13:23:54 Meeting is today at 17:00 UTC 16:20:45 Meeting here begins at 17:00 UTC (about 40 minutes from now) 17:03:28 * needmonero90 waves 17:04:30 * binaryFate waves back 17:04:43 hello 17:05:25 hello 17:05:35 hello 17:06:00 sarang? 17:06:06 [keybase] : 👋 17:06:21 Hello all! 17:06:28 My apologies for being a bit late today 17:06:31 Welcome to the meeting! 17:06:37 Logs will be posted to the github issue afterward 17:06:57 The usual agenda, with an addition from binaryFate: https://github.com/monero-project/meta/issues/446 17:07:05 First, GREETINGS (which you've already done!) 17:07:06 hello 17:07:23 hi! 17:08:04 I suppose we can move to ROUNDTABLE 17:08:08 I have a few research items to share 17:08:15 and some additional news for the end of the meeting 17:08:31 First, the Triptych-2 preprint is now available! 17:08:42 It's here on the IACR archive: https://eprint.iacr.org/2020/312 17:09:02 and is also a merge request for monero-site that will appear soon 17:09:33 Second, I've added some updated MLSAG performance testing to the CLSAG code, to provide better comparisons 17:09:51 nice, I'll deploy the site probably later tonight so if luigi1111w merge in time it will be online 17:09:59 neat 17:10:28 It was already merged: https://repo.getmonero.org/monero-project/monero-site/-/merge_requests/1245 17:10:38 perfect 17:10:57 Additionally, I'm on the program committee for the IEE S&B conference 17:11:15 While the in-person event is delayed, paper review is still happening, so I am doing peer review on that 17:11:26 There is very interesting work that's been submitted 17:12:03 That is my update 17:12:10 Does anyone else have research of interest to share? 17:12:30 I understand there may not be much, since the world is becoming quite crazy these past few weeks :( 17:12:36 I hope everyone is staying safe and well 17:13:09 ^ s/IEE/IEEE 17:13:18 [keybase] : Indeed, just been background reading composable parameters algos 17:13:18 I am working on the fee / penalty changes 17:13:40 seddd: for what purpose? 17:14:22 [keybase] : For zkproofs, pq enhancements to ringsig algos ;) 17:14:36 [keybase] : And to blockchains in general 17:14:55 [keybase] : Lot of interesting papers coming out this year 17:16:01 ArticMine: any particular updates to fee/penalty algos? 17:16:37 I expect to have recommendations in early 17:16:41 April 17:17:20 Got it, thanks 17:17:34 Does anyone else have anything they wish to bring up for the roundtable? 17:17:41 Or any questions on topics that have been shared? 17:17:51 I do 17:18:01 hope it's the right forum 17:18:07 carrying over from #monero-dev, I'm interested in knowing more about if it's possible for unpublished outputs to be used as unpublished inputs and without being invalidated due to reorg 17:18:12 doing so would ensure valid txs are never invalidated from reorg, might allow the 10 block lock to be safely reduced, and would allow creation of decentralized exchanges with xmr as a base pair 17:18:17 if it's possible, I'm interested in looking at developing it 17:18:23 and aside from that I have a question 17:18:36 might it be possible to create a 2/3 multisig where 1 part requires 3/5 signatures 17:18:42 that could provide similar properties for a decentralized exchange 17:20:29 "if it's possible for unpublished outputs to be used as unpublished inputs and without being invalidated due to reorg" I don't get that 17:21:02 [keybase] : smth like lightning? 17:21:12 in other words, is it possible to publish a second transaction which uses outputs from a first unpublished transaction? Global output indices are not assigned until mining, so I think it is not possible. If global output indices were changed to use tx hashes, could it be possible? 17:21:53 sorry, is it possible to *create a second transaction… of course it cannot be published until after the first transaction is published 17:22:25 [keybase] : Are "scriptless scripts" w/ schnorr possible on xmr? 17:23:39 right now it's not possible indeed, due to output indices not assigned before the transaction is mined 17:23:48 unless you mine your own block and do not publish it yet 17:24:22 ok. so then the question is, could xmr be changed to support it and what would it take 17:25:01 perhaps not something that can be answered here and now, but it would be useful, if anyone has ideas or thoughts 17:25:32 then my second question: might it be possible to create a 2/3 multisig where 1 part requires 3/5 signatures? 17:25:49 it could be changed yes, I'm not sure of all tradeoff besides tx size 17:25:55 One could mine dependent transactions in one block but that is the only exception I see could be possible 17:27:40 Changing to output reference by (partial) hash value seems useful, and I hope it's done for any next-gen protocols 17:28:38 woodser what would benefits do you see of using hash? 17:28:55 [keybase] : Partial as in a hash only the parts of metadata that is know ahead of being mined? 