-
Snipa
.merges
-
xmr-pr
Merge queue empty
-
sarang
Are there any other major changes planned for the next network upgrade?
-
sarang
No CLSAG code changes are needed as a result of the security audit
-
moneromooo
I want to change the unlock time, I've been meaning to do this for years really.
-
moneromooo
But someone's prodded me about it not long ago, so I might get to it :)
-
moneromooo
Can't think of anything else atm.
-
moneromooo
(just straightening stuff, technically a consensus change, but nothing wil change in practice)
-
moneromooo
I think I had something else I wanted for a fork but I can't find anything in my list.
-
moneromooo
Ah, there was the "pre-divie key image by 8" thing... :)
-
sarang
No CLSAG-related changes from the audit, right?
-
sarang
They had only two informational suggestions that are not security-related
-
moneromooo
Not that I know of. But you'd know better than me here.
-
moneromooo
Right, and nothing consensus related anyway.
-
sarang
I didn't think they were necessary, and the type change thing would likely introduce more risk
-
sarang
I do like the key image idea, but I understand that it was contentious
-
fluffypony
moneromooo: make it shorter or longer?
-
fluffypony
(unlock time)
-
moneromooo
No functional change.
-
moneromooo
Actually.
-
moneromooo
It's currently stored as a full 64 bit unsigned IIRC. But coinbase txes check it's exactly 60.
-
moneromooo
Might be worth removing it for coinbase, and hardcoding 60.
-
moneromooo
Saves... 4 bytes ?
-
moneromooo
I was going to say delta for all, but then it depends on when it is mined, which might be unwanted,
-
sarang
every byte counts
-
moneromooo
Delta also prevents stupid things like an unlock time < current height.
-
sarang
I also want a cooler name for CLSAG, but I fear that ship has long sailed
-
moneromooo
ZLSAG.
-
moneromooo
Everything is better with a Z.
-
moneromooo
Almost sounds the same.
-
sarang
%s/C/Z/g
-
sarang
done
-
sarang
what could do wrong
-
moneromooo
RingZT.
-
dsc_
Nein!
-
Isthmus
Delta from height of the youngest ring member perhaps?
-
moneromooo
Interesting idea.
-
moneromooo
Ah, maybe moving tx key / nonce outside extra and kill extra, since sgp mentioned people were gonna use extra for customer data.
-
moneromooo
I'm coming round to the idea that the pros/cons are really not that good.
-
sgp_
I believe those plans fell through fwiw, though of course anyone can use it for any reason at any time
-
moneromooo
Or replacing with a fixed size (non consensus enforced) encrypted chunk.
-
moneromooo
If the fixed size is high enough, we could also calculate entropy and consensus enforce high enough :D
-
sgp_
tradeoff between bloat and sticking out
-
moneromooo
OK, bad idea probably.
-
sgp_
if we want to remove tx_extra, we need to aggressively ask for comment now
-
sgp_
we don't know if we would be breaking anything
-
moneromooo
Should be simple enough to list all txes that have unknown extra payload. AFAIK only minergate has its own thing.
-
moneromooo
Then we get to ponder, if there's unknown stuff, does it add or remove incentive to break it :)
-
Isthmus
!RemindMe 1 week
-
» Isthmus heads to the data mines
-
sgp_
I still see this as something we need to super clearly announce ahead of time since we are potentially breaking.... who knows what lol
-
Isthmus
Yea, let's set removal for 2022 or something. Better late than never, especially where transaction linkability is involved.
-
Isthmus
@mooo replacing with enforced fixed-size encrypted would also get an upvote from me
-
sarang
What good real-world use cases would that have, that couldn't be addressed with encrypted pID?
-
moneromooo
I have a patch somewhere that does mostly that, but has a quantized set of allowed sizes.
-
sarang
downvote for quantization / optional sizes
-
moneromooo
Coloured coins maybe. Can that be encrypted ?
-
sarang
IMO it should be all or nothing (and I'd prefer nothing, since pID exist)
-
moneromooo
One single size is a special case of quantized :)
-
sarang
Oh, multiple assets for outputs? Yes
-
sarang
There are a couple of ways to do it
-
moneromooo
What I wanted to have is encrypted data where you can stuff json for the recipient. Then recipient/sender agree on a set of fields they want to exchnge.
-
moneromooo
That said, it's kinda a solution is search of a problem maybe.
