Unverified Commit 4ef230df authored by dEBRUYNE-1's avatar dEBRUYNE-1
Browse files

Logs for the Community Meeting Held on 2017-11-11 & logs for the Monero...

Logs for the Community Meeting Held on 2017-11-11 & logs for the Monero Research Lab Meeting Held on 2017-11-13
parent e8686ac2
---
layout: post
title: Logs for the Community Meeting Held on 2017-11-11
summary: Community highlights, Forum Funding System updates, RFC-HWALLET-1, Monero December, upcoming meetups, growing involvement, and miscellaneous
tags: [community, crypto]
author: dEBRUYNE / fluffypony
---
# Logs
**\<sgp>** 0. Introduction
**\<ArticMine>** hi
**\<sgp>** We would like to welcome everyone to this Monero Community Meeting!
**\<sgp>** Link to agenda on GitHub: https://github.com/monero-project/meta/issues/134
**\<sgp>** Monero Community meetings are a discussion place for anything going on in the Monero Community. We use meetings to encourage the community to share ideas and provide support.
**\<sgp>** 1. Greetings
**\<cryptochangement>** hello all!
**\<ArticMine>** I jumped the gun
**\<rehrar>** We still love you ArticMine
**\<rehrar>** and 'hello'
**\<sarang>** sarang here, is this the channel for the meeting?
**\<ordtrogen>** Hej allihopa
**\<rehrar>** indeed it is
**\<sgp>** @sarang yes
**\<sarang>** Just joined the channel, so I can't follow history
**\<cryptochangement>** we just started greetings, you didnt miss anything
**\<sarang>** excellent
**\<sgp>** 2. Community highlights
**\<sgp>** For a great weekly summary, please read the Monero Observer: http://monero-observer.com/
**\<rehrar>** sarang: https://github.com/monero-project/meta/issues/134
**\<sgp>** This publication is funded by community donations
**\<sgp>** 3. FFS updates
**\<sgp>** There are several FFS updates.
**\<msvb-mob>** Hello folks.
**\<sgp>** First, we have msvb-lab who will speak about the hardware wallet project
**\<sgp>** a. RFC-HWALLET-1 project progress
**\<sgp>** Take the floor, msvb-lab
**\<sgp>** or msvb-mob
**\<msvb-mob>** sgp: I need a bit of time, can somebody else go first?
**\<sgp>** Sure, does anyone else have a FFS update they would like to talk about?
**\<msvb-mob>** Uploading photos of the fresh Monero hardware wallet board...
**\<sgp>** sweet
**\<cryptochangement>** i can go first
**\<cryptochangement>** alog with serhack if he is here
**\<cryptochangement>** ping serhack
**\<sgp>** Sure, go ahead
**\<sgp>** cryptochangement
**\<cryptochangement>** ok give me a sec to type it all out :p
**\<cryptochangement>** okay, so first of all, if you had seen my last update my big complaint (about my own work) was that the paymentbox for the magento2 plugin that is in the works was not at all visually appealing, but thanks to TheMonera we have a much nicer looking design that has been implemented on several of the Monero-Integrations plugins
**\<cryptochangement>** you can see it here https://imgur.com/a/0buLW
**\<cryptochangement>** also
**\<serhack>** Hey
**\<serhack>** Hello everyone
**\<cryptochangement>** the magento2 plugin is currently functional and you can check it out here: https://github.com/monero-project/monero ill have install instructions on the README later today but it is pretty straight forward if you already user composer with magento
**\<serhack>** Monero Integrations are going well
**\<serhack>** I would make an announcement
**\<serhack>** I have contacted OpenBazaar Team
**\<serhack>** And I am trying to implement Monero for Openbazaar
**\<serhack>** It will be a difficult task
**\<serhack>** But there is no mission impossible for serhack
**\<sgp>** cryptochangement is that the correct GitHub direcotry? That's for the Monero project itself
**\<cryptochangement>** crap wrong link sgp
**\<cryptochangement>** https://github.com/monero-integrations/moneromagento
**\<cryptochangement>** \^ thats bette
**\<sgp>** serhack great news!
**\<sgp>** cryptochangement also great news!
**\<serhack>** :)
**\<cryptochangement>** i think thats all from us now
**\<sgp>** I look forward to see how these projects develop
**\<serhack>** Yep confirmed
**\<sgp>** msvb-lab are you ready?
**\<cryptochangement>** if there are no questions i think msvb-mobcan take the floor
**\<ordtrogen>** @cryptochangement does the input field for amount get larger when typing decimals? I'm guessing
**\<ordtrogen>** just wanted to add it looks good
**\<sgp>** We can move on to the next topic until msvb-lab/msvb-mob is ready
**\<cryptochangement>** yeah, it would adjust as needed. i just grabbed the picture last minute
**\<sgp>** 4. Monero December
**\<sgp>** The RIAT team would like to discuss the events happening in Vienna this December.
**\<msvb-mob>** sgp: I think so, Taiga slurping graphic data over slow HTTPS.
**\<sgp>** Ok, let's hold off on 4 then and have msvb-mob go
**\<msvb-mob>** parasew[m] pablonero[m]: Oh yes, I'm quite interested to hear official plans.
**\<serhack>** msvb-mob: you can use imgue
**\<serhack>** Imgur
**\<msvb-mob>** parasew[m] pablonero[m]: You around to chat about RIAT hosting Monero December?
**\<sgp>** It doesn't look like they are in the channel
**\<msvb-mob>** Okay, so we finally have some exciting results on the hardware front.
**\<sgp>** \o/
**\<msvb-mob>** A wallet design with custom firmware and JTAG programming the lot.
**\<vp11>** yehaa!
**\<msvb-mob>** https://taiga.getmonero.org/project/michael-rfc-hwallet-1-implementation/
**\<msvb-mob>** Photos got uploaded finally.
**\<msvb-mob>** The board is demonstrated connected to a mobile phone over USB OTG, but eventually it may run on battery or even photovoltaic (solar) power.
