Hi there, pals. It's friendly Dr. Sarang Noether back again to deliver my monthly research report for December. This is the final report for this funding period, and I thank the entire community for supporting my work, either through donations or in spirit.
This is a lighter report, since many contributors take time at the end of the year with family to celebrate the magic of Festivus. I'll save the airing of grievances for another report, and move right along.
Most work this month was review and planning. There were substantial rewrites and work on the next big paper, which discusses ways to map Monero transactions to graph structures and apply some clever graph theory for analysis. This paper establishes some computational bounds on transaction heuristics, generalizes some earlier analysis we've seen, and lays the groundwork for future research. Look for it in internal review once it's had some additional polish.
Other reviews were completed on external submissions that haven't yet been released. These include some ideas for return addresses and other augmentations to the original CryptoNote protocol, transaction definition formalizations, protocols for swaps, and more. I'll post updates when these papers are released by their respective authors.
The older StringCT scheme is updated with basic stealth address functionality, which was not included in the original prototype release. This increases the size of output keys but provides a more robust address structure than we currently have, with little added computational complexity.
I'm completing review and documentation updates that cover the various transaction, spend, and balance proof methods currently available. Each has different use cases and mathematical construction, and it will be handy to have these made more accessible and understood, especially since there are newer ways to prove balance than we have currently.
Discussion is ongoing within the Lab and developer circles as our next upgrade approaches, particularly surrounding ways to increase the indistinguishability of transactions. Payment IDs can be a headache to deal with in the Monero ecosystem, and we want to establish a timeline for if, how, and when to migrate away from standalone IDs. As always, we iteratively improve on transaction privacy, and will continue to do so.
My next funding period will cover the first quarter of next year, but it is not fully funded at this point. I rely on community support to work full time on Monero, and appreciate any and all support that is available to help me continue to do so. Please consider donating if you are able.
Now on to Sarang's Reading Corner, a list of some of the interesting papers I've come across recently in my ongoing literature review. The appearance of a paper in this list does not imply that I endorse it, or even agree with its contents or conclusions. These are in no particular order.
- An Expressive (Zero-Knowledge) Set Accumulator
- Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key Primitives
- Authenticated Data Structures for Privacy-Preserving Monero Light Clients (NOTE: This paper is not freely available for download)
- Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains
- Cryptanalysis of 2-round KECCAK-384
- Discovering Bitcoin's Public Topology and Influential Nodes
- An Empirical Analysis of Monero Cross-Chain Traceability
- Private Polynomial Computation from Lagrange Encoding
- MProve: A Proof of Assets Protocol for Monero Exchanges
- Countering Block Withholding Attack Effciently