-
sarang
Even if nothing else makes it besides CLSAG, that's still a huge improvement
-
sarang
25% smaller, 20% faster
-
sarang
better security model
-
sarang
audited signature code
-
sgp_
I'm still pushing for coinbase-only sings but no one else seems interested in those
-
sgp_
*rings
-
sarang
I marginally like the idea
-
moneromooo
I can't help but feel that it's what someone who wanted to deanonymize solo miners would do.
-
sarang
sgp_: can you read through the blog post draft I posted to -community about CLSAG?
-
sgp_
yeah one sec
-
sarang
no rush
-
sgp_
I know we love solo miners, but think of all the other users too...
-
sarang
can't post it for a while anyway
-
moneromooo
Because we don't. Obviously.
-
sgp_
it's just one of those things where if we ask the solo miners for a small favor, then everyone else is much better off
-
hyc
I really don't see the threat
-
sgp_
hyc: which threat?
-
hyc
singling out coinbase outputs into separate rings kind of destroys their anonymity set
-
luigi1111w
I see benefit of having coinbase inputs not part of normal rings
-
luigi1111w
but ~no benefit of having their own rings
-
hyc
letting them be randomly selected in normal rings keeps them ... random
-
moneromooo
OK, I said I'd trust MRL if they gave the ok to it, I'd also trust luigi1111w.
-
sgp_
luigi1111w: how could we enforce that behavior by consensus?
-
hyc
luigi1111: I don't understand. if they're not part of normal rings, and don't have their own rings, then how can they be spent at atll?
-
luigi1111w
0 rings
-
luigi1111w
why have rings at all if they publish their txs
-
hyc
ah
-
sgp_
oh so you mean make coinbase spends have no decoys
-
luigi1111w
just theater that wastes space
-
sgp_
that's the reality really, yeah
-
sgp_
I'm mostly in favor of keeping the ringsize 3 for coinbase, since the cost is tiny and the benefits could be larger than the tiny cost
-
sarang
From a graph analysis perspective, any removal of coinbase from standard rings moves heuristics effectively one hop
-
sarang
Which can be marginally beneficial
-
sarang
Hence I marginally support the idea overall
-
sgp_
imo those benefits are downplayed
-
Isthmus
@sarang good point, RE encrypted memo field = ePID. Probably not necessary to have both, could just expand ePID length to desired data payload size
-
hyc
whatever fixed size you choose will always be "not big enough"
-
sgp_
luigi1111w: what are your thoughts about c_ringsize 3?
-
sarang
Isthmus: I think it really comes down to whether it's optimal to have enough space for arbitrary data, or enough for a reasonable side-channel identifier (like pID is now)
-
luigi1111w
seems pointless
-
luigi1111w
the chances of not having "poisoned" inputs is pretty small at 3, surely
-
luigi1111w
so the size isn't large, but the benefit is ~zero
-
» Isthmus is just making a technical note and not commenting on whether or not it's something we should do
-
sgp_
I think the unpredictability helps reduce the effectiveness of mass surveillance, not really something to be relied upon for individual protection if that makes sense
-
sgp_
makes things like associating outputs by timing of spends more difficult, for example
-
sgp_
I'm not strongly in favor of this, but I think the benefits are greater than the cost
-
UkoeHB_
Isthmus: did you ever submit a PR for fixed coin base amounts?
-
Isthmus
Oops, forgot to put that in. Probably have time for that on Saturday.
-
sarang
?
-
sgp_
this is not a consensus change, but thoughts on
monero-project/monero #5222?
-
sgp_
I edited it to show that it applies to all public wallets, not just public mining pools
-
sarang
Oh, another CLSAG thing... I've reached out to the Ledger and Trezor folks for a status update, since that will be an important part of the upgrade process that should go smoothly
-
sarang
moneromooo: I suppose the `clsag-device` branch should be rebased and tested?
-
sarang
See if anything conflicts/breaks?
-
moneromooo
Probably. I try to rebase often, less pain this way.
-
moneromooo
Are you asking me to do it ?
-
sarang
I can do it, provided it doesn't get too awful :D
-
sarang
I'm trying to figure out what a good timeline is
-
moneromooo
I can do it if you'd rather, and point me to the correct branch.
-
sarang
Since I assume the Trezor and Ledger teams would like something relatively final to base their work on
-
sarang
and eventually they'll need testnet
-
sarang
-
moneromooo
Oh. If I do it, I will just ignore ledger/trezor and leave that to the relevant poeple. I'll just fix conflicts but not test.
-
sarang
Right. My understanding (waiting to hear back) is those teams have firmware stuff on their own timeline, but ideally want to know what code/network to test against prior to release
-
sarang
That branch already includes some of cslashm's device-specific work