02:36:29 <koe> sarang, watching your defcon video. What is the ring size where CLSAG becomes less efficient/uses more space than RCTTypeSimple?
02:41:32 <sarang> Verification is the same at about 128
02:43:42 <koe> that's pretty big; are you guys considering raising the mixin again with CLSAG?
02:44:46 <koe> next prime is 13 lol
02:45:06 <sarang> Verification of 13-CLSAG is about the same as 11-MLSAG
02:47:34 <sarang> Much larger ring sizes are likely better suited for a sublinear construction that supports batch verification
02:47:43 <koe> makes sense
02:47:45 <sarang> (since all verification is linear-ish)
02:48:12 <koe> Ill add CLSAG writeup to my list
02:48:43 <sarang> We have an extensive rewrite
02:48:58 <sarang> It's over to suraeNoether for review before we update on IACR
02:49:08 <sarang> Has changes to the security definitions
03:03:48 <koe> well the security definitions and proofs are outside my scope anyway
03:05:19 <sarang> There's sample code in Python and Rust, and a PR from mooo
03:05:47 <koe> ok
03:07:32 <koe> if everything goes well, will CLSAG be shipped with v13 hard fork in May 2020? (implies two hard forks, v13 and v14 for transition period as with bulletproofs and ringct)
03:12:20 <sarang> Depends on what people think of the math and code, I suppose
03:12:24 <sarang> not up to me
03:19:18 <koe> fair enough
06:18:01 <rottensox> Revuo Issue 41 - https://revuo-monero.com/issue-41.html
13:06:10 <gingeropolous> ringsize 1024 sarang !!!! AWESOME!!!!
13:12:11 <moneromooo> Oh, I'd missed that backlog. Nifty!
13:12:53 <moneromooo> What is the verification bottleneck for large ring sizes ?
13:21:54 <sarang> For batchable constructions? Only the fact that there's a linear component to them
13:23:11 <moneromooo> I mean more like, what does the profile hit most ?
13:23:54 <moneromooo> If yoi've not checked in detail yet, no worries, just curious.
13:25:38 <sarang> What do you mean?
13:26:59 <moneromooo> As examples, is most of the time spend in... multiexp ? single aA muls ? Scalar ops ? Keccak ? syscalls ? busy loop ?
13:32:30 <sarang> Ah
13:32:33 <sarang> Multiexp for sure
13:33:05 <sarang> We can generally eliminate hash to point calls by switching linking tag formats
13:33:21 <sarang> At the cost of more complex multisig, as we have seen
13:33:44 <sarang> There's a few hash to scalar ops, but those are cheap and limited
14:49:59 <sgp_> sarang: is m of n multisig possible with triptych?
14:50:53 <sarang> With additional rounds to produce `n`-of-`n` equivalent shares, should be fine
14:54:35 <sgp_> so at this point, what are the main drawbacks of triptych?
14:58:30 <sarang> Lack of review, some further comparison with RCT3
14:59:26 <sarang> Still need transaction-level security definitions for the more efficient Triptych
14:59:38 <sarang> (right now we only have them for the underlying sigma protocol)
15:06:48 <sgp_> still, this is very promising then
15:21:18 <sarang> It provides more options
15:21:49 <sarang> Omniring still wins for size, but I have new questions about its proofs and the potential for batch verification (which currently is not possible)
15:32:16 <midipoet> https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Crypto/Secure_Blockchain.html
15:32:24 <midipoet> Monero Research Lab referenced on Ring Sigs
15:32:36 <midipoet> from the German Federal Office regarding secure Blockchains
15:34:25 <sarang> Good to see differentiation between mixing and ring signatures
15:34:51 <sarang> Seems they are often muddled together, despite mixing being interactive and ring signatures being non-interactive
15:35:16 <midipoet> yeah, its a very solid document to be fair, from first reading/overview
15:36:47 <ArticMine> Isthmus I am taking a look at your fee question. I do suspect that a misunderstanding on what the fee ratios are after bullet proofs are a major factor for the appearance of fee sniping.
15:36:53 <sarang> What is the intended audience midipoet?
15:38:16 <midipoet> i would imagine IT security practitioners, IT developers, IT decision makers weighing up pro/cons of moving to a blockchain/dlt based data structure
15:39:20 <ArticMine> The ratio for the low fee is 0.2 and no 0.25 and the ratio for the fastest is 200x and not 41.5x Th gui until the last fork was calculating the fees correctly but displaying the old pre bulltprrof ratios
15:39:43 <midipoet> https://www.irccloud.com/pastebin/S5mwvg5K/
15:40:47 <ArticMine> So the first step in my opinion is to better communicate how the fee formula actually works.
