Skip to content
Snippets Groups Projects

RandomX audits

Merged hyc requested to merge hyc/ccs-proposals:RandomxAudit into master

This is the funding request for the audits for the RandomX Proof of Work algorithm that we've been working on for the past year or so. Our aim has been to develop a PoW that requires any implementation to include the major components of a CPU, and thus constrain all implementations to have CPU-like performance. The code for RandomX is available for testing on https://github.com/tevador/RandomX/

We solicited proposals from 4 different audit teams. One of these is already being paid for by Arweave.org. The community voted to fund the other 3, in this priority order. The vote occurred on https://www.reddit.com/r/Monero/comments/bozr0z/randomx_auditor_selection/

Like with the Bulletproofs audit, we are working with the Open Source Technology Improvement Fund (OSTIF), which has generously offered to manage the exchange of XMR to fiat to pay the reviewers.

REQUEST

  1. Kudelski 18,250 CHF ~ $18,094.04
  2. X41 42,000 Euro ~ $46,902.58
  3. QuarksLab $52,800.00

The total amount is around $118,000 (and may vary due to exchange rate fluctuations from USD to CHF and EUR). The request is for 1400 XMR, using an exhange estimate of 1 XMR = 85 USD. Since the funding is in fiat currency, this amount will be updated to reflect price fluctuations until funded.

The reviews will be funded in this order as soon as sufficient funds are available. This means that as soon as enough funds have been raised to pay for Kudelski we will engage them to begin their review. If/when sufficient funds are raised to pay for X41 we will start that; if/when sufficient additional funds are raised to cover QuarksLab we will start that. If we don't raise enough funds to cover all 3 reviews we will go with whatever we can cover. As with any other CCS proposal, any funds collected that aren't sufficient to meet a funding target will be reverted to the general development fund.

Reviews must be completed by end of June so that any identified problems can be fixed by July, and ready for a code freeze and subsequent October release.

Edited by hyc

Merge request reports

Checking pipeline status.

Approval is optional

Merged by luigi1111luigi1111 5 years ago (May 22, 2019 9:44pm UTC)

Merge details

  • Changes merged into master with 00607596.
  • Did not delete the source branch.

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • hyc added 1 commit

    added 1 commit

    Compare with previous version

  • hyc added 1 commit

    added 1 commit

    Compare with previous version

  • hyc changed the description

    changed the description

  • Contributor

    I am not in support of this proposal. The cost to the community is too great. Let's see some volunteer work.

  • @xeagu The RandomX code has already been 100% volunteer developed. The RandomX developers, Monero developers and the community have already discussed, at great length, the desire to have competent 3rd party audits conducted before the code is merged into Monero proper. There is also precedent in this case (i.e. the Bulletproof audits), which the community funded. And by what merit do you regard the cost too great?

  • Contributor

    The fact that it is always the same small group of select individuals who rally together and claim to represent a Monero Community while selectively proposing, approving, and funding an equally small set of funding proposals has me deeply concerned that the Monero project has been successfully coopted by a unified single entity. This is all fine and dandy except that the "Monero Community" markets its product "Monero" as a decentralized currency.

    This is the same small unified group that performed the "Bulletproofs Audit" and claims that the Bulletproof's Range Proof upgrade did not introduce a vulnerability that would enable such anonymous money printing.

    Monero claims to be an "open source project" but it doesn't look like any work on the product gets done unless the "Monero Community" employees get paid.

  • Monero development and innovation never ceases to amaze me and all done with focus on core principals. As I see it RandomX's focus is decentralization and done so in a creative and unique way. The discussion of whether or not to proceed has already happened. We will only know it's effectiveness by trying.

    I agree with trying and will put my moneroj were my mouth is.

    Thank you** hyc for spawning this creation and your work done, thanks to tevador for his months of work to bring this to fruition and thanks to the expertise sexh1 has brought and his work done.

  • Author Contributor

    @xeagu None of us developing RandomX has been paid, it has been completely volunteer work. You're making shit up. The Monero community has been fully in the loop from the very beginning of this PoW development process. If you've got nothing sane to say then please go away until you do.

  • Author Contributor

    @xeagu I laid out the direction for a long-term PoW algorithm over a year ago https://www.reddit.com/r/Monero/comments/8bshrx/what_we_need_to_know_about_proof_of_work_pow/ note there are over 100 comments from the community there.

