Continued funding for Surae for another quarter, Aug Sep Nov 2019

Surae's Mostly-Quarterly Funding Request

WHO My name is Brandon Goodell. I am Monero Research Lab’s first postdoctoral researcher into cryptocurrency. I have a Ph.D. in Mathematical Sciences from Clemson University, a M.Sc. in Mathematics from North Dakota State University, and a B.S. in Mathematics from Colorado State University. I taught as a graduate student for 9 years at the university level, and I have participated in the Monero community under the pseudonym Surae Noether on-and-off 2014-2016, and I have worked at MRL full-time since June 2017.

WHAT I am requesting a continuation of funding for research, educational outreach, and community service. My request covers the dates of Aug 1 to Oct 31, with the stipulation that the dates of Aug 6 to Aug 20 will be used for paid time off. These three months are mainly for research; I have no Konferenco right now to organize and I have had a lot of outreach lately. As in my previous request, I am requesting this money be paid up front at the time that funding is complete (see the note below).

WHY Please see my Quarterly Update here for a very brief summary of the past 3 months of contributions to the Monero community I have made. I believe that Q2 of 2019 speaks for itself. My biggest recent success is the Monero Konferenco. We had some surprise guests; dignitaries from Malta, Slovakia, Australia, Thailand, and Taiwan all attended our event with last-minute notice. We even had a plan to have these folks to hop onto our panel, but things didn’t quite work out. I am keenly interested in finishing my matching simulations, assisting Sarang with an analysis of the big three sublinear RingCT replacement schemes we are considering, continuing my work in general at Monero Research Lab, and assisting the 2020 Konferenco efforts.

See Sarang's request for the following comment, which also applies to my request: Please read this paragraph carefully for an important change. An ongoing issue with multi-month research funding is that of price volatility. Because the XMR/USD conversion rate is subject to large changes over several months, neither donors nor I know what the actual value of donations will be when they are eventually paid out. To mitigate this and provide the most stability, this request will be paid out in full when it is funded.

To re-iterate: My request covers the dates of Aug 1 to Oct 31, with the stipulation that the dates of Aug 6 to Aug 20 will be used for paid time off.

HOW MUCH TOTAL 357 XMR. My monthly rate is 10,400 USD per month. I am asking at 87.39 USD/XMR as my baseline exchange rate based on the 14-day EMA on Kraken as of the moment I’m writing this post.

Hey everyone,

I heard Brandon's speak at Konferenco (youtube-https://youtu.be/xicn4rdUj_Q) and noticed he is a really qualified person. I will always think and promote that the community maintains qualified developers and researchers that understand the technical aspects of the technology and also outreach as much as possible.

Thank you @b-g-goodell

merged

mentioned in commit b448fc70

Thank you @lh1008 those are very kind words. I appreciate your support.

Greetings all,

This report describes my work in August 2019. I took August 6 till August 20 off work as described in my funding request.

The remainder of my time in August included:

1. Meeting dates: I missed the meetings while I was gone as well as the meeting on August 5 due to an unavoidable appointment. I attended the meeting on August 26 (see here).
2. Continued work on the following:

• Discrete output selection and distribution
• Monero bipartite graph matching and analysis paper, ledger simulations
• Ring sig replacement, accumulator research (reading).
• Preparation of Thring Signature and CLSAG papers for Financial Cryptography submission deadline in September.
• Reviewed 5707 for Sarang

Details

Discrete output selection and distribution: I found a discrete distribution in the literature that led me to design an efficient output selection method. I'm not surprised I didn't find it earlier, it's an obscure-ish distribution proposed by a mathematical ecologist in the 50s (Good distribution... and good luck googling "good distribution"). Sarang and I have started discussion on whether it would be worthwhile to switch. The ring sampling code would be a rather dramatic departure from our current method. The loose idea is to not sample a block depth d = 0, 1, 2, ..., H-1, but instead to sample a random number of bits that describe d, and then selecting uniformly from the prescribed range. For example, if the random number of bits is 4, then we need 4 bits to describe depths d = 8, 9, 10, 11, 12, 13, 14, 15. This introduces a binning effect to ring selection. The benefits and costs to this approach are not yet clear. We will be running some tests against the same metrics we used last time we made such a decision to see how things look.

Matching in bipartite graphs: The code on my buttercup branch here is passing unit tests for Python 3.7 and higher. The Markov chain I'm using to simulate the economy to generate a "simulated ground truth" corresponding to a simulated Monero ledger is still under development, but is nearing completion. The code that runs the experiment and produces statistics of results has been working for a bit; I have a sequence of commits I'm going to squash and push in a few days.

Ring signature replacement, accumulator research (reading): I spent a good deal of time this month doing reading on methods for ambiguous/private authentication without trusted setups, which began with familiarizing myself with omniring's proving system. This ultimately led me down a rabbit hole involving BOLT and ZK proofs of knowledge of RSA and (EC)DSA signatures (see here). Of course, Halo came out in September and this is immediately under my active consideration.

Preparation of Thring Signature and CLSAG papers for Financial Cryptography submission deadline in September: Sarang and I decided upon FC19 to submit these papers, and in August I began tinkering with the thring signature paper for formatting for submission. Recall that thring signatures are threshold ring signatures, which allow for some fundamental "smart-contract" style operability with the Monero blockchain... and CLSAG is a compact ring signature scheme invented by RandomRun suitable for uses ranging from lightweight applications of signer-ambiguous authentication to confidential colored coins. CLSAG is compatible with thring signatures and promise to reduce our overall blockchain size and per-block verification time by 15-25%. I designed appropriate definitions of unforgeability for these schemes and proved both of these secure in the last year.

Thanks to everyone! Working for Monero is one of the persistently most interesting experiences of my life.

And satisfying.

And fulfilling. You get it.