00:30:51 -xmr-pr- [css-proposals] Mitchellpkt opened pull request #142: CCS proposal to research post-quantum strategies for Monero 00:30:51 -xmr-pr- > https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/142 01:17:31 ^^ Just submitted my research proposal to explore post-quantum cryptography for Monero. Please share your thought/comments/questions son the PR :- ) 01:17:50 s/son/on 01:17:50 Isthmus meant to say: ^^ Just submitted my research proposal to explore post-quantum cryptography for Monero. Please share your thought/comments/questions on the PR :- ) 01:22:12 Isthmus, there's nothing that can be done to mitigate data that exists on chain right now, correct? 01:22:34 supposing some 10k qubit computer comes to fruition 01:24:01 supposedly yes, all the pubkeys can be reversed to reveal privkeys 01:25:21 >Advances in practical quantum computing are a matter of 'when' not 'if'. 01:25:28 IEEE told me this is questionable 01:25:45 so a fix requires not only a hardfork, but everyone must xfer their funds 01:26:04 to a new wallet using the new PQ crypto 01:26:42 well, everyone transfer their funds isn't really an enforceable fix 01:26:59 this is older than I remember https://spectrum.ieee.org/computing/hardware/the-case-against-quantum-computing 01:31:38 The ability to break arbitrary discrete logarithms would also reveal signers in ring signatures by reversing key images 01:32:31 so basically, everything ever done on the monero blockchain thus far can be laid bare 01:33:01 assuming you believe Isthmus and not IEEE quantum pessimist 01:33:26 yeah, I still lean toward the "you can't error-correct this well enough" argument 01:34:10 yea, I have a former professor from grad school that believes error propagation is not solvable 01:34:18 at least not in the next 10-20 years 01:36:09 @jwinterm yep, once it's on the chain, it's vulnerable forever. 01:36:24 I'm hoping we don't see quantum computers for another 50 or 60 years 01:38:31 yea, for $40k I think it's worth funding (not that I'm funding :P), but I just think there's so much uncertainty that it's impossible to say if it's 5 years or 500 years 01:38:32 And yea, you'd have to migrate active outputs, like when we added RingCT 01:39:50 And yep, whether it's 5 or 500 years, never too soon to start planning :- P 01:40:19 [especially where retroactive deanonymization is involved] 01:43:37 right, to understand tradeoffs in terms of tx size and verification and stuff 01:43:55 and compatibility with new proposed schemes beyond c/dlsag 01:44:09 though I don't think signatures would affect that 01:44:11 but sure 01:44:26 I don't have gitlab account tho 02:12:03 from what I can tell qc cant uncover amounts for tx where the recipient's address is unknown 02:15:01 Isthmus: I assume your team has seen some of the Zcash discussion threads on their GitHub repo about similar topics? 02:15:23 Similar issues (e.g. what is the relevance of keeping addresses unknown except to sender/recipient) arise 02:24:14 Idea, let's just relaunch the chain, but in trinary. 02:24:20 Sarang plz do the research. 02:24:26 I want it on my desk by Friday. 02:24:39 UkoeHB_: start rewriting ZtM 02:24:50 on it 02:26:15 Should be a relatively simple change. 02:26:24 We'd just be adding one number for goodness sake. 02:56:05 I do wonder if post-quantum solutions would be too inefficient, to the point where cryptos are not actually very useful. We already have quite low tx throughput, relatively speaking. 05:00:22 rehrar: WEN xmr-iota atomic swaps? 05:02:02 ah, a qc could inflate the money supply very easily if allowed to make ringct transactions, since they can find the discrete log of the second commitment generator H 05:06:52 IOTA is the future. 05:33:37 selsta: where are you? 05:56:30 UkoeHB_: I always thought that QC could iflate the money supply, but not really break (all) the privacy 06:29:49 There's been two or so spam emails that have gotten through the getmonero defcon mailing list the past week or so. Does the spam filter on getmonero's GNU mailman or whatever to be updated a version or something? 08:50:34 so basically, everything ever done on the monero blockchain thus far can be laid bare <= Afaik stealth addresses are resistant, but that's it 10:13:16 rehrar: hi 10:40:36 hm, stealth addresses use diffie-hellman, no? 10:43:24 are amounts possible to reveal with QC? 11:05:23 hyc: I may be conflating stealth addresses with masked amounts 11:18:07 so far the sense is that masked amounts are safe 11:33:31 I wonder what it feels like to need to do coinjoins on that mepmpool 11:33:35 mempool* 17:32:39 Coffee Chat Saturday! 17:48:17 Saturday is a hoax made up by the corporations to convince you to keep working during the week 17:53:16 is Saturday already? 