Please login or register.

Sarang: funding for October-December 2018

XMR242.35

funded of XMR241.00 target

90 individual contributions
100.56%
100.55809233554% Funded
2 payouts
XMR81.68 balance available
66.293920644443% Paid Out

Milestones 2/3

  • October

    Funds awarded: 33.33% (~XMR80.77)

  • November

    Funds awarded: 33.33% (~XMR80.77)

  • December

    Funds awarded: 33.33% (~XMR80.77)

Payouts 2

  • 80.33 XMR (Tuesday 06 November 2018)
  • 80.33 XMR (Thursday 06 December 2018)

Ladies and gents and everyone beyond, it's your friend Dr. Sarang Noether here again! My current funding round is nearly complete, and I'm up for three more months of research for the Monero Research Lab. My humble thanks go out to those who have supported the Lab's work in the past through financial support or in spirit.

I won't insult your intelligence by rehashing all the gory details of the past few months, as you can read my reports for July and August (with September to follow) at your leisure. But I certainly can sum it up by saying that I have been very busy with a great many projects. Bulletproofs have been successfully audited, hardened for security, and made blazingly efficient compared to our initial work, and they're ready to go with our upcoming network upgrade. New research into refund transactions and payment channel foundations continues with good research under our belt. Our multisignature scheme has undergone formal analysis and exists as a preprint for the broader cryptographic community. And there's so much more; please read the linked reports for details.

The next three months show no signs of slowing down from a research perspective. Concepts like atomic swaps, payment channels, sublinear ring signatures, zero-knowledge proof technologies, balance proofs, spent output analysis, and more are all unsolved problems in need of some attention. I and my labmates work hard every day to keep Monero safely on the cutting edge of applied cryptography. I'm game if you are.

This request is for the funding period starting 1 October 2018 and ending 31 December 2018. My dollar-value equivalent is 9000 USD per month, which is my assessment of fair compensation for a self-employed Ph.D. researcher, with all the delightful tax implications therein. This is also in line with my previous several funding requests. The funding amount is set using a 14-day exponential moving average, and can be updated if needed before funding is complete; I'll make a note below if this happens.

As always, comments and questions are welcome. Feel free to also reach out on IRC at #monero-research-lab for any particular research-related concerns.

Edit: (14 September 2018) Changed from Bollinger to EMA to set price.

Replies: 19
SarangNoether posted 2 weeks ago Weight: 467 | Link [ - ]

Hello once again! Dr. Sarang Noether here, delivering my monthly research report for November. My sincere thanks go to the entire Monero community for ongoing support of my research for the Monero Research Lab.

This past month has seen work in several areas, a few of which I'll mention here. I was invited to deliver a talk and hands-on coding workshop on Monero and privacy technology in Chicago for the Bitcoin & Open Blockchain Community. This was a great opportunity to educate and inspire folks in Chicagoland about why privacy matters and what common approaches are taken in distributed assets like Monero. Transportation costs were paid by the group. You can watch recordings of the workshop and the talk on YouTube.

After some updates, three papers are in the merge pipeline to be posted to the Lab archive shortly. One is an analysis of spent outputs that generalizes some ideas that have been proposed over the past few years. Another is a dual-address output scheme that has applications to refund transactions and payment channels. The third is the thring (threshold ring) signature paper that conducts a formal security analysis. Along with posting these for posterity, we're making the above link the "most official" home for Lab material, as a great replacement for our much older archive; the old Lab site served us well, but it's not suited for translations, easy updates and additions, format consistency, or looking fancy.

Continuing with ring signature scheme updates that took place last month, the underlying multisignature primitive required for the StringCT scheme has been updated to use the more robust MuSig construction to take advantage of its security guarantees (and to give us code for prototyping). This code is also being updated to support the use of stealth addresses.

I'm conducting ongoing review of several of unpublished paper drafts. One details constructions useful for payment channels and timelock mechanisms, and is related to the dual-address output paper. Another contains ideas for extension to the Zerocoin protocol to support better privacy. A couple more are looking at particular algorithms relating to our spent output tool and recent spent output paper. The unpublished papers will be made publicly available once their authors have completed further work and review.

Finally, Tari Labs hosted a few Lab researchers and collaborators in Nashville for an in-person informal research session. Meetings like this are a great way to work out research problems face-to-face, which any good mathematician will tell you is the only true way to get math done efficiently! Transportation and incidentals were paid by Tari Labs, which does not set or otherwise influence our research agenda.

There's plenty of ongoing work happening.

I produced prototyping code for a discrete log equality proof that was constructed a while back by Andrew Poelstra. It allows a prover to convince a verifier that it knows the discrete logarithm of a given element across arbitrary groups, and that the value is the same in both (up to an equivalence). This toy code uses the ed25519 and ed448 constructions, which use groups of different order over different curves. This is a useful idea toward more complex atomic swap operations. A detailed writeup to accompany the code is being polished and will be posted to the Lab paper archive shortly.

