Triptych research and optimizations

THIS PROPOSAL HAS BEEN CHANGED FROM TRIPTYCH RESEARCH OPTIMIZATIONS TO TRIPTYCH MULTISIG RESEARCH AFTER A MEETING WITH THE MONERO DEVS ON APRIL 21, 2021.

Brief Intro

As of April 12th, 2021, Aaron "Sarang Noether" Feickert has joined Cypher Stack LLC as a resident researcher.

Cypher Stack is a for-profit LLC owned by Diego "rehrar" Salazar. It started as a design firm but has since expanded to include blockchain consultancy and digital utilities and infrastructure hosting. They already donate to the Monero Project in the form of employing Dan "pigeons" Miller as a system administrator, who is responsible for running and securing much of Monero's infrastructure including Taiga, Matrix, and other key infrastructure in conjunction with the core team.

Sarang himself needs no introduction. A previous full-time researcher of MRL paid for by the CCS, he wants to continue doing research into next-gen privacy with Monero (particularly in Triptych), hence this proposal.

The scope

Sarang Noether and collaborators created the Triptych and Arcturus privacy protocols, which, if implemented in Monero, could allow ring sizes of greater than 100 with similar size transactions to present ones (though verification times would increase linearly).

Work is already underway to include Triptych into Monero's codebase, but one of the big question marks shrouding the new protocol is multisig. The Monero ecosystem is maturing in such a way that Monero's multisig feature is being used in more and more applications, and moving to Triptych would break the current implementation. This could potentially stop Triptych's implementation in its tracks.

The goal of this proposal would be to do further research into Triptych's multisig options. Some research has already been done, and a path forward is already known, but the details and specifics need to be ironed out. Sarang would conduct this research to see if multisig is possible, and how a migration from the old to the new might be conducted in a way that is safe, private, and efficient.

The structure, milestones, and price.

This proposal is structured to be paid out along time-based milestones, but the time will not be consecutive. Each milestone will be paid out at intervals of 20 hours.

In other words, after 20 hours-worth of work is complete, a payout will be made to the completed milestone, but it may take one month or more to complete this 20 hours depending on time, availability, and other concurrent projects.

We are putting in a request for 80 hours (one cumulative month worth) of work. We are requesting $100/hour for this highly specialized work, which comes out to $8,000. At the exchange rate of $350/XMR we reach 22.86 XMR. We round it up to 23 and add a 10% buffer, which brings us to 25.3 requested XMR.

The Deliverables

Deliverables to the community: Sarang will give an update every calendar month on his progress to the Monero community in the form of a Reddit post in the Monero subreddit. Other update platforms can be explored as well. Keep in mind, because of the structure of the proposal, some updates may have little to no progress as a result of other work. These reports would say as much.

Deliverables to the devs: Sarang will provide write-ups, documentation, or proof-of-concept code to the developers as applicable based on research progress and results, toward the goal of a potential future Triptych release that meets the needs of the community.

Risks

A risk of this research is that multisig may not be possible with Triptych after all. If this is ascertained early on, further research on Triptych may be unnecessary as it will not be fit for our use given the importance of multisig in the Monero ecosystem. This means the research will stop immediately, and any partially completed milestones will be paid out to the extent of hours fulfilled. Remaining funds can be dispersed amongst other active fundraising proposals or however Core sees fit. The funds should NOT be rolled into the general fund as usual due to a conflict of interest, which is outlined below.

It is also possible that the work is finished early. If this occurs, the remaining funds from milestones will be utilized in the same manner as previously stated in the event that Triptych multisig can not be used.

Conflict of interest

After some discussion on IRC I have added this section at the end to clarify that I, Diego Salazar, owner of Cypher Stack and employer of Sarang Noether, am also paid by the general fund to work for the Core Team. I have powers to merge in the CCS but only do so with permission from luigi1111, who oversees the whole CCS system. I recuse myself from any sort of merging or moving processes with this CCS proposal due to the conflict of interest.

Cypher Stack also has another active research contract with privacy coin Firo, and Sarang works on this project.

+1 for more sarang research :)

Always an easy approval for more excellent work from Sarang!

Glad to see him back in Monero, and excited to see the output here.

+1, those research are essentials for improving the monero codebase

Wonderful. Lets get it funded

added 1 commit

• bcdee545 - Update cypherstack-sarang-triptych-research.md

Compare with previous version

changed the description

Note, some edits were made. Reduced time period of work, increased number of milestones from 2 to 4, and added a COI section at the bottom.

While I full heartedly support the proposal, I’d like to see more transparency around the amount that will be paid to sarang vs Cypher Stack LLC.

I’d also like to know if Cypher Stack LLC has other work lined up for sarang or just plans to operate as a temp agency for CCS proposals.

