I'd love to see some research on balance proofs, I feel like it's pretty important for business and others who have cold storage and want to be able to validate the balance without compromising the spend key. I obviously support this as Monero would not be so great without the hard work of Sarang and the boys from MRL.
Sarang: funding for October-December 2018
Ladies and gents and everyone beyond, it's your friend Dr. Sarang Noether here again! My current funding round is nearly complete, and I'm up for three more months of research for the Monero Research Lab. My humble thanks go out to those who have supported the Lab's work in the past through financial support or in spirit.
I won't insult your intelligence by rehashing all the gory details of the past few months, as you can read my reports for July and August (with September to follow) at your leisure. But I certainly can sum it up by saying that I have been very busy with a great many projects. Bulletproofs have been successfully audited, hardened for security, and made blazingly efficient compared to our initial work, and they're ready to go with our upcoming network upgrade. New research into refund transactions and payment channel foundations continues with good research under our belt. Our multisignature scheme has undergone formal analysis and exists as a preprint for the broader cryptographic community. And there's so much more; please read the linked reports for details.
The next three months show no signs of slowing down from a research perspective. Concepts like atomic swaps, payment channels, sublinear ring signatures, zero-knowledge proof technologies, balance proofs, spent output analysis, and more are all unsolved problems in need of some attention. I and my labmates work hard every day to keep Monero safely on the cutting edge of applied cryptography. I'm game if you are.
This request is for the funding period starting 1 October 2018 and ending 31 December 2018. My dollar-value equivalent is 9000 USD per month, which is my assessment of fair compensation for a self-employed Ph.D. researcher, with all the delightful tax implications therein. This is also in line with my previous several funding requests. The funding amount is set using a 14-day exponential moving average, and can be updated if needed before funding is complete; I'll make a note below if this happens.
As always, comments and questions are welcome. Feel free to also reach out on IRC at #monero-research-lab for any particular research-related concerns.
Edit: (14 September 2018) Changed from Bollinger to EMA to set price.
Hello once again! Dr. Sarang Noether here, delivering my monthly research report for November. My sincere thanks go to the entire Monero community for ongoing support of my research for the Monero Research Lab.
This past month has seen work in several areas, a few of which I'll mention here. I was invited to deliver a talk and hands-on coding workshop on Monero and privacy technology in Chicago for the Bitcoin & Open Blockchain Community. This was a great opportunity to educate and inspire folks in Chicagoland about why privacy matters and what common approaches are taken in distributed assets like Monero. Transportation costs were paid by the group. You can watch recordings of the workshop and the talk on YouTube.
After some updates, three papers are in the merge pipeline to be posted to the Lab archive shortly. One is an analysis of spent outputs that generalizes some ideas that have been proposed over the past few years. Another is a dual-address output scheme that has applications to refund transactions and payment channels. The third is the thring (threshold ring) signature paper that conducts a formal security analysis. Along with posting these for posterity, we're making the above link the "most official" home for Lab material, as a great replacement for our much older archive; the old Lab site served us well, but it's not suited for translations, easy updates and additions, format consistency, or looking fancy.
Continuing with ring signature scheme updates that took place last month, the underlying multisignature primitive required for the StringCT scheme has been updated to use the more robust MuSig construction to take advantage of its security guarantees (and to give us code for prototyping). This code is also being updated to support the use of stealth addresses.
I'm conducting ongoing review of several of unpublished paper drafts. One details constructions useful for payment channels and timelock mechanisms, and is related to the dual-address output paper. Another contains ideas for extension to the Zerocoin protocol to support better privacy. A couple more are looking at particular algorithms relating to our spent output tool and recent spent output paper. The unpublished papers will be made publicly available once their authors have completed further work and review.
Finally, Tari Labs hosted a few Lab researchers and collaborators in Nashville for an in-person informal research session. Meetings like this are a great way to work out research problems face-to-face, which any good mathematician will tell you is the only true way to get math done efficiently! Transportation and incidentals were paid by Tari Labs, which does not set or otherwise influence our research agenda.
There's plenty of ongoing work happening.
I produced prototyping code for a discrete log equality proof that was constructed a while back by Andrew Poelstra. It allows a prover to convince a verifier that it knows the discrete logarithm of a given element across arbitrary groups, and that the value is the same in both (up to an equivalence). This toy code uses the ed25519 and ed448 constructions, which use groups of different order over different curves. This is a useful idea toward more complex atomic swap operations. A detailed writeup to accompany the code is being polished and will be posted to the Lab paper archive shortly.
Final items of note are Bulletproof generalizations that require fun algebra, and assisting labmate Surae Noether with some of his fascinating work involving graph matchings. Other ring signature code has been placed on the back burner temporarily, but it's still open research.
Now on to Sarang's Reading Corner, a list of some of the interesting papers I've come across recently. The appearance of a paper in this list does not imply that I endorse it, or even agree with its contents or conclusions. These are in no particular order.
- DEXON: A Highly Scalable, Decentralized DAG-Based Consensus Algorithm
- Aggregate Cash Systems: A Cryptographic Investigation of Mimblewimble
- On inversion modulo pseudo-Mersenne primes
- A Combinatorial Approach to Measuring Anonymity
- Tracing Transactions Across Cryptocurrency Ledgers
- QuisQuis: A New Design for Anonymous Cryptocurrencies
- DAGsim: Simulation of DAG-based distributed ledger protocols
- A Deep Dive into Blockchain Selfish Mining
- MARVELlous: a STARK-Friendly Family of Cryptographic Primitives
- Proof-of-Stake Protocols for Privacy-Aware Blockchains
- An Analysis of the ProtonMail Cryptographic Architecture