May monthly report

Once again, it's report time.

This month has been a lot of miscellaneous work on proofs and papers. I and my DLSAG collaborators have submitted versions of the DLSAG signature paper to conference proceedings and to the IACR preprint archive, now that we've made some edits to account for key images in the protocols. The common basepoint used in key images would presently necessitate a self-spend to avoid identification by a sender. This introduces subtleties to avoid metadata leaking and would slow down peer-to-peer direct transactions, but may be less important for payment channels. We will be eager to receive comments and review on the preprint.

The new CLSAG signature scheme has undergone significant additional analysis and updates. There is sample code and timing codeavailable currently, which show excellent efficiency improvements. The final version of a paper with full details and security proofs has a pending merge request to the internal archive. Comments on the paper are welcome.

There is sample code demonstrating a version of the Bulletproofs inner product proving system that allows arbitrary input vector size. Verification uses the same number of rounds as the prover, making it inefficient. While it may be possible to reduce the verifier's complexity to a single multiexponentiation (as we do for the current version in production), it is not clear how to do so.

I have a draft writeup for a merged-input system called MoJoin that allows multiple parties to generate a single transaction. The goal is to complete the transaction merging with no trust in any party, but this introduces significant complexity and may not be possible with the known Bulletproofs multiparty computation scheme. My current version of MoJoin assumes partial trust in a dealer, who learns the mappings between input rings and outputs (but not true spends or Pedersen commitment data).

Additionally, I am performing a comparative analysis of three different sublinear transaction protocols. Each of LelantusRingCT3.0, and Omniring have preprints available. The different approaches to transaction privacy come with tradeoffs that deserve careful investigation to determine their applicability and feasibility to Monero.

And now on to Sarang's Reading Corner, a short listing of some interesting papers that I have come across this month. The appearance of a paper in this list does not mean that I necessarily agree with its contents or correctness, or that I endorse it. Papers are in no particular order.


Napsat komentář

Vaše e-mailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *