Howdy, everyone! This is the last delayed update I plan on making (next update should be on the 2nd of March). This update spans early January to the first week of February. I'll just jump right in:
This month, you sent me all over the world to represent Monero. You, as a community, kick complete and total ass. Thanks to the generous donations of Monero community members, I was able to attend the RealWorldCrypto conference in Zurich with fluffypony and friends, and the BPASE18 conference at Stanford with Sarang (and also fluffypony and friends). Together, these ate up a huge portion of my time for January, but attending these conferences was extremely valuable. I met with several members of the international Monero and cryptocurrency community, hardware wallet developers, researchers and developers... these trips were fantastic. I learned a lot about the game theoretic implications of smart contracts, various flavors of selfish mining and block-withholding attacks, consensus mechanisms, hardware sidechannel attacks, and large scale key management systems.
Let me tell you how cool it is to be waiting for Buenz' talk on bulletproofs, sitting next to andytoshi coding up bulletproofs, while gmaxwell is across the room realizing SHA-256 can be bulletproofed... when andytoshi is simultaneously realizing how to implement (yet another) optimization of bulletproofs. Moments like that get me all philosophical. Funny story: Pietr Wuille and I both found ourselves in the same boat, in Zurich without tickets to attend RWC. Thanks to the very generous Zooko Wilcox, I was able to attend the conference nevertheless. I still have his nametag with his name scratched out and "Monero Research Lab" written in childish crayon underneath it. I don't know how Wuille got in, come to think of it...
Back to business.
MRL Announcements: We are continuing with our weekly research meetings on Mondays at 17:00 UTC until someone starts to complain loudly about it.
Summary of Work: This month saw a lot of travel, so my actionable work was a little less varied this month. In the remainder of January and the start of February, I primarily have spent my time on:
Multisig: I was concerned for awhile that our multisig scheme allowed for key cancellation attacks. Luigi has since proven me wrong (we have an authentication phase that cannot be passed by someone attempting a key cancellation attack). As such, multisig is back to "almost done" status. I spent a lot of time looking into the key aggregation set-up from the Musig paper, which elegantly handles key cancellation attacks. As a consequence, the multisig paper will be a little bit more well-rounded. This is one of the reasons I've put off posting this statement of work, I was hoping to get it completed and available for the community to read. Next update will be at the end of this month, and I anticipate a completed multisig paper for everyone to read through by that point.
SPECTRE and Blockchain simulations: Since Sarang and I are constantly looking into consensus mechanisms like SPECTRE and PHANTOM, and I have been interested in difficulty for a long time, I've coded a sandbox simulation of a cryptocurrency network. Nodes arrive and leave in two independent Poisson processes, blocks are discovered at local nodes according to an independent Poisson process with intensities dependent upon difficulty, and blocks are deterministically transmitted accross the network. This is available on my github here although there are some issues with the code. My code implementing constant-time SPECTRE will eventually be used within these simulations.
A new cryptographic scheme: I have some details written down on a new implementation of proxy ring signatures, under the random oracle model and discrete log assumption, and without bilinear pairings. The application of this scheme in cryptocurrencies is not totally clear to me (there are repudiability issues and issues with re-use of signatures), but I am not aware of any other proxy ring signature schemes without bilinear pairings, so I think it is worthwhile to describe this scheme and submit it for peer review.
Reading: I am reading a lot on merge-mined sidechains and security models, lightning network, arithmetic circuits, and decentralized asset issuance. In fact, the latter is what led me to my proxy ring signature scheme. I am particularly interested in learning all I can about AC circuits and satisfiability. It seems like the next decade is going to use them a lot.
Churn and EABE: I know, what is this, 2017? Someone recently reached out to me about a possible attack that, upon further consideration, appeared to be an EABE attack. After a back and forth with this concerned party, we discussed some alternatives to churn. Some ideas are being kicked around still. In the meantime, I want to remind the community: the sender-ambiguity property of Monero is improved in chains of transactions, so if you are wild about your personal privacy, we recommend that you construct one or more self-to-self transactions before spending Monero.
Writing the "Q1" Research Roadmap: This has been briefly delayed. We will be posting this as soon as possible; the delay is partly my fault, and partly due to the fact that this document has some more comprehensive implications for 2018.
In addition to this, I've been having discussions with Sarang about educational outreach. News on this soon! Seriously, some cool stuff is happening behind the scenes here and we hope to make an announcement about it soon.