-
zkao
do we hold a meeting today?
-
dEBRUYNE
I'd be up for one
-
Isthmus
I’m around for a few
-
h4sh3d[m]
hi!
-
zkao
hey all
-
dEBRUYNE
Let's do in an hour or so? 18:00 UTC?
-
zkao
.time
-
monerobux
2020-11-25 - 17:03:55
-
zkao
I thought it was 17:00 UTC
-
h4sh3d[m]
I'll not be available in an hour, but will follow the consensus :)
-
dEBRUYNE
h4sh3d[m]: Until when will you be available?
-
h4sh3d[m]
the next 45 minutes
-
dEBRUYNE
I suppose we can start at 17:30 UTC if that is OK for everyone?
-
h4sh3d[m]
Good for me
-
zkao
ok
-
Isthmus
I might be around. My only update is that I expanded and restructured the heuristic framework paper
-
Isthmus
-
Isthmus
Still needs a lot though - summary, code, plots, etc
-
Isthmus
Hoping to finish it over the next few weeks and get some empirical data in there so that it is not just a theoretical ramble
-
h4sh3d[m]
I like it! (I've not read everything, but very interested as you said to see some plots)
-
dEBRUYNE
So let's start a brief meeting :)
-
dEBRUYNE
Anything the atomic swaps team is willing to share?
-
TheCharlatan
I'm here as well now - hi!
-
SerHack
hi!
-
h4sh3d[m]
hi
-
sgp_
hello
-
h4sh3d[m]
yes.
-
sgp_
ping sarang if free
-
h4sh3d[m]
we just had our weekly meeting on #monero-swap
-
sgp_
when are those?
-
h4sh3d[m]
we are currently working on the RFCs, it's still in a draft state and we had good feedback today during the meeting
-
h4sh3d[m]
just before MRL meeting
-
h4sh3d[m]
Wednesday 16 UTC
-
sgp_
okay ty
-
dEBRUYNE
Perhaps the meeting can be summarized here briefly?
-
h4sh3d[m]
I'll try.
-
zkao
the hardest bit of the swap is its orchestration, as its a highly asynchronous process with 2 blockchains moving at different speeds
-
zkao
and the counterparties must remain safe at all times
-
zkao
but at this early stage we're just exploring what are the best ways to handle this
-
h4sh3d[m]
and one point is it's not clear now what's part of interoperability requirements and what's part of the project "internal" architecture. We have to make it clear in the RFCs what correspond to what.
-
zkao
there is no standards yet for doing atomic swaps
-
h4sh3d[m]
in the RFCs we're currently exploring some concepts to ease the developpement latter and reason about the swap (how to save it's state, how to recover, how to transmit information, what to transmit, etc.)
-
zkao
yes, if u lose state mid-swap u might lose funds
-
zkao
like in lightning
-
h4sh3d[m]
it's difficult to summarize more the meeting, if you have other questions feel free to ask (here or in the swap IRC)
-
zkao
we can share the meetings, of course
-
h4sh3d[m]
Isthmus hyc SerHack did you look at the payment channel paper that was shared here previously?
-
SerHack
Personally no, I was a little bit out of the loop. Could you please send the link again?
-
h4sh3d[m]
-
h4sh3d[m]
I want to be sure about that: if you want to spend an output, you need to know about the key_offets for constructing the ring (decoy+real output), so the output MUST be already mined. Correct?
-
h4sh3d[m]
(but I know that you can do their payment channel avoiding this problem, just asking to be sure)
-
TheCharlatan
yes, that is in every way corect h4sh3d[m]
-
h4sh3d[m]
ok thanks
-
TheCharlatan
sgp_ , how is the experience with funding through magic so far?
-
sgp_
TheCharlatan: so far so okay! I need to add one more donation that was made with Monero to GoFundMe
-
sgp_
We are about 60-65% complete
-
h4sh3d[m]
(have to move out, cheers!)
-
sgp_
MRL researchers may consider this alternative method for specific projects that are in-line with MAGIC's nonprofit mission. Of course projects need to be approved by the board first
-
sgp_
-
sgp_
any other questions on this, or should we move to another topic?
-
sgp_
Isthmus: is that paper directly related to surae's older work?
-
mikerah[m]
Are there any survey/SoKs papers on DL-based ZKPs? I know the MRL team has been doing quite a bit of work in this area
-
sgp_
mikerah[m]: the right people might not be here at the moment to answer that question
-
sgp_
I want to talk about triptych and lelantus
-
sgp_
-
sgp_
lelantus has a new version as of earlier this month
-
sgp_
I have been talking about this with sarang
-
sgp_
the major drawback is that their "shielded addresses" are public on-chain
-
sgp_
so if someone receives funds at the same address 2+ times for example, those transactions are known to go to the same recipient
-
dEBRUYNE
That would basically break the whole unlinkability concept
-
sgp_
it largely would yes
-
sgp_
so I see this as a non-starter sadly
-
TheCharlatan
what do you mean with "this"?
-
sgp_
"this" = putting receiving addresses on-chain without obfuscation
-
sgp_
as such, it appears to me that triptych and arcturus remain the leading options forward for larger rings at reasonable efficiency sizes
-
sgp_
er, reasonable verification times and sizes
-
TheCharlatan
iirc triptych and arcturus also have a bit better verification times.
-
sgp_
page 13 has some charts using real Monero transactions for a time period
eprint.iacr.org/2020/312.pdf
-
TheCharlatan
^ thanks for providing the source :)
-
sgp_
note RingCT 3.0 (new) doesn't look as good as it appears in these charts, since the # of inputs would need to be a power of 2
-
dEBRUYNE
So that would basically require padding in some cases?
-
sgp_
yup, inputs would need to be exactly 2, 4, 8, 16, etc
-
sgp_
arcturus looks amazing on paper, but I don't know enough to determine how big of a hurdle the novel math assumption is
-
sgp_
"We note that the soundness of the resulting proving system depends on a novel dual discrete-logarithm hardness assumption that we are not able to reduce to a standard hardness assumption; while we consider this novel assumption reasonable, it is untested." (from the paper)
-
TheCharlatan
there's not been more academic review of it since, right?
-
sgp_
Not that I know of
-
sgp_
But I can easily miss something
-
TheCharlatan
SerHack do you have something to share?
-
sgp_
looks like no :)
-
sgp_
any final topics, comments, etc?
-
sgp_
I think we should schedule a meeting in the future specifically about triptych/arcturus and come up with a plan. These papers have been out for a little while now
-
TheCharlatan
yes, might be useful to get arcturus into a conference as well.
-
sgp_
okay, I declare this the end of the meeting :)
-
sgp_
now I'm trying to find the script that asymptotically uses for the logs
-
selsta
Maybe MRL related: We changed Dandelion++ parameters now for the latest release
-
selsta
20% fluff probability (up from 10%), and 39s average embargo timeout
-
zkao
what was the previous embargo?
-
selsta
173s
-
selsta
plus we also fixed a bug that could delay the timeout by up to 2minutes, meaning it could take like 5 minutes until transactions showed up in mempool
-
selsta
should all be way better now
-
zkao
:)
-
TheCharlatan
39s is an oddly specific number, how was it chosen?
-
selsta
there is a formula in the dandelion++ paper
-
selsta
-
TheCharlatan
ah right, thanks
-
SerHack
TheCharlatan: ops, I missed that comment