16:59:05 <zkao> do we hold a meeting today?
17:00:26 <dEBRUYNE> I'd be up for one
17:02:26 <Isthmus> I’m around for a few
17:02:27 <h4sh3d[m]> hi!
17:03:12 <zkao> hey all
17:03:26 <dEBRUYNE> Let's do in an hour or so? 18:00 UTC?
17:03:55 <zkao> .time
17:03:55 <monerobux> 2020-11-25 - 17:03:55
17:04:02 <zkao> I thought it was 17:00 UTC
17:04:35 <h4sh3d[m]> I'll not be available in an hour, but will follow the consensus :)
17:04:49 <dEBRUYNE> h4sh3d[m]: Until when will you be available?
17:05:30 <h4sh3d[m]> the next 45 minutes
17:06:26 <dEBRUYNE> I suppose we can start at 17:30 UTC if that is OK for everyone?
17:06:55 <h4sh3d[m]> Good for me
17:07:40 <zkao> ok
17:08:01 <Isthmus> I might be around. My only update is that I expanded and restructured the heuristic framework paper
17:08:03 <Isthmus> https://www.overleaf.com/read/bxbpmwxgskjw
17:08:16 <Isthmus> Still needs a lot though - summary, code, plots, etc
17:08:55 <Isthmus> Hoping to finish it over the next few weeks and get some empirical data in there so that it is not just a theoretical ramble
17:24:02 <h4sh3d[m]> I like it! (I've not read everything, but very interested as you said to see some plots)
17:31:29 <dEBRUYNE> So let's start a brief meeting :)
17:31:35 <dEBRUYNE> Anything the atomic swaps team is willing to share?
17:31:51 <TheCharlatan> I'm here as well now - hi!
17:32:34 <SerHack> hi!
17:32:54 <h4sh3d[m]> hi
17:33:04 <sgp_> hello
17:33:05 <h4sh3d[m]> yes.
17:33:26 <sgp_> ping sarang if free
17:33:36 <h4sh3d[m]> we just had our weekly meeting on #monero-swap
17:34:26 <sgp_> when are those?
17:34:35 <h4sh3d[m]> we are currently working on the RFCs, it's still in a draft state and we had good feedback today during the meeting
17:34:44 <h4sh3d[m]> just before MRL meeting
17:34:53 <h4sh3d[m]> Wednesday 16 UTC
17:35:06 <sgp_> okay ty
17:35:16 <dEBRUYNE> Perhaps the meeting can be summarized here briefly?
17:35:52 <h4sh3d[m]> I'll try.
17:36:25 <zkao> the hardest bit of the swap is its orchestration, as its a highly asynchronous process with 2 blockchains moving at different speeds
17:36:41 <zkao> and the counterparties must remain safe at all times
17:37:19 <zkao> but at this early stage we're just exploring what are the best ways to handle this
17:37:37 <h4sh3d[m]> and one point is it's not clear now what's part of interoperability requirements and what's part of the project "internal" architecture. We have to make it clear in the RFCs what correspond to what.
17:38:18 <zkao> there is no standards yet for doing atomic swaps
17:38:30 <h4sh3d[m]> in the RFCs we're currently exploring some concepts to ease the developpement latter and reason about the swap (how to save it's state, how to recover, how to transmit information, what to transmit, etc.)
17:39:21 <zkao> yes, if u lose state  mid-swap u might lose funds
17:39:40 <zkao> like in lightning
17:39:57 <h4sh3d[m]> it's difficult to summarize more the meeting, if you have other questions feel free to ask (here or in the swap IRC)
17:43:02 <zkao> we can share the meetings, of course
17:43:18 <h4sh3d[m]> Isthmus hyc SerHack did you look at the payment channel paper that was shared here previously?
17:44:28 <SerHack> Personally no, I was a little bit out of the loop. Could you please send the link again?
17:44:53 <h4sh3d[m]> https://eprint.iacr.org/2020/1441
17:46:07 <h4sh3d[m]> I want to be sure about that: if you want to spend an output, you need to know about the key_offets for constructing the ring (decoy+real output), so the output MUST be already mined. Correct?
17:46:31 <h4sh3d[m]> (but I know that you can do their payment channel avoiding this problem, just asking to be sure)
17:46:49 <TheCharlatan> yes, that is in every way corect h4sh3d[m]
17:46:58 <h4sh3d[m]> ok thanks
17:48:09 <TheCharlatan> sgp_ , how is the experience with funding through magic so far?
17:48:37 <sgp_> TheCharlatan: so far so okay! I need to add one more donation that was made with Monero to GoFundMe
17:48:47 <sgp_> We are about 60-65% complete
17:49:02 <h4sh3d[m]> (have to move out, cheers!)
