UkoeHB_ I forgot to mention this previously, I think figures for the elliptic curve section would be a nice add. I always find elliptic curve cryptography is easier understood with visuals.

thanks atoc, Ill put that on my list for v3

cool (y)

My understanding is that it is currently no way to create multiple transactions in Monero where the second relies on the first existing, but pre-made so it can be broadcast at a later date. Is this something that could be possible / is even being looked at ? I vaguely remember seeing some talk about it in the past week or two in one of the monero channels

It's technically possible but not practical or realistic. Your second tx takes as input references to output indices from the chain, but if those indices haven't even been determined yet it becomes quite hard to coordinate.

Not to mention, all the ring decoys would be older than the real spend, so if you had some service making those tx and managed to fingerprint them, all the real spends would be identifiable.

and the way ring sigs work, means that you would need to select decoys at the time of creation of the second transaction I presume.

Right

Ring signatures suck.

then how would one build a refund claim transaction that must be signed before publishing a parent tx that creates the multisig output being spent in the refund claim?

You don't. I guess.

Which is a bummer.

Hello all

Hope everyone is doing well on this fine day

I'll be working on some Triptych-2 math today, wooo

figure out how to multi-party compute covid away please.

:(

[discord] <Leo Cornelius [AIO]#9160>: Hey everyone, has anyone benchmarked moneros privacy TXO model against bitcoins and other coins that are not private?

[discord] <Leo Cornelius [AIO]#9160>: eg does making transactions private using ring sigs or buillet proofs cause nodes to have to work harder/ longer to verify the txn

yes

Monero tx verification is much heavier than Bitcoin's (even after BPs).

I don't have an actual number to brandish though.

[discord] <Leo Cornelius [AIO]#9160>: ok, do you know of nay papers looking into i?

[discord] <Leo Cornelius [AIO]#9160>: eg does making transactions private using ring sigs or buillet proofs cause nodes to have to work harder/ longer to verify the txtn

[discord] <Leo Cornelius [AIO]#9160>: (edited)

If you just look at the size of a bare bones bitcoin tx vs monero tx, it should give you a pretty good idea of the complexity difference

More complex = longer to verify

Leo I don't have numbers but my guess is that Monero tx will take at least 10x longer to verify

I looked briefly and didn't find hard numbers for typical txs for either bitcoin or monero

Certain parts of transactions can also be verified in batches, reducing the average verification time

Also note that in theory, you could build the transaction protocol using other curves and libraries, so comparing common implementations will be very dependent on the implementation's details and underlying plumbing

@Inge- "My understanding is that it is currently no way to create multiple transactions in Monero where the second relies on the first existing, but pre-made so it can be broadcast at a later date."

Yeah, this would be trivial if ring members were indexed by transaction hash instead of output index.

You could chain as many as you want and release them one-by-one later

Decoy selection would be terrible though

And it likely wouldn't work with advanced binning

Haha yeah the ring member ages would leak the delayed broadcast, and the guess-newest heuristic would be very effective

Well, up to the binning

One benefit of binning (as investigated by Miller's team) was that even under the assumption of an age heuristic, you still have an entire bin of that age included

and would need extra information to narrow down the signer within that bin

I forget, are archival nodes an issue for that method

How so?

Isthmus: and indexing by hash would require more space? Other downsides?

Miller-style binning uses block hashes to define a bin ordering in a way that miner's can't influence in advance

But otherwise, mining and tx broadcast look the same as without it

Space only for new txes. They can be stored with the current system.

s/miner's/miners

good bot

(s/for new txes/for network traffic/)

bot doesn't like you

try without brackets?

s/(a)/\1/g

s/$/x/

bot is ded

s/s/s/

FWIW binning could be used even with small overall ring sizes

it reduces the time sampling by using few bins, but gives ambiguity within bins (absent external information)

and depending on bin sizes, it could potentially help with cross-input time correlations in some cases too

^ Isthmus

i.e. Table 4 on page 14 here: petsymposium.org/2018/files/papers/issue3/popets-2018-0025.pdf

FYI there is a deadline for PoPETS 2021 within a couple of months: petsymposium.org/cfp21.php

I'm considering submitting one or more of CLSAG, Triptych, or Triptych-2...

any thoughts/advice are welcome

There doesn't appear to be a specific limit on submissions

(perhaps real_or_random has insight?)

