15:03:58 <gingeropolous> i forget... have the nuts and bolts for the atomic swap thing been reviewed? According to the whitepaper github, "presented at 36C3 with zkao."
15:05:32 <gingeropolous> i mean i assume it has. i just can't find docs or pointers to docs
15:35:26 <h4sh3d[m]> Yes, we are collaborating with an external PhD student to extend this research in another paper. We'll probably submit the new paper but we don't know when and where yet.
15:36:31 <h4sh3d[m]> An other teams did some preliminary review of the protocol, manly the ones that produced the prototypes
15:39:38 <h4sh3d[m]> But it also depend what level of reviewing, vtnerd discussed the protocol in the MR comments, but again a more academic review is on the road with the PhD student.
15:40:20 <h4sh3d[m]> gingeropolous: did that answer your question?
15:41:34 <gingeropolous> yeah. I know there have been internal eyes on it (sarang and vtnerd etc)
15:42:34 <gingeropolous> where in the CCS do the constructs etc get reviewed?
15:42:49 <gingeropolous> like, is it initial or is it after everything is built?
15:46:52 <gingeropolous> hrm, the term audit aint in the ccs proposal and review pops up twice but not useful :(
15:49:07 <h4sh3d[m]> If you’re talking about auditing the code produced then it’s mostly milestone 3, but it’s hard yet to describe what are all the part that needs an audit. And if you’re talking about the protocol, then it’s happening in parallel
16:38:48 <midipoet> if anybody interested
16:38:49 <midipoet> https://www.p2pfisy.com/
17:28:09 <gingeropolous> "then it’s happening in parallel" ... ok. are there any contingencies on critical flaws? What if the whole thing goes bollards halfway through?
17:29:28 <Inge-> does tha atomic swap implementation require any changes to monero protocol?
17:30:17 <gingeropolous> i don't think so Inge-
17:32:25 <nioc> Inge-: AIUI no
17:33:59 <Inge-> was my understanding too, just wanted to check
17:37:05 <h4sh3d[m]> Inge-: no, no changes to the Monero protocol at all
17:40:47 <Inge-> k
17:42:05 <h4sh3d[m]> gingeropolous: yes, it's a risk. BUT as I also mentioned to sarang (who asked the same question some time ago), with the preliminary reviews it already received and the "relative simplicity" of the protocol (for people who know atomic swaps), we are very confident that major flaws will not arise and if flaws are found they can be addressed by modifying the protocol
17:44:23 <gingeropolous> okey doke. thanks h4sh3d[m] .
17:44:39 <h4sh3d[m]> I am not saying: look the protocol will never have flaws, let's build everything without checking our hypothesis. No, we are meticulous and cautious, and I'm saying that we are confident that the implementation is not at risk, even if a flaw is found during the next 6 months of intensive review
17:44:44 <h4sh3d[m]> Ok, cool
17:45:13 <sarang> Note that a fixable flaw in the DLEQ proof was suggested
17:45:50 <h4sh3d[m]> Yes, exactly. This came out of discussion about two teams that did two PoC
17:46:28 <h4sh3d[m]> One of team, the COMIT team, also did an alternative for the DLEQ proof based on a composition of Sigma protocols
17:47:09 <h4sh3d[m]> I think the link was droped here
17:48:43 <h4sh3d[m]> Here: https://github.com/comit-network/cross-curve-dleq
17:50:23 <Inge-> h4sh3d[m]: which other coins have the necessary semantics? eth? ltc? zec?
17:51:16 <h4sh3d[m]> You mean for been implemented with this protocol?