17:29:21 I mean even truncating the hash of a set of outputs to use as a reference 17:29:36 increases the likelihood of collisions, but in a controllable way 17:29:38 moo mentioned "The DB will still keep indices. Outputs are typically encoded 16 bits on average. (maybe 24)", which I took to mean the tx size would be quite minimal 17:30:26 For next-gen protocols, there are benefits to using fixed sets of shuffled adjacent outputs 17:30:40 where the shuffling is deterministic based on block hashes, to avoid miner packing 17:30:51 the goal of using the hash is to avoid using global output indices with the goal of txs remaining valid across reorgs 17:31:25 sarang to define the outputs implicitly by a protocol rule rather than explicitly in transaction? 17:32:01 Miller et al. originally suggested using output binning where the chain is split into fixed output sets that are then shuffled deterministically 17:32:21 This helps avoid some age-based heuristics while avoiding miner shenanigans 17:32:37 woodser you can still have reorganisation with conflicting transactions, so I'm not sure you could reduce the 10 required confirmations 17:32:39 So the tx could have a reference to the bin/epoch 17:33:04 but all nodes must have the same view of this shuffling 17:33:19 or they'll show a tx as invalid by failing the signature verification 17:33:27 or by referencing an invalid output 17:33:32 the only way funds would become invalidated from a reorg is if they are spent somewhere else in the re-org, right? 17:33:50 assuming the global output indices weren't outdated 17:34:02 woodser yes I think 17:34:16 so that is a risk many people are willing to take few confirmations on 17:34:28 In a reorg, the indices could become invalid by referring to a different output, failing the signature verification 17:34:51 Having nothing to do with spent/unspent status (which is only known, in theory, based on key images in an ambiguous way) 17:34:51 woodser the issue is that you don't run the risk to invalidate just your transaction, but all others using the output in a ring 17:36:32 Anyway, this seems to a be a good topic to discuss after the meeting, if desired 17:36:45 Are there other research topics that anyone wishes to share during our current hour? 17:37:14 If not, I'd like to share some CCS-related news 17:38:08 [keybase] : +1 17:40:20 OK, my news is unfortunate; given the recent market collapse and the understandable need for people to support themselves and their families, I'll be closing my CCS and discontinuing full-time work on the project 17:40:52 that is unfortunate :/ 17:41:07 if payment were able to be guaranteed 17:41:14 for say a year or two 17:41:18 [keybase] : "the end times are upon us" 17:41:20 plus arbitrary supplement on top 17:41:26 would that change anything 17:41:37 I wanted to mention it here to give a bit of advance notice, since my current CCS work is active for the next couple of weeks 17:41:50 sarang: your request is already mostly filled 17:41:53 ? 17:42:03 512.2 of 704 17:42:05 It only had a few XMR contributed, which can be moved to general fund 17:42:06 ??? 17:42:10 its at 512xmr atm 17:42:14 out of 700 17:42:15 When on earth did this happen? 17:42:18 * needmonero90 shrugs 17:42:26 good heavens 17:42:33 That is... extremely unexpected 17:42:34 anyway i think we can solve this easily 17:42:40 sarang be like "nooooooo I'm in it for 3 more months!" 17:42:41 I don't know what to say 17:42:44 regardless if temporary funding miracles 17:42:45 sarang: we love you and are not letting you go 17:42:49 * needmonero90 thinks sarang doesnt realize how important you guys are to us 17:42:50 ^ 17:42:54 but still hold on 17:42:55 I truly enjoy conducting research here 17:43:04 Can I share some thoughts from the core team on this topic? 17:43:06 704 XMR was calculated at 48/XMR 17:43:27 we're not there. Despite being merged, this needs to be adjusted. 17:43:32 binaryFate: plz do 17:43:43 Hrm, please go ahead binaryFate 17:43:50 I'm really taken aback here 17:43:54 We had some preliminary discussions about the challenges or shortcomings of the CCS funding mechanism, especially for recurring, full-time MRL researchers. 17:44:10 Well, funding troubles happen to other CCS as well too 17:44:18 Even much smaller ones that are not ongoing in the same way 17:44:26 Before discussing the how, the end goals seem to be: 17:44:59 Primary goal, specially relevant with the recent brutal volatily, is to make it easier to provide a stable month by month payments to MRL researchers. Right now it's impossible to set an amount of XMR for a proposal that does not become obsolete and too small very quickly. The opposite could be a true in a bull market and deter donors who think the amount has become unjustifiably high. 17:45:35 Secondary goal, more relevant longer term, is to offer a bit more flexibility for MRL to use funds as is seen fitted. Right now it's very rigid, and does not allow for instance to compensate a half-time master student, small grants or incentives for student competitions, etc. May not be relevant right now but long term would be a must for a more scalable MRL. 17:45:35 The risk is that some proposals gain some kind of "special status" that others do not 17:46:08 And, for example, this workgroup is not the only workgroup that conducts research (see e.g. #noncesense-research-lab) 17:46:35 it's ok that they do 17:46:37 you are special 17:46:40 that's why this is an issue 17:46:48 We are thinking along the lines of a continuous fund for MRL, similar in its functioning to the general fund maybe. This would be "administered" by the core team, which could pay stable USD-equivalent amounts month by month. 17:46:49 seems a slippery slope 17:47:02 funding is the same slope 17:47:14 the community mechanism for the specialness remains the same as the existing funding mech 17:47:14 yassss 17:47:22 Anyone (including MRL) would know how much remains at any time, providing visibility hopefully beyond the 3-months horizon you guys have been living on 17:47:48 Yes, it would emphasize that MRL stuff are unlike other proposals, because they are. 17:47:48 This removal from the CCS means that sarang's concerns about preferential treatment on the platform are alleviated, because they're on a different platform entirely 17:48:17 That's it, initial thoughts, and wanted to open to everyone's opinion. 17:48:18 The ides is to hedge against the exchange rate and mitigate the risk to the actual researchers 17:48:20 not sure that this addresses volatility 17:48:32 Monero is nothing without research. 17:48:47 unless you mean that this other funding platform just uses fiat 17:48:53 I imagine a percent would be held in different assets, including fist 17:48:55 Fiat 17:48:59 hyc maybe a combination? Working with someone like OSTIF? 17:49:04 hyc: fund can be depleted, we always face this in a donation-based model, but at least researchers can get a stable "salary" as long as there is fund 17:49:42 MRL fund can be maybe even opened to other coins in a way that the CCS isn't (and shouldn't) be. 17:49:47 Right now, they received whatever was in the proposal 3 months old, it's always unfair one way or another. It's acceptable for smaller/shorter proposals but I understand it's tough for a full-time job all year long. 17:49:47 Since the work of MRL impacts many privacy initiatives. 17:49:58 Even if it were to be kept in crypto there is still mitigation 17:50:21 and in good time the fund can be built up 17:50:48 and if we rise to the moon, then we can just employ indefinitely 17:51:08 suraeNoether and sarang deserve better for sure 17:51:23 maybe this step will help that happen. Maybe not. We don't know. All we can do is try. 17:51:23 What accountability is there? 17:51:34 same as CCS. Accountability to Core. 17:51:38 If we rise to the moon we set funds aside for a rainy day 17:51:39 Right now, the instability of short funding requests is a benefit to the community for accountability 17:51:41 they are the ones dispersing the funds. 17:52:10 If Core decides to no longer disperse money to you guys, based on opinions of the community, they can do so. 17:52:26 It's not you guys that have the money, but them. ;) 17:52:46 You know what this even allows? It allows you guys to go lesser hours one month if you need to. 17:53:02 With a full three month proposal already paid for, it's hard to justify if you need to go half time for a month to take care of personal business. 17:53:06 I see the value in not having to plan work 3 months at a time, but 17:53:16 I got caught up, sorry for being late 17:53:21 this basically makes Core a company with actual employees 17:53:43 no and we would never want that 17:53:46 hyc how does it do that more than the existing CCS? 17:53:50 or contractors 17:53:52 money is raised for a purpose 17:53:56 money is dispersed for that purpose 17:54:18 fwiw it's worth noting the promised core accountability report has not yet been released 17:54:23 it's not far from a CCS proposal, except there's a running "pool" for it, and XMR are paid every month based on fiat price at the time. 17:54:41 [keybase] : What about creating a giant multisig w/ all funders, and a threshold is needed to move funds? 