**\<sgp>** ooh, fancy
**\<cryptochangement>** that looks awesome
**\<msvb-mob>** The URL displayed on the hardware wallet's screen is fake, says 'Go hwal.getmonero.org'
**\<vp11>** looking good!
**\<msvb-mob>** cryptochangement: It's a good start. We only got this far by having contributions.
**\<msvb-mob>** The team now consists of a handful of folks, some specialising in FPGA development, legal matters and documentation (a real attorney), core hw devs, and most important testers.
**\<msvb-mob>** I mention testers because if the current rate of development progress keeps pace, we'll be able to produce a handful (or more) of working boards soon for testing purposes.
**\<msvb-mob>** So whoever likes the idea of testing hardware (which is not useful for storing your real money please!) then sign up.
**\<sgp>** I'm excitied to hear you are making excellent progress
**\<msvb-mob>** You can read about the preliminary device delivery plans in:
**\<msvb-mob>** https://taiga.getmonero.org/project/michael-rfc-hwallet-1-implementation/wiki/preview
**\<msvb-mob>** ...and the main idea is simply become a member of the Taiga project, so you can contribute opinions and reports after testing.
**\<serhack>** msvb-mob: WOW.
**\<msvb-mob>** To do that, go to the main project page and click 'Contact the project'.
**\<msvb-mob>** https://taiga.getmonero.org/project/michael-rfc-hwallet-1-implementation/
**\<serhack>** Can I share images into Telegram groups?
**\<vp11>** in fact, you should post an update on reddit with the images and the progress
**\<msvb-mob>** If you do this without being logged in, then make sure to provide your email address so we can invite you to be a tester.
**\<vp11>** the community will be really happy to see how fast you guys are advancing
**\<msvb-mob>** Otherwise, if you're already logged into Taiga, click the contact button and it goes more smoothly.
**\<serhack>** vp11 is right
**\<serhack>** Community loves updates on reddit
**\<msvb-mob>** vp11 serhack: Thanks, it's due to the level of enthusiasm and great contributions.
**\<sgp>** Yeah this will easily get reactions
**\<msvb-mob>** Any questions? If not, I'll pass the baton.
**\<msvb-mob>** serhack: I'm a braindead idiot about reddit, as well as having no Facebook or Twittie accounts either.
**\<serhack>** Oh
**\<msvb-mob>** serhack: Actually we do need a reddit representative, if anyone wants to pick up that role.
**\<serhack>** Who will post updates about hardware projects?
**\<sgp>** Is there anyone here to speak about the Monero events in Vienna?
**\<vp11>** you really need someone to represent the project on reddit, msvb-mob
**\<msvb-mob>** serhack: We're doing that right now, and officially (according to the forum proposal) status reports shouold happen at each dev meeting.
**\<serhack>** okay
**\<vp11>** every two days someone asks about development in ledger or trezor
**\<msvb-mob>** We changed from dev meetings to community meetins though.
**\<vp11>** these people should know there are progress on our own hardware wallet
**\<vp11>** people will get crazy about it and it might even bring more contributors
**\<serhack>** We have 36k readers on reddit
**\<vp11>** reddit is a very useful tool and exploring it will benefit everyone :)
**\<msvb-mob>** vp11: I'm meeting the Digital Bitbox folks in Zuerich in two weeks, let's not forget them.
**\<msvb-mob>** Their two founders are Monero fans.
**\<rehrar>** msvb-mob: I can handle PR for hardware project if you'd like
**\<vp11>** indeed! let's not forget anyone then :)
**\<sgp>** @msvb-mob do you feel comfortable with someone sharing these updates on Reddit? The logs are posted there anyway
**\<vp11>** ohhh no one better than rehrar
**\<msvb-mob>** rehrar: You will be the angel of reddit.
**\<serhack>** :)
**\<vp11>** i vote for rehrar for PR of this project
**\<msvb-mob>** How was it that fluffypony said 'chief reddit officer.'
**\<serhack>** @rehrar is our hero
**\<rehrar>** We'll be in contact.
**\<serhack>** I vote for rehrar
**\<msvb-mob>** rehrar: By the way, you made an excellent mention of the hardware wallet project in your coffee table chat, and thank you so much for telling people that Monero is not just about XMR but also about Kovir and a bunch of other stuff.
**\<msvb-mob>** Right on there.
**\<vp11>** the hero we don't deserve, but the one we need.
**\<sgp>** Since no one is here to discuss the Vienna events, we will proceed to #5. We can come back if they show up later
**\<rehrar>** thanks guys :) sgp, what's next?
**\<sgp>** 5. Upcoming Meetups
**\<sgp>** Monero Toronto has a meetup on Wednesday 29 November https://www.meetup.com/Toronto-Monero-Meetup/events/242746564/
**\<sgp>** Monero London has a meetup on Thursday 16 November https://www.meetup.com/Monero-London/events/244993948/
**\<msvb-mob>** sgp: I'm quite comfortable in broadcasting in every direction.
**\<sgp>** Monero Portugal has several meetups on Wednesday 15 November and Sunday 19 November. Join #monero-pt (IRC only, no relays) or PM /u/M-alMen for details and to confirm attendance https://www.reddit.com/r/Monero/comments/7c59jy/monero_meetup_in_portugal_15_and_19_november_join/
**\<sgp>** There will be a Monero meetup in Munich on Wednesday 22 November https://www.reddit.com/r/Monero/comments/7c9dz0/the_first_monero_munich_meetup_takes_place_on/
**\<sgp>** There will be more meetups not listed here for many of the groups receiving the Meetup Kits. I will post all these meetups to /r/MoneroCommunity as soon as I receive more details. Keep an eye out for them. List of groups receiving a kit: https://taiga.getmonero.org/project/sgp-monero-meetup-kit/wiki/selected-organizations
**\<sgp>** Does anyone know of other events coming up, or would like to speak about one of these?
**\<msvb-mob>** You think we can keep our events page up to date?
**\<msvb-mob>** None of those cool meetings are advertised.
**\<msvb-mob>** https://getmonero.org/community/events/
**\<vp11>** I'll talk with the guys on #monero-pt and see if someone wants to talk something about the meetup, one minute.
**\<sgp>** That page definitely needs some love
**\<serhack>** I think we should update that page
**\<msvb-mob>** sgp: How did you find out about these meetings, like in Munich?
**\<rehrar>** Luigi is doing a good job of merging stuff
**\<msvb-mob>** ...because maybe we can just do a batch copy of info from that place to the events page.
**\<sgp>** msvb-lab people post on Reddit typically
**\<rehrar>** onto the site, so I think it shouldn't be a problem if there is a concerted effort to update the Events page
**\<sgp>** rehrar is there a simple way for people to simply click a "+" sign and add the details of their event to a template which then becomes a pull request?
**\<rehrar>** https://github.com/monero-project/monero-site#90-how-to-make-an-event
**\<vp11>** msvb-mob you gotta go more on reddit, you know you can do it semi-anonymously right? :P
**\<msvb-mob>** vp11: I'm just swimming in work and doing full time hw dev, so maintaining presence on IRC is about my max now.
**\<sgp>** I'm going to move on, since we can have the discussion of how to use this page better later
**\<sgp>** 6. Growing Involvement
**\<sgp>** We have seen many new, interested users these past few months. However, this doesn’t necessarily translate into more people who want to help. I think we should have a discussion regarding how we can encourage people to make the switch from being a Monero fan to being a Monero contributor.
**\<sgp>** I think that tools like Tagia will help plan activities and allow people to more easily contribute to these. Especially for those who are not developers. We are using Taiga for the Meetup Kit project to see how it goes.
**\<msvb-mob>** vp11: There's no problem with reddit, I hope we get exposure there.
**\<sgp>** I think it will be helpful for us to brainstorm some ways to increase involvement.
**\<serhack>** You know a way sgp
**\<sgp>** Since we have a lot of interest. Let's translate this into action
**\<serhack>** I'm going to help a lot community
**\<msvb-mob>** sgp: This is a bit far fetched, but maybe a gamification idea?
**\<msvb-mob>** Something like a bounty program but made for baby steps (beginning with hello world) and more fun.
**\<vp11>** I believe we should have a very solid platform so people can "easily" become a contributor. As sgp mentioned, Taiga has been helping with that. We need to make sure we master the tool so we can organise ourselves and invite people to become contributors on projects they'd have an interest.
**\<msvb-mob>** sgp: And the coffee table hour gained dozens of watchers, so that's a place to keep focus on?
**\<sgp>** I think the Coffee Hour is great for gathering interest. I don't know how much of the interest translates into action
**\<sgp>** Though I think it's a clear positive
**\<vp11>** Once we have a good foundation it will be easier for people to join the initiatives. Maybe get a bigger exposure of the Taiga platform. I know we've been using it for only a couple of months now (or not even that), but it's a good way for people to see what's going on.
**\<msvb-mob>** sgp: Is it possible to do screenscraping during the coffee hour?
**\<msvb-mob>** Like a person editing a code file and speaking what it means?
**\<vp11>** More exposure of Taiga could be on the Monero website, reddit, and of course mentioning it whenever we can (Coffee Hour, Community Meetings, etc)
**\<sgp>** It should work, though we have not tested it much
**\<rehrar>** I'll make a suggestion.
**\<cryptochangement>** msvb-mob: thats actually an amazing idea for the coffeechat
**\<rehrar>** I think it would be very helpful to have a quarterly 'Monero Workshop'.
**\<rehrar>** We want people to get involved, but we want them to also understand what The Monero Project is about, the different projects available, and why Monero is awesome
**\<serhack>** Monero Hackathon
**\<msvb-mob>** cryptochangement: It might require a regular coder to hang out in coffee, but if every week there is a five minute slot dedicated to a hello world level review of a source code file, that might entice folks.
**\<rehrar>** Having a completely open three(ish) hour workshop that explains everything I just mentioned (and the privacy tech Monero uses) hosted online would be great for education and outreach
**\<msvb-mob>** serhack: Yes a hackathon. That would be best in the location where the most Monero enthusiasts live. Where is that?
**\<serhack>** Germany
**\<sgp>** serhack that's a discussion that we had in another (maybe research lab?) meeting. I'm seeing if I can host one here in Minnesota
**\<vp11>** rehrar that's not only a very good idea, but we can also record these and make them available on YouTube later, so people can "enrol on the fly".
**\<sgp>** I think it's a great idea too
**\<serhack>** :)
**\<rehrar>** It's not supposed to be a community interaction thing, but more like a seminar
**\<rehrar>** questions can be had at the end of each section, of course
**\<rehrar>** Many of us got involved in Monero because we realized how great the Project is, and how solid the technology behind it is
**\<vp11>** and since it's only quarterly it will also be a good moment to announce the progress on different fronts the development team has been working. I only see benefits.
**\<sgp>** I think a seminar is great for people who REALLY want to learn more and get involved
**\<rehrar>** I propose that if we educate the 'fan' about these things, they might not know them after all, that they will be like that inovled too
**\<msvb-mob>** rehrar sgp: Is there a way to hand out one shirt to the most motivated person at typical events?
**\<serhack>** It's a cool idea
**\<msvb-mob>** ...since it seems we have quite a few meetings coming up.
**\<sgp>** msvb-mob nothing really stopping that, no
**\<msvb-mob>** If we print a few dozen shirts and consider one shirt to be part of each meetup kit?
**\<sgp>** I didn't include shirts in the Meetup Kit though since they are bulky
**\<vp11>** for the general public I still believe Taiga is a very good "entrance door". maybe we can tweak it a little bit more, make it easy for people to discern "official projects" from "community projects", but it's a good place to start to get involved.
**\<vp11>** otherwise, a quarterly workshop really is a great opportunity for people who wants to get "deep" into Monero
**\<sgp>** I would like to see these thoughts outlined in Taiga
**\<serhack>** What are the Official projects?
**\<rehrar>** dude, we should have a fun Monero ARG with like, ten XMR at the end of it
**\<msvb-mob>** vp11: Some have had complaints about Taiga being nonintuitive, but it might just be a learning curve of Agile.
**\<serhack>** Anyway we should share Taiga everywhere
**\<vp11>** rehrar I would fund this idea, not even joking
**\<vp11>** love myself some ARGs
**\<msvb-mob>** What's an ARG?
**\<rehrar>** ARG = Alternate Reality Game
**\<vp11>** msvb-mob indeed, many people don't know Agile and I'm sure we could improve Taiga's presentation.
**\<rehrar>** for our purposes you can consider it like an online treasure hunt
**\<sgp>** This is why these brainstorming ideas are great. Now we have projects to work on for the next several months :p
**\<cryptochangement>** from my personal expirience, taiga is a bit of a learnig curve, but it is nicer to look at then github
**\<rehrar>** Secrets and codes embedded into various websites, videos, and photos
**\<rehrar>** leading to the next clue, and ultimately, leading to the 'treasure'
**\<msvb-mob>** rehrar: Yes, a treasure hunt, capture the flag, or similar thing. That's what I meant by gamification.
**\<cryptochangement>** honestly i would contribute to fundng without question
**\<vp11>** we're still learning how to organise ourselves on Taiga, it's a very recent addition. once we get it figured out we will be able to introduce people easily. things will be more organised, etc.
**\<sarang>** We considered it for the Research Lab as well
**\<sarang>** To help organize our many projects
**\<sgp>** msvb-mob pushed me to get organized on Taiga. Thanks for that
**\<sgp>** The project is much better organzied from this change
**\<msvb-mob>** sgp: Cool, you're welcome. I think we need to thank penguin though, isn't (s)he the one who set it up?
**\<sgp>** sarang I would look into it. It's a great idea
**\<sarang>** sgp: Would like to chat later about tiaga if possible
**\<msvb-mob>** I mean pigeons.
**\<sgp>** pigeons haha
**\<rehrar>** I'm around for chatting about it sarang :)
**\<sarang>** Ah ok! Anyone involved with it
**\<sgp>** sarang sure. I'll be on mobile but can still chat
**\<sarang>** I'm on mobile now too
**\<sarang>** Not ideal for long types!
**\<rehrar>** Running short on time here, anything else?
**\<sgp>** Any last thoughts for this meeting? Lots of great ideas
**\<sarang>** Glad to answer any MRL related topics too
**\<sarang>** Now or later
**\<sgp>** let's do that after confirming the next meeting time
**\<sgp>** 8. Confirm next meeting date/time
**\<sgp>** Should we have it again in 2 weeks? Thanksgiving weekend
**\<sgp>** Or delay for a week after that
**\<sarang>** Recommend delaying
**\<sgp>** We could have both the Coffee Chat and meeting on the same day (4 December)
**\<cryptochangement>** i also recommend delaying
**\<rehrar>** The Americans will be tired from shopping their Black Friday
**\<vp11>** how many people here live in US? no thanksgiving issues here :P
**\<sgp>** whoops, 2 December
**\<sarang>** Ha, I'm clearly too US centered...
**\<rehrar>** 'Murica
**\<cryptochangement>** vp11: we get it yall canadians already haf thanksgiving
**\<ArticMine>** So November 25 17:00 UTC?
**\<cryptochangement>** and that time acounts for the clock change?
**\<ArticMine>** no
**\<cryptochangement>** ok
**\<sgp>** Yes, the meeting will actually be at 17:00 UTC
**\<cryptochangement>** cool
**\<sgp>** Not 18:00 UTC like this one
**\<vp11>** I'm up for whatever is decided. If the majority is in US we can delay, I see no issues in delaying.
**\<ArticMine>** Dec 02 is not good for me
**\<rehrar>** Let's have it 25th
**\<sgp>** Let's try for two weeks from now on the 25th
**\<cryptochangement>** ok 17:00 UTC sounds good
**\<sarang>** Roger
**\<sgp>** Great
**\<serhack>** It's okay for me
**\<sgp>** 9. Conclusion
**\<sgp>** That’s all! Thanks for attending this Monero Community meeting, and we hope to see you on /r/MoneroCommunity and #monero-community. Take care, and know that change starts with YOU.
\ No newline at end of file
---
layout: post
title: Logs for the Monero Research Lab Meeting Held on 2017-11-13
summary: Educational outreach, multisig, Bulletproofs (range proofs), RuffCT, and miscellaneous
tags: [community, crypto]
author: dEBRUYNE / fluffypony
---
# Logs
**\<suraeNoether>** Hi everyone! fluffypony, knaccc, luigi1111, anonimal, binaryFate, dEBRUYNE, endogenic, gingeropolous, hyc, JollyMort[m], moneromooo, nioc, smooth, stoffu, vtnerd... anyone else I'm forgetting to ping?