17:52:23 <h4sh3d[m]> You can imagine this protocol as two "types" of chains: Bitcoin-like and Monero-like. And a this atomic swap works with each pairs composed of one of each
17:52:24 <hyc> eth is the turing complete chain, if btc can do it eth should be able to do it
17:52:37 <h4sh3d[m]> Exactly hyc
17:53:18 <h4sh3d[m]> So for the Bitcoin-like you need to have some script/multisig & unbroadcasted chain of transaction/smart contract capabilities
17:53:46 <h4sh3d[m]> Not every chains can be on that side, but eth, ltc and others can
17:54:30 <h4sh3d[m]> For the Monero-like, IMO mostly any chains. The protocol just requires one normal transaction
17:55:22 <h4sh3d[m]> This is very generic, but some pairs will require some fine-tuning to make it works
17:55:45 <Inge-> yes I'm aware of this. Just don't know which of the major coins are "bitcoin" like - as I understand it, maybe BSV can't do it (not that anyone cares ...)?
17:57:02 <h4sh3d[m]> E.g. with BTC-XMR, in the initialization setup the view key required must be taken into account, and for example BTC-GRIN or BTC-TARI will have small tweaks required for Mimblewimble based blockchains
17:57:24 <h4sh3d[m]> What are the major coins in your list ;)
17:58:00 <hyc> last bullrun when btc was clogged I did a few LTC xfers
17:59:09 <h4sh3d[m]> BCH can't, because of the lack of segwit e.g.
17:59:13 <Inge-> right
17:59:20 <h4sh3d[m]> I didn't check BSV
17:59:26 <Inge-> probably similar issues
17:59:36 <Inge-> and like I said - who cares anyway :D
17:59:40 <moneromooo> BSV has a fuckwit, is that close enough ? :)
17:59:55 <Inge-> has there been much interest from other projects in picking up on this and running with it?
18:00:11 <Inge-> I'd expect most coins would like to brag about atomic swaps with BTC
18:01:01 <h4sh3d[m]> For bitcoin forks: is SegWit (or similar tech that resolve a lot and allow unbroadcasted chain of tx) possible? Is there timelocks? Is there the possibility of simulating multi sig (a la bitcoin scipt)? if it's all yes then it's probably feasible without a lot of tweaking
18:02:00 <h4sh3d[m]> But yeah, BTC-XMR you know ;)
18:03:26 <h4sh3d[m]> 2 of the 3 PoC I'm aware of has an implementation for BTC-xxx, so yeah
18:03:44 <Inge-> of course. that would be the primary one to get
18:21:38 <dEBRUYNE> BCH only implemented part of Segwit afaik
18:21:45 <dEBRUYNE> Didn't delve into the details though
19:07:49 <kayabaNerve> h4sh3d[m]: Who did the third implementation, again, The one in Python?
19:08:42 <h4sh3d[m]> Yes, IIRC it was linked to PARTICL
19:19:22 <kayabaNerve> Thank you
19:38:02 <zkao> kayabaNerve, in case u talk to PARTICL, remind them about the x-DLEQ issue
19:41:43 <kayabaNerve> Will do. I was manually curious about your BTC-xxx statement :P I know of BTC-XXX from Plasma and I, BTC-XMR from COMIT, and then I thought Particl did PART-XMR. Just wanted to check their repo out again.
19:43:30 <kayabaNerve> They officially did PART+BTC-XMR
19:46:39 <kayabaNerve> zkao: Did you check out their Ed25519 code?
19:47:31 <kayabaNerve> https://hatebin.com/vdkzoqhmqb
19:47:44 <kayabaNerve> Sometimes, words cannot describe the lack of understanding you're faced with
19:49:53 <kayront> hatebin
19:49:53 <kayront> lol
19:52:09 <kayabaNerve> Weird. Meant to grab hastebin
19:52:16 <kayabaNerve> ... it works?
19:52:54 <kayabaNerve> I haven't used sites like that in a while! I saw it was a top result to my search and it had a decent view! I didn't check it against my hardware wallet! :(
19:53:09 <kayabaNerve> I also didn't want to put that horrible code on my gists lol
20:15:39 <kayabaNerve> zkao: Did let the author know via an issue. He's not on their Discord though
20:16:30 <zkao> merci