Please login or register.

Funding for Sarang at MRL for Q1 2018


funded of XMR380.00 target

41 individual contributions
100.00007409474% Funded
1 payouts
XMR285.00 balance available
24.99998147633% Paid Out

Milestones 1/4

  • December

    Completion Date: Sunday 31 December 2017

    Funds awarded: 25% (~XMR95.00)

  • January

    Funds awarded: 25% (~XMR95.00)

  • February

    Funds awarded: 25% (~XMR95.00)

  • March

    Funds awarded: 25% (~XMR95.00)

Payouts 1

  • 95 XMR (Sunday 07 January 2018)

WHO Me again, Sarang Noether. I've been working for Monero Research Lab during the present quarter, researching new developments in cryptocurrency technology and applying them to Monero where appropriate. I have a history with the project and have thoroughly enjoyed my work keeping Monero on the cutting edge.

WHAT I am requesting a continuation of funding for the upcoming four month period. This is a slight change that aligns my request with the usual fiscal quarter system. Details follow.

WHY During the current quarter of Forum Funding System support, I've contributed to several important areas of Monero academic research:

  • RuffCT / StringCT / RTRS: We're apparently all terrible at consistent naming, but this is the proposal that was put forward in a paper to shorten Monero ring signatures while securely incorporating confidential transaction amounts in a stronger way than the current setup. Turning our linear (in ring size) signatures into logarithmic signatures while throwing in private amounts was an impressive feat by the authors, and I (with my Lab partner, Surae Noether) vetted the mathematics. Along with associate Knaccc, we produced working Java code for the scheme and analyzed its efficiency. While the results weren't as spectacular as our wildest dreams had hoped, the production of sublinear ring signatures was an important step in understanding the nature of Monero's signature scheme as well. It can be proven (unfortunately) that any sublinear scheme must have at least linear verification time. This implies that in terms of computation, the existing scheme is close to optimal (but we pay for it in signature size).
  • Subaddresses: A proposal in the works for a while suggested adding subaddresses to the project (thanks to Kenshi84 and several others). This would allow a recipient to use a secret master wallet address to generate an arbitrary number of unlinkable subaddresses. This has the advantage of allowing the recipient to scan incoming transactions only once to identify those destined for any controlled subaddress. There are subtleties in the integration of subaddresses with the existing transaction protocol and in the ways that outputs fit in, but this represents an overall large step for Monero. I authored a whitepaper documenting this scheme and analyzing its security and efficiency. Subaddresses have since been added to the codebase.
  • Multisignatures: It's desirable to secure outgoing funds by allowing a sender to demand that several devices or parties produce a single aggregated signature on a transaction, akin to multifactor authentication. However, the goal in our case is to mathematically force the use of multiple parties, rather than have the multisignature be a part of policy alone. An earlier multisignature scheme had errors in its proofs, so I have been working with Surae Noether to produce new and improved security definitions and proofs for a modified scheme. A whitepaper is being finalized for the scheme, and it is being thoroughly checked against the existing codebase to ensure proper implementation.
  • Ongoing research topics: A big part of having the Monero Research Lab is ongoing research into the state of the art, whether or not there is an immediate application to the project. After all, if we knew what we needed to research completely in advance, it'd hardly be true research! I and my Lab partner have been actively digging into sidechain technologies (to determine the proper integration into Monero), aggregate signatures (which would allow for compression of multiple signatures), proxy ring signatures, hash function aggregators (and specifically some promising new compact forms), problems with pseudorandom number generators (and how to standardize them in secure ways), consensus algorithms (specifically theoretical and simulation-based work on SPECTRE), and proofs of stake/work/proof-of-work/erasure.

The next quarter (technically, trimester, or whatever) holds a great deal of promise. Specifically, the topics in the previous section are large and ongoing projects. As always, our work product is varied and includes: Whitepapers: These are usually reserved for more "important" changes to the protocol or mathematics that are either novel to Monero or differ substantially from earlier use.

  • Summaries: These are usually included in monthly reports and other communications, where the subject is less monumental than those in whitepapers.
  • Community interaction: I'm active with other Lab members on our dedicated IRC channels, where the community is welcome to jump in with questions. We also hold regular research meetings (where updates are provided in a structured way) and office hours (where discussion is less formal). I also chime in to r/monero to answer research questions, but most productive discussion happens in real time on IRC.
  • Code: Most of my work focuses on math and the cryptography, but we sometimes produce code with other collaborators in the Lab and development group. Code is made publicly available and is used for testing and analysis.

HOW MUCH My request is for 380 XMR for continued full-time research over the four-month period beginning at the start of December 2017 and concluding at the end of March 2018. This represents my interpretation of a fair salary for a qualified independent research mathematician and physicist, where the amount is reasonably averaged using several weeks of XMR market data.

Prices are always in flux with a dynamic project like Monero, so I do my best to keep things fair while accounting for volatility. Should there be large market changes before this proposal is open to funding, we can discuss updating the amount before funding begins.

LET'S DISCUSS I strongly value community input into the funding process, and welcome discussions regarding this proposal.

This request is being made well in advance of the end of the current funding period. This is to provide ample time for transparent inquiry by the community into the research goals, as well as general conversation. One of the things I respect most about the Monero community is its open approach to development, and I want to continue making such openness a cornerstone of the Research Lab.

This timeline provides ample time for questions, comments, complaints, suggestions, and generally vigorous debate. Once there is general consensus, the proposal will be open to community funding.

LAST WORD To close out this proposal, I want to offer my sincere thanks to the community for its overwhelming support for me and the Monero Research Lab in general. I'm passionate about Monero and the beautiful advances in cryptocurrency technology that it represents, and it's been my honor to dedicate my time and efforts to the project. The Lab couldn't function without the community, so I want to thank everyone who has contributed in funding, discussion, moral support, and general well-wishes. I'd thank each funder personally if I could, but that would defeat the point of a kickass private currency, wouldn't it? ;)

EDIT: I've also been putting substantial work into bulletproofs, a proposal for range proofs that has the possibility to reduce transaction sizes. Work into this area of research will continue into this funding period as needed.

Replies: 12
SarangNoether edited 2 weeks ago Replies: 3 | Weight: 466 | Link [ - ]

Hello there! Sarang Noether here with my monthly report for December. I'm pleased to report good progress on several important projects, and want to start by thanking the Monero community for your support.

The primary task this month has been a continuation of Bulletproofs. As you've probably read elsewhere (like this blog post), range proofs are an important component of Monero's confidential transactions that allow us to keep amounts secret. Bulletproofs are a replacement for our existing range proofs that used Borromean ring signatures and took up a substantial amount of space on the blockchain. I used the recent Bulletproof white paper to work up Java code, perform testing on correctness and efficiency, and work with moneromooo to get the test code ported for eventual inclusion into the Monero codebase. Single-output Bulletproofs are currently undergoing testing on testnet and will be included in a future release when ready. Multi-output Bulletproofs, which offer even more space savings that scale to larger transactions, are being tested separately since they necessitate a change to the way we handle fee scaling in order to avoid denial-of-service attacks from transaction packing. Releasing Bulletproofs in stages will provide an immediate reduction in transaction size and continue to offer further benefits once the rollout is complete.

I've been working with Surae Noether on finalizing the multisig project. Surae has put a lot of excellent work into updates, documentation, and analysis of our multisig mathematics in a forthcoming whitepaper, and I have been assisting with the analysis and review. The multisig code is set for release already, and the corresponding paper will be released after final review.