**\<hyc>** hola
**\<suraeNoether>** 2) I want someone to volunteer to put up meeting logs on either the monero-project github or my personal github (which would end up on monero-project after a few weeks) as well as maybe throwing up a vCal as sarang suggested. Anyone want to make this their "thing"? :P
**\<suraeNoether>** I can download my logs and upload all the past meetings tomorrow morning after I get home
**\<hyc>** I won't volunteer because I usually have a conflicting meeting in this time slot
**\<suraeNoether>** but I want someone to make it their thing to improve reliability. It's easy for me to de-prioritize stuff like that in favor of other stuff
**\<suraeNoether>** hyc that's fine, we could just try to all remind each other instead of it being one person's responsibility
**\<suraeNoether>** any other announcements/administrivia?
**\<suraeNoether>** oh, I'm going to add a point to the agenda: 4) educational outreach
**\<sarang>** yes
**\<suraeNoether>** enough is moving on that front for us to need to discuss it
**\<sarang>** goog idea
**\<suraeNoether>** bab execution?
**\<andytoshi>** sarang: (sorry to interrupt the meeting) the dot product is a scalar op but you still need to do a multiexp to compute a vector pedersen commitment corresponding to each vector, to check that the commitments are correct
**\<sarang>** yup, true
**\<suraeNoether>** np andytoshi
**\<suraeNoether>** these aren't super formal. if you can't tell
**\<sarang>** We can chat more afterward about it if you want
**\<suraeNoether>** office hours are probably a better term for it. :P
**\<suraeNoether>** okay, 3) Projects. Sarang is clearly on bulletproofs...
**\<sarang>** Yeah, gonna code up linear and log versions
**\<silur>** sorry I missed this bulletproof stuff
**\<sarang>** we have andytoshi present, which is very helpful
**\<silur>** a quick overview on that line?
**\<sarang>** Proposal in a recent paper about efficient and small range proofs
**\<silur>** sounds nice
**\<suraeNoether>** nice. i put spectre down 2 weeks ago so i can work on the multisig paper and code vetting. thigns are looking good. I'm pretty confident I will be ready to send it off somewhere (the void) by the end of the month
**\<sarang>** Our current proofs are linear in size with the number of bits in the range
**\<sarang>** Bulletproofs have a linear version but the main contribution is a logarithmic version
**\<sarang>** We're gonna more carefully examine the verification complexity, which would likely be a deciding factor
**\<suraeNoether>** why do they bother with the linear version? simply because they can? (anything worth proving is worth proving twice?)
**\<sarang>** The logarithmic version uses a more complex argument, but you can basically drop it in to replace the linear part
**\<andytoshi>** suraeNoether: the log version is a very clean modification of the linear version, which is simpler to understand
**\<sarang>** it's a good buildup
**\<andytoshi>** to go from linear to log it's literally "in the final step replace these two vectors with a log-sized proof that their dot product is this"
**\<suraeNoether>** oh, nice\~!
**\<suraeNoether>** that's elegant
**\<sarang>** It's a cool idea
**\<hyc>** in the final step, *magic*
**\<andytoshi>** and this also lets them do a MPC for multiparty rangeproofs where everyone passes around full vectors then a coordinator aggregates into one log-sized proof, which results in constant number of rounds (3 or 4? unsure) vs log-many
**\<sarang>** Yeah andytoshi y'all did an excellent job with very solid applications for aggregation
**\<andytoshi>** thanks. the real magic was the stanford people, esp benedikt
**\<hyc>** So MPC gets us multisig too?
**\<sarang>** I'm super interested to see the efficiency comparisons when we finish them
**\<andytoshi>** hyc: it gets aggregation of outputs which have different owners
**\<andytoshi>** i'm not sure about multisig, that isn't covered
**\<hyc>** ok
**\<andytoshi>** good call, i should investigate this anyway for mimblewimble
**\<sarang>** Yeah, I keep forgetting that it's also logarithmic in # of outputs
**\<suraeNoether>** it's very helpful to have you here, andytoshi. I've been thinking about whether or not the bulletproof approach could apply *as a ring signature* by storing the signing keys in polynomial coefficients somehow. do you have any thoughts in that regard?
**\<andytoshi>** suraeNoether: no clue, i've thought about it a bit and i don't see any obvious way to do it
**\<suraeNoether>** ok. on another note, hyc as far as MPC for multisig goes....
**\<suraeNoether>** currently the coordinating signer fashions the range proof without input from threshold members... after all, the range proof isn't really part of "getting permission from our multisig coalition members to send this transaction."
**\<silur>** there is a method by peikert
**\<hyc>** oh good point surae
**\<silur>** I remember when I constructed the encrypted storage EIP for ethereum
**\<suraeNoether>** i don't see a super good reason to distribute the range proof for the use cases we see in cryptocurrency right now
**\<silur>** there is a "compression" algo by peikert for something like this
**\<andytoshi>** if you have a coordinating signer that knows the opening of the commitments (which is what it sounds like if it can make a rangeproof) then you can keep doing that with bulletproofs
**\<suraeNoether>** silur if you find a link i'd be curious
**\<andytoshi>** suraeNoether: in MW the rangeproof keys are used for authentication, that's all
**\<andytoshi>** but monero doesn't care about that
**\<suraeNoether>** yeah, i'm very ignorant about MW, so I'll change my wording above to "use cases we see in Monero right now" as opposed to cryptocurrency in general
**\<suraeNoether>** so, anyone else working on any research projects? After I'm done with multisig this month, I plan on going back to spectre and attempting some simulations on random networks
**\<suraeNoether>** but that's low priority now that multisig is sooo close.
**\<suraeNoether>** (the multisig paper, obv)
**\<sarang>** I'm splitting time between proofs and outreach
**\<sarang>** (which is #4 on agenda)
**\<suraeNoether>** ok. knaccc, silur, anyone else?
**\<suraeNoether>** well, let's talk about educational outreach then
**\<silur>** still working on my quantum-shuffle
**\<silur>** and possible usecase on PRNG
**\<suraeNoether>** nice
**\<suraeNoether>** i'm very interested in that
**\<silur>** would love to have you as a reviewer :D
**\<suraeNoether>** \*on another note, btw, before education...\* our H\_p has been pointed out to me as .... non-standard a few times. can anyone give me any documentation *at all* on it? i think we chatted about this early this week, but since i've been mainly working offline, I haven't been able to participate too much
**\<knaccc>** sarang msged me some EC operation counts for bulletproofs
**\<suraeNoether>** silur sure,just make sure you find at least three other reviewers too haha
**\<knaccc>** i'll be looking at attempting a comparison
**\<knaccc>** which should be fairly easy, and would not require coding
**\<suraeNoether>** sarang, do you still need that done? i think you mentioned you had completed a timing analysis earlier?
