15:32:22 MRL meeting in this room in 1.5 hours. 17:01:06 Meeting time! 17:01:14 1) Greetings 17:01:33 hello 17:01:35 Hello 17:01:38 <0xfffc:monero.social> Hi everyone 17:01:39 *waves* 17:03:24 2) Updates. What is everyone working on? 17:03:56

Hello 17:04:26 me: I read a few p2p network privacy papers so I can give feedback about proposed changes to tx propagation protocol. Prepping a new stressnet fork. 17:04:33 howdy 17:04:45 me: carrot doc 17:05:22 me: I found a weird indistinguishability issue with the ephemeral pubkeys that I'm still trying to sort out 17:05:42 <0xfffc:monero.social> Mostly did spend time on these: (a) reviewed a bunch of different PRs. (b) erlay [1] R&D is almost finished. I am trying to start coding. ( https://github.com/monero-project/monero/issues/9334 ) 17:05:43 <0xfffc:monero.social> 1. https://arxiv.org/abs/1905.10518 17:06:51 me: about to submit a WIP PR for fcmp++ integration that presently includes the Rust FFI, curve trees merkle tree, `grow_tree` & `trim_tree` algos, growing the tree in the db as the node syncs, db migration of outputs into the tree, and changes to `cryptonote::transaction` for fcmp's, with a fairly detailed PR description for all components 17:07:05 Aiming to finish my current CCS this week and open another one to continue on fcmp++ integration 17:07:10 Is the consensus to implement Erlay or just implement the more bandwidth-efficient tx propagation in #9334? 17:08:23 <0xfffc:monero.social> A bandwidth-efficient tx propagation is the plan so far. Because it is easier. But after some review / coding I will talk to boog about the final decision. ( and of course we have to plan something that we can merge to master eventually ) 17:08:56 3) Stress testing monerod https://github.com/monero-project/monero/issues/9348 17:09:33 Are we sure Erlay doesn't impede Dandelion++'s effectiveness at network level privacy? 17:09:57 We plan to continue stressnet for two more months. The stressnet room voted to re-fork testnet from scratch to keep the storage requirements lower. An unpruned stressnet node is about 65GB now. 17:10:56 <0xfffc:monero.social> Very Good question. There are some side effects from erlay on dandelion++ ( and privacy, generally speaking ). About the bandwidth-efficient tx propagation there is a discussion on that GitHub link I sent. 17:11:00 IIRC the Erlay paper does a privacy analysis for diffusion (i.e. the fluff phase), but it wasn't too detailed. 17:11:52 Erlay claims it shouldn't as it will only change the fluff phase 17:13:15 <0xfffc:monero.social> Yes. And IIRC they don’t have dandelion++ . They just privacy test on bitcoin stack. Which is some-case provided better privacy and somecases worse privacy. ( worse privacy case was not real world imho. It provides worse privacy when substantial portions of the attackers nodes are private node. Which generally does not make sense ) 17:14:14 <0xfffc:monero.social> I have to talk to boog more about this though. To verify I have understood it correctly. 17:16:10 IMHO, with issue #9334, the changes should be implemented in a way to not provide a way of querying the fluff phase txpool with zero delay. Only give the transaction in "push" mode. And the notify_txpool_complement that already exists could be changed to add some delay. 17:16:29 Hi, sorry late 17:16:58 There is at least one privacy risk if malicious nodes can query fluff phase txpools at will. That was my purpose for reading some of the tx proagation papers. 17:18:18 we would also have to change fluffy blocks ... 17:18:39 <0xfffc:monero.social> My apologies. It seems I have missed it. Can you send me few of those tx propagation papers? I am interested in reading more about it. 17:18:55 what would be the issue with querying the fluff phase txpool with zero delay? 17:19:26 <0xfffc:monero.social> ( in your spare time of course ) 17:20:15 boog900: An adversary can more easily learn the edges in the p2p network graph. 17:20:38 And an adversary that knows the edges can use more powerful attacks against D++ privacy 17:21:23 I am working on a write-up to put as a comment to the GitHub issue 17:21:52 0xfffc: Here are the papers I read recently (D++ is a re-read): 17:21:57 Fanti & Viswanath (2017) "Anonymity properties of the bitcoin p2p network" 17:21:59 Venkatakrishnan, Fanti, & Viswanath (2017) "Dandelion: Redesigning the bitcoin network for anonymity" 17:22:01 Fanti et al (2018) "Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees" 17:22:03 Franzoni & Saza (2022) "Clover: An anonymous transaction relay protocol for the bitcoin P2P network" 17:22:09 They are all on moneroresearch.info 17:22:33 Any comments or questions or about stressnet? 17:23:23 The original Dandelion paper is worth reading since it has theorems on fundamental bounds on the precision and recall of an adversary with any message propagation system. 17:23:46 <0xfffc:monero.social> Thanks a lot for the list. Particularly the 2022 one. I will read it ( and skim all the papers cited that paper or by that paper ). 17:23:53 And it also contains the calculation for the 10 minute D++ epochs. 17:24:20 <0xfffc:monero.social> I read dandelion paper like 7,8 months ago. I need a re-read to remember exact details. 17:25:14 IMHO, the clover paper didn't do as deep of an analysis as D++. The Clover paper says D++ and Clover have similar privacy, but it needs more analysis IMHO. The main benefit of clover is that it works for nodes with closed ports. D++ doesn't really work for those nodes. 