16:51:25 <m-relay> <r​brunner7:monero.social> Meeting in a bit more than 1 hour
18:00:04 <m-relay> <r​brunner7:monero.social> Meeting time. Hello! https://github.com/monero-project/meta/issues/1258
18:00:17 <m-relay> <s​needlewoods_xmr:matrix.org> hello
18:01:15 <m-relay> <j​effro256:monero.social> howdy
18:01:46 <m-relay> <s​yntheticbird:monero.social> hi
18:01:53 <m-relay> <j​berman:monero.social> *waves*
18:02:15 <m-relay> <r​brunner7:monero.social> Alright, onwards to the reports from last week
18:02:51 <m-relay> <s​needlewoods_xmr:matrix.org> made great improvements on the Wallet APIs `wallet_keys_unlocker` thanks to jeffro
18:02:53 <m-relay> <s​needlewoods_xmr:matrix.org> also finally fixed the bug that made `verifyPassword()` fail after make_multisig
18:03:36 <m-relay> <r​brunner7:monero.social> So the hunt for the last remaining pieces of direct wallet2 use in the CLI wallet can continue :)
18:04:11 <m-relay> <s​needlewoods_xmr:matrix.org> yay, way more fun than starring at the debugger :D
18:04:38 <m-relay> <r​brunner7:monero.social> If the bug is interesting ...
18:06:08 <m-relay> <j​berman:monero.social> me: fixed a couple bugs testing forking from current testnet (in the migration and in scanning) in prep for alpha stressnet, cleaned up the FFI (removed unwraps/asserts, used int error returns to gracefully handle errors, de-duplicated some code with macros, clippy+fmt), implemented consolidated paths in the RPC for getting paths in the tree by global output id, started on a bette<clipped messag
18:06:09 <m-relay> <j​berman:monero.social> r organizational structure for curve trees logic in the db code, tested kayaba's latest prove/verify optimizations (good results!!)
18:06:11 <m-relay> <j​berman:monero.social> Planning to complete organizational structure in the next day, then moving to documentation/Carrot review, in prep for opening PR's to the main Monero repo
18:06:35 <m-relay> <j​berman:monero.social> Good news: kayabanerve  implemented linear prove() times, dropping 128-input tx construction down from 5m30s to ~1m!! Huge
18:06:44 <m-relay> <j​effro256:monero.social> me: initiated communication about Carrot follow-up review by Cypherstack, updated FCMP++ benchmark tool for all the latest FCMP++ changes (github.com/jeffro256/clsag_vs_fcmppp_bench/), working on supporting high input counts in benchmark tool, working on patches in Monero core repo, re-reviewing the de-dup PR by rbrunner7, reviewed several PRs in seraphis-migration, did a write-up<clipped mess
18:06:45 <m-relay> <j​effro256:monero.social>  for an upcoming vuln disclosure, helped prepare v0.18.4.2 release
18:07:34 <m-relay> <r​brunner7:monero.social> Rucknium answered jeffro256 's questions that came up during his review, and I made the requested (smaller) changes. I think it's ready now for a second review, that certainly seems a good idea because of the importance of the code: https://github.com/monero-project/monero/pull/9939
18:08:17 <m-relay> <r​brunner7:monero.social> "an upcoming vuln disclosure". Oh, always interesting. Did the fuzzing already turn up something auctionable?
18:09:00 <m-relay> <k​ayabanerve:matrix.org> 👋
18:09:31 <m-relay> <k​ayabanerve:matrix.org> I deduplicated 25k lines of code and optimized FCMP++ prove. Apologies for being a few minutes late to the meeting.
18:10:33 <m-relay> <r​brunner7:monero.social> That's the 5 times speedup that jberman mentioned?
18:10:36 <m-relay> <j​effro256:monero.social> Yes, but this specific one isn't related to the fuzzing group. The report will go up as soon as v0.18.4.2 binaries are out, not sooner so users don't get confused.
18:10:39 <m-relay> <k​ayabanerve:matrix.org> I also raised the topic of migrating the hash to point algorithm with FCMP++s after finally successfully identifying the present algorithm.
18:10:43 <m-relay> <k​ayabanerve:matrix.org> Largely rbrunner7
18:11:24 <m-relay> <j​effro256:monero.social> But if you're self-compiling for your own wallet, just make sure to be on the latest release-v0.18 or master branch.
