who would be the best people to bring on board regarding global membership proofs (monero-project/research-lab #100)?

chaserene: To "bring on board" to achieve what, in detail?

To accelerate progress? 

<chaserene> "who would be the best people..." <- Darkfi people, imo. And Amir already has chimed in a few times.

Well, as far a I know it's highly probable we can't implement global membership proofs before Seraphis, even if we know how, and that's currently 2 years out, or more.

2 years? Isn't that a lot?

Also, I recall that timeline was 2 years, too, last year.

For a project of that magnitude, with a rag-tag group of open source devs?

Nobody ever gave a "timelime" who is close to this. "Very rough estimates" is the term I use.

rbrunner: > <@rbrunner:libera.chat> For a project of that magnitude, with a rag-tag group of open source devs?

I get it. But also the time isn't on our favor, imo. As more people build on Monero, the more chaos a change of this magnitude will cause.

Darkfi people cannot check the correctness of the security proofs of these proposed global membership proof protocols AFAIK.

We are at the mathematics problem stage of this, not software engineering stage

And yes, we are now half a year into the "Seraphis wallet working group" without a single PR for code yet ... no complaint, just info.

A problem in the mathematics could destroy Monero.

" more people build on Monero". Yeah, but this is open source, no CEO who can just dictate "From now on every working hour into Seraphis, except fixing bugs and exploits"

We are already seeing a confusion in long-term planning for new Monero projects in according to which protocol they should write their code. Example, Valldrac and his android SDK.

Rucknium[m]: > <@rucknium:monero.social> A problem in the mathematics could destroy Monero.

no disagreements ther.

Good ideas welcome :)

Seraphis lacks complete security proofs, too.

Seraphis security proofs will be needed before it's implemented on mainnet

Yeah, and lots and lots of audits and reviews probably

I once got a lot of fire calling this "Monero 2.0" and "Monero New Generation" when I tried to get the picture of drastic change accross :)

Other people are working on trustless global membership proofs. MRL can just wait until these proposed protocols are more solid. Of course, we want to make sure that Seraphis/Jamtis would have good compatibility with them if they do turn out to be solid. That's the discussion about changing or "bridging" different elliptic curves AFAIK.

yeah

it's kinda like we are trying to bring a whole new cryptocurrency on top of an existing blockchain.

twitter.com/secparam/status/1659584610013962241 "There is no one true god of zk proof systems. There's always a new hotness: First it was STARKs. Then bullet proofs. Then Halo. Now folding schemes. There will be better ones that build on these great advances."

if we can pull this off, it would be more ballsy than the eth-guys' changing of their Pow-to-PoS live on camera.

If you want a tour of what has gone wrong when the mathematics of new private cryptocurrency protocols is not battle-tested, you can see the first part of my Monerotopia presentation: libera.monerologs.net/monero-research-lab/20230510#c245087

relaying a message from quarkslabs sales department. they "can schedule a new presentation of our activities and convictions" (what they can do/provide) on either June 7th/8th/13th/15th, (aka they are ready for future bp++ and other things for the Monero project)

<rbrunner> "chaser: To "bring on board" to..." <- to get closer to finding a scheme that satisfies the requirements of such a radical change in Monero. I'm sort of aware of what Rucknium highlighted, that it's currently a mathematics problem. Yet, even at that stage, I wonder if you guys have ideas about researchers who are best-in-class in this domain. I'm thinking of funding them to work on this problem with exclusively Seraphis in

mind.

<rbrunner> "Well, as far a I know it's..." <- even in my most optimistic expectations this could occur together with the switch to Seraphis, and actually that would be the most optimal (less breaking changes, less chaos).

<rbrunner> "I once got a lot of fire calling..." <- haha, that was probably me. but it's not because I don't acknowledge how drastic of a change this will be, but to avoid the massive confusion that such a naming scheme would create, learning from how all this played out in Ethereum.

Well, maybe we could discuss this in the next regular weekly MRL meeting on Wednesday. I am not sure where the "bottlenecks" are here.

great idea

We already have 3 excellent cryptographers working on Monero, after all. Not sure more people will make it faster, or whether availability of funds will attract the "right" people

Hard to say for me, really

yes, that could be the case. I'm no wiser, so I wanted to put this out here.

Usually there will be a meeting announcement here, you could maybe make a comment to propose this as a discussion topic after it went up: github.com/monero-project/meta/issues

Or just wait what comes out of this discussion here, usually people "read up" what happens here :)

understood, will do

Doing something like this for the trustless global membership proofs would be very good: Bailey & Miller (2023) "Formalizing Soundness Proofs of SNARKs" eprint.iacr.org/2023/656