17:54:44 sgp_ that's my bad, I'll move on this next days 17:54:57 thank you 17:55:13 Yes but mitigating exchange risk to achieve a purpose is valid 17:55:35 if funds a raised for a purpose 17:56:57 We cannot leave researchers at the mercy of the markets with no mitigation of risk 17:57:02 agreed 17:57:54 I'll update the CCS page as well to have a separate MRL section 17:58:07 [keybase] : What are expected credentials for a researcher under CCS? 17:58:11 so people can go to one place to donate 17:58:34 Yes a specific page for the MRL fund with nice UI to see how much is there, a description of the researchers currently benefiting from it, and people can decide to donate or not, and expect regular reports as the noether are doing already 17:58:34 My thoughts: 17:59:07 Provable PhD in related field can be automatically considered. Undergrads and/or Master's can be considered by the current PhDs and recommended. 17:59:41 Since this is Core Team administered, it'd be Core team decided. 17:59:43 I remain concerned that this moves away from the decentralization that so many people appreciate about the project 17:59:59 sarang development remains decentralized 18:00:02 right, this seems like what a nonprofit is supposed to do 18:00:04 There are certainly qualms to be raised about how CCS openings are decided 18:00:13 I don't think the core team should have any say on that personally, I'd rather see a monthly sum given to MRL heads and they choose what to do with it (and must ensure their usage will please donators so that the fund keeps getting funding) 18:00:26 binaryFate: hmm 18:00:27 any say on who to pay 18:00:35 I do not wish to be responsible for receiving funds to be distributed elsewhere 18:01:13 that's ok, we can make clear that your receiving is just you. It should simply be clear to donators what's happening with funds. 18:01:17 is a non-profit needed? If so, it can be started easily. 18:01:32 There are many, many requirements on a non-profit organization 18:01:43 it is very nontrivial 18:01:47 would really prefer not to have anything formal even non-profit 18:01:48 rehrar: hmm, I might be able to see if MAGIC can be used for that purpose haha 18:01:58 binaryFate: I agree ultimately 18:02:15 we still need another board member fyi, looking for volunteers who like giving grants 18:02:22 MRL Fund stewarded by the core team occupies the same area as the CCS as far as I can see. 18:02:54 respectfully while the MRL fund is always going to be a thing, this is something a registered entity can handle much better 18:03:25 I think there's definitely been a perception before that the CCS was for one-shot projects, and the MRL, as a long-term ongoing activity, doesn't match that 18:03:30 sarang: and it's no less decentralized than currently, as core stewards the CCS also. Your payment is currently in their hands, and it will continue to be in the new system. 18:03:45 hyc, yes, as a whole, quarterlies were not a thing three years ago. 18:04:02 scoobybejesus: are you here? 18:04:02 sgp_: why not both? 18:04:10 The whole issue of incorporation as a non profit is something we may have to deal with 18:04:18 As we grow 18:04:18 rehrar: there will be both, the MRL fund is a thing as I said 18:04:23 MRL Fund stewarded by core team, and separate funds can be raised and dispersed by a non-affiliated non-profit. 18:04:30 3 months were chosen as the max time due to volatility 18:04:32 yes sgp, but also working, so tough to keep up :) 18:04:33 ArticMine: icky 18:04:40 I know 18:05:01 scoobybejesus: the recent chat is on using a nonprofit entity to help handle MRL grants/payments. Relevant to MAGIC possibly 18:05:06 nioc: right. But one month is too short to be continuously raising and stressing about funds. This Fund bridges the gap. 18:05:07 rehrar: agree. need to stay away from that. 18:05:08 yeah, there really is nothing ad hoc about MRL. it's an organization, with a long-term mission 18:05:22 It's not an organization 18:05:24 rehrar: just a little history :) 18:05:27 a new system for MRL that is basically a continuous rolling CCS is needed. But then I think even if a non-profit might be useful for stuff, it's fairly orthogonal to the former 18:05:28 it would affect the 1023 18:05:30 it's a workgroup of individuals who choose to contribute work 18:05:34 scoobybejesus: yes 18:05:41 but I'd have to see how much 18:05:47 (if we even want to do this) 18:06:04 MAGIC handling something similar is a separate thing 18:06:09 i guess we should meet on it later 18:06:10 matter at hand, MRL Fund. 18:06:16 Any other thoughts regarding? 18:06:26 sarang, it has at least 2 full-time paid staff. how is it just a workgroup of individual contributors? 