Hello once again! Dr. Sarang Noether here, delivering my monthly research report for November. My sincere thanks go to the entire Monero community for ongoing support of my research for the Monero Research Lab.
This past month has seen work in several areas, a few of which I'll mention here. I was invited to deliver a talk and hands-on coding workshop on Monero and privacy technology in Chicago for the Bitcoin & Open Blockchain Community. This was a great opportunity to educate and inspire folks in Chicagoland about why privacy matters and what common approaches are taken in distributed assets like Monero. Transportation costs were paid by the group. You can watch recordings of the workshop and the talk on YouTube.
After some updates, three papers are in the merge pipeline to be posted to the Lab archive shortly. One is an analysis of spent outputs that generalizes some ideas that have been proposed over the past few years. Another is a dual-address output scheme that has applications to refund transactions and payment channels. The third is the thring (threshold ring) signature paper that conducts a formal security analysis. Along with posting these for posterity, we're making the above link the "most official" home for Lab material, as a great replacement for our much older archive; the old Lab site served us well, but it's not suited for translations, easy updates and additions, format consistency, or looking fancy.
Continuing with ring signature scheme updates that took place last month, the underlying multisignature primitive required for the StringCT scheme has been updated to use the more robust MuSig construction to take advantage of its security guarantees (and to give us code for prototyping). This code is also being updated to support the use of stealth addresses.
I'm conducting ongoing review of several of unpublished paper drafts. One details constructions useful for payment channels and timelock mechanisms, and is related to the dual-address output paper. Another contains ideas for extension to the Zerocoin protocol to support better privacy. A couple more are looking at particular algorithms relating to our spent output tool and recent spent output paper. The unpublished papers will be made publicly available once their authors have completed further work and review.
Finally, Tari Labs hosted a few Lab researchers and collaborators in Nashville for an in-person informal research session. Meetings like this are a great way to work out research problems face-to-face, which any good mathematician will tell you is the only true way to get math done efficiently! Transportation and incidentals were paid by Tari Labs, which does not set or otherwise influence our research agenda.
There's plenty of ongoing work happening.
I produced prototyping code for a discrete log equality proof that was constructed a while back by Andrew Poelstra. It allows a prover to convince a verifier that it knows the discrete logarithm of a given element across arbitrary groups, and that the value is the same in both (up to an equivalence). This toy code uses the ed25519 and ed448 constructions, which use groups of different order over different curves. This is a useful idea toward more complex atomic swap operations. A detailed writeup to accompany the code is being polished and will be posted to the Lab paper archive shortly.
Final items of note are Bulletproof generalizations that require fun algebra, and assisting labmate Surae Noether with some of his fascinating work involving graph matchings. Other ring signature code has been placed on the back burner temporarily, but it's still open research.
Now on to Sarang's Reading Corner, a list of some of the interesting papers I've come across recently. The appearance of a paper in this list does not imply that I endorse it, or even agree with its contents or conclusions. These are in no particular order.
- DEXON: A Highly Scalable, Decentralized DAG-Based Consensus Algorithm
- Aggregate Cash Systems: A Cryptographic Investigation of Mimblewimble
- On inversion modulo pseudo-Mersenne primes
- A Combinatorial Approach to Measuring Anonymity
- Tracing Transactions Across Cryptocurrency Ledgers
- QuisQuis: A New Design for Anonymous Cryptocurrencies
- DAGsim: Simulation of DAG-based distributed ledger protocols
- A Deep Dive into Blockchain Selfish Mining
- MARVELlous: a STARK-Friendly Family of Cryptographic Primitives
- Proof-of-Stake Protocols for Privacy-Aware Blockchains
- An Analysis of the ProtonMail Cryptographic Architecture