18:11:43 <m-relay> <r​brunner7:monero.social> Just curious, what is there to win if we migrate to another "hash to point" algorithm? A bit faster?
18:11:57 <m-relay> <r​brunner7:monero.social> jeffro256: Thanks for the hint
18:12:02 <m-relay> <k​ayabanerve:matrix.org> Bits of security currently being lost.
18:12:10 <plowsof> jeffro256 would this be on -site as a blog post also - pushed at the same time binaries are?
18:12:29 <m-relay> <k​ayabanerve:matrix.org> We currently use keccak256. Would you be happy if I set the first byte to 0 after every usage?
18:12:49 <m-relay> <k​ayabanerve:matrix.org> We currently use a hash to point which has an explicit bit of bias and probably has further bias after.
18:12:55 <m-relay> <r​brunner7:monero.social> Is this a trick question :)
18:13:00 <m-relay> <k​ayabanerve:matrix.org> a new hash to point just tightens everything back up
18:13:33 <m-relay> <k​ayabanerve:matrix.org> It's also only ~10 lines of cryptography. It just invokes the existing hash to curve twice. It isn't a major change re: cryptography
18:13:57 <m-relay> <r​brunner7:monero.social> And no hairy compatibility issues if we switch that algorithm? Or will it be done in standard version based way?
18:14:21 <m-relay> <r​brunner7:monero.social> Before like so, afterwards differently
18:14:49 <m-relay> <j​effro256:monero.social> plowsof: yes that could be done
18:15:05 <m-relay> <k​ayabanerve:matrix.org> New outputs are added to the tree with a key image generator sampled using the new hash to point
18:15:07 <m-relay> <k​ayabanerve:matrix.org> Old outputs are added to the tree with their key image generators sampled using the existing hash to point
18:15:09 <m-relay> <k​ayabanerve:matrix.org> The world keeps spinning
18:15:20 <m-relay> <r​brunner7:monero.social> Alright :)
18:16:49 <m-relay> <j​effro256:monero.social> It's a type of vuln that doesn't really benefit much from being hidden from attackers since it's a data leak, it mainly just hurts users the longer they don't update. If it makes sense, perhaps a report PR can be made to the monero-site, but I just don't want it to spread on social media sites before the release binaries are posted, and cause confusion
18:17:14 <m-relay> <j​effro256:monero.social> @selsta
18:17:24 <m-relay> <j​berman:monero.social> plowsof: bumping this PR too not sure who else to bump to: https://github.com/monero-project/monero-site/pull/2510
18:19:33 <m-relay> <r​brunner7:monero.social> Ok. Anything else to discuss today beyond these reports?
18:21:00 <m-relay> <r​brunner7:monero.social> Doesn't look like it. I think we can close. Thanks everybody for attending, read you again next week!
18:21:31 <selsta> fuzzing found issues but so far none have been exploitable
18:21:56 <m-relay> <s​needlewoods_xmr:matrix.org> thanks everyone
18:22:20 <m-relay> <r​brunner7:monero.social> Good to hear, selsta.
18:24:25 <m-relay> <r​brunner7:monero.social> By the way, SNeedlewoods , it looks as if eigenwallet really went the API way instead of using wallet2 directly, which is nice: https://libera.monerologs.net/monero/20250712#c540320
18:24:55 <m-relay> <j​effro256:monero.social> Yes, sorry, I should have been more clear about the changes made due to the fuzzing group: actionable, but not exploitable.
18:25:14 <m-relay> <j​effro256:monero.social> Thanks everybody
18:25:15 <m-relay> <r​brunner7:monero.social> (There must be some more recent statement, but can't find right now)
18:26:51 <m-relay> <s​needlewoods_xmr:matrix.org> had a chat with the devs a while ago and gave them a link to the branch I'm currently working on, so they can track the most recent changes to the API
18:27:18 <m-relay> <j​effro256:monero.social> rbrunner7: about the changes?
18:27:39 <m-relay> <j​effro256:monero.social> for fuzzing?
18:27:41 <m-relay> <r​brunner7:monero.social> Er, no, about eigenwallet using the API
18:28:10 <m-relay> <j​effro256:monero.social> Oh okay nvm