It's time for the first monthly research report for my current funding period. My thanks as always to the entire community for ongoing support of research and development for the Monero ecosystem.
Verification time improvements to MLSAG signatures, as well as updates for more robust security, are now available as a pull request. Similar updates have been made for the CLSAG signature scheme as well.
The CLSAG paper has been updated to reflect comments, corrections, and suggestions we received. Versions are available on IACR and the internal archive.
The author of the Lelantus transaction protocol developed a method for layering proofs in order to significantly decrease prover complexity at the cost of added space and verifier complexity. Code examining this updated proving scheme is available.
I have completed a space and verification complexity analysis of the RingCT 3.0 (RCT3) transaction protocol. This protocol uses a Bulletproofs-type proving system to show the validity of spends, and supports batch verification. The analysis shows the effects of this batching on typical transactions.
In conjunction with this analysis, I have prototype code for RCT3 in progress. It demonstrates correctness, shows sample transaction flows, and examines how to apply some efficiency improvements to the verification described in the original paper. This proof-of-concept implementation is ongoing, as is research into ways to maintain key image compatibility.
Finally, there were many small updates to other libraries that I've written, from basic curve operations to Bulletproofs.
Shortly, I will be presenting a talk and workshop at DEF CON in Las Vegas at the Monero village, in addition to participating in a panel discussion in the blockchain village. In the talk, I will discuss recent proposals for the Monero transaction protocol: CLSAG, DLSAG, Lelantus, Omniring, and RCT3. The workshop will be a hands-on opportunity for participants to build simple cryptographic constructions similar to those used in Monero; handouts and sample code are available.
On a more whimsical note, I delivered a fun lecture on the Enigma cipher machine to a cryptography course taught by a friend. It had nothing to do with Monero whatsoever, but Enigma is a fascinating story with some really clever mathematics behind its analysis, and it's always great to get students excited about applied cryptography!
And now on to Sarang's Reading Corner, a short listing of some interesting papers that I have come across this month. The appearance of a paper in this list does not mean that I necessarily agree with its contents or correctness, or that I endorse it. Papers are in no particular order. - The privacy of the TLS 1.3 protocol - Temporary Censorship Attacks in the Presence of Rational Miners - Efficient Perfectly Sound One-message Zero-Knowledge Proofs via Oracle-aided Simulation - Security Audit of Particl Bulletproof and MLSAG - Cryptocurrency Egalitarianism: A Quantitative Approach - Sucker punch makes you richer: Rethinking Proof-of-Work security model - A Survey on Zero Knowledge Range Proofs and Applications - Map-Z: Exposing the Zcash Network in Times of Transition
Sarang Noether