Once again, I am blown away by the support and generosity of the Monero community. To everyone who contributed in Monero or in spirit, please accept my sincerest thanks and appreciation. You are the reason Monero continues to succeed!
Funding for Sarang at MRL for Q1 2018
funded of XMR380.00 target
WHO Me again, Sarang Noether. I've been working for Monero Research Lab during the present quarter, researching new developments in cryptocurrency technology and applying them to Monero where appropriate. I have a history with the project and have thoroughly enjoyed my work keeping Monero on the cutting edge.
WHAT I am requesting a continuation of funding for the upcoming four month period. This is a slight change that aligns my request with the usual fiscal quarter system. Details follow.
WHY During the current quarter of Forum Funding System support, I've contributed to several important areas of Monero academic research:
- RuffCT / StringCT / RTRS: We're apparently all terrible at consistent naming, but this is the proposal that was put forward in a paper to shorten Monero ring signatures while securely incorporating confidential transaction amounts in a stronger way than the current setup. Turning our linear (in ring size) signatures into logarithmic signatures while throwing in private amounts was an impressive feat by the authors, and I (with my Lab partner, Surae Noether) vetted the mathematics. Along with associate Knaccc, we produced working Java code for the scheme and analyzed its efficiency. While the results weren't as spectacular as our wildest dreams had hoped, the production of sublinear ring signatures was an important step in understanding the nature of Monero's signature scheme as well. It can be proven (unfortunately) that any sublinear scheme must have at least linear verification time. This implies that in terms of computation, the existing scheme is close to optimal (but we pay for it in signature size).
- Subaddresses: A proposal in the works for a while suggested adding subaddresses to the project (thanks to Kenshi84 and several others). This would allow a recipient to use a secret master wallet address to generate an arbitrary number of unlinkable subaddresses. This has the advantage of allowing the recipient to scan incoming transactions only once to identify those destined for any controlled subaddress. There are subtleties in the integration of subaddresses with the existing transaction protocol and in the ways that outputs fit in, but this represents an overall large step for Monero. I authored a whitepaper documenting this scheme and analyzing its security and efficiency. Subaddresses have since been added to the codebase.
- Multisignatures: It's desirable to secure outgoing funds by allowing a sender to demand that several devices or parties produce a single aggregated signature on a transaction, akin to multifactor authentication. However, the goal in our case is to mathematically force the use of multiple parties, rather than have the multisignature be a part of policy alone. An earlier multisignature scheme had errors in its proofs, so I have been working with Surae Noether to produce new and improved security definitions and proofs for a modified scheme. A whitepaper is being finalized for the scheme, and it is being thoroughly checked against the existing codebase to ensure proper implementation.
- Ongoing research topics: A big part of having the Monero Research Lab is ongoing research into the state of the art, whether or not there is an immediate application to the project. After all, if we knew what we needed to research completely in advance, it'd hardly be true research! I and my Lab partner have been actively digging into sidechain technologies (to determine the proper integration into Monero), aggregate signatures (which would allow for compression of multiple signatures), proxy ring signatures, hash function aggregators (and specifically some promising new compact forms), problems with pseudorandom number generators (and how to standardize them in secure ways), consensus algorithms (specifically theoretical and simulation-based work on SPECTRE), and proofs of stake/work/proof-of-work/erasure.
The next quarter (technically, trimester, or whatever) holds a great deal of promise. Specifically, the topics in the previous section are large and ongoing projects. As always, our work product is varied and includes: Whitepapers: These are usually reserved for more "important" changes to the protocol or mathematics that are either novel to Monero or differ substantially from earlier use.
- Summaries: These are usually included in monthly reports and other communications, where the subject is less monumental than those in whitepapers.
- Community interaction: I'm active with other Lab members on our dedicated IRC channels, where the community is welcome to jump in with questions. We also hold regular research meetings (where updates are provided in a structured way) and office hours (where discussion is less formal). I also chime in to r/monero to answer research questions, but most productive discussion happens in real time on IRC.
- Code: Most of my work focuses on math and the cryptography, but we sometimes produce code with other collaborators in the Lab and development group. Code is made publicly available and is used for testing and analysis.
HOW MUCH My request is for 380 XMR for continued full-time research over the four-month period beginning at the start of December 2017 and concluding at the end of March 2018. This represents my interpretation of a fair salary for a qualified independent research mathematician and physicist, where the amount is reasonably averaged using several weeks of XMR market data.
Prices are always in flux with a dynamic project like Monero, so I do my best to keep things fair while accounting for volatility. Should there be large market changes before this proposal is open to funding, we can discuss updating the amount before funding begins.
LET'S DISCUSS I strongly value community input into the funding process, and welcome discussions regarding this proposal.
This request is being made well in advance of the end of the current funding period. This is to provide ample time for transparent inquiry by the community into the research goals, as well as general conversation. One of the things I respect most about the Monero community is its open approach to development, and I want to continue making such openness a cornerstone of the Research Lab.
This timeline provides ample time for questions, comments, complaints, suggestions, and generally vigorous debate. Once there is general consensus, the proposal will be open to community funding.
LAST WORD To close out this proposal, I want to offer my sincere thanks to the community for its overwhelming support for me and the Monero Research Lab in general. I'm passionate about Monero and the beautiful advances in cryptocurrency technology that it represents, and it's been my honor to dedicate my time and efforts to the project. The Lab couldn't function without the community, so I want to thank everyone who has contributed in funding, discussion, moral support, and general well-wishes. I'd thank each funder personally if I could, but that would defeat the point of a kickass private currency, wouldn't it? ;)
EDIT: I've also been putting substantial work into bulletproofs, a proposal for range proofs that has the possibility to reduce transaction sizes. Work into this area of research will continue into this funding period as needed.