-
UkoeHB
meeting 1.5hr
-
UkoeHB
-
UkoeHB
1. greetings
-
UkoeHB
hello
-
one-horse-wagon[
Hello
-
rbrunner
Hi
-
vtnerd
hi
-
tevador
Hi
-
jberman[m]
hello
-
jeffro256[m]
howdy
-
Rucknium[m]
Hi
-
plowsof
hi
-
UkoeHB
2. updates, what's everyone working on?
-
vtnerd
Ive been IT work unfortunately, a multi-system meltdown over here
-
vtnerd
good news is that two laptops still work
-
vtnerd
more guidance on my haskell->c++ bp++ port next week hopefully
-
Rucknium[m]
Looking into how the dynamic block size + fees work. Translated spackle_xmr 's Python simulation code to R.
-
jeffro256[m]
Working on how best to do community node selection
-
jberman[m]
Stress testing daemons when hit with lots of txs, almost done setting up the framework. Then moving over to Seraphis input selection which I've started to look into a bit more
-
jeffro256[m]
vtnerd you're working on a haskell port of bp++?
-
vtnerd
no theres an existing bp++ in haskell that needs to be c++ or some suitable language for the monero daemon
-
UkoeHB
me: I finished all the seraphis lib multisig work. The last feature added is a method demoing how to fully validate a multisig tx proposal so you can know with very high confidence if a multisig tx proposal is destined to fail or not (alternatively: destined to succeed if you have an honest subgroup that doesn't necessarily include the proposer). This method is kind of a capstone feature of the library that is only
-
UkoeHB
possible due to many design decisions. Now I am in the middle of adding a coinbase tx type, which is the final component of the library before I stop writing code and move on to other things (e.g. updating the seraphis paper).
-
vtnerd
jeffro256[m]: it'll help with getting some rough numbers for seraphis - the ring size maybe could be bigger with it
-
vtnerd
UkoeHB: kind of related: Im going to go over the jamtis spec again, and post some comments this week, possibly about reserving some subkeys
-
plowsof
if we've not all seen, the bp++ author contacted and said they are working on a draft of the paper with security proofs (estimated to be ready soon) we can discuss later how to proceed, at the moment it seems we're going to wait for that until pushing forward with the 1st funding round for the review/audit from cypherstack
-
vtnerd
but it shouldn't impact anything in seraphis or jamtis really
-
UkoeHB
vtnerd: ok, keep in mind there have been some changes to the spec (can find them in my comments toward the end of the comment section)
-
vtnerd
plowsof: are you saying that I should hold off implementing until the math checks out?
-
UkoeHB
you shouldn't need to wait
-
vtnerd
ok
-
UkoeHB
I mean, if a vulnerability appears then just scrap it, but otherwise :)
-
vtnerd
I mean it primarily just be me burning CCS funds ultimately if the security proofs dont work out for some reason
-
UkoeHB
well that's kind just how R&D works, sometimes dead ends crop up
-
dangerousfreedom
Hello guys, I posted this on the wallet group this week. Maybe you have some thoughts?... (full message at <
libera.ems.host/_matrix/media/v3/do…e2f3a12a791227ab1c48a8169162e0898f5>)
-
-
UkoeHB
tevador: ^
-
tevador
I got an email from rbrunner with similar comments. I'll draft a reply because it will be too complex for this meeting.
-
rbrunner
So it's not a given then we just copy the choices of the BTC people and are probably set?
-
sgp[m]
hello all
-
tevador
Bitcoin had slightly different goals. We definitely should not use the bech32 polynomial.
-
rbrunner
Alright, interesting, but a bit unfortunate ...
-
dangerousfreedom
tevador: Ok. Thank you :)
-
rbrunner
Will be interesting to see whether you conjure a good alternative out of some hat.
-
UkoeHB
3. in case anyone is waiting on me, we can move to discussion
-
one-horse-wagon[
tevador: Your Rid in Jamtis is going to be 25 characters long. Since wallet addresses are 183 characters long, couldn't the Rid reference more than one address?
