The latest update from Sarang Noether is out and its full of interesting information on Bulletproofs, Multisig and discusses whether or not zk-SNARKs would benefit Monero. Read the entire post below or at the Monero forums.

Hello there! Sarang Noether here with my monthly report for December. I’m pleased to report good progress on several important projects, and want to start by thanking the Monero community for your support.

The primary task this month has been a continuation of Bulletproofs. As you’ve probably read elsewhere (like this blog post), range proofs are an important component of Monero’s confidential transactions that allow us to keep amounts secret. Bulletproofs are a replacement for our existing range proofs that used Borromean ring signatures and took up a substantial amount of space on the blockchain. I used the recent Bulletproof white paper to work up Java code, perform testing on correctness and efficiency, and work with moneromooo to get the test code ported for eventual inclusion into the Monero codebase. Single-output Bulletproofs are currently undergoing testing on testnet and will be included in a future release when ready. Multi-output Bulletproofs, which offer even more space savings that scale to larger transactions, are being tested separately since they necessitate a change to the way we handle fee scaling in order to avoid denial-of-service attacks from transaction packing. Releasing Bulletproofs in stages will provide an immediate reduction in transaction size and continue to offer further benefits once the rollout is complete.

I’ve been working with Surae Noether on finalizing the multisig project. Surae has put a lot of excellent work into updates, documentation, and analysis of our multisig mathematics in a forthcoming whitepaper, and I have been assisting with the analysis and review. The multisig code is set for release already, and the corresponding paper will be released after final review.

A project that was started earlier is a study of SPECTRE, a proposal to replace a blockchain structure with a more generalized graph structure. I began investigating this during my previous funding period, but it was placed on the back burner when Bulletproofs took center stage. Now that we have Bulletproofs staged for future release, my interest in SPECTRE has been renewed. Because it uses a more complex consensus algorithm than the Nakamoto longest-chain consensus method, there is a lot of testing and analysis that needs to be done. The benefits, however, are intriguing: an implementation could increase the block rate substantially without compromising the security of the network. Surae wrote up a test implementation in Python that he and I are playing with. The implementation makes the voting protocol much faster than listed in the original whitepaper. We’re testing edge cases by hand and in code, and generally working toward a more complete understanding of the benefits and drawbacks of SPECTRE for Monero. There are no defined plans to switch our chain structure, but I maintain an interest in determining the feasibility of SPECTRE for the future.

An ongoing topic of conversation within the research group has been a desire to develop educational outreach opportunities in applications of cryptography to distributed ledgers like Monero. I will be sharing the good news about modern cryptography with gifted students this summer through a Duke University program in the United States. I’ve taught courses to less advanced students that touched on modern topics, but this course would permit more time to discuss modern techniques and constructions to students with more mathematical experience. It would of course include projects in cryptocurrencies like Monero! Development of the curriculum is ongoing.

Finally, a new paper was released on efficient zk-SNARKs without trusted setup. Earlier work on zk-SNARKs required trusted parties, and some coins already use this. Monero’s philosophy of privacy means that a trusted setup is an automatic no-no, which makes the new paper so interesting since it assumes no trusted parties. I have been working through the whitepaper and plan to write up a simulation if it continues to show promise. A comprehensive analysis of the potential space and computation costs is also in order, and this will continue into next month. Again, there are no immediate plans to switch to a zk-SNARK setup in Monero, but the technology is interesting and merits ongoing investigation.

Once again, it’s been my pleasure to continue working for the Monero Research Lab. As always, there has been a flurry of activity in the cryptographic community, and the Lab prides itself on keeping up with new developments to determine their applicability to the Monero project. Many investigations do not see the light of day, but others (like Bulletproofs) do; this is the blessing and curse of the research community! Expect to see a continuation of my current projects into next month, as well as whatever new work is thrown my way.

Onward and upward!