Meeting is today at 17:00 UTC

Meeting here begins at 17:00 UTC (about 40 minutes from now)

hello

hello

hello

sarang?

[keybase] <seddd>: 👋

Hello all!

My apologies for being a bit late today

Welcome to the meeting!

Logs will be posted to the github issue afterward

The usual agenda, with an addition from binaryFate: monero-project/meta #446

First, GREETINGS (which you've already done!)

hello

hi!

I suppose we can move to ROUNDTABLE

I have a few research items to share

and some additional news for the end of the meeting

First, the Triptych-2 preprint is now available!

It's here on the IACR archive: eprint.iacr.org/2020/312

and is also a merge request for monero-site that will appear soon

Second, I've added some updated MLSAG performance testing to the CLSAG code, to provide better comparisons

nice, I'll deploy the site probably later tonight so if luigi1111w merge in time it will be online

neat

It was already merged: repo.getmonero.org/monero-project/monero-site/-/merge_requests/1245

perfect

Additionally, I'm on the program committee for the IEE S&B conference

While the in-person event is delayed, paper review is still happening, so I am doing peer review on that

There is very interesting work that's been submitted

That is my update

Does anyone else have research of interest to share?

I understand there may not be much, since the world is becoming quite crazy these past few weeks :(

I hope everyone is staying safe and well

^ s/IEE/IEEE

[keybase] <seddd>: Indeed, just been background reading composable parameters algos

I am working on the fee / penalty changes

seddd: for what purpose?

[keybase] <seddd>: For zkproofs, pq enhancements to ringsig algos ;)

[keybase] <seddd>: And to blockchains in general

[keybase] <seddd>: Lot of interesting papers coming out this year

ArticMine: any particular updates to fee/penalty algos?

I expect to have recommendations in early

April

Got it, thanks

Does anyone else have anything they wish to bring up for the roundtable?

Or any questions on topics that have been shared?

I do

hope it's the right forum

carrying over from #monero-dev, I'm interested in knowing more about if it's possible for unpublished outputs to be used as unpublished inputs and without being invalidated due to reorg

doing so would ensure valid txs are never invalidated from reorg, might allow the 10 block lock to be safely reduced, and would allow creation of decentralized exchanges with xmr as a base pair

if it's possible, I'm interested in looking at developing it

and aside from that I have a question

might it be possible to create a 2/3 multisig where 1 part requires 3/5 signatures

that could provide similar properties for a decentralized exchange

"if it's possible for unpublished outputs to be used as unpublished inputs and without being invalidated due to reorg" I don't get that

[keybase] <seddd>: smth like lightning?

in other words, is it possible to publish a second transaction which uses outputs from a first unpublished transaction? Global output indices are not assigned until mining, so I think it is not possible. If global output indices were changed to use tx hashes, could it be possible?

sorry, is it possible to *create a second transaction… of course it cannot be published until after the first transaction is published

[keybase] <seddd>: Are "scriptless scripts" w/ schnorr possible on xmr?

right now it's not possible indeed, due to output indices not assigned before the transaction is mined

unless you mine your own block and do not publish it yet

ok. so then the question is, could xmr be changed to support it and what would it take

perhaps not something that can be answered here and now, but it would be useful, if anyone has ideas or thoughts

then my second question: might it be possible to create a 2/3 multisig where 1 part requires 3/5 signatures?

it could be changed yes, I'm not sure of all tradeoff besides tx size

One could mine dependent transactions in one block but that is the only exception I see could be possible

Changing to output reference by (partial) hash value seems useful, and I hope it's done for any next-gen protocols

woodser what would benefits do you see of using hash?

[keybase] <seddd>: Partial as in a hash only the parts of metadata that is know ahead of being mined?

I mean even truncating the hash of a set of outputs to use as a reference

increases the likelihood of collisions, but in a controllable way

moo mentioned "The DB will still keep indices. Outputs are typically encoded 16 bits on average. (maybe 24)", which I took to mean the tx size would be quite minimal

For next-gen protocols, there are benefits to using fixed sets of shuffled adjacent outputs

where the shuffling is deterministic based on block hashes, to avoid miner packing

the goal of using the hash is to avoid using global output indices with the goal of txs remaining valid across reorgs

sarang to define the outputs implicitly by a protocol rule rather than explicitly in transaction?

Miller et al. originally suggested using output binning where the chain is split into fixed output sets that are then shuffled deterministically

This helps avoid some age-based heuristics while avoiding miner shenanigans

woodser you can still have reorganisation with conflicting transactions, so I'm not sure you could reduce the 10 required confirmations

So the tx could have a reference to the bin/epoch

but all nodes must have the same view of this shuffling

or they'll show a tx as invalid by failing the signature verification

or by referencing an invalid output

the only way funds would become invalidated from a reorg is if they are spent somewhere else in the re-org, right?

assuming the global output indices weren't outdated

woodser yes I think

so that is a risk many people are willing to take few confirmations on

In a reorg, the indices could become invalid by referring to a different output, failing the signature verification

Having nothing to do with spent/unspent status (which is only known, in theory, based on key images in an ambiguous way)

woodser the issue is that you don't run the risk to invalidate just your transaction, but all others using the output in a ring

Anyway, this seems to a be a good topic to discuss after the meeting, if desired

Are there other research topics that anyone wishes to share during our current hour?

If not, I'd like to share some CCS-related news

[keybase] <seddd>: +1

OK, my news is unfortunate; given the recent market collapse and the understandable need for people to support themselves and their families, I'll be closing my CCS and discontinuing full-time work on the project

that is unfortunate :/

if payment were able to be guaranteed

for say a year or two

[keybase] <seddd>: "the end times are upon us"

plus arbitrary supplement on top

would that change anything

I wanted to mention it here to give a bit of advance notice, since my current CCS work is active for the next couple of weeks

sarang: your request is already mostly filled

?

512.2 of 704

It only had a few XMR contributed, which can be moved to general fund

???

its at 512xmr atm

out of 700

When on earth did this happen?

good heavens

That is... extremely unexpected

anyway i think we can solve this easily

sarang be like "nooooooo I'm in it for 3 more months!"

I don't know what to say

regardless if temporary funding miracles

sarang: we love you and are not letting you go

^

but still hold on

I truly enjoy conducting research here

Can I share some thoughts from the core team on this topic?

704 XMR was calculated at 48/XMR

we're not there. Despite being merged, this needs to be adjusted.

binaryFate: plz do

Hrm, please go ahead binaryFate

I'm really taken aback here

We had some preliminary discussions about the challenges or shortcomings of the CCS funding mechanism, especially for recurring, full-time MRL researchers.

Well, funding troubles happen to other CCS as well too

Even much smaller ones that are not ongoing in the same way

Before discussing the how, the end goals seem to be:

Primary goal, specially relevant with the recent brutal volatily, is to make it easier to provide a stable month by month payments to MRL researchers. Right now it's impossible to set an amount of XMR for a proposal that does not become obsolete and too small very quickly. The opposite could be a true in a bull market and deter donors who think the amount has become unjustifiably high.

Secondary goal, more relevant longer term, is to offer a bit more flexibility for MRL to use funds as is seen fitted. Right now it's very rigid, and does not allow for instance to compensate a half-time master student, small grants or incentives for student competitions, etc. May not be relevant right now but long term would be a must for a more scalable MRL.

The risk is that some proposals gain some kind of "special status" that others do not

And, for example, this workgroup is not the only workgroup that conducts research (see e.g. #noncesense-research-lab)

it's ok that they do

you are special

that's why this is an issue

We are thinking along the lines of a continuous fund for MRL, similar in its functioning to the general fund maybe. This would be "administered" by the core team, which could pay stable USD-equivalent amounts month by month.

seems a slippery slope

funding is the same slope

the community mechanism for the specialness remains the same as the existing funding mech

yassss

Anyone (including MRL) would know how much remains at any time, providing visibility hopefully beyond the 3-months horizon you guys have been living on

Yes, it would emphasize that MRL stuff are unlike other proposals, because they are.

This removal from the CCS means that sarang's concerns about preferential treatment on the platform are alleviated, because they're on a different platform entirely

That's it, initial thoughts, and wanted to open to everyone's opinion.

The ides is to hedge against the exchange rate and mitigate the risk to the actual researchers

not sure that this addresses volatility

Monero is nothing without research.

unless you mean that this other funding platform just uses fiat

I imagine a percent would be held in different assets, including fist

Fiat

hyc maybe a combination? Working with someone like OSTIF?

hyc: fund can be depleted, we always face this in a donation-based model, but at least researchers can get a stable "salary" as long as there is fund

MRL fund can be maybe even opened to other coins in a way that the CCS isn't (and shouldn't) be.