18:06:30 rehrar: I think basing anything on the MRL fund is probably doomed to suck 18:06:44 It isn't a formally defined organization 18:06:47 sgp_: we are already living the suckage 18:07:00 Anyone is free to request donation funding, and anyone is free to participate in meetings and contribute research 18:07:05 we've seen other entities handle similar issues though 18:07:30 The FSF is a very interesting case 18:07:36 it's like listening to the 3 pigs story and then still deciding to use straw as the main house 18:07:39 Free Software Foundation 18:08:19 bricks are unavailable to us if we want to keep to our ideals 18:08:24 so we build what we can with what we have 18:08:41 MRL funding doesn't need to be done through these ideals, so I think we're talking about different things 18:08:53 If this MRL Fund thing proves to be a failure, then we can cross that bridge when we come ot it. 18:09:14 But there is literally no harm in trying an alternative method that has potential benefit to lessen stress on our researchers. 18:09:30 sarang: since you're the primary recipient in mind right now, does this MRL fund thing give you any additional confidence? 18:10:02 Stability would be welcomed, if the mechanism is set up correctly and fairly 18:10:08 There are ways For example there can be ore than one incorporated organization 18:10:40 No single point of failure 18:10:54 Keep in mind that maintaining the current method might encourage new researchers to contribute 18:11:10 having eventual turnover seems inevitable, and not necessarily a bad thing 18:11:16 sarang but if a researcher decides they'd rather use the CCS than MRL fund, they still could 18:12:20 In some cases a researcher may wish to accept risk for example in exchange for future return 18:12:59 [keybase] : Some researchers bleed for their bread 18:14:00 ok, this is fine talk for the future, but let's take a step back here. 18:14:06 sarang: regarding your current proposal 18:14:23 if we were ok with an adjustment so it's more fair for these three months, are you down to stay? 18:14:29 at least for the next three months? 18:14:39 or are you still wanting to close this one? 18:15:30 woodser: yes nested multisig is very possible, albeit a bit of a challenge to implement I expect. Please see zero to monero 2nd edition, chapter multisig last section 18:15:58 Also, no update from me since no edits the last week. One more week of proofreading 18:16:17 rehrar: I need to consider this for a bit 18:16:34 these are strange times 18:16:51 It makes sense to me that MRL is long-term/strategic stuff, and CCS is short-term/tactical, and the two should be handled differently 18:17:11 good times to be able to work from home at least 18:17:19 Understood. In the meantime, I can see about having us adjust your current proposal to better reflect price and see if we can't raise it. A fully raised amount might affect your opinion somewhat. :) 18:17:37 hyc this is a very succinct way to put it, and I agree. 18:17:55 I also want to consider that other proposals are in the ideas list that might otherwise not be able to get off the ground 18:18:14 and that people's priorities are likely (and should be) keeping themselves and their families afloat 18:18:31 that's up to donors to decide, not you to feel bad about projections 18:18:36 ^ 18:20:20 Shall we adjust to 845 XMR? ($37/XMR) 18:20:27 850? 18:20:42 Yes, this would be somewhat unusual to change mid-proposal, but it's also, as you say, strange times. 18:20:58 And I think everyone understands and is willing to help our bois continue doing what you're doing 18:22:14 I agree that everyone would likely understand due to circumstances 18:22:37 That would be a big step to take 18:22:55 it's not something we do often, and the only precedent it sets is "in extraordinary times we may do some things we don't normally do" 18:23:21 In general it's a time where everyone will be locked home for a while, let's use it to contribute to Monero and keep pushing the boundaries while other projects give up because all they wanted is $ 18:23:23 anyone who engages and says "but you did it for them why not for me" in a different time is not engaging in good faith, and the argument we have is strong. 18:23:26 These are extraordinary times 18:23:38 fair. important to specify "this adjustment isn't due to a project budget overrun" 18:23:49 ye 18:23:50 "stick together" measures of some sort 18:24:38 Ok. Next three months for sarang are well on their way. We have a few months to nail down the specifics of the MRL Fund. And I'll be pokey at Core to see about getting that done. 18:24:44 anything else on this topic? 