17:49:46 <sgp_> MRL researchers may consider this alternative method for specific projects that are in-line with MAGIC's nonprofit mission. Of course projects need to be approved by the board first
17:51:07 <sgp_> https://charity.gofundme.com/o/en/campaign/dr-sarang-noether-to-implement-bulletproofs-in-monero
17:51:57 <sgp_> any other questions on this, or should we move to another topic?
17:53:41 <sgp_> Isthmus: is that paper directly related to surae's older work?
17:54:15 <mikerah[m]> Are there any survey/SoKs papers on DL-based ZKPs? I know the MRL team has been doing quite a bit of work in this area
17:55:29 <sgp_> mikerah[m]: the right people might not be here at the moment to answer that question
17:56:39 <sgp_> I want to talk about triptych and lelantus
17:57:17 <sgp_> https://eprint.iacr.org/2019/373
17:57:27 <sgp_> lelantus has a new version as of earlier this month
17:57:47 <sgp_> I have been talking about this with sarang
17:58:28 <sgp_> the major drawback is that their "shielded addresses" are public on-chain
17:58:53 <sgp_> so if someone receives funds at the same address 2+ times for example, those transactions are known to go to the same recipient
17:59:33 <dEBRUYNE> That would basically break the whole unlinkability concept
17:59:51 <sgp_> it largely would yes
18:00:03 <sgp_> so I see this as a non-starter sadly
18:00:24 <TheCharlatan> what do you mean with "this"?
18:00:46 <sgp_> "this" = putting receiving addresses on-chain without obfuscation
18:01:53 <sgp_> as such, it appears to me that triptych and arcturus remain the leading options forward for larger rings at reasonable efficiency sizes
18:02:15 <sgp_> er, reasonable verification times and sizes
18:03:23 <TheCharlatan> iirc triptych and arcturus also have a bit better verification times.
18:03:24 <sgp_> page 13 has some charts using real Monero transactions for a time period https://eprint.iacr.org/2020/312.pdf
18:04:05 <TheCharlatan> ^ thanks for providing the source :)
18:04:13 <sgp_> note RingCT 3.0 (new) doesn't look as good as it appears in these charts, since the # of inputs would need to be a power of 2
18:05:04 <dEBRUYNE> So that would basically require padding in some cases?
18:05:42 <sgp_> yup, inputs would need to be exactly 2, 4, 8, 16, etc
18:08:12 <sgp_> arcturus looks amazing on paper, but I don't know enough to determine how big of a hurdle the novel math assumption is
18:08:24 <sgp_> "We note that the soundness of the resulting proving system depends on a novel dual discrete-logarithm hardness assumption that we are not able to reduce to a standard hardness assumption; while we consider this novel assumption reasonable, it is untested." (from the paper)
18:09:26 <TheCharlatan> there's not been more academic review of it since, right?
18:10:28 <sgp_> Not that I know of
18:10:39 <sgp_> But I can easily miss something
18:13:17 <TheCharlatan> SerHack do you have something to share?
18:18:41 <sgp_> looks like no :)
18:18:47 <sgp_> any final topics, comments, etc?
18:19:40 <sgp_> I think we should schedule a meeting in the future specifically about triptych/arcturus and come up with a plan. These papers have been out for a little while now
18:22:35 <TheCharlatan> yes, might be useful to get arcturus into a conference as well.
18:23:12 <sgp_> okay, I declare this the end of the meeting :)
18:23:47 <sgp_> now I'm trying to find the script that asymptotically uses for the logs
18:52:38 <selsta> Maybe MRL related: We changed Dandelion++ parameters now for the latest release
18:53:03 <selsta> 20% fluff probability (up from 10%), and 39s average embargo timeout
18:54:13 <zkao> what was the previous embargo?
18:54:31 <selsta> 173s
18:55:12 <selsta> plus we also fixed a bug that could delay the timeout by up to 2minutes, meaning it could take like 5 minutes until transactions showed up in mempool
18:55:17 <selsta> should all be way better now
18:56:53 <zkao> :)
19:03:27 <TheCharlatan> 39s is an oddly specific number, how was it chosen?
19:04:04 <selsta> there is a formula in the dandelion++ paper
19:04:18 <selsta> also see https://github.com/monero-project/monero/pull/7025/files#diff-c742ef4cee1f83584a2438886bad07f449723ec2af5a1191b37f1945b9c4f132L78
19:05:11 <TheCharlatan> ah right, thanks
20:51:48 <SerHack> TheCharlatan: ops, I missed that comment