^^ Just submitted my research proposal to explore post-quantum cryptography for Monero. Please share your thought/comments/questions son the PR :- )

s/son/on

Isthmus, there's nothing that can be done to mitigate data that exists on chain right now, correct?

supposing some 10k qubit computer comes to fruition

supposedly yes, all the pubkeys can be reversed to reveal privkeys

>Advances in practical quantum computing are a matter of 'when' not 'if'.

IEEE told me this is questionable

so a fix requires not only a hardfork, but everyone must xfer their funds

to a new wallet using the new PQ crypto

well, everyone transfer their funds isn't really an enforceable fix

this is older than I remember spectrum.ieee.org/computing/hardwar…/the-case-against-quantum-computing

The ability to break arbitrary discrete logarithms would also reveal signers in ring signatures by reversing key images

so basically, everything ever done on the monero blockchain thus far can be laid bare

assuming you believe Isthmus and not IEEE quantum pessimist

yeah, I still lean toward the "you can't error-correct this well enough" argument

yea, I have a former professor from grad school that believes error propagation is not solvable

at least not in the next 10-20 years

@jwinterm yep, once it's on the chain, it's vulnerable forever.

I'm hoping we don't see quantum computers for another 50 or 60 years

yea, for $40k I think it's worth funding (not that I'm funding :P), but I just think there's so much uncertainty that it's impossible to say if it's 5 years or 500 years

And yea, you'd have to migrate active outputs, like when we added RingCT

And yep, whether it's 5 or 500 years, never too soon to start planning :- P

[especially where retroactive deanonymization is involved]

right, to understand tradeoffs in terms of tx size and verification and stuff

and compatibility with new proposed schemes beyond c/dlsag

though I don't think signatures would affect that

but sure

I don't have gitlab account tho

from what I can tell qc cant uncover amounts for tx where the recipient's address is unknown

Isthmus: I assume your team has seen some of the Zcash discussion threads on their GitHub repo about similar topics?

Similar issues (e.g. what is the relevance of keeping addresses unknown except to sender/recipient) arise

Idea, let's just relaunch the chain, but in trinary.

Sarang plz do the research.

I want it on my desk by Friday.

UkoeHB_: start rewriting ZtM

on it

Should be a relatively simple change.

We'd just be adding one number for goodness sake.

I do wonder if post-quantum solutions would be too inefficient, to the point where cryptos are not actually very useful. We already have quite low tx throughput, relatively speaking.

rehrar: WEN xmr-iota atomic swaps?

ah, a qc could inflate the money supply very easily if allowed to make ringct transactions, since they can find the discrete log of the second commitment generator H

IOTA is the future.

selsta: where are you?

UkoeHB_: I always thought that QC could iflate the money supply, but not really break (all) the privacy

There's been two or so spam emails that have gotten through the getmonero defcon mailing list the past week or so. Does the spam filter on getmonero's GNU mailman or whatever to be updated a version or something?

<hyc> so basically, everything ever done on the monero blockchain thus far can be laid bare <= Afaik stealth addresses are resistant, but that's it

rehrar: hi

hm, stealth addresses use diffie-hellman, no?

are amounts possible to reveal with QC?

hyc: I may be conflating stealth addresses with masked amounts

so far the sense is that masked amounts are safe

I wonder what it feels like to need to do coinjoins on that mepmpool

mempool*

Coffee Chat Saturday!

Saturday is a hoax made up by the corporations to convince you to keep working during the week

is Saturday already?

wait I got confused now

Monthly research report: repo.getmonero.org/monero-project/c…sals/-/merge_requests/131#note_9896

good bot

Here's a situation for this channel

I've been discussing some CLSAG application questions with someone over email

Now they've told me they're on the team for a certain FOSS project (with a dev fee, if that matters to you) that is investigating the use of CLSAG

and would like help getting some code/protocol stuff to work

I am currently funded for full-time research with this project, of course, and have not responded yet

I see three reasonable options:

1. No, I cannot reasonably offer free consulting services in this case

2. Yes, provided your group contributes publicly to a non-Sarang CCS to support Monero development

3. Yes, provided your group commits to contribute publicly to a future Sarang CCS

Or something else

I'd like opinions on this

I estimate that this would take at most a couple of days to complete

sarang: can you say which project?

I would be interested if they have contributed back to monero in the past.

I don't want to name the project at this point, since the person originally reached via a separate channel and I do want to respect the privacy of private communications

From my very preliminary examination, it does not appear that they have contributed back to the Monero codebase that I can tell

The reason I have not said no yet is because it could be helpful to encourage projects that benefit from Monero development to contribute back (within the ethos of the open-source movement, of course)

e.g. the Loki Foundation funded some of my earlier research, and I thought it was quite nice to see another project contribute in that way

Obviously no one needs to contribute financially to use Monero code (within the license), but this is asking for extra consulting-style help

The work is tangentially related to Monero in that it's an application of CLSAG that was briefly mentioned in the preprint

but I don't see it being implemented in Monero

How much do you think collaborating with them would impact your MRL work?

Waves at @sarang

Not much

In that case, regarding #1, Monero does not have an exclusivity agreement over your non-MRL hours. Paid or unpaid. If you want to earn 20 EUR mowing lawns or writing code, that’s totally your prerogative as long as you continue to provide MRL research at your current quantity and quality.

It’d be a really nice touch if they contributed to Monero development, though I wouldn’t see it as an absolute requirement. (As long as your engagement with them is not cutting into your MRL time, you are welcome to spend a Saturday helping a friend with some project, without them needing to pay us for your off-hours personal work)

It's an interesting application of CLSAG, but I didn't want to offer consulting-type services to a group making money from it without making it clear what the options were

That sounds like a great project for your personal development 👍

I see the dev tax as irrelevant.

Naturally everybody has a personal view about whether they’re pro- or anti- or indifferent to dev taxes, but I wouldn’t instantly write off an entity because their community chose a funding mechanism that isn’t my first choice. A project is not automatically a scam because their community voluntarily chooses to use a protocol that includes universal decentralized fundraising.

That being said, LOTS of scams implement dev taxes

But correlation != causation :- P

I didn't mean to imply it was a scam in any way

Only that perhaps the fact that the team could derive fairly direct value from code contributions might affect people's views of such contributions

Oh, you had just mentioned "if it mattered" and I was musing about it

At any rate, I wanted to be open and transparent about this situation since it's related to my Monero research, even if done "off the clock"

Monero forks used their dev tax to hire Monero devs in the past :/

Devs can obviously work for whatever they want but a project without dev tax obviously can’t compete with salaries from dev taxed projects.

Not that they want to hire you sarang, just saying that happened in the past.

This sounds very much like a "we ran into a problem with a thing you built, and would like help fixing it" situation

Regarding your question, I would say do whatever you think is best.

It would be cool if they contributed to monero somehow :)

Yeah, I like the idea of encouraging support where possible

As long as it doesn't change the mentality of the open-source ethod

*ethos