15:00:50 <UkoeHB> Meeting 2hr
16:51:39 <premined_POS> Thankful for being here
16:57:56 <one-horse-wagon[> Hello.
16:59:14 <hyc> hi
17:00:17 <premined_POS> Not very good conection over here sorry 😅
17:01:22 <Rucknium[m]> Hi
17:01:23 <UkoeHB> hi, meeting time
17:01:30 <rbrunner> Hello
17:01:46 <dangerousfreedom> Hello
17:01:52 <UkoeHB> agenda: https://github.com/monero-project/meta/issues/739
17:04:05 <UkoeHB> 2. updates, what's everyone working on?
17:04:21 <vtnerd> hello
17:04:38 <ArticMine[m]> Hi
17:05:58 <Rucknium[m]> Mostly working on non-Monero projects for now. The MAGIC Monero Fund will soon submit its grant application to some research grant databases. Hopefully that catches the attention of some researchers out there.
17:05:58 <dangerousfreedom> First of all thank you very much for your donations! I will do my best to deliver a high quality job as proposed. This week I have been investigating the grootle proofs in seraphis. I have been trying to make a parallel implementation of it in order to better understand how it works, to correct some possible flaws (if I find any) and to facilitate the work of someone else who is going to audit before going to production
17:05:58 <dangerousfreedom> someday.
17:06:11 <UkoeHB> me: have been away from my desk quite a bit the past few weeks, didn't get much done last week; now back full-time to pound out the remaining seraphis library updates (finish unit testing legacy balance recovery for the legacy-seraphis transition, add legacy inputs to multisig, add coinbase tx type)
17:07:33 <UkoeHB> I also owe rbrunner a seraphis serialization poc
17:07:34 <jberman[m]> Hello - finished 8566 (bug fixes for `scan_tx`), next going to finish background sync mode, then likely Seraphis wallet work
17:07:56 <vtnerd> not much has changed since my last update - except I've got two more things to look at, including a fingerprinting issue in p2p protocol
17:07:56 <rbrunner> Yup :)
17:08:24 <vtnerd> and I've still been going through the e2e encryption - may have to drop the noise method I planned due to fingerprinting
17:10:02 <rbrunner> I finally had a closer look at the Seraphis library code. Interesting stuff that will keep me busy a while.
17:10:43 <jberman[m]> I also emailed veorq ~1 week ago re: multisig security proofs but no answer yet. Emailed Inference yesterday (the ones who did the most recent review, and where veorq is also an advisor) and waiting on a response. If no response by next week I'll try to get better contacts
17:11:03 <UkoeHB> 3. discussion
17:13:02 <UkoeHB> well, anything to discuss? otherwise we can call it :)
17:14:11 <jberman[m]> what's the fingerprinting issue vtnerd ?
17:16:10 <dangerousfreedom> I have a general question. Next year, if everything goes well, we will have seraphis working on testnet and I was wondering if we really need a 'paper' of Seraphis to be peer-reviewed? I mean, all the cryptography stuff like grootle proofs (which is the main innovation) has been already very well documented by Tryptich and Groth/Bootle papers. So the remaining 'risk' to be peer reviewed would only be the ingenious work of
17:16:10 <dangerousfreedom> Koe by separating the proofs, which is very ingenious but not so much risky in my opinion. Maybe a paper of 2 pages would do it? What do you think? Should we also have a paper explaining the new way of making membership proofs/ring signatures?
17:17:24 <vtnerd> um, which? the encryption one is with static public key re-use across restarts, and toggling --proxy on/off, etc
17:17:27 <UkoeHB> the seraphis composition proof is a novel scheme
17:18:01 <premined_POS> dangerousfreedom All precautions are good
17:18:08 <vtnerd> the other I'd like to not say much until I review the code, and post a PR
17:18:15 <Rucknium[m]> dangerousfreedom: IMHO, yes, we do need formal peer review.
