<r​ucknium:monero.social> Goodell, Salazar, & Slaughter (2024). “Uniformly Most Powerful Tests for Ad Hoc Transactions in Monero.” has been posted: github.com/cypherstack/churn/releases/tag/final

<r​ucknium:monero.social> Here is my review of it: cypherstack/churn #2

<s​gp_:monero.social> Rucknium: do you have any actionable takeaways from this paper? I have read it twice and I've read your notes, and I haven't found anything actionable yet

<h​ardenedsteel:monero.social> shall we list the paper on getmonero.org/resources/research-lab/ ?

<s​yntheticbird:monero.social> cc Diego Salazar Rucknium

<d​iego:cypherstack.com> We're writing some stuff up for a blog post about it.

<d​iego:cypherstack.com> Right now there's a general understanding that the more churn there is, the better for everyone. But obviously this needs to be weighed against blockchain bloat.

<h​ardenedsteel:monero.social> so we shouldn't list?

<d​iego:cypherstack.com> Oh, go ahead. Though we may do some small updates. Will ping you if/when that happens.

<d​iego:cypherstack.com> Note the Salazar listed there isn't me ;)

<h​ardenedsteel:monero.social> Salazar the Monero family?

<d​iego:cypherstack.com> My brother has a master's in math and has looked at cryptography and Monero off and on due to my own interest.

<d​iego:cypherstack.com> My other brother is a good dev and has done stuff with Stack Wallet in the past also :P

<d​iego:cypherstack.com> so not too far off

<s​yntheticbird:monero.social> *le mafia*

<3​21bob321:monero.social> Don diego

<r​ottenwheel:kernal.eu> Where will it go up on? blog.cypherstack.com cypherstack.com/blog don't work. :P

<d​iego:cypherstack.com> y eah I'll make a blog for the site.

From what I understood, this article expects churns to blend with the standard decoy selection perfectly. But real churns will be done manually in 99% of cases, and they will not follow the perfect decoy distribution.

<r​ucknium:monero.social> sgp_: Not really. It reaffirms that having a decoy distribution be the same as the real spend age distribution is best for privacy, in this churning paradigm too. But of course I would say that. This paper says that even if you have ideal churning (which we aren't sure anyone actually does), there is a way to try guess that a tx is a churn with a high rate of error.

<r​ucknium:monero.social> I have compared EAE/churning research to the hunt for Moby Dick. IMHO, the white whale is still swimming freely in the deep blue sea.

<d​iego:cypherstack.com> I definitely didn't think we'd "solve" this churning thing when no one else could. Just wanted to keep building. FCMP is Soon (tm), but it could still be a ways off.

<d​iego:cypherstack.com> Was looking to see what options users had in the meantime

<s​gp_:monero.social> Getting actionable data on churning (that is comprehensive rather than situational) seems even further off than FCMPs, haha

<r​ucknium:monero.social> IMHO, this is a component of a multi-component attack that an adversary would use against churning. But we don't have the other components (yet).

<s​gp_:monero.social> What's the actual takeaway for users currently though, after reading this paper

<s​gp_:monero.social> Try to match the spending distribution usually, but also add some spicey unpredictability just for fun, I suppose

<d​iego:cypherstack.com> well, we thought we'd take a stab at it

<s​gp_:monero.social> I'm glad this is all written down fwiw

<d​iego:cypherstack.com> The randomness needed for wait times before a spend would make Monero pretty unusable though.

<r​ucknium:monero.social> Practical churn would have to truncate the distribution of its right side because you could potentially draw a value from the Gamma distribution that would require you to wait months to churn. So maybe...yeah what Diego Salazar said

<s​gp_:monero.social> Yeah, but "needed" covers a massive scope of user actions. You would need to know what a recipient is doing in order to most efficiently test for that pattern

<r​ucknium:monero.social> Maybe this test could be extended to see what truncation point is safe. A few hours? A few days? A week? spackle's proof-of-concept churner truncated at about 3 days IIRC

<s​gp_:monero.social> It's a difficult challenge because there's the built-in assumption of trying to model a specific user's actions, but at a universally applicable level

<d​iego:cypherstack.com> We started this project kind of seeing if there was something obvious that people missed regarding this whole topic. Unlikely, of course. But it's not on MRL's dime so who cares?

<r​ucknium:monero.social> Which was about the 60 percentile of the Gamma distribution IIRC.

<r​ucknium:monero.social> Diego Salazar: I really appreciate Cypher Stack researching this. You made progress on the research question IMHO :)

<r​ucknium:monero.social> The MAGIC Monero Fund also funded research on this, and did not capture Moby: monerofund.org/pdf/Borggren-Sept-20…rivacy-of-the-Monero-Blockchain.pdf

<s​gp_:monero.social> I'm glad to have the writeup; I know this is something we were very focused on having trying to answer in 2018 or so when rings didn't appear to have a near-term deprecation date. To me this still confirms "we don't really have a universal takeaway on churning at this time". Except that ring sigs are bad of course, and bad ring sampling makes them even worse

<s​gp_:monero.social> the MMF research also had the ground truth transaction samples which have been used in other papers as well

<s​gp_:monero.social> oh wait, no not that one. The ACK-J one

<s​gp_:monero.social> I agree the Borggren one also didn't capture Moby, certainly not :)

<r​ucknium:monero.social> The ACK-J research: raw.githubusercontent.com/ACK-J/Mon…rtificially_Intelligent_Attacks.pdf

<s​gp_:monero.social> the TRM paper used transactions made for that paper

<d​iego:cypherstack.com> yes, but MRL does not move at the speed of light and CS can't always be of help here while we wait.

<s​gp_:monero.social> Luckily, I know there's a lot that Luke wants your help with in the immediate weeks/months

<d​iego:cypherstack.com> We're lone wolves. We don't play by other people's rules.

<d​iego:cypherstack.com> 🐺

<s​gp_:monero.social> haha, I'm glad some work was initiated outside of there, that's healthy