it's OK but certainly not something you would want to use for a very high stakes transaction 20:55:00 "The reply is that if you're only..." <- yes. i didnt understand the rush to beg zcash for permission for it 20:56:52 Well it is an extremely powerful technology and it would certainly solve a lot of our problems in one go, if it were actually suitable. A lot of progress has been made so we need to keep an eye on it, but probably more importantly, we need to make sure we prioritize supporting the people who are qualified to actually keep an eye on it 20:56:58 We are dead in the water without them 20:57:23 In my personal and hopefully humble opinion we failed to prioritize the well-being of those people who are most critical to the community so if I have an opportunity to say something publicly then I'll use it for that 21:00:18 publicly as in right here fwiw 21:07:23 powerful, yes potentially. i like monero's somewhat conservative approach, but if a version of snarks/starks comes around that is tailor made for monero and vetted etc then its a no brainer. 21:07:37 ill check out those links you shared, thanks 21:09:27 With ring size around 128 with Seraphis plus the results of my improved decoy selection research, Monero will be in a very good position. The only remaining risk I think would be EAE/EABE attack. 21:09:53 Plus eliminating various source of transaction non-uniformity like too-precise fees 21:18:53 un 21:18:55 um 21:18:58 so, a lot of issues 21:19:04 many we dont even know clearly about yet 21:20:05 there's no good reason for you to argue against my comments Rucknium[m] 21:20:29 and i have also raised a concern about seraphis which no one who is still here seems to pay attention to 21:20:32 yet 21:20:38 so excuse me while i ignore you 21:26:35 endogenic: remind me? 21:27:20 i've written about it before 21:27:27 so no 21:27:34 link then? 21:27:53 Maybe that's why people do not pay attention to it... 21:28:04 I've worked on a bajillion things for this project, throw me a bone... 21:30:05 i guess we have something in common then 21:30:12 moneromooo i get it 21:30:22 but i'm not here to defend technical points against giants 21:30:43 i'm here to cause this culture to change from a dangerous one into one where we can welcome humans safely 21:31:07 i am not blind or as foolish as it sounds and i have to accept that for now 21:31:22 one where we allude to concerns but won't elucidate? this seems hostile 21:31:32 Go study some Carl Jung then 21:31:38 I think it's time for me to stop commenting here for now 22:09:58 What did Carl Jung say about Seraphis? 22:32:16 Yeah. 40% speed-up means you can recover a private key in 1.7 trillion years instead of 2.4 trillion. 23:18:55 That's not what the bitcoin collider does. I'm shocked and saddened that you would misrepresent the issue 23:25:27 I mean the very premise of your statement is flawed in the first place so I can only assume you're just attempting to create drama. The bitcoin collider does not get a specific key. There's no way an attacker would even know if they had guessed the right key unless they knew things like the amounts before hand. It just has any key. How many wallets can there possibly be? And what percentage of those have any money in 23:25:27 them, now and in the future? That is the actual amount of time it will take to guess something that will harm someone. Are you saying you have some calculus about how many wallets we can sacrifice to gain a certain % scan speed increase? come out and say it 23:25:34 you're just arguing my above point for me so thanks 23:26:05 has -> guesses 23:26:54 the point about the unsafety and insanity so many left here now rationalize 23:26:54 wake up 23:33:27 "With ring size around 128 with..." <- I agree and suspect poisoned outputs (EABE) to be the biggest threat to Monero's strong privacy claims. Most merchants who accept XMR use the Kraken API to auto cash out into fiat. I was discussing this earlier with SGP which prompted the twitter poll. Does anyone know if there has been any research into mitigations which do not use "churning" (vulnerable to mergine outputs) or 23:33:27 cause chain-bloat? 23:34:08 merging*