Meeting 2hr. If I don’t make it on time someone else should lead

meeting time monero-project/meta #736

1. greetings

hello

Hello.

Hello

Hi

hmm low turnout today

well, let's continue

2. updates

me: wrote the first unit test of a seraphis tx spending legacy enotes, need to add a bunch more unit tests and update tx builders further (multisig will be a bit of work); also plan to write a serialization proof of concept for seraphis txs

In a few hours I will send the OSPEAD fully specified estimation plan to the scientific review panel, thus completing Milestone 1 of the CCS. It's about 80 pages. The plan is next week I will release a public version with about half of the content removed (for now).

This week I have been studying Seraphis again and opened a CCS (please upvote if you think it is useful). Although I have never contributed officially to Monero, it feels much less scary the tasks I am proposing to do in comparison to the work I did for moneroinflation. I should start getting my first results (or some problems) by next week regarding the audit framework.

Rucknium: I know you are a specialist in advanced statistics and probability. I have a question about gentian builds on the monero code which are done before a new verison is released. How many iterations of the checksums would be conclusive that the code is in fact valid? Keep in mind the code base is quite extensive and just a misplaced letter, or extra space, throws the checksum really askew.

Yes, but I'm not a specialist in cryptographically-secure probability.

one-horse-wagon[: do you mean how many people reporting the same checksum?

So thanks for the question, but there are probably better people to ask

UkoeHB: yes

presumably only one is needed - one out of the group of people you trust

My naive guess is that it is (Pr(Checksum is valid for one run of the compilation))^N, where N is number of people who ran the compilation. Since it is presumably independent and identically distributed.

3. we can do discussion; it will be a short meeting

UkoeHB: I felt it was very low and one would work, in thinking about it.

the best way is to build your own reproducible builds so that you don't have to trust others

dangerousfreedom: Could you explain task (1) in your CCS in more detail? The audit framework. So the goal is that the framework could be passed on to an audit firm or something? Is there a distinction between audit and peer review?

selsta: Absolutely. But the vast majority of Monero users don't have that capability and are dependent on others.

If someone releases binaries with a checksum that collides with the binaries produced by compiling from source, then no amount of re-confirmations will help you. The checksum only works in this case if you can't do a second preimage attack.

hi sorry I'm late. me: working through a bug from daemon/wallet hf compatibility check + finishing background sync mode + getting quotes on security proofs (and a comprehensive audit) for multisig from veorq and co (email going out today or tomorrow)

Rucknium[m]: No, the goal is to generate the proofs that you spend, received or that you have ownership on some inputs/outputs.

After I'm done with the first 2, planning to turn attention toward Seraphis

Very much like chapter 8 in ZtM2

But for Seraphis and providing code and information

So "audit" as in the same thing you did for moneroinflation?

If you concern is checksum-signers are colluding to claim that released binaries are compiled from public source code, then all you need is one checksum signer you trust to corroborate the other signers (or to reach a threshold of signers where you think 'collusion between all these people is very unlikely')

Rucknium[m]: No. It will be the code and some explanation regarding how to prove ownership of inputs and outputs.

Like the SpendProof that you have in your wallet

Ah ok

Sounds good...but general question: are we getting closer to formalizing Seraphis for peer review?

Koe still didnt do it so there are remaining tasks for me :p

Rucknium[m]: no progress has been made there

I need to update the paper once I am done with all this programming stuff

also here - updating my serialization branch/patch to work with json and remove the tons of macro changes on the branch

Ok.

and I started working on the noise protocol stuff for p2p, the code is a mess but in progress

vtnerd: Is there a written specification for the noise protocol?

there might be a discussion on which mode to use, because there are some interesting tradeoffs with privacy and whether the protocol even bothers to do authentication

yes

its been formally verified, etc, and there's a website, pdfs

UkoeHB Good point

I also have an open PR of our slightly modified version - some of the mods have to do with backwards compatability (i.e. detecting non-encrypted mode)

and some theres an i2p like modification for obscuring the first ephermal key, which isnt strictly necessary but makes fingerprinting slightly harder

How do I look up the protocol? Is it just called "noise protocol"?

otherwise its whatever noise protocol says

noiseprotocol.org

Thanks

discussion about seraphis integration is slowly ramping up, it would be great if people could chime in/participate github.com/seraphis-migration/wallet3/issues

ok I think we can call it here, thanks for attending everyone

Thank you!