Ugh, I was barely able to fit the equations into a single-column format, and PoPETS requires a tiny two-column layout...

I wonder if it'll be straightforward to use a column-spanning environment in TeX

add a footnote 'please use the ZOOM function'

I've never understood the rationale for two-column layouts in math-heavy publications

It's nothing but a hassle

I had one preprint where the editors and typesetters ended up doing some crazy column-spanning stuff, but it still looked just horrible

But I suppose you've gotta play the game if you want to avoid an immediate rejection for formatting :/

wenbin

Haha, so it's not only in programming people want to rewrite shit just so whitespace is just how they like it ? :D

sarang that sounds like a good opportunity to get more eyes on CLSAG/etc

It'd be months before reviews came back

Bah, I asked the program chairs if a simple article-style format was ok for initial submissions, to avoid the time-consuming formatting work until/unless the paper was accepted

but nope :(

That seems like an unnecessary waste of time

i thought changing layout is like a one liner in tex

It is, but that doesn't help complex mathematics

TeX doesn't handle mathematics flows like it does text (and even then, sometimes you need to help it out with text too)

too bad

Yeah

e.g. pages 7 and 8 of Triptych-2 are gonna be... fun

link?

I had one coauthor who figured out a way to do a mathematical diagram on a separate page in landscape mode, which was the only way he could get it to fit on a page!

ok, so the built-in auto wrap won't work

sarang tex.stackexchange.com/a/30988

any reason that doesnt work?

There are some multiline environments but I haven't tested them with long eqnarrays

cant you just prerender the equations as images, and inline them as that tex post says?

sure its hacky and manual

That breaks any changes in font etc. that they use

I'll see what I can do

Worth noting that figure environments don't have to contain images

So for displayed boxes showing things like algorithms/protocols, could be very useful

the font on pages 7 / 8 is obviously too large for 2 columns

I didnt dig too deep, just assumed it was image only

i wonder if you can tweak that

not the font, but the resolution

fuwa: their required style package specifies a particular font and size, of course

what ?

The linked preprint uses the standard article documentclass

many places that take preprints have exacting requirements as to the format of those preprints

The conference proceedings use their own class/style

including font type, font size, column number, bibliography style, whatever

gotta play the game

What's strange is many organizations don't care the format of your initial submission, which is really nice

If you're accepted, then they'll have you format according to their preferences

This reduces unnecessary work on the part of authors until/unless they're accepted, which is really nice

I don't really get the necessity of doing all the camera-ready formatting from the start

by accepted, you mean 'they take your money to list your print in a medium that they charge for access to' right?

basically taking money from both sides :D

There's no submission fees

oh neat

And it's open access

the publishing industry doesnt usually leave me with good impressions

So in this case, nobody is paying to submit or to view articles

and of course, the preprints are available if authors post them

What's the journal?

In this case, PoPETs

They have this rolling submission method that I like

Anyway, now I know what I'll be doing for the next few days :D

FORMATTING

such productive work

i meant the foratting, of course

need to find an intern

sarang I wonder if fiverrr has any latex experts :D

fiverr*

I'm sure it's a good exercise in TeX :D

Or a subtle indication of "too much math, sorry"

i have some tex experience

orly

hmm, actually ignore that

yeah but if we can fob off the formatting on some schmuck for a cool $50, that leaves your time open for more productive things

I was gonna say, the source to those papers is available

i've switch career to content creation already

needbrrrrrrr90: eh, I wrote it, so it's my responsibility

and at any rate, it's a good chance for me to catch any errors

I'm just needlessly complaining about TeX formatting :D

:)

I'll definitely submit CLSAG for sure, and that one should be much easier

Even though reviews will take a while, like UkoeHB_ it will be good to get extra eyes on it

Between Triptych and Triptych-2, I suspect Triptych has a better chance of acceptance since it has a more complete LRS security model