i forget... have the nuts and bolts for the atomic swap thing been reviewed? According to the whitepaper github, "presented at 36C3 with zkao."

i mean i assume it has. i just can't find docs or pointers to docs

Yes, we are collaborating with an external PhD student to extend this research in another paper. We'll probably submit the new paper but we don't know when and where yet.

An other teams did some preliminary review of the protocol, manly the ones that produced the prototypes

But it also depend what level of reviewing, vtnerd discussed the protocol in the MR comments, but again a more academic review is on the road with the PhD student.

gingeropolous: did that answer your question?

yeah. I know there have been internal eyes on it (sarang and vtnerd etc)

where in the CCS do the constructs etc get reviewed?

like, is it initial or is it after everything is built?

hrm, the term audit aint in the ccs proposal and review pops up twice but not useful :(

If you’re talking about auditing the code produced then it’s mostly milestone 3, but it’s hard yet to describe what are all the part that needs an audit. And if you’re talking about the protocol, then it’s happening in parallel

if anybody interested

"then it’s happening in parallel" ... ok. are there any contingencies on critical flaws? What if the whole thing goes bollards halfway through?

does tha atomic swap implementation require any changes to monero protocol?

i don't think so Inge-

Inge-: AIUI no

was my understanding too, just wanted to check

Inge-: no, no changes to the Monero protocol at all

k

gingeropolous: yes, it's a risk. BUT as I also mentioned to sarang (who asked the same question some time ago), with the preliminary reviews it already received and the "relative simplicity" of the protocol (for people who know atomic swaps), we are very confident that major flaws will not arise and if flaws are found they can be addressed by modifying the protocol

okey doke. thanks h4sh3d[m] .

I am not saying: look the protocol will never have flaws, let's build everything without checking our hypothesis. No, we are meticulous and cautious, and I'm saying that we are confident that the implementation is not at risk, even if a flaw is found during the next 6 months of intensive review

Ok, cool

Note that a fixable flaw in the DLEQ proof was suggested

Yes, exactly. This came out of discussion about two teams that did two PoC

One of team, the COMIT team, also did an alternative for the DLEQ proof based on a composition of Sigma protocols

I think the link was droped here

Here: github.com/comit-network/cross-curve-dleq

h4sh3d[m]: which other coins have the necessary semantics? eth? ltc? zec?

You mean for been implemented with this protocol?

You can imagine this protocol as two "types" of chains: Bitcoin-like and Monero-like. And a this atomic swap works with each pairs composed of one of each

eth is the turing complete chain, if btc can do it eth should be able to do it

Exactly hyc

So for the Bitcoin-like you need to have some script/multisig & unbroadcasted chain of transaction/smart contract capabilities

Not every chains can be on that side, but eth, ltc and others can

For the Monero-like, IMO mostly any chains. The protocol just requires one normal transaction

This is very generic, but some pairs will require some fine-tuning to make it works

yes I'm aware of this. Just don't know which of the major coins are "bitcoin" like - as I understand it, maybe BSV can't do it (not that anyone cares ...)?

E.g. with BTC-XMR, in the initialization setup the view key required must be taken into account, and for example BTC-GRIN or BTC-TARI will have small tweaks required for Mimblewimble based blockchains

What are the major coins in your list ;)

last bullrun when btc was clogged I did a few LTC xfers

BCH can't, because of the lack of segwit e.g.

right

I didn't check BSV

probably similar issues

and like I said - who cares anyway :D

BSV has a fuckwit, is that close enough ? :)

has there been much interest from other projects in picking up on this and running with it?

I'd expect most coins would like to brag about atomic swaps with BTC

For bitcoin forks: is SegWit (or similar tech that resolve a lot and allow unbroadcasted chain of tx) possible? Is there timelocks? Is there the possibility of simulating multi sig (a la bitcoin scipt)? if it's all yes then it's probably feasible without a lot of tweaking

But yeah, BTC-XMR you know ;)

2 of the 3 PoC I'm aware of has an implementation for BTC-xxx, so yeah

of course. that would be the primary one to get

BCH only implemented part of Segwit afaik

Didn't delve into the details though

h4sh3d[m]: Who did the third implementation, again, The one in Python?

Yes, IIRC it was linked to PARTICL

Thank you

kayabaNerve, in case u talk to PARTICL, remind them about the x-DLEQ issue

Will do. I was manually curious about your BTC-xxx statement :P I know of BTC-XXX from Plasma and I, BTC-XMR from COMIT, and then I thought Particl did PART-XMR. Just wanted to check their repo out again.

They officially did PART+BTC-XMR

zkao: Did you check out their Ed25519 code?

Sometimes, words cannot describe the lack of understanding you're faced with

hatebin

lol

Weird. Meant to grab hastebin

... it works?

I haven't used sites like that in a while! I saw it was a top result to my search and it had a decent view! I didn't check it against my hardware wallet! :(

I also didn't want to put that horrible code on my gists lol

zkao: Did let the author know via an issue. He's not on their Discord though

merci