18:38:21 <m-relay> <n​ineteen_century_man:matrix.org> Hello to everyone,
18:38:22 <m-relay> <n​ineteen_century_man:matrix.org> I'm new to this chat. I know the Monero cryptography, and your idea of using the Curve-Trees-based FCMP++ approach as a replacement for CLSAG looks extremely interesting to me.
18:38:24 <m-relay> <n​ineteen_century_man:matrix.org> Recently I had an idea of a minimalistic efficient signature 
18:38:26 <m-relay> <n​ineteen_century_man:matrix.org> https://eprint.iacr.org/2024/921 which also can drop-in replace CLSAG. 
18:38:28 <m-relay> <n​ineteen_century_man:matrix.org> I've tried to make announcement of it at Monero's reddit, however reddit filters block it. If the FCMP++ solution audit is expected to take a long time or if you continue to consider different possible options, could it be of interest to you to take a look at my draft? If this is the case, I'd be happy to hear your feedback or opinions.
18:41:54 <m-relay> <r​ucknium:monero.social> C19th-adm: Welcome! You are in the right place.
18:42:34 <m-relay> <r​ucknium:monero.social> kayabanerve , kayabanerve : Do you have any thoughts about the paper^?
18:44:08 <dEBRUYNE> nineteen_century_man: Can you link your Reddit post please?
18:44:12 <dEBRUYNE> I can approve it
18:47:53 <m-relay> <n​ineteen_century_man:matrix.org> Yes, here it is https://www.reddit.com/r/Monero/comments/1ecye8r/logarithmicsize_signature_lslsag/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
18:48:23 <dEBRUYNE> Could you repost it first please?
18:48:40 <dEBRUYNE> The thread is 2 days old and will not get any visibility, even if it is approved
18:48:46 <dEBRUYNE> A new thread that is directly approved will though
18:52:44 <m-relay> <n​ineteen_century_man:matrix.org> Done https://www.reddit.com/r/Monero/comments/1ef7i2e/logarithmicsize_signature_lslsag/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
18:55:09 <dEBRUYNE> Approved and upvoted :-P
18:55:26 <m-relay> <n​ineteen_century_man:matrix.org> See it, thanks a lot!
18:55:37 <dEBRUYNE> Your account is new and therefore the thread was filtered, if you leave a few comments (people probably will have questions), you should be over the threshold for comment and post karma fairly quickly
18:55:41 <dEBRUYNE> np!
18:56:32 <m-relay> <n​ineteen_century_man:matrix.org> Clear, thanks)
19:07:06 <m-relay> <k​ayabanerve:matrix.org> I believe I remember reading this :)
19:07:06 <m-relay> <k​ayabanerve:matrix.org> I believe FCMP++s are on track for the next hard fork (which is up in the air, yet the FCMP++ effort has gone very well so far). If it was still a ways out, I'd agree this likely would be worth future review.
19:08:09 <m-relay> <k​ayabanerve:matrix.org> So while I don't personally believe it's worth the excursion (review, implementation, audit, and PR) at this time, I do want to say it's quite interesting work and I appreciate the submission :)
19:09:43 <m-relay> <k​ayabanerve:matrix.org> *I do want to explicitly note FCMP++s are log size and log time, as despite using a O(n)-time proof, its program is  of log size to the statement.
19:15:10 <m-relay> <r​brunner7:monero.social> Is this an unlucky case of being late? I guess that 5 years ago or so we could have switched to this, with nice benefits, if it really holds?
19:26:51 <m-relay> <n​ineteen_century_man:matrix.org> FCMP++ is shorter and faster, no questions. One possible objection that I can think of may appear during the audit is the additional EC introduced by FCMP++, Helios&Selene, as it's currently proposed. Helios&Selene is shown having >120bit security in theory, however it is new. Compared to the current state with only one underlying EC, the time-tested Ed25519, the system became no <clippe
19:26:52 <m-relay> <n​ineteen_century_man:matrix.org> more as secure as Ed25519. Thus, my guess is that a cautious way might be to test Helios&Selene+Ed25519 as they come in FCMP++ in a smaller solution. Namely, in a smaller system with high insetives for hackers, e.g. DEX, which can be turned off in the case of emergency.
19:29:45 <m-relay> <n​ineteen_century_man:matrix.org> Simple solutions come last, paraphrasing Einstein)))
19:44:52 <m-relay> <k​ayabanerve:matrix.org> Assuming it's all valid, it'd be Triptych-comparable.
19:44:54 <m-relay> <k​ayabanerve:matrix.org> Speaking of, I'd have to check the feasibility for MPC protocols of it.
19:46:00 <m-relay> <k​ayabanerve:matrix.org> IMO, which isn't that of an expert, curves are trivial to prove secure. If you ignore single-coordinate ladders/uncompressed points, it really comes down to the MOV attacks and embedding degree.
19:46:36 <m-relay> <k​ayabanerve:matrix.org> There's a bunch of other factors you can consider, see the list of SafeCurves criteria, yet most of them I'd argue egregious/not modern day relevant.
20:08:18 <m-relay> <n​ineteen_century_man:matrix.org> I'm not a big expert in curves either. Leaving this question to judgement of more experienced people. I still perceive a difference between triviality of being to proved secure and having a practical record of being secure for a long time... So, it's good that your're going to check it with various protocols.