not directly monero related but maybe interesting for some here

That's a very nice write-up

Since CLSAG construction is so similar, I hope/assume that was designed with the MLSAG fixes in mind

<SerHack> impressive vulnerability report

Looks like no particular recommendations on the Monero side

Heyo

One of Insight's blockchain researchers wants to work on Monero, ideally leveraging their expertise in quantum computers and their impacts on security models to ascertain how our encryption could be hardened.

Thoughts on the research plan? github.com/insight-decentralized-consensus-lab/post-quantum-monero

h/t Noethers for sharing their ideas / advice.

"Deobfuscating the transaction graph:" if private-keys for one-time addresses can be found then true signers are trivially identifiable, so graph analysis would be meaningless

indeed

Key image bases are a function of the signing public key

Temporarily quieting unregistered accounts due to spam in other channels

Message me directly if this is problematic

I'll un-quiet those users within the hour if the spammer go away in other channels

The proposal looks reasonable. I am hesitant to accept "The existence of such an adversary is a matter of 'when' not 'if'." since many problems are not solved, and 'research is necessary' to even see if a solution exists for those problems. However, it has not been proven that any of them are unsolvable, and after all we don't know what we don't know, new discoveries are always being made. It's worthwhile

to investigate

Yep.

The reason that I consider graph matching separately is this:

Could switch to another cryptosystem without the pubkey-->privkey issue, in which case that threat vector is closed but graph analysis is still a [different] risk

I assume you mean from a purely bipartite-graph-matching perspective

in which case, yes

Though graph matching is already parallelizable on traditional computers :- /

yes

That being said, without external data the cardinality is quite large

And yea @Ukoe I softened the wording around the inevitable advent. Was originally worded differently, then I must have accidentally sharpened it on an editing pass.