18:25:05 Also I see a broader responsibility in ensuring the Monero network is as roust as possible 18:25:06 would be good to have suraeNoether's opinion, and let's continue this discussion soon 18:25:54 Agree with ArticMine. There's a saying that you see people's true nature in difficult times, and I think that applies to projects/communities too :) 18:27:09 I hope everyone stays safe and well during these times 18:28:25 [keybase] : mononovirus > coronavirus 18:28:40 http://getmonono.org 18:38:37 thank you UkoeHB_! 18:40:23 woodser: please let me know if you have any questions. Afaik no one has ever read that section lol 18:40:34 sweet :) 18:41:46 Very much off-topic: I've been reading that blood banks are concerned about low supply because of donors being too wary to donate 18:42:08 While I am not a doctor, I'm told it's still safe for healthy folks to donate 18:42:23 Here ends Sarang's PSA about blood donation =p 18:42:37 s/not a doctor/not a medical doctor/ 18:42:59 (obviously consult a medical doctor if concerned about donating blood) 18:43:09 I'm told though that donors are not being tested for COVID, you should probably get yourself tested first 18:43:18 noted 18:45:00 tested for covid is much easier said than done 18:45:20 at least in the US 18:45:42 Hmm my local blood bank says CDC and FDA still consider donation safe if you're otherwise considered healthy 18:45:43 Fun fact, gays aren't supposed to donate plasma due to HIV risk. Not sure about blood 😅 18:46:31 UkoeHB_: please avoid talk that could be viewed as discriminatory or hostile 18:46:47 This channel should be welcoming 18:48:25 [keybase] : Yeah probably safe to sell plasma too. You know, funding research :p 18:49:10 Anyway, probably best to move off-topic stuff to #monero-research-lounge; my apologies 18:50:00 [keybase] : I'm out then, no keybase bridge to lounge :( 18:50:14 [keybase] : 👋 18:50:30 Lol my ex used to donate plasma and lie to them 😩 18:51:02 sarang: it looks like your CCS has been increased as discussed and also........completely filled 18:51:06 [keybase] : Liars, amirite? 18:51:10 wait what nioc? 18:51:21 good heavens 18:51:22 no need to wait <# 18:51:26 <3 18:51:31 The world is moving a mile a minute this month 18:51:42 [keybase] : too many manipulative assholes in the world 18:51:52 https://ccs.getmonero.org/proposals/sarang-2020-q2.html 18:51:52 Raised 852.2 of 845 XMR 18:52:06 seddd: I doubt there would be opposition to bridges to -lounge if they aren't misused 18:52:25 [keybase] : Good luck on fundraising, thx for the meeting :) 18:52:29 (discussion in -lounge, like in -lab, is expected to be kept welcoming and open) 18:52:59 [keybase] : No misuse from me, but I understand the threat from spam 18:53:29 AFAIK it hasn't been a problem in other channels 18:53:46 +1 nioc 18:54:00 I can think of only a few situations where someone brought hostile discussion to an R&D channel, and that was unrelated to bridges 18:54:15 [keybase] : For sure, I'm starting my career in crypto research, and love me some MRL 18:54:32 seddd: are you studying CS/math? 18:54:45 [keybase] : So I come with love and enthusiasm 18:55:08 [keybase] : Yeah, both, self-study 18:55:16 Great 18:55:24 It's a fascinating area of research 18:55:34 Hard to keep up with all the new developements 18:56:32 [keybase] : So true, fire hydrant of crypto research every month 😲 18:56:44 [keybase] : Great problem to have 18:57:38 [keybase] : Definitely need to dig deeper in math tho, especially linear algebra 18:58:17 It's a crazy mix of algebra and number theory, to be sure 18:58:34 Any opinions about SGX enclaves here? 18:58:43 [keybase] : What do you think of the prospects of finding safe, practical parameters for genus 3 hyperelliptic curves? 18:59:25 seddd: There was a recent short preprint suggesting that Jacobian method for groups of unknown order was not nearly as secure as originally hoped, at the desired parameter sizes 18:59:33 Do you mean in spite of that work? 18:59:37 [keybase] : Like stuff like ShadowEth using it for zkp smart contracts, but prefer open hardware obv 19:00:21 Link to preprint: https://eprint.iacr.org/2020/289 19:01:09 [keybase] : sarang yeah my takeaway was that the current choices are insecure at desired sizes, but that future work could result in similar savings at 128-bits security 19:01:30 [keybase] : But that the research is open 19:02:17 [keybase] : Do you think it's promising, needs years more research, lost cause, etc? 19:02:36 I don't have a good sense of that 19:02:55 Having efficient groups of unknown order would be extremely interesting 19:03:34 Some of the recent stuff presented at Stanford had competitive efficiency for a general proving system under the original assumption of that Jacobian-method original preprint 19:04:10 [keybase] : Right which is what got me so excited about it 19:04:14 (I don't have the original link handy) 19:04:27 [keybase]