**\<sarang>** We know basic operation counts
**\<knaccc>** actually we can pretty much state the answer now
**\<suraeNoether>** oh ok, neat
**\<knaccc>** so it's 5\*64 scalarmultbase ops
**\<knaccc>** which is the heaviest part by far, assuming 64 bit range proofs
**\<knaccc>** for bulletproofs this is
**\<knaccc>** i.e. 320 scalarmultbases
**\<knaccc>** vs 128 doublescalarmultbases for existing range proofs
**\<knaccc>** so we need to look up some performance stats to get that comparison
**\<andytoshi>** for verification you can do much better than that
**\<andytoshi>** you can do it in 128
**\<knaccc>** ooh nice
**\<hyc>** and relative cost of doublescalarmultbase vs single?
**\<knaccc>** that's perfact then, bulletproofs win!
**\<sarang>** Yeah I messaged some stuff for the log version knaccc
**\<suraeNoether>** allrighty then... did we ever "make a decision" on sandy2x knaccc?
**\<andytoshi>** oh, maybe 132 or something
**\<andytoshi>** idk per numbers for ed25519. you probably want a multiscalarmultbase
**\<knaccc>** suraeNoether sandy2x is only applicable if we move to curve25519, which we would only do if we had variable base scalarmults, which we don't
**\<suraeNoether>** oh, i think i had something written down someplace incorrectly, then
**\<knaccc>** i'm sure sandy2x can be modified to work on ed25519 though
**\<suraeNoether>** oh, but
**\<knaccc>** i'm looking up those performance stats hyc did now
**\<suraeNoether>** the reason we were looking into sandy2x was to see if the variable base scalarmults from RuffCT could be made faster, right?
**\<andytoshi>** anyway you have 64 G bases, 64 H bases, 6 L bases, 6 R bases, plus the standard bases and you can precompute scalars for every one of them and do one multiexp with 141 bases
**\<knaccc>** suraeNoether yes
**\<andytoshi>** that's the inner product anyway. i haven't worked out the rangeproof, it'll add another small constant
**\<suraeNoether>** nice andytoshi
**\<knaccc>** ed25519 monero 10k timings
**\<knaccc>** ge\_double\_scalarmult\_base\_vartime 2.282629
**\<knaccc>** ge\_scalarmult 2.462409
**\<knaccc>** ge\_scalarmult\_base 1.498808
**\<knaccc>** all in seconds
**\<silur>** noice
**\<suraeNoether>** hyc knaccc so i guess what i'm asking is: have we gotten enough information about speeds in sandy2x to figure out whether we can actually use RuffCT in the near future? or has this officially been shelved for a few hard forks?
**\<hyc>** knaccc, any thoughts?
**\<knaccc>** so 132 scalarmults for bulletproofs has the compute cost of 142 doublescalarmultbases that existing Monero range proofs use
**\<knaccc>** so it's comparable
**\<sarang>** mhmm that's in line with the counts I found as well
**\<knaccc>** suraeNoether ruffct I think I remember as having similar compute costs to existing MLSAGs if we switch from ed25519 to curve25519
**\<sarang>** What should be the next step for bulletproofs then, so as not to duplicate effort?
**\<knaccc>** because ruffct was 2x as heavy, but curve25519 is 0.5x the cost for variable base scalarmults
**\<knaccc>** i.e. ruffcy doesn't help with compute costs, only with storage costs
**\<knaccc>** and would involve a lot of extra complexity to have curve25519 and ed25519 coexisting
**\<andytoshi>** knaccc: sorry, it's 141 not 132. and that's just for the inner product, i think there are a couple more for the full rangeproof
**\<andytoshi>** but the existing rangeproofs have basically no room to do multiexp (or even double-exp), so we expect it to be faster anyway
**\<andytoshi>** on secp we've gotten far enough in the analysis to say "build it and benchmark" because they're pretty damn close
**\<knaccc>** andytoshi ah thanks, ok then so bulletproofs are 19% more compute intensive to verify than Monero range proofs
**\<suraeNoether>** ouch
**\<andytoshi>** if you use a separate scalarmultbase for every one
**\<suraeNoether>** 19% is huge with an exponential space-time tradeoff....
**\<knaccc>** andytoshi i'm not familiar with the terms multiexp / double-exp
**\<andytoshi>** "exp" means "scalarmultbase
**\<andytoshi>** "
**\<knaccc>** ok, i see, as in exponent when written in alternate notation
**\<andytoshi>** "yeah
**\<knaccc>** and multiexp is what?
**\<andytoshi>** knaccc: if you are doing a\*G + b\*H + c\*I + d\*J you can compute that way faster than computing the individual terms and adding. in libsecp we explored three algorithms, bos-coster, strauss and pippinger and found that strauss was fastest for small numbers of points while pippinger was fastest for large numbers. see https://github.com/bitcoin-core/secp256k1/pull/486
**\<sarang>** andytoshi: what's the general scaling on that?
**\<andytoshi>** N/log(N)
**\<sarang>** OK nice
**\<suraeNoether>** andytoshi i didn't know that... it makes sense, though... i need to look into that
**\<sarang>** We do that what, 2n times in the inner product?
**\<suraeNoether>** if that's the case, ruffct might could be sped up
**\<sarang>** Er, 2log(n) times
**\<andytoshi>** suraeNoether: https://github.com/bitcoin-core/secp256k1/pull/486
**\<knaccc>** andytoshi ah interesting, are you familiar with the way that ed25519 makes multiexps faster than if curve25519 is used?
**\<andytoshi>** sarang: you can precomute the scalars and do it just once. the paper does it 2log(n) times but this isn't necessary
**\<knaccc>** i'm wondering if there is something special about in that regard
**\<andytoshi>** knaccc: no, i think ed25519 has some specific speedups but the algos i know are curve-agnostic
**\<knaccc>** sepcial about secp256k1 in that regard
**\<suraeNoether>** andytoshi thanks for the link
**\<andytoshi>** we do use our endomorphism to get a small speedup but otherwise everything we've done is curve-agnostic
**\<knaccc>** because we know having investivated that multiexp is 2x faster (with 2 bases) on ed25519 than on curve25519, which is why Monero uses ed25519
**\<knaccc>** it's helped by the twisted edwards curve for some reason
**\<andytoshi>** yes, we don't get 2x for two points, we get something like a 30% speed improvement... but for thousands of points we were getting like a 7x improvement with some older code
**\<suraeNoether>** knaccc: so verification time for sandy2x + curve25519 + ruffct's 2x-sized keys = (approximately) current implementation + ed25519 + our currently sized keys (per ring member, fo course)?
**\<knaccc>** wow ok thanks. Did you have to write your own optimizations to achieve that, using the published approaches you mentioned? or were libraries available for all that stuff for your curve?
**\<andytoshi>** knaccc: we wrote our own code, the fastest library for our curve is ours :)
**\<knaccc>** suraeNoether c8rrect
**\<knaccc>** andytoshi whoa kudos!
**\<andytoshi>** knaccc: but you can check out bos-coster, it requires a heap implementation but it's easy to understand and implement, and djb has python code you can basically translate into C
**\<knaccc>** lol you're too smart for planet earth. you have a warped sense of "easy" :)
**\<andytoshi>** i did this as a first try, which gave impressive numbers, but not as good as strauss for small # of bases and not as good as pippenger for large # of bases, so we dropped it. i forget the exact numbers now
**\<suraeNoether>** ok, i had no idea about these multiexp tricks andytoshi is describing... we might could make ruffct doable using those tricks, but i need to read the paper again. (I'm beginning to think a proper name would be Bootle CT, but does Bootle really need *more* things named after him? lol)
**\<suraeNoether>** knaccc the solutions are all trivial once you know them. :P heh
**\<knaccc>** heh ok
**\<suraeNoether>** okay, NOW that we've gotten some technicals a little more out of the way... sarang, you want to describe the bangalore thing?
**\<sarang>** OK so maybe a good step forward is some comparative testing with code for bulletproofs, which can include proposed speed improvements as part of the test code?
**\<sarang>** (just to finish this discussion)
**\<suraeNoether>** (yeah, i don't want to rush us through it...)
**\<suraeNoether>** i agree with you sarang
**\<sarang>** So about outreach, if we wanna talk that
**\<sarang>** I got an offer for one of us to do a two-week cryptocurrency course in Bangalore next May
**\<suraeNoether>** and while we are doing that, we should keep an eye on Bootle's short accountable ring sigs (ruffct, RTRS CT, whatever you want to call it) to see if we can use multiexp
**\<suraeNoether>** yes
**\<suraeNoether>** outreach
**\<suraeNoether>** *one* of us?
**\<sarang>** Still need to discuss getting a second person too
**\<sarang>** For sure the expenses are all paid for one instructor
**\<sarang>** Unsure about a second one, depending on how they hire in India vs. elsewhere
**\<knaccc>** suraeNoether maybe i've misunderstood, but i didn't think andytoshi was saying that the optimizations would apply unless you had fixed bases
**\<knaccc>** and RuffCT does not have fixed bases
**\<knaccc>** it's all variable base scalarmults
**\<suraeNoether>** my impression was that the speed-up came from computing the sum in toto all at once instead of computing each term individually and summing them one at a time
**\<suraeNoether>** andytoshi, want to clarify? :P
**\<knaccc>** andytoshi i.e. when you said "a\*G + b\*H + c\*I + d\*J", were you implying that G,H,I,J were fixed bases that were amenable to precomputation?
**\<andytoshi>** ah, no
**\<suraeNoether>** or is it enough to simply have those stored locally?
**\<andytoshi>** it's enough to have them stored locally
**\<sarang>** cool
**\<knaccc>** oh whoa, that's awesome, thanks andytoshi
**\<andytoshi>** strauss does some precomputation on the fly, so if they \_are\_ fixed bases you can cache this and get even more speedup
