16:10:35 <selsta> https://deadcode.me/blog/2020/04/25/Ledger-Monero-app-spend-key-extraction.html
16:11:35 <selsta> not directly monero related but maybe interesting for some here
16:19:53 <sarang> That's a very nice write-up
16:20:36 <sarang> Since CLSAG construction is so similar, I hope/assume that was designed with the MLSAG fixes in mind
17:18:27 <MRL-discord> <SerHack> impressive vulnerability report
17:24:40 <sarang> Looks like no particular recommendations on the Monero side
20:39:56 <Isthmus> Heyo
20:40:01 <Isthmus> One of Insight's blockchain researchers wants to work on Monero, ideally leveraging their expertise in quantum computers and their impacts on security models to ascertain how our encryption could be hardened.
20:40:06 <Isthmus> Thoughts on the research plan? https://github.com/insight-decentralized-consensus-lab/post-quantum-monero
20:43:23 <Isthmus> h/t Noethers for sharing their ideas / advice.
20:46:58 <UkoeHB_> "Deobfuscating the transaction graph:" if private-keys for one-time addresses can be found then true signers are trivially identifiable, so graph analysis would be meaningless
20:47:26 <sarang> indeed
20:47:46 <sarang> Key image bases are a function of the signing public key
21:15:39 <sarang> Temporarily quieting unregistered accounts due to spam in other channels
21:17:24 <sarang> Message me directly if this is problematic
21:18:27 <sarang> I'll un-quiet those users within the hour if the spammer go away in other channels
21:20:40 <UkoeHB_> The proposal looks reasonable. I am hesitant to accept "The existence of such an adversary is a matter of 'when' not 'if'." since many problems are not solved, and 'research is necessary' to even see if a solution exists for those problems. However, it has not been proven that any of them are unsolvable, and after all we don't know what we don't know, new discoveries are always being made. It's worthwhile
21:20:40 <UkoeHB_> to investigate
21:31:25 * Isthmus makes notes
21:32:21 <Isthmus> Yep.
21:32:34 <Isthmus> The reason that I consider graph matching separately is this:
21:35:15 <Isthmus> Could switch to another cryptosystem without the pubkey-->privkey issue, in which case that threat vector is closed but graph analysis is still a [different] risk
21:36:14 <sarang> I assume you mean from a purely bipartite-graph-matching perspective
21:36:17 <sarang> in which case, yes
21:37:58 * Isthmus nods
21:38:57 <Isthmus> Though graph matching is already parallelizable on traditional computers :- /
21:39:25 <sarang> yes
21:39:56 <sarang> That being said, without external data the cardinality is quite large
21:40:12 <Isthmus> And yea @Ukoe I softened the wording around the inevitable advent. Was originally worded differently, then I must have accidentally sharpened it on an editing pass.