Final items of note are Bulletproof generalizations that require fun algebra, and assisting labmate Surae Noether with some of his fascinating work involving graph matchings. Other ring signature code has been placed on the back burner temporarily, but it's still open research.

Now on to Sarang's Reading Corner, a list of some of the interesting papers I've come across recently. The appearance of a paper in this list does not imply that I endorse it, or even agree with its contents or conclusions. These are in no particular order.

SarangNoether posted 1 month ago Weight: 405 | Link [ - ]

Happy Moneroween to everyone! Dr. Sarang Noether here, delivering my monthly research report for October. As always, my thanks to the Monero community for your ongoing support of my work and that of the Monero Research Lab.

Our latest network upgrade is up and running, and that means smaller, faster, cheaper, and more secure transactions thanks to Bulletproofs and a whole lot of other updates and optimizations. We've also posted the last Bulletproof audit report from QuarksLab, which is a great read about their fine work reviewing several areas of the codebase. The implementation of Bulletproofs was a long and complex process, but I think we all agree that it provides great value to the project and our community as we continue to grow.

This month's research began with an updated look at ring signature decoy selection. As you may know, your transaction includes decoys to hide the true spend, and the algorithm used for selecting these decoys has been iterated over time as we learn more about making transactions indistinguishable from each other. I and other Lab researchers generalized several pieces of earlier research on this topic into a technical note and examined the effects on the Monero blockchain.

Using a custom analysis tool, we quantified the practical effects of these on-chain analysis methods, confirming that modern transactions are not susceptible to most forms of known on-chain analysis. The analysis tool flags old transaction outputs that can be proven to be spent, and should not be chosen as decoys. Fortunately, these old outputs are exceptionally unlikely to be chosen anyway due to the way we select decoys, so even use of the flagging tool is realistically not needed. Coinciding with this, we've upgraded our decoy selection algorithm to better mitigate against certain types of timing analysis. If you keep your wallet software updated, you'll automatically get this benefit. We'll continue to optimize decoy selection as we iterate on the algorithm.

I revisited an older ring confidential transaction scheme proposed last year by outside researchers, which we lovingly dubbed StringCT (among other names; we're terrible at naming things). The scheme would permit larger ring sizes with better size scaling than we use currently. Unfortunately, the verification of the resulting transaction proofs and signatures was much slower than we had hoped, and we put the work aside. However, thanks to some underlying algorithmic plumbing that we built for Bulletproofs, I took the StringCT algorithms, ported them to Python for easier prototyping, and added the new plumbing along with a test suite. This includes multiexponentiation and even batch verification using some clever algebra. Initial testing suggests that we may be able to get the verification times down to a reasonable level with the ring sizes we might choose in the future. This work is ongoing but promising. Note that we have no plans to migrate to this scheme, as this analysis is still in its early stages.

Now on to Sarang's Reading Corner, a collection of just some of the interesting papers that I've come across recently. The appearance of a paper in this list does not imply that I endorse it, or even agree with its contents or conclusions.

C4DXW edited 2 months ago Weight: 328 | Link [ - ]

+51 XMR on behalf of Tari Labs.

Vikingo posted 2 months ago Weight: 327 | Link [ - ]

Done!!

CTTE posted 2 months ago Weight: 326 | Link [ - ]

So, this is just taking too long and it's too important! So, I'm sending 2 more xmr. It's not a lot but, if a few others would bump their donation up a bit, we could all get on with getting this work done without any distractions!

anonimal posted 2 months ago Weight: 325 | Link [ - ]

Will donate.

pa posted 2 months ago Weight: 324 | Link [ - ]

donated; thank you for your work

antw081 posted 2 months ago Weight: 322 | Link [ - ]

Donated.

el_ruobuob posted 2 months ago Weight: 321 | Link [ - ]

on its way

m2049r posted 2 months ago Weight: 321 | Link [ - ]

+1 XMR on behalf of Monerujo

oneiric posted 2 months ago Weight: 321 | Link [ - ]

Supported, much love for your work.

devbordecraft edited 2 months ago Weight: 320 | Link [ - ]

Happy to contribute to the FFS for the first time !

M5M400 posted 2 months ago Weight: 320 | Link [ - ]

Emptied the supportXMR.com donation wallet into this. Hope this gets funded.

GoodEnough edited 2 months ago Weight: 318 | Link [ - ]

Happy to contribute to you and Surae! Yall are doing amazing work.

CTTE edited 2 months ago Weight: 318 | Link [ - ]

Sorry, I somehow missed this. Please know your work is greatly appreciated!