-
xmr-pr
[css-proposals] Mitchellpkt opened pull request #142: CCS proposal to research post-quantum strategies for Monero
-
xmr-pr
-
Isthmus
^^ Just submitted my research proposal to explore post-quantum cryptography for Monero. Please share your thought/comments/questions son the PR :- )
-
Isthmus
s/son/on
-
monerobux
Isthmus meant to say: ^^ Just submitted my research proposal to explore post-quantum cryptography for Monero. Please share your thought/comments/questions on the PR :- )
-
jwinterm
Isthmus, there's nothing that can be done to mitigate data that exists on chain right now, correct?
-
jwinterm
supposing some 10k qubit computer comes to fruition
-
hyc
supposedly yes, all the pubkeys can be reversed to reveal privkeys
-
jwinterm
>Advances in practical quantum computing are a matter of 'when' not 'if'.
-
jwinterm
IEEE told me this is questionable
-
hyc
so a fix requires not only a hardfork, but everyone must xfer their funds
-
hyc
to a new wallet using the new PQ crypto
-
jwinterm
well, everyone transfer their funds isn't really an enforceable fix
-
jwinterm
-
sarang
The ability to break arbitrary discrete logarithms would also reveal signers in ring signatures by reversing key images
-
hyc
so basically, everything ever done on the monero blockchain thus far can be laid bare
-
jwinterm
assuming you believe Isthmus and not IEEE quantum pessimist
-
hyc
yeah, I still lean toward the "you can't error-correct this well enough" argument
-
jwinterm
yea, I have a former professor from grad school that believes error propagation is not solvable
-
jwinterm
at least not in the next 10-20 years
-
Isthmus
@jwinterm yep, once it's on the chain, it's vulnerable forever.
-
Isthmus
I'm hoping we don't see quantum computers for another 50 or 60 years
-
jwinterm
yea, for $40k I think it's worth funding (not that I'm funding :P), but I just think there's so much uncertainty that it's impossible to say if it's 5 years or 500 years
-
Isthmus
And yea, you'd have to migrate active outputs, like when we added RingCT
-
Isthmus
And yep, whether it's 5 or 500 years, never too soon to start planning :- P
-
Isthmus
[especially where retroactive deanonymization is involved]
-
jwinterm
right, to understand tradeoffs in terms of tx size and verification and stuff
-
jwinterm
and compatibility with new proposed schemes beyond c/dlsag
-
jwinterm
though I don't think signatures would affect that
-
jwinterm
but sure
-
jwinterm
I don't have gitlab account tho
-
UkoeHB_
from what I can tell qc cant uncover amounts for tx where the recipient's address is unknown
-
sarang
Isthmus: I assume your team has seen some of the Zcash discussion threads on their GitHub repo about similar topics?
-
sarang
Similar issues (e.g. what is the relevance of keeping addresses unknown except to sender/recipient) arise
-
rehrar
Idea, let's just relaunch the chain, but in trinary.
-
rehrar
Sarang plz do the research.
-
rehrar
I want it on my desk by Friday.
-
rehrar
UkoeHB_: start rewriting ZtM
-
UkoeHB_
on it
-
rehrar
Should be a relatively simple change.
-
rehrar
We'd just be adding one number for goodness sake.
-
UkoeHB_
I do wonder if post-quantum solutions would be too inefficient, to the point where cryptos are not actually very useful. We already have quite low tx throughput, relatively speaking.
-
Inge-
rehrar: WEN xmr-iota atomic swaps?
-
UkoeHB_
ah, a qc could inflate the money supply very easily if allowed to make ringct transactions, since they can find the discrete log of the second commitment generator H
-
rehrar
IOTA is the future.
-
rehrar
selsta: where are you?
-
Inge-
UkoeHB_: I always thought that QC could iflate the money supply, but not really break (all) the privacy
-
xmrscott[m]
There's been two or so spam emails that have gotten through the getmonero defcon mailing list the past week or so. Does the spam filter on getmonero's GNU mailman or whatever to be updated a version or something?
-
dEBRUYNE
<hyc> so basically, everything ever done on the monero blockchain thus far can be laid bare <= Afaik stealth addresses are resistant, but that's it
-
selsta
rehrar: hi
-
hyc
hm, stealth addresses use diffie-hellman, no?
-
Inge-
are amounts possible to reveal with QC?
-
dEBRUYNE
hyc: I may be conflating stealth addresses with masked amounts
-
hyc
so far the sense is that masked amounts are safe
-
Inge-
I wonder what it feels like to need to do coinjoins on that mepmpool
-
Inge-
mempool*
-
sgp_
Coffee Chat Saturday!