-
tevador
We don't need to go through the same effort as they did to find a polynomial. Our addresses are almost 5x longer, so we don't need to squeeze every bit of error detection out of a short checksum.
-
Rucknium[m]
At the risk of breaking loose consensus, who are the stakeholders in the checksum decision? And has anyone reached out to them?
-
tevador
one-horse-wagon[: of course, the mapping is not 1:1, but it's infeasible to find a different address with the same RID.
-
rbrunner
Rucknium: Not sure what you mean with reaching out to stakeholders, probably most of them here right now, as far as deciding is concerned.
-
dangerousfreedom
tevador: Yeah, probably a larger checksum would outperform a hash algorithm and we should be fine anyways.
-
Rucknium[m]
rbrunner: Doesn't every wallet have to implement this? Does every merchant have to implement this?
-
rbrunner
It will be part of the core code, implemented once, used by many people, except if they want to go Rust, or JavaScript, or something else special
-
tevador
Ultimately, the checksum is a minor part of the specs.
-
rbrunner
Ah, I see, maybe I'm wrong, because it's part of the UIs to check checksums
-
tevador
We should not spend months of work on this.
-
rbrunner
and they may be written in a plethora of languages.
-
rbrunner
So maybe something simple to be calculated in a few lines of code really would be nice, no?
-
rbrunner
As those polynomials seem to be
-
rbrunner
Maybe better than people hunting down hash algorithm implementations in PHP, JavaScript, WASM, whatever
-
one-horse-wagon[
tevador: Couldn't someone then take a Rid and reverse engineer it to another wallet address? What would be the implication of that?
-
Rucknium[m]
The way things are going, Seraphis is going to be presented as a fait accompli package deal to stakeholders. There is a risk in that.
-
dangerousfreedom
Rucknium[m]: It is part of the consensus. All the wallets follow the rules of what is implemented on the core. It is possible for another wallet implementation to do something different but then they will only be able to open it in their software.
-
rbrunner
Yeah, but it's not merely wallets. Think of all those web frontends that should probably be able to check addresses themselves
-
Rucknium[m]
I thought I had it clarified to me that address checksums are not blockchain consensus rules
-
tevador
one-horse-wagon[: yes, they could. With about the same effort as deriving a private key from a public key (120-bit security).
-
rbrunner
Well, but the address format is part of the whole package. Of course somebody could dream up a completely different format, but that would not fly
-
dangerousfreedom
Rucknium[m]: It is not part of the blockchain consensus. I mean consensus in the common sense meaning here.
-
UkoeHB
there are protocol consensus rules that are ironclad, and ecosystem interoperability conventions that can be ignored if you don't want interop
-
Rucknium[m]
So, who is included in consensus and who is not?
-
UkoeHB
address formats and 'how you assemble data in an enote' are interop things
-
tevador
We should avoid the bitcoin situation of having multiple address formats in use at the same time.
-
UkoeHB
yeah agreed
-
vtnerd
yeah the myried of address types confuses even me at times
-
rbrunner
You mean who is included in discussions about these question? Yes, no formal invitations to join went out to the broader ecosystem
-
vtnerd
its difficult to remember which is the "best" one or some such thing
-
rbrunner
So you could understand it as "fait accompli" in a certain sense.
-
rbrunner
But of course we are not actively hiding.
-
Rucknium[m]
We have a community relations person on payroll now : plowsof . I don't mean to slow things down. Just thinking of the social side of Seraphis.
-
rbrunner
I certainly would not mind to have devs from, say, Kraken, or Ledger, or however at least as readers in the workgroup
-
rbrunner
I just doubt whether that will work out. So far we mostly seemed to manage "What? Monero hardfork? When?" from those people, to put it bluntly.
-
rbrunner
But maybe I am mistaken, and it gets considerably better if we have somebody on our side who cares about contacts.
-
Rucknium[m]
This is how Bitcoin Cash is doing it now. Defining stakeholders in each upgrade decision and reaching out to them for support/neutral/reject statements:
github.com/bitjson/cashtokens/blob/master/stakeholders.md
-
rbrunner
Looks certainly nice
-
plowsof
i'll take this up then
-
UkoeHB
Do we have any other research-related topics to cover today?