    More recently we discussed the future of PoW algorithms here https://github.com/monero-project/meta/issues/316 over 800 comments from community members. We had a long meeting about it and yet another discussion here https://github.com/monero-project/meta/issues/321 with over 150 comments.

    The status update on our work https://www.reddit.com/r/Monero/comments/bmybxn/randomx_status_update/ was again completely out in the open, and laid out the next steps we were pursuing.

    The community voted on what audits to pursue. Again, completely out in the open. https://www.reddit.com/r/Monero/comments/bozr0z/randomx_auditor_selection/

    For you to say only a small closed group is behind this work is utterly ludicrous. The work has been built and discussed completely out in the open for the past year. This shit you're spewing only reflects badly on you, and you alone.

  • @xeagu So you now just want to rant about the "Monero Community". The Monero developers and the RandomX developers are the requesters of this audit, not to fund themselves, but to fund competent 3rd parties.

    This is the same small unified group that performed the "Bulletproofs Audit" and claims that the Bulletproof's Range Proof upgrade did not introduce a vulnerability that would enable such anonymous money printing.

    This is just a rubbish, childish and an utterly ignorant thing to say. Small unified group that performed the audits? Ridiculous. Kedelski and Quarkslab are both highly competent 3rd party businesses and were both engaged via OSTIF. That you think either of them would hide some vulnerability is utterly ridiculous. Every contract they fulfill, they are putting their business reputation on the line.

    Monero claims to be an "open source project" but it doesn't look like any work on the product gets done unless the "Monero Community" employees get paid.

    You clearly don't understand what "open source" is then. Have hyc, tevador et al been paid to write RandomX? No. There are also dozens of developers (myself included) that have, and continue to do, work on Monero and Monero related projects without ever having being paid. You have a serious misunderstanding of who get's any of this proposals funding. Let me spell it out to you since you clearly don't understand: the funding is for the listed 3rd parties, not Monero developers or the Monero community. And Monero is open source! Here is a link to the open source code.

    You are sullying this request and in doing so are only managing to alienate yourself from the very people that devote considerable time and effort to Monero - largely unpaid. This is malicious behavior and childish thinking. Funding 3rd party audits of proposed significant parts of codebase can only be seen as positive for the project. You're a complete imbecile if you can't grasp why.

  • I support this request and hope it is merged quickly so these auditors can get to work. Thank you to all who have played a role in this!

  • Contributor

    RandomX is a mission critical piece of Monero being able to be ASIC resistant long term and relieve the technical burden of frequent hard forks on contributors. Major kudos to those who have donated to its development to this point of RandomX freely. Would donate to and given the previous Reddit threads on this I imagine a good number of the community would as well.

    In case it wasn't apparent already, I would recommend folk just ignore Xeagu at this point and just focus on the CCS. He has been banned from various workgroups and the Church of Monero where he spent most of his Monero energy for his inability to work well with others, being intellectually dishonest, and generally ignoring advise to not engage in spam-like behavior given by members like Luigi. Engaging him any further in the comments just winds up with you wasting energy on feeding a troll.

  • i am in full support of the proposal to move towards RandomX. This combination of audits is a crucial step in this process.

  • I support the proposal. Thanks everybody for all the work done

  • If this is funded, we will have 4 audits of RandomX. I worry there are diminishing returns. I would rather only create this proposal for the top 2 choices, not the top 3 choices (in addition to TrailOfBits).

  • Author Contributor

    @sgp The proposal is meant to be paid out incrementally, not all in one lump. I personally would only expect to see enough funding for the first 2 to be paid.

  • Contributor

    I support this proposal. Discussions were open, people all around gave their thoughts (those who participated), asked questions, and were given responses about their concerns. Thank you Monero community by working really hard to make Monero a better cryptocurrency each time.

  • @hyc thanks, can you make it clearer in the description that the third audit is a stretch goal? I see the comment regarding them being paid in the order funds become available, but some further clarification that the expectation isn't necessarily that all three will be funded may be helpful. In any case, I support this proposal.

    Edited by Justin Ehrenhofer
  • hyc added 1 commit

    added 1 commit

    • 146039be - Clarification of incremental funding structure

    Compare with previous version

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply
Loading