A project that was started earlier is a study of SPECTRE, a proposal to replace a blockchain structure with a more generalized graph structure. I began investigating this during my previous funding period, but it was placed on the back burner when Bulletproofs took center stage. Now that we have Bulletproofs staged for future release, my interest in SPECTRE has been renewed. Because it uses a more complex consensus algorithm than the Nakamoto longest-chain consensus method, there is a lot of testing and analysis that needs to be done. The benefits, however, are intriguing: an implementation could increase the block rate substantially without compromising the security of the network. Surae wrote up a test implementation in Python that he and I are playing with. The implementation makes the voting protocol much faster than listed in the original whitepaper. We're testing edge cases by hand and in code, and generally working toward a more complete understanding of the benefits and drawbacks of SPECTRE for Monero. There are no defined plans to switch our chain structure, but I maintain an interest in determining the feasibility of SPECTRE for the future.

An ongoing topic of conversation within the research group has been a desire to develop educational outreach opportunities in applications of cryptography to distributed ledgers like Monero. I will be sharing the good news about modern cryptography with gifted students this summer through a Duke University program in the United States. I've taught courses to less advanced students that touched on modern topics, but this course would permit more time to discuss modern techniques and constructions to students with more mathematical experience. It would of course include projects in cryptocurrencies like Monero! Development of the curriculum is ongoing.

Finally, a new paper was released on efficient zk-SNARKs without trusted setup. Earlier work on zk-SNARKs required trusted parties, and some coins already use this. Monero's philosophy of privacy means that a trusted setup is an automatic no-no, which makes the new paper so interesting since it assumes no trusted parties. I have been working through the whitepaper and plan to write up a simulation if it continues to show promise. A comprehensive analysis of the potential space and computation costs is also in order, and this will continue into next month. Again, there are no immediate plans to switch to a zk-SNARK setup in Monero, but the technology is interesting and merits ongoing investigation.

Once again, it's been my pleasure to continue working for the Monero Research Lab. As always, there has been a flurry of activity in the cryptographic community, and the Lab prides itself on keeping up with new developments to determine their applicability to the Monero project. Many investigations do not see the light of day, but others (like Bulletproofs) do; this is the blessing and curse of the research community! Expect to see a continuation of my current projects into next month, as well as whatever new work is thrown my way.

Onward and upward!

Reply to: SarangNoether
keatonofthedrake posted 2 weeks ago Weight: 464 | Link [ - ]

Thank you for all that you do for the community! You and moneromoo are two of the many reasons I really believe that Monero is leaps ahead of the others in regards to research and testing. I'll continue to donate as long as you want to work on the project!

Reply to: SarangNoether
ohHeyRightOn posted 2 weeks ago Weight: 463 | Link [ - ]

This is absolutely excellent to hear, Sarang. Your work and that of the rest of the MRL are in large part what make Monero such an outstanding cryptocurrency; keep it up!

Reply to: SarangNoether
lh1008 posted 2 weeks ago Weight: 463 | Link [ - ]

Thank you for your work. We are really happy to hear how you are doing. We will keep on supporting your work. :)

SarangNoether posted 1 month ago Weight: 387 | Link [ - ]

Once again, I am blown away by the support and generosity of the Monero community. To everyone who contributed in Monero or in spirit, please accept my sincerest thanks and appreciation. You are the reason Monero continues to succeed!

pa posted 1 month ago Weight: 386 | Link [ - ]


TheseAreBetterDays posted 1 month ago Weight: 386 | Link [ - ]


Cryptonic posted 1 month ago Weight: 382 | Link [ - ]


lh1008 posted 1 month ago Weight: 381 | Link [ - ]

donated :)

SarangNoether posted 2 months ago Weight: 376 | Link [ - ]

One topic of research interest not mentioned in the proposal is that of range proofs. I've been looking into bulletproofs to assess their usefulness as a replacement for our current range proofs. Code is underway!

antw081 posted 2 months ago Replies: 1 | Weight: 349 | Link [ + ]

I'll be happy to help fund the MRL team (Sarang & Surae) again.

Reply to: antw081
antw081 posted 2 months ago Weight: 376 | Link [ - ]