-
UkoeHB
maybe any updates about opsead? I haven't been really paying attention there
-
jeffro256[m]
decoy selection, right?
-
rbrunner
super decoy selection :)
-
UkoeHB
ospead*
-
Rucknium[m]
I am waiting for feedback from isthmus and ArticMine. On Friday posted part of what I submitted to them two months ago:
github.com/Rucknium/OSPEAD/blob/mai…pecified-Estimation-Plan-PUBLIC.pdf
-
Rucknium[m]
^ This is basically a big menu of options to choose from. It will likely be narrowed down.
-
tevador
That PDF needs an abstract.
-
one-horse-wagon[
Rucknium: rbrunner was chosen as Administrator last week and he's in charge of calling meetings, trying to reach a consensus and moving the Serophis project to fruition. The weekly meeting times are posted and interested parties are certainly invited, one and all. Trouble is, few people care enough to do so, so he has to work with the ones that do show up and go from there. The consensus in the Monero community is more
-
one-horse-wagon[
than apparent--they want Seraphis and what it could do.
-
Rucknium[m]
tevador: You're right. It does. I will write something
-
rbrunner
one-horse-wagon: Right, but I think we could reach farther out indeed, by directly contacting third-parties who may not follow our issues, or the subreddit
-
rbrunner
Even if they end up saying "Go ahead, we trust you" they may appreciate getting contacted
-
rbrunner
And that in t
-
rbrunner
turn may help implementation and deployment
-
rbrunner
in about 2 years times or so
-
UkoeHB
ok well seeing how we are out of research topics maybe we should wrap up the meeting here
-
jeffro256[m]
A repo can be opened to create a master list of "stake holders" and categorize them and perhaps list contact info
-
Rucknium[m]
Tentatively, I think that exchanges basically determine which coin fork is the majority one. They decide which fork is the true "Monero", which gets propagated to swap providers, merchants, etc.
-
tevador
Most exchanges barely hold any XMR.
-
rbrunner
Well, I think if we can't deliver a result that leaves little doubt, we have not done a good job.
-
one-horse-wagon[
Rucknium: There is not too many exchanges out there.
-
nioc
exchanges determine monero hardforks? lol
-
Rucknium[m]
If miners sell to exchanges, then miners will make mining decisions based on what fork gets them fiat (or BTC, or...)
-
rbrunner
No, but they indeed could try to ignore the forked coin, Monero Seraphis, to death, if they really don't like it.
-
ArticMine[m]
The majority economic consensus does
-
nioc
yes
-
jeffro256[m]
> Tentatively, I think that exchanges basically determine which coin fork is the majority one. They decide which fork is the true "Monero", which gets propagated to swap providers, merchants, etc.
-
jeffro256[m]
I think that's more true of Bcash and other BTC forks in that family tree, but Monero hard forks tend to not to as contentious, so exchanges have historically not had much sway in picking monero hard forks
-
rbrunner
Yeah, but I don't think we ever had such a big hardfork.
-
rbrunner
Exchanges won't jump up and down with joy if they hear about our new addresses, I would think
-
Rucknium[m]
Seraphis is going to be backward-incompatible in ways that no other Monero hard fork has been.
-
tevador
But the improvements seraphis brings are massive.
-
rbrunner
"Massive" for an exchange may mean something else :) Like "making massive amounts of money"
-
rbrunner
First they will have to *spend* money, to adjust
-
ArticMine[m]
The key here is notice
-
rbrunner
Hopefully that will make a difference, yes
-
rbrunner
plowsof is well motivated, they will start to move things :)
-
tevador
Has there been an "official" notice (on getmonero.org) that seraphis is in the works and the what the consequences will be?
-
rbrunner
Not yet, no.
-
one-horse-wagon[
C'mon fellas. Seraphis is a long way off even to get to a testnet. You start advertising now, you're potentially talking about vaporware.