17:18:35 <Rucknium[m]> ...which is separate from a code audit
17:19:01 <dangerousfreedom> UkoeHB: Yeah, it is new but will follow the general scheme of the previous papers.
17:20:03 <dangerousfreedom> Of course I agree that it is better to have but maybe my question was what if we dont? Does it 'legally' forbids us to use if someone presents a paper or make a patent of it?
17:20:24 <jberman[m]> got it vtnerd :)
17:20:57 <Rucknium[m]> If we don't, and there is a critical error, then the Monero network would probably be destroyed.
17:21:51 <premined_POS> Aviation like redundancy and test are good including trivial scenarios
17:22:19 <UkoeHB> it is standard practice to at least have security proofs for signature schemes
17:23:10 <UkoeHB> full-scale security models for transaction protocols are more '[very] nice to have' but at least historically not standard practice
17:24:06 <dangerousfreedom> Rucknium[m]: Well that doesnt follow, we could have infinite reviews of the code and the theory without publishing a paper. My question was just a theoretical one, I just want to know the implications of formality.
17:24:36 <isthmus> RE your earlier comment dangerousfreedom - I can't speak to international patent law, but I'm somewhat familiar with the relevant US systems. One of the 3 required criteria for a US patent to be awarded is "novelty" and I believe that the existing public work would constitute "prior art" and render it unpatentable.
17:24:46 <Rucknium[m]> Having a paper is the best way to have a review of the math. How would a review of the math work without a paper explaining it?
17:25:26 <premined_POS> I understand the same thing
17:25:34 <premined_POS> isthmus
17:25:42 <dangerousfreedom> isthmus: Okay, I see. Thanks.
17:25:43 <UkoeHB> dangerousfreedom: for example, I would not have found this if sarang hadn't gone through the entire exercise of security modeling to isolate the 'dual DL' assumption https://github.com/UkoeHB/break-dual-target-dl
17:26:04 <Rucknium[m]> If we don't think we have the resources to have a peer review done, then we should figure out how to acquire those resources.
17:26:12 <rbrunner> Maybe I did not follow close enough, but anyway: Where do any "security proofs" for Seraphis currently stand? Done? On your UkoeHB's To Do list? Meant for later paid work?
17:26:58 <UkoeHB> rbrunner: it's in limbo until I get a chance to properly refresh the paper
17:27:22 <rbrunner> Alright, thanks. One step after the other then :)
17:27:46 <UkoeHB> after that we need to find someone to help us
17:28:19 <dangerousfreedom> Thanks for the answers premined_POS and Rucknium 
17:28:28 <premined_POS> Need to leave, tank you all for your work
17:30:13 <Rucknium[m]> To be clear, I'm not a cryptographer. But all the hacks and exploits of other protocols and software have made me extremely cautious.
17:31:07 <rbrunner> Yes, and it's brand new and probably bleeding-edge stuff, at least in part.
17:31:19 <Rucknium[m]> Even Monero had a counterfeiting bug, but it was caught and confirmed to be not exploited. It was fortunate that the structure of the exploit permitted the confirmation that it had not been used on mainnet.
17:32:33 <rbrunner> Wil be interesting to see how we fare when looking for help, as UkoeHB said. You don't pick up qualified cryptographers by asking around at the bus stop.
17:32:57 <rbrunner> Maybe one of those grants, who knows?
17:33:16 <dangerousfreedom> I totally agree. I was just curious how formality relates to security of use of the code or idea.
17:41:18 <UkoeHB> looks like we are done with the meeting, I'll call it here; thanks for attending everyone
17:42:38 <one-horse-wagon[> <dangerousfreedom> "I totally agree. I was just..." <- I think rigorous run troughs on testnet are going to show a lot of things that are not foreseeable which can then be addressed.  It should be tested like nothing else like it before.  
17:43:31 <one-horse-wagon[> s/troughs/throughs/
17:44:50 <dangerousfreedom> one-horse-wagon[: Agree :)
17:44:57 <dangerousfreedom> Thanks koe