Please login or register.
This location

Sarang: funding for October-December 2018

SarangNoether posted this 5 years ago

SarangNoether | 5 years ago

Ladies and gents and everyone beyond, it's your friend Dr. Sarang Noether here again! My current funding round is nearly complete, and I'm up for three more months of research for the Monero Research Lab. My humble thanks go out to those who have supported the Lab's work in the past through financial support or in spirit.

I won't insult your intelligence by rehashing all the gory details of the past few months, as you can read my reports for July and August (with September to follow) at your leisure. But I certainly can sum it up by saying that I have been very busy with a great many projects. Bulletproofs have been successfully audited, hardened for security, and made blazingly efficient compared to our initial work, and they're ready to go with our upcoming network upgrade. New research into refund transactions and payment channel foundations continues with good research under our belt. Our multisignature scheme has undergone formal analysis and exists as a preprint for the broader cryptographic community. And there's so much more; please read the linked reports for details.

The next three months show no signs of slowing down from a research perspective. Concepts like atomic swaps, payment channels, sublinear ring signatures, zero-knowledge proof technologies, balance proofs, spent output analysis, and more are all unsolved problems in need of some attention. I and my labmates work hard every day to keep Monero safely on the cutting edge of applied cryptography. I'm game if you are.

This request is for the funding period starting 1 October 2018 and ending 31 December 2018. My dollar-value equivalent is 9000 USD per month, which is my assessment of fair compensation for a self-employed Ph.D. researcher, with all the delightful tax implications therein. This is also in line with my previous several funding requests. The funding amount is set using a 14-day exponential moving average, and can be updated if needed before funding is complete; I'll make a note below if this happens.

As always, comments and questions are welcome. Feel free to also reach out on IRC at #monero-research-lab for any particular research-related concerns.

Edit: (14 September 2018) Changed from Bollinger to EMA to set price.

Replies: 20
SarangNoether posted 5 years ago Weight: 0 | Link [ - ]

Happy Moneroween to everyone! Dr. Sarang Noether here, delivering my monthly research report for October. As always, my thanks to the Monero community for your ongoing support of my work and that of the Monero Research Lab.

Our latest network upgrade is up and running, and that means smaller, faster, cheaper, and more secure transactions thanks to Bulletproofs and a whole lot of other updates and optimizations. We've also posted the last Bulletproof audit report from QuarksLab, which is a great read about their fine work reviewing several areas of the codebase. The implementation of Bulletproofs was a long and complex process, but I think we all agree that it provides great value to the project and our community as we continue to grow.

This month's research began with an updated look at ring signature decoy selection. As you may know, your transaction includes decoys to hide the true spend, and the algorithm used for selecting these decoys has been iterated over time as we learn more about making transactions indistinguishable from each other. I and other Lab researchers generalized several pieces of earlier research on this topic into a technical note and examined the effects on the Monero blockchain.

Using a custom analysis tool, we quantified the practical effects of these on-chain analysis methods, confirming that modern transactions are not susceptible to most forms of known on-chain analysis. The analysis tool flags old transaction outputs that can be proven to be spent, and should not be chosen as decoys. Fortunately, these old outputs are exceptionally unlikely to be chosen anyway due to the way we select decoys, so even use of the flagging tool is realistically not needed. Coinciding with this, we've upgraded our decoy selection algorithm to better mitigate against certain types of timing analysis. If you keep your wallet software updated, you'll automatically get this benefit. We'll continue to optimize decoy selection as we iterate on the algorithm.

I revisited an older ring confidential transaction scheme proposed last year by outside researchers, which we lovingly dubbed StringCT (among other names; we're terrible at naming things). The scheme would permit larger ring sizes with better size scaling than we use currently. Unfortunately, the verification of the resulting transaction proofs and signatures was much slower than we had hoped, and we put the work aside. However, thanks to some underlying algorithmic plumbing that we built for Bulletproofs, I took the StringCT algorithms, ported them to Python for easier prototyping, and added the new plumbing along with a test suite. This includes multiexponentiation and even batch verification using some clever algebra. Initial testing suggests that we may be able to get the verification times down to a reasonable level with the ring sizes we might choose in the future. This work is ongoing but promising. Note that we have no plans to migrate to this scheme, as this analysis is still in its early stages.

Now on to Sarang's Reading Corner, a collection of just some of the interesting papers that I've come across recently. The appearance of a paper in this list does not imply that I endorse it, or even agree with its contents or conclusions.

CTTE posted 5 years ago Weight: 0 | Link [ - ]

So, this is just taking too long and it's too important! So, I'm sending 2 more xmr. It's not a lot but, if a few others would bump their donation up a bit, we could all get on with getting this work done without any distractions!

C4DXW edited 5 years ago Weight: 0 | Link [ - ]

+51 XMR on behalf of Tari Labs.

Vikingo posted 5 years ago Weight: 0 | Link [ - ]

Done!!

SarangNoether posted 5 years ago Weight: 0 | Link [ - ]

Hi there, pals. It's friendly Dr. Sarang Noether back again to deliver my monthly research report for December. This is the final report for this funding period, and I thank the entire community for supporting my work, either through donations or in spirit.

This is a lighter report, since many contributors take time at the end of the year with family to celebrate the magic of Festivus. I'll save the airing of grievances for another report, and move right along.

Most work this month was review and planning. There were substantial rewrites and work on the next big paper, which discusses ways to map Monero transactions to graph structures and apply some clever graph theory for analysis. This paper establishes some computational bounds on transaction heuristics, generalizes some earlier analysis we've seen, and lays the groundwork for future research. Look for it in internal review once it's had some additional polish.

Other reviews were completed on external submissions that haven't yet been released. These include some ideas for return addresses and other augmentations to the original CryptoNote protocol, transaction definition formalizations, protocols for swaps, and more. I'll post updates when these papers are released by their respective authors.

The older StringCT scheme is updated with basic stealth address functionality, which was not included in the original prototype release. This increases the size of output keys but provides a more robust address structure than we currently have, with little added computational complexity.

I'm completing review and documentation updates that cover the various transaction, spend, and balance proof methods currently available. Each has different use cases and mathematical construction, and it will be handy to have these made more accessible and understood, especially since there are newer ways to prove balance than we have currently.

Discussion is ongoing within the Lab and developer circles as our next upgrade approaches, particularly surrounding ways to increase the indistinguishability of transactions. Payment IDs can be a headache to deal with in the Monero ecosystem, and we want to establish a timeline for if, how, and when to migrate away from standalone IDs. As always, we iteratively improve on transaction privacy, and will continue to do so.

My next funding period will cover the first quarter of next year, but it is not fully funded at this point. I rely on community support to work full time on Monero, and appreciate any and all support that is available to help me continue to do so. Please consider donating if you are able.

Now on to Sarang's Reading Corner, a list of some of the interesting papers I've come across recently in my ongoing literature review. The appearance of a paper in this list does not imply that I endorse it, or even agree with its contents or conclusions. These are in no particular order.