Thanks.

P.S. As any work performed under an employer-employee relationship generally becomes the property of the employer, can you add a sentence or two about licensing?

Just caught up on your discussion on IRC about this. Thanks for the scepticism and good questions. It's a somewhat new arrangement for Sarang and CCS proposals, so it's important to tease out the details and ensure there's no funny business.

That being said, it's looking promising that this arrangement could work.

I think we all want that for Sarang.

yeah, i would agree with this and @geonic

have no reason to think there is funny business, and welcome the research, but it may be helpful to obtain some clarity as to why the new arrangement.

1. I'm not sure divulging the internals of my business is necessary. Cypher Stack is requesting a certain amount of money for our employee to do the specified work. Sarang is happy with this arrangement. If the community thinks the value exchanged is worth it then fund it. If not then don't. When another firm, like Trail of Bits, is hired for audits or other work they are not grilled as to how much their cryptographers are getting vs Trail of Bits the business.

2. Cypher Stack has been in business for a couple of years now. Sarang is just a recent addition. We do have other contracts for both sarang and our other employees (roughly 6).

3. With very rare exceptions, pretty much everything Cypher Stack creates is open source (for code) or creative commons (for art and/or designs). This is true in our creative work (like Cypher Market designs) and otherwise. As well, one of the requirements to open a CCS proposal is the agreement that all work will be under a permissive license. I know this well, and this is no exception. In short, copyright Monero Project, permissively licensed.

Thanks for clarifying Diego. I think the early skepticism/hostility is unfortunate, but to be expected. Going forward, once the community is familiar with this arrangement it should be easier.

I appreciate you finding a way to make things work for Sarang to continue research.

the community will now be hiring Cypher Stack to do the work - correct?

I must say I'm not a fan of CCS proposals being created by third parties, and I'm not sure such proposals should be allowed in the first place. What I mean is, if Sarang is not going to be ultimately responsible for the work, then why does his name even need to be mentioned? I suspect the answer is because the community would be a bit more hesitant to fund this kind of work without being familiar with the individual or organization proposing it.

If you don't wish to be "grilled" about the compensation of your employees, then you should probably leave their names out of your proposals and let your business stand on its own reputation.

As far as research and development goes, we should be delighted that Sarang is willing to continue. The 3rd party in this case is a sound one imo

Strictly speaking, Sarang is not "continuing" to work for the Monero community. He has a new employer (Cypher Stack) with an entirely separate financial interest. Cypher Stack is responsible for the carrying out of this proposal, not Sarang. Cypher Stack will be collecting the bounty, which I assume will be used to cover its overhead costs and employees. I have no reason to believe Sarang will receive any of the funds being raised.

What I am questioning is whether the CCS should be allowing third parties to negotiate and broker work on behalf of others, especially when the third party benefits from the other's reputation.

Hi @JohnnyMnemonic

Regarding this section:

“What I am questioning is whether the CCS should be allowing third parties to negotiate and broker work on behalf of others, especially when the third party benefits from the other's reputation.”

What would you propose to be the down side for the Monero project in this situation?

It would appear from Sarang’s burnout, and Surae (Brandon) seeking employment elsewhere, that the project has an issue holding onto researchers with the current CCS status quo.

In this instance Diego has figured out a potential solution, and want to ensure his company get compensated, which will replenish their funds after paying Sarang an income.

Maybe there’s a good reason why it should not be possible for employers to propose work on behalf of others - but it’s not clear exactly what that reason is?

For starters, there's no direct accountability. There was already concern back when Diego made it clear he didn't have to explain his work to the community, even though his compensation comes from the general donation fund. In response to these concerns he said he'd be putting out monthly reports, which after 7 months have not materialized (to my knowledge).

This new proposal creates yet another situation where an important contributor does not directly answer to the people who are paying for his work.

This can ultimately lead to situations where X amount of money is requested from the community and no one really knows how that money is going to be used, but nobody wants to lay their own reputation on the line by questioning it.

Also, it's a bit too easy for people to say, "don't donate if you're not comfortable with the proposal." The community at large doesn't necessarily have all the information nor will they necessarily consider it to the same degree we are, and so there is a bit of responsibility on the part of the core team to protect the community and be cautious about what gets onto the CCS. It would be nice to require at least a minimum amount of transparency as to how people's money will be used.

i would back this.

Fwiw the core team was aware of this arrangement (which spans beyond this single proposal), but Rehrar and Sarang decided this on their own accord.

I don't think most people realize how difficult it must have been for Sarang (and Surae) to live from CCS proposal to CCS proposal for several years. The complete lack of long term stability, safety nets or usual professional benefits. They even have been taking the volatility risk. Imagine walking in a bank to seek a mortgage and explaining that you are a postdoc researcher but you are living on "Monero CCS proposals".
Sarang has been pushing limits of how far you can go with that way of life, and ended up burnt out. And though I don't want to speak for him, one can observe that Surae left and got a more "conventional" job.

I am super happy that this arrangement was found with Cypher Stack that will hopefully provide for Sarang what was missing previously.
Very humbled that Sarang sticks around and keeps pushing Monero research, and grateful to Rehrar for taking on the "stability" part, including taking on him the risk to find work and funding for Sarang when there isn't a fulltime Monero proposal around.
Consider that if the after-proposal wasn't somewhat secured, there wouldn't be any proposal for you to read right now.

We, all of us contributing a lot of our lives to Monero and its ecosystem, did not and do not always have it easy. There is no VC backing, there is no premine or devtax, there is no Monero company nor foundation who can employ anyone.
We ought to make it work for each other when we can, in my view that's all that is happening here.

This is a valid point. I have always been concerned that we don't some type foundation or long term backing. I am deeply concerned about the future of Monero in this sense.

I have absolutely no problem with the proposed work arrangement. IMHO we can be glad that after a burnout Sarang is back and still ready to work for Monero.

As a longtime fan and supporter of Monero multisig, should this work engagement come to be, may I propose to allocate some time for researching possible good ways to do multisig with Triptych? (Assuming there is no breakthrough yet on that front, but I don't know details.)

I mean, I'm personally fascinated by these arrangements, and congrats and thanks to rehrar for doing the legwork to create these entities and square the circle of creating stable career options for monero folks.

but yeah, obvi, moar sarang. MOAR. Hell, if he was working for ciphertrace and somehow there was a ciphertrace CCS that ultimately involved sarang working on monero, I'd support that.

If these are the hoops and twists and turns it takes to make stuff happen, then I guess thats what we do. Pragmatism.

Aye, some would say, the means are the ends, so this path should be walked carefully. So lets keep our heads about us.

+1 will back this.

In case there is any doubt, I support and approve of this proposal.

Note that I am requesting that opening this proposal be delayed pending additional discussion with developers for further clarification on research priorities.

Fully support, both this proposal and what @rehrar is doing with Cypher Stack.

Great to see you're back Sarang! I support this proposal.

pending additional discussion with developers for further clarification on research priorities

Reposting some comments I made re: Triptych yesterday on #haveno:

There has been a lot of uncertainty about what would happen to multisig come Triptych, given that there is still no compatible multisig scheme/implementation - and no signs of development in this area either.
This has been a major roadblock for pursuing further development on top of Monero's current MS implementation for a few developers I've spoken to, myself included.
Now that there is an active community-maintained project that uses multisig I think it's clear that Triptych can't ship without multisig support, and I expect that there will now be significant community pushback to the suggestion that we need to deploy Triptych as soon as possible (if that means temporarily dropping multisig).
I hope this will further incentivize the research and development of Triptych-compatible multisig and efficient escrow transactions.

To add to this:

I am primarily interested in multisig for escrowed marketplace applications (Bisq, OpenBazaar, etc). I believe 2/2 and 2/3 cover the vast majority of real-world usecases for multisig, including aforementioned usecase, and I think this is what should be optimized for -> e.g. by reducing the amount of communication required between cosigners to be less reliant on a message transportation layer.

There is no evidence of setups with more than 3 cosigners being used in practice and no clear usecase outside of enterprise environments (who are more likely to favor custom MPC solutions anyway), so support for this should not be prioritized in my opinion.

I believe I've clarified this already on Twitter but saw that you took down the tweet.

Speaking from my end, we know that Triptych is dear to Sarang and we are totally supportive for him to slow down on Firo research tasks if needed for a while to complete this so there is no conflict. This was explicitly discussed with Diego and Sarang which we were happy to agree to.

I maintain close relationships with many Monero community members and value this greatly along with wanting to see better privacy technology get implemented.

Given that FIRO's work in Lelantus contributed to the birth of Triptych https://github.com/monero-project/research-lab/issues/56 we too would be excited to see Triptych live on Monero.

Given that Triptych and Lelantus both use OOOMP protocols it is also possible that optimisations in one can lead to improvements in another so even FIRO's research in some areas would be complementary.

we are totally supportive for him to slow down on Firo research tasks if needed for a while to complete this so there is no conflict.

to be honest, i am not sure that many were aware of sarang working on Firo. i certainly wasn't.

@Chamus Businesses can have several contracts going at once. Full time is defined as 40 hours a week. He will be doing this work for them for that allotted time. You'll notice this CCS proposal defines the hours as nonconsecutive. During weekends, after hours, and other time periods sarang will work on Monero related things.