Please login or register.
This location

Continued funding for Surae for another quarter, September O[...]

suraeNoether posted this 5 years ago

suraeNoether | 5 years ago

WHO My name is Brandon Goodell. I am Monero Research Lab’s first postdoctoral researcher into cryptocurrency. I have a Ph.D. in Mathematical Sciences from Clemson University, a M.Sc. in Mathematics from North Dakota State University, and a B.S. in Mathematics from Colorado State University. I taught as a graduate student for 9 years at the university level, and I have participated in the Monero community under the pseudonym Surae Noether on-and-off 2014-2016, and I have worked at MRL full-time since June 2017.

WHAT I am requesting a continuation of funding for my next quarter, of Sept-Nov. The overall lab-wide goals for MRL in the 2018/2019 year are described here, with completed tasks since the last update described. Most notably: we are waiting to hear from IACR about the multi-sig paper. In the last quarter, I said "contributors can expect in the next quarter: the beginning of the expansion of the document Zero to Monero into the Monero Standards, the literature review component of the roadmap to make progress as Sarang and I continue to read and take notes on current literature, a technical report on churn and linkability heuristics, and the (still in preparation) technical report on multisignatures (see below)." In regards to finishing these tasks, we have made significant progress on every front except for converting Zero-to-Monero into the Monero Standards: the literature review component of multi-signatures made it's way into the paper, and we have made some quantitative progress on the churn/linkability analysis, although we do not yet have a first draft of the churn heuristics. We have had some discussion about whether Monero Standards are even necessary now that Zero to Monero has been completed by contributor Ukoe.

In the next quarter, contributors can expect: a draft of a document describing cross-chain atomic swaps with ring confidential transactions, more literature review components, a draft of a document describing our churn/linkability results, and a draft of recommended best practices for Monero.

WHY Monero Research Lab has communicated with researchers all over the cryptocurrency industry, cryptographers, computer scientists, and computer engineers. In the past year, we have traveled internationally to conferences to learn and participate in the dissemination of results, contributed to several published technical notes on the technology underlying Monero, helped read and review papers for other researchers, participated in the cryptocurrency community more broadly, and learned quite a bit about decentralized payment infrastructures. We have submitted one paper for peer review and we have published a handful of whitepapers. Our work into multisig revealed a lot of dangerous territory in the multi-signature world. We ended up not needing to abandon the Musig protocol; we merely needed to insert a commit-and-reveal step. Taking great care in the construction of multi-signatures is going to be one foundational piece of off-chain scaling for Monero.

HOW MUCH TOTAL ~~376 XMR~~ 280 XMR. I am asking for 9000$ USD/month; this is in line with market rates for a Ph.D. scientist and mathematician (accounting for the tax implications of working outside a traditional employer), and represents my assessment of fair compensation. ~~I am asking at 71.88 USD/XMR as my baseline exchange rate.~~ The market has changed somewhat from my initial posting, so I am asking at approximately 96 USD/XMR Why? ~~I am modifying my rule of estimating my XMR exchange rate: in an objectively bear market (we have had around a 40-50% contraction in price over June, July, and August), I'll take the lower bound of the 30-day Bollinger Band with 1.9599 standard deviations, and during an objectively bull market, I'll take the upper bound.~~ I am modifying my rule of estimating my XMR exchange rate: in a bear market, I will split the difference between the 30 day EMA and the lower Bollinger band, otherwise in a bull market I will split the difference between the 30 day EMA and the upper Bollinger band. ~~If the change in the market on the 3-month scale is under 10% or so, I'm not going to sweat it and just go with the 30 day EMA.~~ The market has changed enough for me to re-adjust my request. The last two funding periods, I was using the 30 day EMA to estimate the Monero exchange rate, but this always leads to an over-estimate of price during a bear market.

Thank you, Monero Community! Let's get Monero's lightning technology rollin! We at MRL strongly value community input into the funding process, and welcome discussions regarding my funding proposal. Thank you again to the entire community, whether you've donated to me or not... you guys are absolutely running the show, and you all kick some major butt. I hope by making Monero better, we're all a little better off.