17:26:03 4) Potential measures against a black marble attack. https://github.com/monero-project/research-lab/issues/119 17:28:13 Anything on this? If not, we can move on. 17:28:42 5) Research Pre-Seraphis Full-Chain Membership Proofs. https://www.getmonero.org/2024/04/27/fcmps.html 17:29:21 kayabanerve, kayabanerve , jeffro256 , Things to discuss on FCMP? 17:31:28 Not too much to mention, just that I'm continuing to work on the Carrot paper 17:32:24 @jberman is more involved in FCMP development 17:32:26 I think the incoming PR will yield some more discussion, but nothing for now from me 17:35:11 Anything more to discuss? AFAIK, hinto 's question about deprecating binary JSON contents is being put in the Seraphis workgroup and/or in a bigger #monero-dev meeting. 17:35:29 Yes. Is it ok I bring up now the meta-issue of re-establishing something like dev meetings? 17:35:40 AIUI kayabanerve is fine with Cypher Stack releasing the recent divisor review report 17:35:42 Sounds good to me :) 17:35:49 Alright 17:35:50 but will wait for another confirmation on this 17:36:01 We have Monero dev related topics and questions every now and then that are not a natural fit for the MRL meeting, nor for the Seraphis wallet workgroup meetings on Mondays in the form and scope those two meetings currently have. 17:36:18 Like that issue of hinto you mentioned 17:36:26 As that issue came up here last Monday, later that day in the workgroup meeting I asked people what they would think about broadening those meetings and turn them into something more general like the dev meetings of yesteryears. 17:36:33 <0xfffc:monero.social> Apologies for asking unrelated question in the middle of meeting. 17:36:35 <0xfffc:monero.social> Do we have specific group to follow fcmp integration / dev? I am very interested to follow their work too. (Eventually I want to get involved there too.) 17:37:26 kayabanerve kayabanerve: if you could confirm this, would be very helpful! Then we can get it posted to a GH repo within the hour 17:37:52 Closest thing is #no-wallet-left-behind:monero.social 17:38:12 <0xfffc:monero.social> Thanks. 17:38:15 Anyway: The attending people mostly found "dev meetings again, same day and time as the workgroup meetings so far" a good idea. What do people here think about this? 17:38:56 Yeah, those meetings, for lack of a Seraphis wallet push, have more or less mutated into FCMP meetings now :) 17:40:19 I'm in support of a more general -dev meeting, primarily because the bulk of my reports would be more appropriate there 17:41:56 If yes, the proposal was also made to relocate the meeting to the monero-dev channel. To make things clear, so to say. 17:42:33 If people are ok with me, I am ready to continue to moderate 17:42:34 Right now reviews are lagging pretty hard behind development (primarily IMO because so many people are focused on the upcoming upgrade, myself included). General -dev meetings *might* help that 17:42:56 I think it makes sense to relocate NWLB meetings to -dev meetings at this point 17:44:11 \ 17:44:18 Ugh, sorry... cat walked on my keyboard 17:45:13 Ok. I will announce next Monday's meeting as such, and if no surprising opposition or alternative arrives, we will have a "dev meeting 2.0" then :) 17:48:09 We can end the meeting here. Thanks everyone. 17:50:04 Thanks everyone. (Especially Aaron's cat) 17:51:00 Alas, it is not sarangcat, who sadly passed away last year. It is one of his successors, whom we fostered-to-adopt from a nearby shelter! 18:02:21 Apologies for not being present. I don't have anything to add other than my work on prepping libs for auditing, assuming review passes. 18:02:39 AaronFeickert: If you're fine with it and have made any presentation changes you want. 18:03:21 Though I'll note it likely opens its own discussion to have within a MRL meeting. 18:03:35 OK, will post to GH shortly 18:06:17 RIP sarangcat 18:07:52 Thanks jberman; was a very very sad day 18:09:05 I like to think that his kitty spirit lives on in his successors, who are very delightful little demons 18:10:08 Fortunately sarangcat lived to the ripe old age of 17 18:10:27 Wow 18:11:56 Perfectly on topic, no worries 18:12:16 My condolences 18:13:33 Much appreciated! May I recommend supporting local animal shelters 18:14:52 One of his successors was found wandering a neighborhood, and was brought in to keep him safe. The other successor was abandoned in a carrier at a big-box store 18:15:38 But I am happy to report that both are doing well and living their best cat lives :D 18:46:17 Divisor report: https://github.com/cypherstack/divisor-report/releases/tag/final 18:48:24 ^ kayabanerve 18:56:54 My summary is the technique is agreed to be sound, yet there's questions about how to derive an actual efficient proof from it. Veridise is currently reviewing my derived R1CS gadget premised on divisors. That at least gets their signature, even if it doesn't let people trivially do their own review. There's an open question of if we want to have Veridise expand their work (expand ing their hours) and what additional review we'd like on the gadget. 19:28:50 ...The main benefit of clover is that it works for nodes with closed ports. D++ doesn't really work for those nodes. <<>> does this mean that D++ doesn't really work without inbound connections open? 19:30:54 <0xfffc:monero.social> nioCat Can you expand on “closed ports”? 19:32:04 I guess that's the question I was asking :) 19:36:14 D++ stem phase uses outbound connections only. If a node has closed incoming ports, the first/next hop could theoretically determine that a tx originated at the prior node, assuming they can determine closed port vs full incoming p2p table (which I believe is possible) 19:36:49 One is at the OS/router level, and the other is a policy of monerod 19:38:10 Although, if node has tor/i2p setup, they could be relaying a tx received over those networks, so the check isn't foolproof 19:39:00 The main issue is that the node is never participating in d++ stem phase 19:49:13 cc AaronFeickert to agree/disagree/expand on the above 19:49:27 (my above message, not the D++ commentary, sorry)