|
MoneroResearch.info |
 |
 |
 |
|
Salazar, R., Slaughter, F., & Szramowski, L. (2025). Veridise Logarithmic Derivative Review. Unpublished manuscript. Added by: Rucknium (18/03/2025, 18:58) |
 |
| Resource type: Manuscript BibTeX citation key: Salazar2025 View all bibliographic details  |
Categories: Monero-focused Subcategories: Full-Chain Membership Proofs Creators: Salazar, Slaughter, Szramowski Collection: Cypher Stack |
Views: 87/1037
|
Attachments
sum_of_points_v1.pdf  [20/196], sum_of_points_v2.pdf [12/67]
|
URLs https://github.com ... /divisor_deep_dive |
| Abstract |
|
We review “Soundness Proof for an Interactive Protocol for the Discrete Logarithm Relation” ([Bas24b]) by Alp Bassa at Veridise, which intends to formalize the protocol informally described in [Eag22] and establish its soundness. This can also be viewed as a formalization and improvement upon the gadget presented in [Kaya]. The intended application is full-chain membership proofs (FCMP++, [Kayb]) for privacy-respecting cryptocurrency protocols.
The scope of our review is restricted to [Bas24b], but information from [Eag22], [Bas24a], and [Bas24c] are necessarily discussed, along with insights obtained from personal communications with Luke “Kayaba” Parker regarding the intended use-case in Monero.
We find that the results and proofs in [Bas24b] are plausible. However, the paper contains both minor and major issues, some of which may fall outside of its original scope. Notably, several of these issues pose nontrivial challenges to the validity of the approach presented in [Eag22], and these concerns should be carefully addressed before considering on-chain deployment.
Please note that our judgment on the parts of [Bas24b] which may require refinement are likely to differ from the opinions of other authors. We emphasize that we have no knowledge of the scope imposed on [Bas24b]. While we believe our list to be fair, we do not believe it to be exhaustive. It is additionally our belief that a thorough revision of the report addressing the issues highlighted in this document could uncover potential flaws yet undiscovered in the protocol. Added by: Rucknium Last edited by: Rucknium |
| Notes |
|
Abstract of version 1:
This report contains a review of a logarithmic derivative technique report from Veridise. As with any such report, it may contain errors and cannot guarantee correctness or security. Further, it cannot guarantee that any particular implementation of the construction is correct, secure, or suitable for intended use cases. The authors assert no warranty and disclaim liability for its use. The authors further express no endorsement of any kind. This report has not undergone any further formal or peer review. We find that the original paper [Bas24] lacks a formal backing for the results used and proven. The mathematics contained in the report are sound, but lack direct reference to the results or do not contain enough justification to be taken at face value. Within the findings section, we have included a rework of each section of the paper, including citations of results which are invoked, proofs of results which were stated but for which proofs were unavailable, and inclusion of important background information. It is also of importance that the notation used possess a higher degree of specificity, which will be highlighted in the notation section below. Added by: Rucknium Last edited by: Rucknium |