-
kenshamir[m]
Ahh right, in the original dual target algorithm, the adversary can choose an arbitrary set, while in the wrapped game, I said the adversary needed to choose a specific set, namely the set that repeats the challengers two uniform group elements
-
kenshamir[m]
I guess the most we can say is that dual target player can solve the DL for two random points R,Q
-
sarang
They might not be random
-
kenshamir[m]
<sarang "They might not be random"> Good point.
-
kenshamir[m]
Then from that I said:
-
kenshamir[m]
y * (R - xG) = yR - x (yG)
-
kenshamir[m]
and I view x as the DL of (yG) wrt (yR) where yR and yG are random points as long as R is not the identity and we are in a prime order group
-
sarang
I think the issue is that the DL player can't control the output points, so they could have some structure known to the dual-target player
-
kenshamir[m]
Ahh I see, yeah makes sense. Was looking for something along the lines of "Randomised black box reductions" but I think it doesn't exist, mainly due to your above comment
-
sarang
Just finished presenting Triptych to the ESORICS workshop! The talk went well, I think
-
sarang
Giving remote talks is weird though
-
sarang
I think I do a much better job in person :/
-
sarang
The live talks are not recorded, but the organizers asked for recordings in advance (to be used in case of technical problems), and they plan to post those
-
sarang
Zoom's security has been a total dumpster fire, but its webinar functionality is really slick
-
sarang
(and stream security isn't really an issue for a semi-public webinar, meh)
-
sarang
I wonder if something like Jitsi will add webinar-type functionality
-
UkoeHB_
sweet :)
-
sarang
Huh, really interesting talk right now about adjusting difficulty dynamically _within_ block targets
-
sarang
to avoid "death spirals" and such
-
kenshamir[m]
<sarang "Huh, really interesting talk rig"> Is there a link to the talks?
-
kenshamir[m]
I noticed you mentioned you were in a privacy talk yesterday, so I'm guessing it is for multiple days
-
sarang
Not until after the workshop AFAIK
-
sarang
I'll ask about a preprint
-
sarang
kenshamir[m]: the talk I gave today was for ESORICS CBT
-
sarang
The talk yet to be given is for MCCVR
-
sarang
(in addition to an MCCVR panel)
-
kenshamir[m]
Yep just saw it on the website, was mostly interested in the live videos to be honest. Will wait until after the workshop, should be on youtube?
-
sarang
I think so. They asked for the recordings to be provided via YouTube
-
sarang
They gave a preprint link, but it's not clear if that's intended for public sharing or just attendees
-
sarang
Answer: no :(
-
sarang
Final papers will be on SpringerLink, but I don't know about open access
-
kenshamir[m]
Oh :(
-
sarang
I'll ask the presenter if they have a public preprint too
-
sarang
There is one! He will post it to the conference Slack, and I'll post here
-
kenshamir[m]
Thanks!
-
sarang
-
kenshamir[m]
<sarang "
arxiv.org/abs/2007.05991"> Is this one public: _Privacy Preserving Netting Protocol for Inter-bank Payments_ ?
-
sarang
Would have to ask on Slack or contact the authors
-
sarang
I'll ask after the talk
-
kenshamir[m]
-
kenshamir[m]
alright thank you
-
sarang
That'll be my question for all the talks: "public preprint"?
-
sarang
FWIW registration for the event is fairly inexpensive, if you wished to quickly register to watch the talks
-
sarang
but it is not free :(
-
kenshamir[m]
Yeah I saw it was £25, think I'll just wait it out :)
-
sarang
I'll find out if the final proceedings will be open access or not
-
sarang
Nope :(
-
sarang
bah
-
sarang
Arcturus preprint has been updated:
eprint.iacr.org/2020/312
-
sarang
The security proof was updated to provide more clarity on completeness
-
Isthmus
If there are two outputs spending to the same stealth address, and they are being sent to the same real address, then it is an issue ("burning bug") right?
-
Isthmus
But if the funds are going to two different real addresses (Alice and Bob), and the collision on the hash address is coincidental, then it doesn't matter, right? Their wallets will both get 1 false positive when scanning outputs, but they would each be able to spend their own (and only their own) funds, right?
-
Isthmus
Cuz it's different output index, and different key image, so all good?
-
Isthmus
s/hash aaddress/stealth address/
-
» Isthmus sighs
-
Isthmus
s/hash address/stealth address/
-
monerobux
Isthmus meant to say: But if the funds are going to two different real addresses (Alice and Bob), and the collision on the stealth address is coincidental, then it doesn't matter, right? Their wallets will both get 1 false positive when scanning outputs, but they would each be able to spend their own (and only their own) funds, right?