-
Rucknium[m]
I think Core has a big email list that they use when hard forks are coming. The list, or part of it, could be used to call for input/notice.
-
ArticMine[m]
Do we have a realistic timeline?
-
rbrunner
I would say no.
-
tevador
one-horse-wagon[: vaporware usually doesn't have a nearly complete C++ implementation
-
rbrunner
We have something like a very rough first estimate of "2 years until the Seraphis hardfork"
-
rbrunner
I think you can word it in a way that it does not come over like an advertising
-
one-horse-wagon[
I say when you get a testnet up and going, advertise then, if it works successfully. Otherwise, keep it as it is--in development.
-
rbrunner
Maybe that would be a good subject for our workgroup meeting on Monday to go deeper into?
-
one-horse-wagon[
Remember the Kovri debacle?
-
Rucknium[m]
one-horse-wagon: That's fait accompli. You can go that route, but you can have problems
-
rbrunner
In the sense of promising too much?
-
UkoeHB
-
UkoeHB
seraphis works fine, the only remaining pieces are standard wallet dev work (albeit a large volume)
-
jberman[m]
^ I also gave a presentation at Monerokon on some of Seraphis/Jamtis major feature upgrades and how they'd impact users. The video/audio didn't turn out great, I'm doing another one covering the same things next week
-
Rucknium[m]
In the sense of having a protocol that few stakeholders had input on. Then when stakeholders see it, they might not like it. Then what?
-
rbrunner
Yes, what is on the table as proposal would be sort of a follow-up to that
-
rbrunner
"Then what" is really difficult question, because I would say for many architectural decisions the train already departed
-
UkoeHB
so far the only thing people in general have remarked on in terms of 'input' is wanting to keep wallet accounts
-
rbrunner
If they really, really won't like those, well, bad luck
-
one-horse-wagon[
Rucknium[m]: You start making decisions by committee, you go nowhere. Especially in the early stages.
-
rbrunner
But reactions when getting contacted will already tell us something, I hope
-
ArticMine[m]
When can we get a testnet implementation?
-
rbrunner
Maybe in 1 year?
-
hyc
users want stronger privacy, ringsize 128 (ringsize bazillion), want send/recv viewkeys
-
hyc
if there's no other way to get these, then that's life
-
ArticMine[m]
What is still needed?
-
rbrunner
A wallet, for example, to replace `wallet2`, in a way
-
UkoeHB
ArticMine[m]: daemon updates, wallet implementation
-
rbrunner
A brand-new transaction type, that somehow has to harmonize with the whole codebase
-
jberman[m]
and audits/deep review
-
UkoeHB
jberman[m]: yes, although those aren't a blocker for a testnet
-
rbrunner
And for a testnet making sense, at least a wallet app with some usable interface, maybe CLI double plus :)
-
jberman[m]
true
-
UkoeHB
unless you want a more aggressive merge strategy so the feature branch(es) don't get too out of hand
-
rbrunner
As they say, "the mind boggles", if you only start to make a list ...
-
UkoeHB
btw on that note I will start making some small PRs to upstream things in my seraphis_lib branch
-
UkoeHB
maybe next week? we will see
-
UkoeHB
ok we are past the hour so I'll call it here, thanks for attending everyone
-
isthmus
👋
-
dangerousfreedom
Thanks koe.
-
rbrunner
A pleasure, as always.
-
isthmus
Quick update from my end - I’m finally on vacation for the first time in forever, so I should finally have more time to get into the weeds with full OSPEAD writeup. I did give it a high-level read when initially delivered, and nothing jumped out as obviously problematic.
-
isthmus
Also, we have a TON of documents pertaining to transaction tree analysis floating around in overleaf drafts and obscure repos. I’m going to try to find and compile all of these by the end of year into a compendium of transaction tree analysis that should nicely complement / contextualize the OSPEAD research.
-
ArticMine[m]
Thanks
-
jeffro256[m]
thanks all!
-
Rucknium[m]
Thanks a bunch, isthmus
-
plowsof
thx