Hello again, everyone. Thank you all for your patience in my delayed end-of-2017 update for MRL: my family and I had some emergency health issues (so December was less productive than I had hoped) and then I had to bounce out to Zurich for a week to go to the Real World Crypto conference with Fluffypony and friends (so I was again delayed in January).
MRL Announcements We are still having weekly Monday meetings at 17:00 UTC. These are one-part research meetings, where we update the community on our work, and one-part "office hours" where we answer questions, help new people in Monero, etc. I've missed the past several meetings (see my excuses above) which I feel a bit terrible about. I am happy to entertain format suggestions regarding these meetings. They can always be improved, and sometimes I feel like I'm just describing all my recent shower thoughts to a mostly empty room.
POW Difficulty Replacement Contest: After discussing with several community members, we are putting this on hold for a few months. I still think this is a good idea, but I believe we have higher priorities right now. Right now I am shooting for such a contest to be funded by 1st June 2018, for submissions to be accepted in July, August, and Septebmer 2018, and for a winner to be announced (or all submissions announced as losers lulz) by 1st December 2018. My initial plan is to match up 10% of donations up to around $2000-4000 USD (worth of Monero) so that the prize could be quite substantial. If all submissions are losers, we can either run a second round of the contest, or send the funds to the monero general fund, or donate it all to the Pineapple fund or something. However, given how things seem to be going, maybe we should be expecting to begin in September or something like that.
WTF Happened in the past 45-ish days?: Rundown for December and January.
Multisig: Because of this paper, I've decided to just start tripling my expected time-to-completion for everything. Because apparently I am not super great at estimating time of completion. This took up the majority of my time becuase I constantly felt "almost done," so I didn't want to work on anything else.
The vast majority of January I spent working on the multisig paper, correcting mistakes, going through code review. I believe I spent around 120 or 135 hours working on this in December and January together. The current version can be seen here... there are two major remaining components for this paper: first, the attack section of the paper has been temporarily commented out, and second, the code review needs to be re-reviewed (all explanations of the code need to be fleshed out and triple checked). I expect each of these (the attack section and the code appendix) to take between 25 and 30 hours of work, totalling 50 to 60 hours before completion of the multisig paper (translation: I really think I'll be done with this before the end of the week, but I'm afraid it will take the rest of the month).
RTRS RingCT, column linkability, amortization: Still chatting with soon-to-be-Dr. Ruffing about these. Expect more information about this by the end of January.
Bulletproofs: We are currently discussing how to go about auditing/vetting bulletproofs. Sarang and I both agree that the math looks good, Sarang and Moneromooo both believe the code is rather tight, and we have had some optimizations suggested by various folks. As I mentioned on Reddit just the other day, we are sort of faced with a dilemma here: either we implement bulletproofs for the Spring hard fork or not, and each decision has a cost. The cost of not implementing bulletproofs will, over six months, amount to around six hours of additional download+sync time for new nodes. This cost is in adoption rate, and is certain to occur. On the other hand, the cost of implementing bulletproofs too soon, is Monero's double spend protection, and is not certain to occur. Since one of these is catastrophic but may not occur, and the other is kinda terrible but is certain to occur, we have a tradeoff to consider here. We are being cautious. Expect a statement from us about this in the coming days.
Monero Standards: No progress has yet been made on these, although much of the documentation in the multisig paper will make it into the RingCT component of the Monero Standards, so there is a nice overlap there.
Remainder of January and leading into February: I am attending BPASE18 with Sarang, Fluffypony, and all you other crazy bastards. In addition to this, I am merely finishing the multisig paper by the end of January. For those of you keeping track of hours, I plan on working 50 hour weeks for the remainder of January and for all of February so that my delayed payment for December does not bleed into the end of the "quarter."
Any time I have leftover in January above and beyond multisig will go into one of the following: 1) the ZK literature review by Jeffrey Quesnelle (author of the recent Zcash linkability paper), 2) working on my SPECTRE code (the blockchain concensus algorithm, not the recent exploit), or 3) network simulations for independent verification of the difficulty assessment computations of zavvy12 from here (if you are curious, I have some not-yet-functional code gluing Poisson processes together here).
What about the rest of the year?:
First Quarter Roadmap: This is being delayed until the end of January if not a bit longer. This is partly becuase this first quarter roadmap is really an "2018 whole-year roadmap," and partly because all of the delays I have personally recently experienced. In addition to this, after speaking with fluffypony in Zurich, I am going to look into:
Fee structures: Using time series analysis, I believe it will be a fairly straightforward task to develop a long-term plan for our fee structures based on empirical connections between fees and network activity. These connections are, of course, correlative not causative and, moreover, would be computed assuming absence of attacks. However, this would provide us some sort of long-term empirical plan for our fee structures (compared, for example, to eyeballing/arbitrarily setting base fees each hard fork). This would provide us an easy target to point at when we hear fee complaints in the future... a statement like "our fee model disagrees with you, so unless you have a better forecasting model than ours, or a specific attack model in mind, your criticism is empirically unjustifiable" would be absolutely invaluable against feeFUD.
Side note on this: Anyone willing to get me as much historical Monero network and pricing data as possible in this regard will be doing me a huge favor in saving me time. I can analyze data quickly, I can curate a data set slowly. Due to this, I do not plan on spending any of my time actually gathering any of this data before February: if someone hands me a data set, I will analyze it happily. When I say "as much data as possible," I'm not kidding around. Average number of transactions per block, average fee paid per transaction, average kb per transaction, number of inputs per transaction, number of outputs per transaction, average time between blocks, USD/XMR and EUR/XMR and CNY/XMR and BTC/XMR exchange rates and exchange volumes at the time of each block for many exchanges... these are all obvious, but even silly stuff like "number of cryptocurrencies listed on each exchange at each block time" is nontrivially helpful information.
Educational outreach: I have something semi-secret brewing that I hope can be included in my end-of-Februrary announcement. It's probably a badly kept secret (many many folks in Zurich have given me their thoughts), but putting it in writing here seems to be perhaps unwise until I speak with a few more folks about how to handle all of it. My initial plans for Sarang were to organize a 2018 summer school at some willing university, but it appears that was too ambitious (we are shooting for summer 2019 now for this), so we have pivoted a little bit to this new idea... anyway, details will be forthcoming over the coming weeks.
THANK YOU ALL. This is the best opportunity anyone like me could possibly hope for. I am pretty sure Sarang feels the same way. The Monero community has so far proved to be extremely generous. I really do my best to avoid concluding that a decision was good just because the outcome was good, you know? But kicking the traditional economy to the curb in favor of this opportunity has been absolutely the best outcome of my life so far, and I fear I couldn't possibly explain to everyone, even face to face, how much all of this means to me.
At the risk of mimicking the first season of Silicon Valley... thanks for giving me the opportunity to make the world a better place.