It's time for my monthly research report for August. As always, my thanks to the community for ongoing support of research in applied cryptography.
The Triptych zero-knowledge proving system was developed to power confidential transaction protocols, like that used in Monero. The preprint has been accepted for presentation and publication to the ESORICS workshop on Cryptocurrencies and Blockchain Technology! This is an exciting development that you can read more about in this blog post. Slides for the presentation are also available, and video of the presentation will be made available if possible after the workshop in September. Code for Triptych in Python and C++ has also been updated for more efficient proof storage.
Work on the Arcturus zero-knowledge proving system continues, albeit slowly. As discussed previously, the construction is more efficient than Triptych, but relies on a non-standard cryptographic hardness assumption. Research is ongoing into this assumption, as well the security model underlying the transaction model associated to the Arcturus proving system. Code for Arcturus in Python has also been updated for more efficient proof storage.
The CLSAG linkable ring signature construction will be activated at the next network upgrade! Following a successful audit of the code and underlying mathematics, code has been merged to support these signatures. I have also been working with hardware wallet developers on the Ledger and Trezor teams, who are working to ensure CLSAG support for these devices.
Following the earlier release of a preprint on an update to the Bulletproofs zero-knowledge range proving system called Bulletproofs+, I've been working on code to support this in the Monero protocol. There is now proof-of-concept code in Python demonstrating the weighted inner product argument that powers the proving system. Building on this, there is also code that performs range proving and verifying operations and supports proof aggregation, unrolled verifier recursion, efficient verification using Pippenger multiscalar multiplication, and batch verification of multiple proofs. Work is ongoing to port these algorithms to the Monero codebase, using the existing Bulletproofs implementation as a base.
There are other assorted topics, as usual. A pull request relating to improved wallet message signing has been merged. An older preprint on cross-curve discrete logarithm equality was revisited due to its application in recent work on atomic swaps. Finally, Justin Ehrenhofer and I interviewed Dave Jevans, the CEO of CipherTrace, about a recent press release. The video of the interview is available and worth a watch.
And now on to Sarang's Reading Corner, a short listing of some interesting papers that I have come across this month. The appearance of a paper in this list does not mean that I necessarily agree with its contents or correctness, or that I endorse it. Papers are in no particular order.
- A Practical Public Key Encryption Scheme Based on Learning Parity With Noise
- Quantum Resistant Ledger
- Discouraging Pool Block Withholding Attacks in Bitcoins
- Performance Trade-offs in Design of MimbleWimble Proofs of Reserves
- Optimized Binary GCD for Modular Inversion
- SoK: Why Johnny Can't Fix PGP Standardization
- Security Analysis on Tangle-based Blockchain through Simulation
- Practical Dynamic Group Signature with Efficient Concurrent Joins and Batch Verifications
- Formalizing Nakamoto-Style Proof of Stake
- Multi-Currency Ledgers
- Does Fiat-Shamir Require a Cryptographic Hash Function?
- JugglingSwap: Scriptless Atomic Cross-Chain Swaps
Dr. Sarang Noether