Replies: 16
suraeNoether posted 5 years ago Weight: 0 | Link [ - ]

Greetings all,

This report describes my work in November.

Stuff that happened in November. This has been an extremely successful month for Monero Research Lab, although it has seemed rather quiet. Sarang completed a Python implementation of the RTRS sublinear ring signature scheme brought to us late last year. I completed some graph theoretic code for finding optimal matchings in bipartite graphs. And several MRL contributors attended the second Monero Workshop jointly funded by MyMonero and Tari.

The vast majority of my time this month was spent on the graph matching paper and code (see below).

  1. Meeting dates: We had four meetings this month, 2018-11-05, 2018-11-12, 2018-11-19, and 2018-11-26. Logs will appear on my github shortly.
  2. Continued work on the following:
    • Monero Konferenco organization and planning.
    • Monero bipartite graph matching analysis paper.
    • Ring sig replacement, accumulator research (reading).
    • Cross-chain swaps and lightning-for-Monero papers.
  3. Completed work on the following:
    • Bipartite graph matching code can be found here.
    • Unit tests for Sarang's Python implementation of Ruffing, Thyagarajan, Ronge, and Schröder's (RTRS) sublinear ring signature.
    • Reviewed Python code for Sarang's RTRS scheme in python

Details

Monero Konferenco organization and planning (ctd...): We have decided against using Kastelo to create badges for the first conference. We feel that Kastelo's resources right now are better directed elsewhere. In a cost/benefit sense, freaky Konferenco badges will not benefit the community or the project in the same way that proceeding with their current projects could. We have drafted invitation emails, we are constructing invitation lists, we are making lists of organizations to approach as sponsors, and we are constructing a timeline for disbursement of funds. Stay tuned, probably dropping some info on Monday, 3 December 2018.

Matching in bipartite graphs: This took up the bulk of my time this month. Financial privacy is an arms race, and Monero Research Lab contributors like to try to stay ahead of known problems. In this vein, Sarang and I are formalizing an obfuscation game related to Monero and investigating how varying threat models influence that game. This work is a generalization of traceability threats related to chain reactions, intersection attacks, Monerolink-style guess newest heuristics, and general properties related to small-anonymity-set obfuscation approaches.

You can see some code written for this project here that finds an optimally weighted maximal matching between a set of keys and a set of ring signatures. In short, we are formalizing how bad all the known problems with ring signatures really are. We hope our work will lay the groundwork for informing the Monero community on best practices like churn. But also, we wish to honestly illustrate to Monero users exactly where Monero transactions sit on the spectrum of anonymity. This work is extremely important to Monero in the same vein as our MRL-0001 bulletin on chain reactions. Results and recommendations moving forward will be forthcoming soon(tm).

Ring signature replacement: Our work on bipartite matching is leading us to toward looking for secure large-anonymity-set replacements for ring signatures that do not require a trusted setup and can be verified in reasonably short periods of time. Sarang and I have been presented with two sublinear ring signature schemes without trusted set-ups in papers with intersecting authors lists. You can find a dumb toy implementation of one of them in Python, written by Sarang and reviewed by myself here. As far as we are aware, this is the first sublinear ring signature scheme to see implementation... ever. Not merely produced by MRL, but ever. With appropriate batching, it appears that RTRS is equally as fast as our current scheme, so it appears there is no downside to switching to this sublinear scheme... but we aren't stopping here because at our current speeds ring sizes above 20 are inappropriately slow to mandate as a minimum ring size.

Cross-chain swaps and lightning-for-Monero: Pedro Moreno-Sanchez and donut laid the groundwork for dual output Monero transactions with trigger heights to enable refund transactions in Monero. Those two are working on a paper describing second layer solutions for Monero, and they began their work before I began my paper. So I have pivoted in the purpose of this document to not present the material freshly but instead to make some recommendations for the Monero core team based on the work by Pedro and donut. Consequently, this is temporarily beign put on the back burner until their papers have been published.

Thanks to everyone! I want to repeat my surf analogy from last time, but I don't like repeating myself.