Right now, they received whatever was in the proposal 3 months old, it's always unfair one way or another. It's acceptable for smaller/shorter proposals but I understand it's tough for a full-time job all year long.

Since the work of MRL impacts many privacy initiatives.

Even if it were to be kept in crypto there is still mitigation

and in good time the fund can be built up

and if we rise to the moon, then we can just employ indefinitely

suraeNoether and sarang deserve better for sure

maybe this step will help that happen. Maybe not. We don't know. All we can do is try.

What accountability is there?

same as CCS. Accountability to Core.

If we rise to the moon we set funds aside for a rainy day

Right now, the instability of short funding requests is a benefit to the community for accountability

they are the ones dispersing the funds.

If Core decides to no longer disperse money to you guys, based on opinions of the community, they can do so.

It's not you guys that have the money, but them. ;)

You know what this even allows? It allows you guys to go lesser hours one month if you need to.

With a full three month proposal already paid for, it's hard to justify if you need to go half time for a month to take care of personal business.

I see the value in not having to plan work 3 months at a time, but

I got caught up, sorry for being late

this basically makes Core a company with actual employees

no and we would never want that

hyc how does it do that more than the existing CCS?

or contractors

money is raised for a purpose

money is dispersed for that purpose

fwiw it's worth noting the promised core accountability report has not yet been released

it's not far from a CCS proposal, except there's a running "pool" for it, and XMR are paid every month based on fiat price at the time.

[keybase] <seddd>: What about creating a giant multisig w/ all funders, and a threshold is needed to move funds?

sgp_ that's my bad, I'll move on this next days

thank you

Yes but mitigating exchange risk to achieve a purpose is valid

if funds a raised for a purpose

We cannot leave researchers at the mercy of the markets with no mitigation of risk

agreed

I'll update the CCS page as well to have a separate MRL section

[keybase] <seddd>: What are expected credentials for a researcher under CCS?

so people can go to one place to donate

Yes a specific page for the MRL fund with nice UI to see how much is there, a description of the researchers currently benefiting from it, and people can decide to donate or not, and expect regular reports as the noether are doing already

My thoughts:

Provable PhD in related field can be automatically considered. Undergrads and/or Master's can be considered by the current PhDs and recommended.

Since this is Core Team administered, it'd be Core team decided.

I remain concerned that this moves away from the decentralization that so many people appreciate about the project

sarang development remains decentralized

right, this seems like what a nonprofit is supposed to do

There are certainly qualms to be raised about how CCS openings are decided

I don't think the core team should have any say on that personally, I'd rather see a monthly sum given to MRL heads and they choose what to do with it (and must ensure their usage will please donators so that the fund keeps getting funding)

binaryFate: hmm

any say on who to pay

I do not wish to be responsible for receiving funds to be distributed elsewhere

that's ok, we can make clear that your receiving is just you. It should simply be clear to donators what's happening with funds.

is a non-profit needed? If so, it can be started easily.

There are many, many requirements on a non-profit organization

it is very nontrivial

would really prefer not to have anything formal even non-profit

rehrar: hmm, I might be able to see if MAGIC can be used for that purpose haha

binaryFate: I agree ultimately

we still need another board member fyi, looking for volunteers who like giving grants

MRL Fund stewarded by the core team occupies the same area as the CCS as far as I can see.

respectfully while the MRL fund is always going to be a thing, this is something a registered entity can handle much better

I think there's definitely been a perception before that the CCS was for one-shot projects, and the MRL, as a long-term ongoing activity, doesn't match that

sarang: and it's no less decentralized than currently, as core stewards the CCS also. Your payment is currently in their hands, and it will continue to be in the new system.

hyc, yes, as a whole, quarterlies were not a thing three years ago.

scoobybejesus: are you here?

sgp_: why not both?

The whole issue of incorporation as a non profit is something we may have to deal with

As we grow

rehrar: there will be both, the MRL fund is a thing as I said

MRL Fund stewarded by core team, and separate funds can be raised and dispersed by a non-affiliated non-profit.

3 months were chosen as the max time due to volatility

yes sgp, but also working, so tough to keep up :)

ArticMine: icky

I know

scoobybejesus: the recent chat is on using a nonprofit entity to help handle MRL grants/payments. Relevant to MAGIC possibly

nioc: right. But one month is too short to be continuously raising and stressing about funds. This Fund bridges the gap.

rehrar: agree. need to stay away from that.

yeah, there really is nothing ad hoc about MRL. it's an organization, with a long-term mission

It's not an organization

rehrar: just a little history :)

a new system for MRL that is basically a continuous rolling CCS is needed. But then I think even if a non-profit might be useful for stuff, it's fairly orthogonal to the former

it would affect the 1023

it's a workgroup of individuals who choose to contribute work

scoobybejesus: yes

but I'd have to see how much

(if we even want to do this)

MAGIC handling something similar is a separate thing

i guess we should meet on it later

matter at hand, MRL Fund.

