Hello, friends! Sarang here with my monthly report for February. Once again, my sincere thanks go out to the entire Monero community for your support, both financially and in spirit.
The long and winding road to Bulletproofs continues. Having been in long discussion with several professional groups and interested volunteers, I have received statements of work from all interested auditors, and am compiling them for review. Expect to see a funding request once we have decided on the final selection. I am pleased to report that we have secured the interest of Benedikt Buenz, the lead author on the Bulletproofs paper, to review our Java prototype code. This is an important step in the audit process, since Benedikt is the ideal candidate to examine our implementation of the underlying mathematics. A second auditor (whom we will determine after our final review of the received statements of work) will examine the C++ port and audit for implementation. All in all, the review process is proceeding slowly but surely. We've heard rumblings of other projects interested in our implementation of Bulletproofs, and I've seen indications that some may nab our finished code and receive the advantage of our careful work and audits. This is an unfortunate but necessary consequence of our open development process, but it also speaks to the leadership role Monero is taking in this deployment. Imitation is the sincerest form of flattery, perhaps.
From the land of the literature, I've examined the usual selection of papers. Surae brought to my attention some interest work on succinct representations of partially-ordered sets, which caught our interest because of the data structures required for the SPECTRE block graph protocol. A new paper was released on PHANTOM, a cousin to SPECTRE written by the same authors and discussed at the recent Stanford conference. It has the downside of potentially slow confirmation times and a requirement for a good understanding of network parameters. The authors suggest a possible blend of both SPECTRE and PHANTOM, but details have yet to be worked out. Interesting work, to be sure. Other new work of interest is a paper on Schnorr multisignatures, a paper relating to memory-hard functions, and others. Cryptographic research is alive and well as always.
One literature item of note is an update to the Bulletproofs paper that was released recently. I have been working with one of the authors to discuss and learn about optimizations to the algorithms that have been under development since the release of the original paper. The updated paper includes these optimizations and others, and details the batch verification scheme that is now part of our code. It is certainly worth reading to anyone who has interest in exactly how Bulletproofs work. The paper contains a few small errors in algorithm listings that I found and reported while reviewing it against our code, which the authors will update in a future revision. Work to speed up verification times in Bulletproofs and elsewhere in the codebase (without sacrificing too much clarity, to permit good review) continues with tests of optimizations to common curve operations.
I have been asked to speak about privacy in the cryptocurrency space at an upcoming one-day conference in Portland next month, Discovering Blockchains. It is a non-technical conference intended to provide information to newcomers interested in projects like Monero. I've prepared a talk that offers a basic introduction to the different types of privacy technologies used in cryptocurrencies, discusses the tradeoffs that different projects make, and highlights how to spot things to watch out for. I will be sure to post links to the talk after it's delivered. This is part of my goal to increase general outreach and appreciation for Monero and the importance of privacy technologies. There's no shortage of incorrect information out there, but we can help to ensure that the right information is at the forefront, especially for people just starting to get involved with cryptocurrencies. My attendance at the talk is funded by the organizers and requires no community funding.
Discussions have been ongoing regarding the upcoming change to our proof-of-work algorithm, intended to reduce the mining power possible by ASICs and working to make Monero mining as egalitarian as possible. By instituting regular changes and variants to our proof-of-work method, we can reduce the incentive for new ASIC development. Other operational changes under consideration are an increase in minimum ring size and a protocol requirement to fix ring sizes for all transactions. Allowing variable ring sizes can lead to outlier transactions "standing out" due to unusual ring sizes, and the recent announcement of another project forking the Monero blockchain and offering their own asset to users for spending outputs on their chain has led to suggestions that a small increase in ring size is one step to protect users against worst-case scenarios. It goes without saying that users should not spend Monero outputs on forked chains to avoid deanonymization.
The upcoming month will see more progress in the Bulletproofs review process, additional curriculum development for this summer's outreach cryptography course (discussed in last month's report), and research into new technology that comes our way. Keeping the blockchain small, transaction verification fast, and anonymity high are at the core of what we do. My thanks to the Monero community for generous support of my work. Onward!