15:41:44 <sarang> midipoet: those summary points are pretty solid
15:42:41 <ArticMine> We can then look at adding one or more levels right above the normal fee and also Isthmus' idea of fee bins for relay
15:43:05 <midipoet> section 9.2 on the GDPR is pretty telling also, in that document
15:43:17 <sarang> Summary of it?
15:44:02 <midipoet> https://www.irccloud.com/pastebin/TOKCJAu9/
15:44:38 <sgp_> midipoet: can you also share in #monero-compliance?
15:44:44 <midipoet> yes
15:44:49 <sgp_> sweet
15:44:52 <ArticMine> By the way I am on CET UTC+1, Madrid, until January 8, when I fly back to Vancouver PST UTC-8
15:45:42 <sarang> What counts as proper anonymization?
15:47:25 <ArticMine> That GDPR document is pretty interesting.
15:48:03 <midipoet> sarang: that's the million dollar question
15:48:26 <midipoet> there have been advice guidances provided by some entities
15:48:39 <sarang> Any reliable conclusions?
15:48:45 <midipoet> but there has yet to be a reference case, as far as i know
15:50:13 <midipoet> https://iapp.org/media/pdf/resource_center/wp216_Anonymisation-Techniques_04-2014.pdf
15:50:23 <midipoet> probably the most robust if you were to go to court
15:51:39 <ArticMine> The Europol comments on Monero may provide some indication.
15:53:30 <ArticMine> It is based upon reasonable so the current approach of gradually toughening up privacy in Monero may be no that far off
15:53:46 <ArticMine> In any case we are way ahead of the competition
15:54:54 <midipoet> ArticMine: yes, i would agree
15:55:16 <midipoet> i also get the impression that those who are starting to shape policy also understand this
15:55:37 <midipoet> but are facing pressure from other groups (money laundering, national security, etc)
16:01:50 <ArticMine> Yes I agree.
16:43:22 <suraeNoether> good morning
16:52:35 <sarang> yo
17:06:21 <sarang> Triptych preprint: https://github.com/SarangNoether/skunkworks/blob/triptych/paper/iacr.tex
17:17:14 <Isthmus> Nice
17:17:54 <sarang> If anyone else wishes to review it, please do; then it can go onto the IACR archive
17:18:06 <sarang> I'm sad that we couldn't be IACR 2020/001, which would have been great
17:18:09 <sarang> or even 2020/007
17:19:19 <sarang> Note that the version on github should still be considered a draft (hence it being in draft mode in LaTeX)
18:33:49 <suraeNoether> #monero-research-recipes
18:56:30 <sarang> ...
19:00:05 <hyc> 2020/002 would still look cool
19:00:12 <sarang> Too late :/
19:00:22 <hyc> :(
19:00:24 <sarang> They're up to 2020/007
19:00:35 <sarang> I'd be cool with 2020/020
19:00:36 <hyc> ok, wait for /020
19:00:40 <hyc> ;)
19:01:47 <suraeNoether> A brief update from me today
19:02:24 <suraeNoether> I've been invited to speak at the Blockchain Technology Symposium in February at the Fields Institute in Toronto
19:03:08 <suraeNoether> there are three themes for the event, Security Longevity, Privacy / Digital Identity, and Organizational Change
19:03:15 <sgp_> very nice!
19:03:29 <suraeNoether> i'm extremely flattered; a colleague at Clemson University recommended me to them
19:03:34 <sarang> That's crazy good
19:04:23 <hyc> congrats, sounds great!
19:04:59 <hyc> I need an excuse to visit Toronto, do you need a co-presenter to advance slides for you?
19:05:21 <suraeNoether> So, I'm going to make a CCS request for travel funding; personally, I would also like Sarang to come and attend the event, so I think he should also make a request. hyc if you come out, that'd be absolutely delightful, and if you like I can recommend you to their organizer to see if they need more speakers?
19:05:33 <sarang> Would I also speak?
19:05:53 <sarang> and what is the audience for this?
19:06:05 <suraeNoether> i'll ask if they are looking for more speakers
19:06:13 <suraeNoether> i certainly can't give you a speaking slot :\
19:06:14 <hyc> just kidding; I don't have any hot topics to present at the moment
19:07:05 <suraeNoether> how about just as a fiddle opener to my talk?
19:07:16 <hyc> :D tat could work
19:07:48 <sarang> This talk will be delivered in the form of an opera
19:08:01 <hyc> LOL
19:08:19 <hyc> def need cutting edge presentation methods for cutting edge research material
19:09:03 <moneromooo> Just present your slides by triplets, with the side ones angled a bit.
19:09:16 <suraeNoether> i'll present my slides in 4:3 polyrythm
19:09:25 <suraeNoether> okay so another note, I want to take the temperature of the room on this one
19:11:22 <suraeNoether> does the Monero community want to help sponsor this BTS event?
19:11:42 <suraeNoether> There are a few levels of sponsorship. We would get the monero logo to appear on the website and we could put monero swag into their swag bags. I'd be willing to throw some XMR at a CCS funding request to sponsor an event at the Fields Institute
19:12:06 <sarang> To what benefit?
19:12:13 <sarang> What's the audience and scope and reach?
19:12:24 <suraeNoether> it's an event in the same vein in terms of content as Konferenco or the Stanford Bitcoin Conference
19:13:14 <hyc> do we believe Monero is currently unknown to that audience?
19:13:25 <suraeNoether> it would be the monero community contributing to cryptocurrency research *shrug* and they asked me in their invitation if we would be interested in sponsoring, so i'm passing along the notion
19:14:25 <hyc> as an open source dev, I'm not accustomed to asking the community for money for promotion
19:14:33 <suraeNoether> but if folks don't see the point, or don't see value in it, i don't really have a dog in that fight
19:14:43 <hyc> hell, in OpenLDAP we don't ask the community for money, period.
19:15:07 <suraeNoether> it *is* promotional for sure
19:15:43 <selsta> 20:11 <suraeNoether> does the Monero community want to help sponsor this BTS event? <- we turned these down in the past
19:16:33 <sarang> suraeNoether: do you know if they'll be offering livestreaming or recordings of talks?
19:16:35 <sgp_> I think sponsoring isn't especially good. They're already asking you to pay for your own travel? To a university!
19:16:53 <sgp_> Even NDSU paid for my travel to speak
19:16:55 * sgp_ hides
19:17:35 <hyc> ah, good point. if they're not paying lodging and at least part of travel, something's wrong.
19:17:45 <suraeNoether> selsta: good to know. i wouldn't recommend that the monero community sponsor some ico hypefest, and i'm on the fence about more academic events
19:17:54 <sarang> suraeNoether: I don't plan on requesting funds for this, regardless of speaking invitation
19:18:13 <sarang> Heck, I don't plan on requesting funds for the Stanford conference either
19:19:14 <sgp_> "Because we have been fortunate enough to have secured substantial sponsorship for the event, admission for the event is only $100 and it includes lunches and a reception."
19:20:34 <sarang> oof
19:20:37 <suraeNoether> sgp_: my general experience is that for invited speaking gigs, the bigger the university the tighter the pockets. and I insisted on paying for speaker travel for the konferenco specifically because most academic conferences in my experience *do not* have travel assistance for speakers, and I think that's unfair. maybe i misunderstood the offer. I'll ask for clarification.
19:22:17 <sarang> Perhaps the admission is only for non-speaking attendees
19:22:27 <sarang> Charging speakers admission would be absurd
19:23:23 <hyc> indeed
19:23:26 <suraeNoether> i assume the speakers don't have to pay admission
19:23:48 <sarang> I'm surprised more conferences don't allow speakers to present remotely
19:24:49 <hyc> my experience of remote presentations is kinda meh
19:25:06 <hyc> network glitches are distracting and mostly unavoidable
19:25:20 <hyc> and most of the value of a conference is meeting people in the hallways
19:25:27 <suraeNoether> half the point of conferences is to interact with people real-time, face-to-face. problems get discussed and solved much more quickly that way
19:25:29 <suraeNoether> ^
19:25:29 <suraeNoether> word
19:29:14 <sarang> Face-to-face is best, but I don't recall having ever seen a remote presenter at all
19:29:31 <sarang> Given that the cost is probably zero, it seems useful for presenters with good information but who can't make it in person
19:30:35 <hyc> we could try that sometime, do an all-remote Monerokon, charge a minimal fee
19:30:50 <hyc> to pay for video servers etc
19:47:21 <sarang> Konferenco Fantomo? (ghost conference)
19:48:57 <hyc> has a nice ring to it
19:49:07 <hyc> why not "virtual" tho?
19:49:37 <sarang> Sounds less interesting
20:00:29 <gingeropolous> yeah, 10 GBPs and 100 GBPs servers are pretty expensive
22:36:33 <sarang> suraeNoether: ought I submit the Triptych preprint?
22:37:20 <suraeNoether> Hold off 24 hours
22:37:37 <suraeNoether> I don't think there is any harm if it's the single index stuff for now
22:37:49 <suraeNoether> But for multi let's let it sit for a bit
23:55:19 <sarang> Yeah I mean single only