Any other thoughts regarding?

sarang, it has at least 2 full-time paid staff. how is it just a workgroup of individual contributors?

rehrar: I think basing anything on the MRL fund is probably doomed to suck

It isn't a formally defined organization

sgp_: we are already living the suckage

Anyone is free to request donation funding, and anyone is free to participate in meetings and contribute research

we've seen other entities handle similar issues though

The FSF is a very interesting case

it's like listening to the 3 pigs story and then still deciding to use straw as the main house

Free Software Foundation

bricks are unavailable to us if we want to keep to our ideals

so we build what we can with what we have

MRL funding doesn't need to be done through these ideals, so I think we're talking about different things

If this MRL Fund thing proves to be a failure, then we can cross that bridge when we come ot it.

But there is literally no harm in trying an alternative method that has potential benefit to lessen stress on our researchers.

sarang: since you're the primary recipient in mind right now, does this MRL fund thing give you any additional confidence?

Stability would be welcomed, if the mechanism is set up correctly and fairly

There are ways For example there can be ore than one incorporated organization

No single point of failure

Keep in mind that maintaining the current method might encourage new researchers to contribute

having eventual turnover seems inevitable, and not necessarily a bad thing

sarang but if a researcher decides they'd rather use the CCS than MRL fund, they still could

In some cases a researcher may wish to accept risk for example in exchange for future return

[keybase] <seddd>: Some researchers bleed for their bread

ok, this is fine talk for the future, but let's take a step back here.

sarang: regarding your current proposal

if we were ok with an adjustment so it's more fair for these three months, are you down to stay?

at least for the next three months?

or are you still wanting to close this one?

woodser: yes nested multisig is very possible, albeit a bit of a challenge to implement I expect. Please see zero to monero 2nd edition, chapter multisig last section

Also, no update from me since no edits the last week. One more week of proofreading

rehrar: I need to consider this for a bit

these are strange times

It makes sense to me that MRL is long-term/strategic stuff, and CCS is short-term/tactical, and the two should be handled differently

good times to be able to work from home at least

Understood. In the meantime, I can see about having us adjust your current proposal to better reflect price and see if we can't raise it. A fully raised amount might affect your opinion somewhat. :)

hyc this is a very succinct way to put it, and I agree.

I also want to consider that other proposals are in the ideas list that might otherwise not be able to get off the ground

and that people's priorities are likely (and should be) keeping themselves and their families afloat

that's up to donors to decide, not you to feel bad about projections

^

Shall we adjust to 845 XMR? ($37/XMR)

850?

Yes, this would be somewhat unusual to change mid-proposal, but it's also, as you say, strange times.

And I think everyone understands and is willing to help our bois continue doing what you're doing

I agree that everyone would likely understand due to circumstances

That would be a big step to take

it's not something we do often, and the only precedent it sets is "in extraordinary times we may do some things we don't normally do"

In general it's a time where everyone will be locked home for a while, let's use it to contribute to Monero and keep pushing the boundaries while other projects give up because all they wanted is $

anyone who engages and says "but you did it for them why not for me" in a different time is not engaging in good faith, and the argument we have is strong.

These are extraordinary times

fair. important to specify "this adjustment isn't due to a project budget overrun"

ye

"stick together" measures of some sort

Ok. Next three months for sarang are well on their way. We have a few months to nail down the specifics of the MRL Fund. And I'll be pokey at Core to see about getting that done.

anything else on this topic?

