<s​packle:monero.social> Hi, I won't make the meeting today but on the topic of a new DSA without a hard fork:

<s​packle:monero.social> I believe this has 3 requirements:

<s​packle:monero.social> 1. The MAP decoder attack success must be significantly reduced

<s​packle:monero.social> 2. A DSA classifier must not be able to distinguish between the new/old distributions with high confidence

<s​packle:monero.social> 3. The implementation code changes must be absolutely minimal. A direct update of the values of GAMMA_SHAPE and GAMMA_SCALE is essentially the limit on what is acceptable.

<s​packle:monero.social> I believe these requirements can be fulfilled, though I do not know what the specific target numbers should be.

<s​packle:monero.social> I did a basic investigation, using tools and guidance generously provided by Rucknium, and saw some encouraging figures. With only a handful of attempts, the best result I got was with shape = 9.168 and rate = 0.8382 reducing the MAP decoder success to 16.4%. For DSA classification my methods got inconsistent results, but they did suggest that the worst of the fungibility defect i<clipped message>

<s​packle:monero.social> ssue could be avoided (<90% DSA classification accuracy).

<s​packle:monero.social> For clarity, the gamma distribution parameters above should reflect a distribution drawing 2/3 of its data from the status quo, and 1/3 of its data from parameters listed in the OSPEAD documents.

<s​packle:monero.social> I hope this approach is promising enough to foster further discussion.