Comments (10)
It's probably worth noting, that shortly after this thread first appeared, there was a (I think reasonable) offer setup for a crypto audit between one of the organizations in the previous comment, and Riccardo / Othe of the monero project. I'm not sure whether the monero guys followed through, but it would be nice to hear the results of that.
from research-lab.
Hi, the paper states that it is a sketch of a proof (mainly it's a sketch because the things are no more efficient than the Borromean ones which are mentioned could be used on a previous page, and possibly less efficient according to the Borromean paper, in some cases (e.g. higher bases than 2 or whatever, and I guess at the time of writing the Borromean paper didn't have a proof written out, but it was sort of publicly in progress on their github, so the author didn't want to sort of steal possibly a big chunk of their paper).
Anyway, I think the point in assuming the 'a', 'b' values is that since various other bits of information are determined by the (edit: non-standard terminology from the Borromean paper) one-way nature of the hash (since you have to produce L1, L2 before knowing c1, c2) then at the end you need to find a scalar 's' so would need some way to get a scalar from the other bits of information which are already determined at that point). Moving sG by itself, it is easier to find an 's' when you already know a,b, so presumably if you can't find 's' with that advantage, then you can't find 's' without the advantage. But- this section of the paper hasn't been reviewed much, and it is just a sketch, so let me know if you see an error in that. BTW, the author e-mail is apparently not provided at the paper, so one might assume they are not open to correspondence, however, it's sort of publicly known from their github ([email protected]) which is linked on the first page of the paper, so I would assume they are open to correspondence for this type of question.
from research-lab.
2p: Since I'm no longer actively working on this stuff- the Monero community could try and get someone to audit- off the top of my head there is NCC crypto services or coinspect. For example, I think Zcash recently did an audit with the first of the two. I can name bugs that have been found in almost every big crypto thing that I can think of off the top of my head, so I wouldn't be too unsurprised if I wasn't immune.
from research-lab.
I previously noted that there was a flaw in my previous comment- and that one needs to commit to the L1 values. After working this change through on paper, I realized that doing this essentially reduces to the Borromean sigs in any case (after replacing the sum with a hash of the L1)
from research-lab.
I would like to point out that there is now a thread claiming I completed a 'deep code review' on reddit. I tried to comment there and point out this is untrue (I fixed a small piece of the borromean sigs, and compared the hash to point function with OWS recent implementation), but the comment got shadow-deleted or something.
from research-lab.
Hi Shen. Thank you for setting the record straight on this thread. Could you please provide the link to the Reddit thread and your comment, if possible? I couldn't find it there. If something like that was deliberately deleted that is very concerning on its own right...
from research-lab.
It was censored by Theymos! Quick everyone, let's head to /r/btc!
/s
from research-lab.
@RandomRun https://unreddit.com/r/Monero/comments/5lyw05/funding_required_shen_noether_for_work_on_ringct/
from research-lab.
...so why was that comment deleted? @fluffypony
from research-lab.
@taushet because the comment was so out of bounds, and Shen hadn't contacted myself or othe privately, that it was a safe assumption that his account had been compromised. At this stage I'm still assuming his account has been compromised and am disregarding anything he has said publicly.
from research-lab.
Related Issues (20)
- Exploring Trustless zk-SNARKs for Monero's payment protocol HOT 107
- Bulletproofs++ HOT 2
- Investigate possibility of reducing 10-blocks lock HOT 19
- Remove the burning bug as a class of attack with a modified shared key definition HOT 2
- Remove Extra Coinbase Locktime HOT 5
- Consider Switch commitments for future supply security HOT 29
- Radical idea for forward secrecy and instant wallet sync HOT 13
- Flashproofs
- Coinbase Consolidation Tx Type HOT 8
- Avoid selecting coinbase outputs as decoys HOT 2
- Scale the blockchain with recursive ZK proofs HOT 2
- Archiving historic nullifiers with mutator sets HOT 1
- Porting Utreexo to Monero HOT 7
- increasing uniformity of number of inputs/outputs
- Class Group-based ZK SNARKs
- Add scripting to Monero via the specification of R1CS circuits HOT 14
- based monero address decentralized IP address, Abolish ipv4 and ipv6 HOT 8
- potential measures against a black marble attack HOT 29
- Mining protocol changes to combat pool centralization HOT 16
- Catalogue of Monero decoy selection algorithms HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from research-lab.