17:15:20 <br-m> <jberman> @spirobel:kernal.eu decided to raise a counter-argument to twitter in favor of Monero-PSK: https://xcancel.com/spirobel/status/2060002430558065137
17:16:50 <br-m> <jberman> "the current jamtis draft ... fails to articulate the value proposition for end users ... nobody in the real world will accept a change that worsens the user experience like this without providing a tangible benefit"
17:18:38 <br-m> <jberman> That's a pretty absurd claim @spirobel:kernal.eu. The opening paragraph could not be clearer that it provides PQ privacy in the event a QA knows your address
17:19:23 <br-m> <jberman> That's the core reason why the address is significantly larger. It's beyond me that your post doesn't mention this
17:22:57 <br-m> <jberman> PGP has a notoriously poor UX and hasn't caught on to a significant degree among non-technically inclined people. I'm not sold on an interactive opening round being something most people will be inclined to do
17:24:25 <br-m> <jberman> Today in Monero, it's likely the case that a ton of users connect to centralized RPC nodes (like Cake Wallet's and/or other central operators)
17:24:55 <br-m> <jberman> This scheme would 100% leak privacy to said node operators, because wallets would query for their txs to those nodes
17:28:39 <br-m> <jberman> I have a hard time seeing major centralization risk from the introduction of a filter-assist tier that is de facto worse than the current landscape. Plus, the "filter-assist" could even be a fallback (default to full wallet scan via daemon, and if available, use the filter-assist)
17:30:17 <br-m> <jberman> And it has the major benefit of both a smoother UX than Monero-PSX (no interactive opening) with better privacy properties and no potential footguns
17:32:28 <br-m> <syntheticbird> big ass tweet in response to a big ass tweet. > <@jberman> @spirobel:kernal.eu decided to raise a counter-argument to twitter in favor of Monero-PSK: https://xcancel.com/spirobel/status/2060002430558065137
17:32:28 <br-m> <syntheticbird> reach: 0
17:32:42 <br-m> <jbabb:cypherstack.com> devil's advocate: we could more clearly explain to a typical user how serious it is and the implications of PQ privacy against a QA... maybe something like "within 10 (20?) years, a quantum computer could X; this upgrade reduces the risk to Y."
17:32:42 <br-m> <jbabb:cypherstack.com> but that's not so much an argument for M-PSK so much as a note that we could boil it down a bit better
17:33:59 <br-m> <jbabb:cypherstack.com> > <@jberman> "the current jamtis draft ... fails to articulate the value proposition for end users ... nobody in the real world will accept a change that worsens the user experience like this without providing a tangible benefit"
17:34:00 <br-m> <jbabb:cypherstack.com> "devil's advocate" isn't exactly what I mean--rather, just that the criticism that the jamtis proposal "fails to articulate the value proposition for end users" might have some merit.  this isn't a technical note, it's a presentation one
17:38:24 <br-m> <jbabb:cypherstack.com> I should correct myself: I just checked https://gist.github.com/tevador/639d083c994c1ef9401832c08e2b7832#1-introduction and that introduction does do a good job of explaining the situation: my statements are a bit out of date, sorry.  the only improvement would be to shove a little more easy to understand paragraph at the very top, but it's actually better at explaining the "why" than I remember
17:39:07 <UkoeHB> Value proposition includes: improved hardware wallet UX, improved scanning for mobile wallets and other casual users, improved PQ forward secrecy, improved subaddress model that enables use-cases like random addr gen.
17:53:25 <br-m> <jbabb:cypherstack.com> this sentence near the beginning: "Most importantly, the new format allows for post-quantum forward secret transactions that can't be decrypted even if the address is publicly known and the elliptic curve discrete logarithm (ECDLP) is broken" is technically correct, but something like "A Quantum Adversary could extract seeds f [... too long, see https://mrelay.p2pool.observer/e/-MT38ocLQjZFVmZB ]
17:53:25 <br-m> <jbabb:cypherstack.com> ... but this is a weak criticism.  the introduction (https://gist.github.com/tevador/639d083c994c1ef9401832c08e2b7832#11-why-a-new-address-format) just below the table of contents does a good job boiling it all down in plain english point by point.  this is a nitpick
17:58:44 <br-m> <syntheticbird> > in plain english point by point
17:58:44 <br-m> <syntheticbird> bold of you to assume i can read english
18:06:17 <br-m> <rbrunner7> Since when can you pack something like a cryptographical paper and an article that explains everyday users advantages of a new scheme into a single document?
18:14:38 <br-m> <jbabb:cypherstack.com> that single document does do a good job.  "[the jamtis draft] fails to articulate the value proposition for end users [that don't read more than 3-4 paragraphs]" is more accurate.  I just remembered reading an earlier draft that hadn't boiled it down so simply as it does now
20:27:14 <tevador> spirobel: "the current draft introduces the unnecessary restriction to be blockchain independent" - feel free to suggest a concrete change to the Monero-PSK specs. You keep repeating your argument, but it's unclear if your "doing it properly" is even possible without horrible footguns.