Hello again! It's time for the final monthly report for this funding request. My thanks as always to the community for ongoing support of research.
Work this month has focused primarily on transaction efficiency. In particular, the CLSAG signature scheme has been more fully integrated into the codebase in collaboration with moneromooo. In particular, both standard CLSAG signatures and CLSAG multisignatures are now properly supported. Additional updates to the underlying math were made for non-malleability, and the paper is available on the IACR preprint archive.
Both the MLSAG and CLSAG implementations will see a verification time improvement (on the order of several percent) thanks to some minor modifications that I've made to remove redundant point conversions. This speedup will apply to all signatures, both existing and future. Code is available for both MLSAG and CLSAG.
I participated in the recent Monero Konferenco in Denver. This was a fantastic gathering of researchers, developers, community members, and enthusiasts to learn more about Monero developments and privacy-focused research in general. I assisted with organization, moderated a panel on regulation and governance with panelists in Denver and in Croatia at Zcon1, and gave a talk on transaction efficiency. The slides for my talk are available.
An analysis of the Lelantus transaction protocol was conducted to examine its scaling in more detail, in order to determine if it could be feasible for the Monero ecosystem. In particular, I looked at overall size and time scaling of all proof and signature components of the full protocol. Additionally, I integrated a new type of migration transaction into prototyping code to better understand how to safely convert existing outputs to the double-blinded Pedersen commitment format required by Lelantus. I am collaborating with the paper's author to investigate several ideas for better efficiency in both transaction construction and verification.
A similar analysis of the Omniring transaction protocol is also underway. There are several subleties involving group generators that affect the timing and scaling numbers presented in the original paper, which are incorrect as originally presented. Fortunately, the authors inform me that there are some new ideas on ways to address these concerns. Further analysis will await these new developments as this work proceeds.
And now on to Sarang's Reading Corner, a short listing of some interesting papers that I have come across this month. The appearance of a paper in this list does not mean that I necessarily agree with its contents or correctness, or that I endorse it. Papers are in no particular order.
- Nonces are Noticed: AEAD Revisited
- Improved prover efficiency and SRS size in a Sonic-like system
- Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks
- DLSAG: Non-Interactive Refund Transactions For Interoperable Payment Channels in Monero
- Revelio: A MimbleWimble Proof of Reserves Protocol
- Compact linkable ring signatures and applications
- The Libra Blockchain