07:24:19 Ahh right, in the original dual target algorithm, the adversary can choose an arbitrary set, while in the wrapped game, I said the adversary needed to choose a specific set, namely the set that repeats the challengers two uniform group elements 07:45:53 I guess the most we can say is that dual target player can solve the DL for two random points R,Q 11:20:48 They might not be random 11:26:40 Good point. 11:29:30 Then from that I said: 11:29:30 y * (R - xG) = yR - x (yG) 11:29:30 and I view x as the DL of (yG) wrt (yR) where yR and yG are random points as long as R is not the identity and we are in a prime order group 11:58:53 I think the issue is that the DL player can't control the output points, so they could have some structure known to the dual-target player 13:00:06 Ahh I see, yeah makes sense. Was looking for something along the lines of "Randomised black box reductions" but I think it doesn't exist, mainly due to your above comment 13:03:44 Just finished presenting Triptych to the ESORICS workshop! The talk went well, I think 13:03:50 Giving remote talks is weird though 13:03:58 I think I do a much better job in person :/ 13:04:59 The live talks are not recorded, but the organizers asked for recordings in advance (to be used in case of technical problems), and they plan to post those 13:05:53 Zoom's security has been a total dumpster fire, but its webinar functionality is really slick 13:06:13 (and stream security isn't really an issue for a semi-public webinar, meh) 13:12:07 I wonder if something like Jitsi will add webinar-type functionality 13:16:55 sweet :) 13:36:26 Huh, really interesting talk right now about adjusting difficulty dynamically _within_ block targets 13:36:53 to avoid "death spirals" and such 13:38:53 Is there a link to the talks? 13:39:35 I noticed you mentioned you were in a privacy talk yesterday, so I'm guessing it is for multiple days 13:40:07 Not until after the workshop AFAIK 13:40:11 I'll ask about a preprint 13:40:50 kenshamir[m]: the talk I gave today was for ESORICS CBT 13:40:58 The talk yet to be given is for MCCVR 13:41:03 (in addition to an MCCVR panel) 13:43:30 Yep just saw it on the website, was mostly interested in the live videos to be honest. Will wait until after the workshop, should be on youtube? 13:44:30 I think so. They asked for the recordings to be provided via YouTube 13:44:52 They gave a preprint link, but it's not clear if that's intended for public sharing or just attendees 13:46:24 Answer: no :( 13:46:43 Final papers will be on SpringerLink, but I don't know about open access 13:46:52 Oh :( 13:47:40 I'll ask the presenter if they have a public preprint too 13:51:16 There is one! He will post it to the conference Slack, and I'll post here 13:51:30 Thanks! 13:55:29 https://arxiv.org/abs/2007.05991 14:01:20 Is this one public: _Privacy Preserving Netting Protocol for Inter-bank Payments_ ? 14:02:45 Would have to ask on Slack or contact the authors 14:03:01 I'll ask after the talk 14:03:47 Copied from: https://deic-web.uab.cat/cbt/cbt2020/ 14:04:28 alright thank you 14:05:18 That'll be my question for all the talks: "public preprint"? 14:05:59 FWIW registration for the event is fairly inexpensive, if you wished to quickly register to watch the talks 14:06:02 but it is not free :( 14:07:06 Yeah I saw it was £25, think I'll just wait it out :) 14:23:43 I'll find out if the final proceedings will be open access or not 14:28:33 Nope :( 14:28:42 bah 21:54:26 Arcturus preprint has been updated: https://eprint.iacr.org/2020/312 21:54:41 The security proof was updated to provide more clarity on completeness 21:56:20 If there are two outputs spending to the same stealth address, and they are being sent to the same real address, then it is an issue ("burning bug") right? 21:56:21 But if the funds are going to two different real addresses (Alice and Bob), and the collision on the hash address is coincidental, then it doesn't matter, right? Their wallets will both get 1 false positive when scanning outputs, but they would each be able to spend their own (and only their own) funds, right? 21:56:40 Cuz it's different output index, and different key image, so all good? 21:57:03 s/hash aaddress/stealth address/ 21:57:07 * Isthmus sighs 21:57:20 s/hash address/stealth address/ 21:57:20 Isthmus meant to say: But if the funds are going to two different real addresses (Alice and Bob), and the collision on the stealth address is coincidental, then it doesn't matter, right? Their wallets will both get 1 false positive when scanning outputs, but they would each be able to spend their own (and only their own) funds, right?