**\<andytoshi>** but you don't need it (and neither pippinger nor bos-coster have any precomp)
**\<sarang>** OK good, so we should certainly test this w/ bulletproofs simultaneously
**\<sarang>** Anyway suraeNoether, any more questions/comments about the outreach thing?
**\<knaccc>** andytoshi oh wait, when you said "stored locally", you meant precomputed and stored locally?
**\<knaccc>** i.e. GHIJ all still need to be precomputed? which is costly?
**\<andytoshi>** no
**\<knaccc>** what does stored locally mean then
**\<andytoshi>** idk, i was just copying the phrase from suraeNoether
**\<andytoshi>** i meant literally nothing by it
**\<sarang>** "You know what the points are"?
**\<andytoshi>** yeah, i guess
**\<sarang>** I get it
**\<knaccc>** lol well if you don't know what the points are, how can you do anything at all? i'm so confused :)
**\<sarang>** knaccc the answer would be "doesn't matter, but if it's possible to also precompute, cool"
**\<sarang>** that's all
**\<knaccc>** ok cool
**\<knaccc>** that's great news then
**\<andytoshi>** i don't know :P. anyway we use these for aggregate signatures where the bases are public keys that we definitely can't precompute, and our numbers come from this
**\<suraeNoether>** all i meant was
**\<suraeNoether>** well
**\<suraeNoether>** i'm going to shut my mouth for a bit
**\<suraeNoether>** because i haven't read the bootle paper recently and i don't want to mis-speak
**\<suraeNoether>** sarang for india? no more questions for now....
**\<suraeNoether>** my e-mail to a local university has not yet received a reply, either, but I sent it on a Thursday evening... if I don't receive a contact by middle of this week, i'm going to try to contact some of the other, more prestigious schools around me...
**\<sarang>** Is there interest in getting two people there to teach?
**\<sarang>** vs just one?
**\<suraeNoether>** uhm
**\<sarang>** If it's just one, there are no expenses for the community or other supporters
**\<suraeNoether>** i wouldn't mind it, i think it would be fun
**\<suraeNoether>** like, i know this is a weird thing to say but
**\<sarang>** With two people, I don't know if they'd cover the second person
**\<suraeNoether>** "wanna go to india and teach for 2 weeks?" "eh, i could take it or leave it. " hehe
**\<suraeNoether>** i think it'd be fun
**\<suraeNoether>** if it's politically costly or something in order to establish funding, i don't really have a dog in that fight
**\<sarang>** Yes, and there are parts of the country (like India) where gifted students don't have great opportunities for this
**\<sarang>** So we'd be doing the STEM world a big favor
**\<suraeNoether>** maybe. india has more honors students than america has students
**\<sarang>** Yes but in the U.S. it's easy to find challenging opportunities if you're gifted
**\<sarang>** in India it is not
**\<sarang>** and being labeled an "honors student" in your own school doesn't mean squat comparatively
**\<suraeNoether>** ehrm
**\<suraeNoether>** anyway, i see what you are saying
**\<suraeNoether>** but also
**\<suraeNoether>** on a non-teaching note
**\<sarang>** My point is that doing this anywhere in the world is a good idea, but I think serving a place like India is a great idea
**\<suraeNoether>** I was chatting with a friend who brought up the following idea, which I have been kicking around in my head for a few days. Monero should take some charge in producing friendly, educational, currency-agnostic infographics and educational documents for people with varying levels of tech education
**\<suraeNoether>** sure
**\<sarang>** On cryptocurrency in general?
**\<sarang>** Because CCs work in a lot of different ways
**\<suraeNoether>** yep! thing is...
**\<suraeNoether>** there's an analogy to compare against cars. every cryptocurrency (that isn't a shitcoin) seems to be doing something differently with very differetn design philosophies
**\<suraeNoether>** but that's like
**\<suraeNoether>** as if in 1860 the internal combustion engine was invented, attracted oodles of capital, and then *every manufacturing company in the world* created their own weird design of internal combustion
**\<sarang>** We have some really nice Monero topic videos
**\<suraeNoether>** it's... kind of insane
**\<sarang>** Things like those?
**\<suraeNoether>** we do
**\<suraeNoether>** uhm
**\<suraeNoether>** the sorts of things I was thinking about
**\<suraeNoether>** range from educational infographics and youtube videos that are short and designed for a 13 year old with a limited attention span... all the way up to a computer science student who is just learning about these things for the first time but has some stuff under their belt...
**\<suraeNoether>** all the way up to educational infographics for politicians and policy makers who are ignorant about tech in general
**\<sarang>** How general though?
**\<suraeNoether>** well, the short videos for younger people (or grand mothers) would be quite general
**\<sarang>** You can lead a horse to crypto primitives, but can't make him put them together in every currency's way
**\<suraeNoether>** hey, look, a saying that people should learn
**\<suraeNoether>** well, actually that idiom is kinda terrible
**\<suraeNoether>** but that's the point
**\<suraeNoether>** but anyway
**\<suraeNoether>** the problem with the idea is that it's so general and not well-specified
**\<suraeNoether>** there needs to be a scope defined ahead of time
**\<sarang>** Yes, I think scope is the biggest hurdle
**\<suraeNoether>** but i like the idea of MRL kind of... providing non-tribalistic, educational descriptions of the cc space, for internet users that aren't necessarily computer scientists
**\<sarang>** Because it gets really complex really fast
**\<suraeNoether>** *nod*
**\<suraeNoether>** anyway, that's all I have for discussion today
**\<suraeNoether>** I'm a little impressed we actually took over an hour!
**\<suraeNoether>** Does anyone have anything else they want to chat about?
**\<suraeNoether>** okay, well
**\<suraeNoether>** \/meeting
**\<suraeNoether>** good job, everyone. :P
**\<hyc>** more tribalism!!
**\<hyc>** n/m
**\<suraeNoether>** hehe
**\<suraeNoether>** i mean, honestly
**\<suraeNoether>** zcash's trusted setup and dash's masternodes
**\<suraeNoether>** i wouldn't necessarily trust my life savings to a dash masternode
**\<suraeNoether>** i certainly wouldn't trust my double-spend protection to a 6-person ceremony
**\<sarang>** Different tools for different needs, I suppose
**\<suraeNoether>** but these are solutions to cryptocurrency problems that come from different design philosophies with different traits and different security/threat models in mind
**\<suraeNoether>** *nod* right
**\<sarang>** I was listening to a radio news show that interviewed someone about the nature of Bitcoin
**\<sarang>** He claimed that it was about "trusting the network"
**\<sarang>** which I thought was utter BS
**\<suraeNoether>** heh