-
needbrrrrrrr90
Saturday is a hoax made up by the corporations to convince you to keep working during the week
-
niocbrrrrrr
is Saturday already?
-
selsta
wait I got confused now
-
sarang
-
xmr-pr
[meta] SarangNoether opened issue #459: Research meeting: 6 May 2020 @ 17:00 UTC
-
xmr-pr
-
sarang
good bot
-
sarang
Here's a situation for this channel
-
sarang
I've been discussing some CLSAG application questions with someone over email
-
sarang
Now they've told me they're on the team for a certain FOSS project (with a dev fee, if that matters to you) that is investigating the use of CLSAG
-
sarang
and would like help getting some code/protocol stuff to work
-
sarang
I am currently funded for full-time research with this project, of course, and have not responded yet
-
sarang
I see three reasonable options:
-
sarang
1. No, I cannot reasonably offer free consulting services in this case
-
sarang
2. Yes, provided your group contributes publicly to a non-Sarang CCS to support Monero development
-
sarang
3. Yes, provided your group commits to contribute publicly to a future Sarang CCS
-
sarang
Or something else
-
sarang
I'd like opinions on this
-
sarang
I estimate that this would take at most a couple of days to complete
-
xmr-pr
[meta] SamsungGalaxyPlayer opened issue #460: Coffee Chat: 2 May 2020 17:00 UTC
-
xmr-pr
-
selsta
sarang: can you say which project?
-
selsta
I would be interested if they have contributed back to monero in the past.
-
sarang
I don't want to name the project at this point, since the person originally reached via a separate channel and I do want to respect the privacy of private communications
-
sarang
From my very preliminary examination, it does not appear that they have contributed back to the Monero codebase that I can tell
-
sarang
The reason I have not said no yet is because it could be helpful to encourage projects that benefit from Monero development to contribute back (within the ethos of the open-source movement, of course)
-
sarang
e.g. the Loki Foundation funded some of my earlier research, and I thought it was quite nice to see another project contribute in that way
-
sarang
Obviously no one needs to contribute financially to use Monero code (within the license), but this is asking for extra consulting-style help
-
sarang
The work is tangentially related to Monero in that it's an application of CLSAG that was briefly mentioned in the preprint
-
sarang
but I don't see it being implemented in Monero
-
Isthmus
How much do you think collaborating with them would impact your MRL work?
-
Isthmus
Waves at @sarang
-
sarang
Not much
-
Isthmus
In that case, regarding #1, Monero does not have an exclusivity agreement over your non-MRL hours. Paid or unpaid. If you want to earn 20 EUR mowing lawns or writing code, that’s totally your prerogative as long as you continue to provide MRL research at your current quantity and quality.
-
Isthmus
It’d be a really nice touch if they contributed to Monero development, though I wouldn’t see it as an absolute requirement. (As long as your engagement with them is not cutting into your MRL time, you are welcome to spend a Saturday helping a friend with some project, without them needing to pay us for your off-hours personal work)
-
sarang
It's an interesting application of CLSAG, but I didn't want to offer consulting-type services to a group making money from it without making it clear what the options were
-
Isthmus
That sounds like a great project for your personal development 👍
-
Isthmus
I see the dev tax as irrelevant.
-
Isthmus
Naturally everybody has a personal view about whether they’re pro- or anti- or indifferent to dev taxes, but I wouldn’t instantly write off an entity because their community chose a funding mechanism that isn’t my first choice. A project is not automatically a scam because their community voluntarily chooses to use a protocol that includes universal decentralized fundraising.
-
Isthmus
That being said, LOTS of scams implement dev taxes
-
Isthmus
But correlation != causation :- P
-
sarang
I didn't mean to imply it was a scam in any way
-
sarang
Only that perhaps the fact that the team could derive fairly direct value from code contributions might affect people's views of such contributions
-
Isthmus
Oh, you had just mentioned "if it mattered" and I was musing about it
-
sarang
At any rate, I wanted to be open and transparent about this situation since it's related to my Monero research, even if done "off the clock"
-
selsta
Monero forks used their dev tax to hire Monero devs in the past :/
-
selsta
Devs can obviously work for whatever they want but a project without dev tax obviously can’t compete with salaries from dev taxed projects.
-
selsta
Not that they want to hire you sarang, just saying that happened in the past.
-
sarang
This sounds very much like a "we ran into a problem with a thing you built, and would like help fixing it" situation
-
selsta
Regarding your question, I would say do whatever you think is best.
-
selsta
It would be cool if they contributed to monero somehow :)
-
sarang
Yeah, I like the idea of encouraging support where possible
-
sarang
As long as it doesn't change the mentality of the open-source ethod
-
sarang
*ethos