Also I see a broader responsibility in ensuring the Monero network is as roust as possible

would be good to have suraeNoether's opinion, and let's continue this discussion soon

Agree with ArticMine. There's a saying that you see people's true nature in difficult times, and I think that applies to projects/communities too :)

I hope everyone stays safe and well during these times

[keybase] <seddd>: mononovirus > coronavirus

thank you UkoeHB_!

woodser: please let me know if you have any questions. Afaik no one has ever read that section lol

sweet :)

Very much off-topic: I've been reading that blood banks are concerned about low supply because of donors being too wary to donate

While I am not a doctor, I'm told it's still safe for healthy folks to donate

Here ends Sarang's PSA about blood donation =p

s/not a doctor/not a medical doctor/

(obviously consult a medical doctor if concerned about donating blood)

I'm told though that donors are not being tested for COVID, you should probably get yourself tested first

noted

tested for covid is much easier said than done

at least in the US

Hmm my local blood bank says CDC and FDA still consider donation safe if you're otherwise considered healthy

Fun fact, gays aren't supposed to donate plasma due to HIV risk. Not sure about blood 😅

UkoeHB_: please avoid talk that could be viewed as discriminatory or hostile

This channel should be welcoming

[keybase] <seddd>: Yeah probably safe to sell plasma too. You know, funding research :p

Anyway, probably best to move off-topic stuff to #monero-research-lounge; my apologies

[keybase] <seddd>: I'm out then, no keybase bridge to lounge :(

[keybase] <seddd>: 👋

Lol my ex used to donate plasma and lie to them 😩

sarang: it looks like your CCS has been increased as discussed and also........completely filled

[keybase] <seddd>: Liars, amirite?

wait what nioc?

good heavens

no need to wait <#

<3

The world is moving a mile a minute this month

[keybase] <seddd>: too many manipulative assholes in the world

Raised 852.2 of 845 XMR

seddd: I doubt there would be opposition to bridges to -lounge if they aren't misused

[keybase] <seddd>: Good luck on fundraising, thx for the meeting :)

(discussion in -lounge, like in -lab, is expected to be kept welcoming and open)

[keybase] <seddd>: No misuse from me, but I understand the threat from spam

AFAIK it hasn't been a problem in other channels

+1 nioc

I can think of only a few situations where someone brought hostile discussion to an R&D channel, and that was unrelated to bridges

[keybase] <seddd>: For sure, I'm starting my career in crypto research, and love me some MRL

seddd: are you studying CS/math?

[keybase] <seddd>: So I come with love and enthusiasm

[keybase] <seddd>: Yeah, both, self-study

Great

It's a fascinating area of research

Hard to keep up with all the new developements

[keybase] <seddd>: So true, fire hydrant of crypto research every month 😲

[keybase] <seddd>: Great problem to have

[keybase] <seddd>: Definitely need to dig deeper in math tho, especially linear algebra

It's a crazy mix of algebra and number theory, to be sure

Any opinions about SGX enclaves here?

[keybase] <seddd>: What do you think of the prospects of finding safe, practical parameters for genus 3 hyperelliptic curves?

seddd: There was a recent short preprint suggesting that Jacobian method for groups of unknown order was not nearly as secure as originally hoped, at the desired parameter sizes

Do you mean in spite of that work?

[keybase] <seddd>: Like stuff like ShadowEth using it for zkp smart contracts, but prefer open hardware obv

Link to preprint: eprint.iacr.org/2020/289

[keybase] <seddd>: sarang yeah my takeaway was that the current choices are insecure at desired sizes, but that future work could result in similar savings at 128-bits security

[keybase] <seddd>: But that the research is open

[keybase] <seddd>: Do you think it's promising, needs years more research, lost cause, etc?

I don't have a good sense of that

Having efficient groups of unknown order would be extremely interesting

Some of the recent stuff presented at Stanford had competitive efficiency for a general proving system under the original assumption of that Jacobian-method original preprint

[keybase] <seddd>: Right which is what got me so excited about it

(I don't have the original link handy)

[keybase] <seddd>: Such awesome possibilities

[keybase] <seddd>: Lemme find it

I'm sure there will be increased research into groups of unknown order, now that there have been some prominent preprints out about them

Here was the original preprint that 2020/289 addressed later: eprint.iacr.org/2020/196

[keybase] <seddd>: Not the Stanford paper, but cool work on pqMPC: arxiv.org/pdf/0910.2912

[keybase] <seddd>: Anyway that's more toward a zcash style zkp, which is why I thought the hyperelliptic stuff might apply more directly to monero

How so?

[keybase] <seddd>: Since ed25519 is a genus 1, but I don't fully understand the math

Being able to build a Merkle tree-style protocol in a trustless way seems quite robust

[keybase] <seddd>: My thinking w/ hyper stuff is that valid blockchain state at a given point could be committed to as the root of the proof tree, allowing for a secure, trustless transition to a pq system

[keybase] <seddd>: ^ but that's from my dumb misunderstandings and hopes of such a system working