02:09:00 <nakedpony> Hi everybody
02:09:22 <nakedpony> Is there chance, or discussion, about ever moving Monero away from decoys to a zero-knowledge approach?
02:10:05 <nakedpony> or is there a reason why decoys are favored to zero knowledge?
02:15:49 <kayabaNerve> nakedpony: Efficiency/no trusted setup is my understanding, but I could be wrong.
02:16:31 <kayabaNerve> With the new CLSAG signatures going around, will wallets using the existing signature format stop producing valid transactions? Or is it an optionally faster signature method that everyone should use but is not required to?
02:16:38 <vtnerd> theres zk-starks now
02:16:47 <kayabaNerve> It does sound like existing signatures will still be fully valid. Just double checking.
02:17:04 <kayabaNerve> vtnerd: Define now :P Starklabs has existed for years. I don't think they've ever been viable though
02:17:13 <vtnerd> but the techniques researched by the MRL attempt to within the bounds of existing assumptions
02:17:49 <vtnerd> zk-starks claims to not require a trusted setup
02:17:54 <kayabaNerve> I did note efficiency as a reason
02:18:14 <kayabaNerve> Yes, but there's a reason ZCash (or any single cryptocurrency out there) doesn't use Starks. They're horrendously slow
02:18:19 <vtnerd> but it has new novel "assumptions" that are not proven, that a different than the assumptions monero assumes (ECDLP hardness and hash construction)
02:18:44 <vtnerd> well its beyond that really
02:18:54 <kayabaNerve> The theory has existed for years, and I'm pretty sure there have also been construction/verification procedures for years (with the same standard of review as zerocoin/zerocash)
02:19:12 <vtnerd> Im not sure of the perf they achieve now though
02:19:16 <kayabaNerve> But the proof sizes and horrendous, so even if any algorithm is secure as defined...
02:19:30 <kayabaNerve> The most recent ZK protocol I remember hearing about was SONIC, which was still snarks
02:19:55 <kayabaNerve> https://eprint.iacr.org/2019/099.pdf
02:19:58 <nakedpony> Whoa this is some enlightening discourse
02:20:42 <kayabaNerve> Page 3 has a lot of comparisons made
02:20:52 <vtnerd> if your google zk-starks ethereum comes up first
02:21:04 <vtnerd> which means they've found a new thing to pump and do nothing with
02:22:34 <kayabaNerve> Page 14 has timing information. It becomes decent with aggregation, yet the aggregation scale is... interesting
02:23:29 <kayabaNerve> Starkware has existed for years and had a theoretically working STARK model at the start. Their work has been on viability and a crypto implementing said viable algorithm.
02:23:35 <kayabaNerve> For some reason, neither went anywhere...
02:23:58 <vtnerd> https://www.starkdex.io/
02:24:14 <vtnerd> seems to be the big achievement thus far ?
02:24:40 <vtnerd> no idea if it actually works or is usable though, thats always the catch
02:27:53 <kayabaNerve> Seems to be like ZK Rollups
02:28:08 <kayabaNerve> It's not actually used for any privacy. It's to provide succinct proofs of a large amount of data
02:28:33 <kayabaNerve> So you can conduct a ton of sends/trades on a second layer/side chain, and then publish a few KB to Ethereum with the result, which the Smart Contract can verify
02:29:10 <kayabaNerve> It's an important distinction to note here
02:29:23 <vtnerd> yeah was looking at the description, its weird
02:30:36 <vtnerd> possibly a ruse to get ZK+DEX+blockchain buzzwords into one project
02:31:08 <vtnerd> or its a proof of funds I suppose ?
02:32:34 <vtnerd> their services still has knowledge of all the trades
02:53:12 <kayabaNerve> It's a trustless scalability technique which I actually really respect. That said, it's as private as Lightning.
02:53:45 <kayabaNerve> Only the aggregate is published on the underlying network, but the actions aren't private when conducted.
02:53:59 <kayabaNerve> So it's not private.
02:58:03 <vtnerd> hmm so the funds still remain in user control then
03:00:01 <vtnerd> regret crapping on this, actually kind of interesting
03:03:18 <vtnerd> this isn't marketed as a privacy scheme at least, for the reasons you stated
03:12:09 <kayabaNerve> ZK Rollups are the more abstracted version IIRC and it's great
03:33:13 <sarang> Specified anonymity sets ("decoys") and zero-knowledge proving systems are not necessarily distinct things
03:33:34 <sarang> It all comes down to the transaction protocol you build with different cryptographic constructions
04:17:31 <kayabaNerve> Bit of a repost, but because it wasn't answered, I'd like to ask again. The new CLSAG signatures in the hard fork. If I have a program creating transactions using the existing signature scheme, will those remain compatible? It sounds like it will, but I'd love to confirm.
04:18:08 <kayabaNerve> I didn't roll my own MLSAG library, of course. I did directly wrap the internal RingCT lib though...
04:33:32 <kayabaNerve> *I do understand CLSAG construction/verification is different. Asking on a protocol level.
04:40:57 <kayabaNerve> Never mind. Read through the PR, found the banning of all types other than CLSAG.
04:53:32 <sarang> Only CLSAG will be accepted
04:53:48 <sarang> Otherwise it's less efficient and a vector for fingerprinting
07:31:15 -xmr-pr- moneroexamples opened issue #6774: Setting MONERO_WALLET_CRYPTO_LIBRARY to `cn`?
07:31:15 -xmr-pr- > https://github.com/monero-project/monero/issues/6774
10:47:29 <moneromooo> Looks like MLSAG will get rejected on v14. Do we want a quick v14 ? There's just a v13 defined in the fork table atm.
10:54:01 <sech1> I always thought that was the plan (v13 and then v14 after 720 blocks)
11:05:21 <moneromooo> When did people want the fork ? October ish IIRC ?
11:05:37 <hyc> I saw a md-Oct date somewhere
11:05:39 <hyc> mid
11:06:29 <hyc> and yes, I would expect a v13 & v14 for txn format changes
11:10:01 <sech1> October 17th is the fork date
11:10:16 <sech1> which was publicly announced
11:12:25 <moneromooo> Publicly announced... before any code is PRed for it... Amazing.
11:13:03 <moneromooo> I'll add two forks for this then.
11:14:35 <moneromooo> When do people want a testnet with those ?
11:20:33 <selsta> plan was to release binaries 1 month before HF, so maybe set the testnet to 1 month before it too
11:20:55 <moneromooo> In 6739 now. Testnet can be added shortly before it gets merged.
11:22:13 <sech1> https://web.getmonero.org/2020/08/18/network-upgrade-october-2020.html
11:25:37 <moneromooo> ty
11:27:38 <ErCiccione[m]> moneromooo: I thought an announcement was necessary since we decided the date one month agod and weare 1 month and a half away from the hard fork.
11:27:48 <moneromooo> Oooh, that's where the ground changing chat came from :D
11:27:58 <ErCiccione[m]> yeah :P
16:01:15 -xmr-pr- wojtasss opened issue #6775: --txpool-notify propsal
16:01:15 -xmr-pr- > https://github.com/monero-project/monero/issues/6775