17:53:51 wait I got confused now 18:18:59 Monthly research report: https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/131#note_9896 19:45:51 -xmr-pr- [meta] SarangNoether opened issue #459: Research meeting: 6 May 2020 @ 17:00 UTC 19:45:51 -xmr-pr- > https://github.com/monero-project/meta/issues/459 20:00:47 good bot 21:26:53 Here's a situation for this channel 21:27:13 I've been discussing some CLSAG application questions with someone over email 21:27:45 Now they've told me they're on the team for a certain FOSS project (with a dev fee, if that matters to you) that is investigating the use of CLSAG 21:27:53 and would like help getting some code/protocol stuff to work 21:28:12 I am currently funded for full-time research with this project, of course, and have not responded yet 21:28:18 I see three reasonable options: 21:28:35 1. No, I cannot reasonably offer free consulting services in this case 21:28:57 2. Yes, provided your group contributes publicly to a non-Sarang CCS to support Monero development 21:29:11 3. Yes, provided your group commits to contribute publicly to a future Sarang CCS 21:29:20 Or something else 21:29:23 I'd like opinions on this 21:30:31 I estimate that this would take at most a couple of days to complete 21:30:51 -xmr-pr- [meta] SamsungGalaxyPlayer opened issue #460: Coffee Chat: 2 May 2020 17:00 UTC 21:30:51 -xmr-pr- > https://github.com/monero-project/meta/issues/460 21:36:49 sarang: can you say which project? 21:45:30 I would be interested if they have contributed back to monero in the past. 21:47:14 I don't want to name the project at this point, since the person originally reached via a separate channel and I do want to respect the privacy of private communications 21:47:40 From my very preliminary examination, it does not appear that they have contributed back to the Monero codebase that I can tell 21:48:28 The reason I have not said no yet is because it could be helpful to encourage projects that benefit from Monero development to contribute back (within the ethos of the open-source movement, of course) 21:49:09 e.g. the Loki Foundation funded some of my earlier research, and I thought it was quite nice to see another project contribute in that way 21:49:32 Obviously no one needs to contribute financially to use Monero code (within the license), but this is asking for extra consulting-style help 21:52:12 The work is tangentially related to Monero in that it's an application of CLSAG that was briefly mentioned in the preprint 21:52:21 but I don't see it being implemented in Monero 23:36:54 How much do you think collaborating with them would impact your MRL work? 23:37:09 Waves at @sarang 23:37:31 Not much 23:37:48 In that case, regarding #1, Monero does not have an exclusivity agreement over your non-MRL hours. Paid or unpaid. If you want to earn 20 EUR mowing lawns or writing code, that’s totally your prerogative as long as you continue to provide MRL research at your current quantity and quality. 23:37:53 It’d be a really nice touch if they contributed to Monero development, though I wouldn’t see it as an absolute requirement. (As long as your engagement with them is not cutting into your MRL time, you are welcome to spend a Saturday helping a friend with some project, without them needing to pay us for your off-hours personal work) 23:38:04 It's an interesting application of CLSAG, but I didn't want to offer consulting-type services to a group making money from it without making it clear what the options were 23:38:32 That sounds like a great project for your personal development 👍 23:39:09 I see the dev tax as irrelevant. 23:39:09 Naturally everybody has a personal view about whether they’re pro- or anti- or indifferent to dev taxes, but I wouldn’t instantly write off an entity because their community chose a funding mechanism that isn’t my first choice. A project is not automatically a scam because their community voluntarily chooses to use a protocol that includes universal decentralized fundraising. 23:39:38 That being said, LOTS of scams implement dev taxes 23:39:46 But correlation != causation :- P 23:39:52 I didn't mean to imply it was a scam in any way 23:40:17 Only that perhaps the fact that the team could derive fairly direct value from code contributions might affect people's views of such contributions 23:40:20 Oh, you had just mentioned "if it mattered" and I was musing about it 23:41:25 At any rate, I wanted to be open and transparent about this situation since it's related to my Monero research, even if done "off the clock" 23:42:26 Monero forks used their dev tax to hire Monero devs in the past :/ 23:43:45 Devs can obviously work for whatever they want but a project without dev tax obviously can’t compete with salaries from dev taxed projects. 23:44:01 Not that they want to hire you sarang, just saying that happened in the past. 23:44:19 This sounds very much like a "we ran into a problem with a thing you built, and would like help fixing it" situation 23:45:02 Regarding your question, I would say do whatever you think is best. 23:53:54 It would be cool if they contributed to monero somehow :) 23:55:03 Yeah, I like the idea of encouraging support where possible 23:55:16 As long as it doesn't change the mentality of the open-source ethod 23:55:18 *ethos