Hello, I would like to provide my third and last report regarding this CCS.
Finished my CCS project as proposed and did not find any bug that could lead to inflation.
What I have done in the past months
- Finished writing all the main functions in Python to scan the blockchain focusing on the inflation issue (as proposed).
- Investigated a bit deeper the malleability issue spotted and scanned the Borromean signatures again to identify all the 'malleable' transactions and wrote this small report here.
- Although I did what I proposed myself to do (write some educational material and all the main functions in Python), I could not finish scanning the blockchain using my tools as it is way too slow. Therefore, I have also coded the Bulletproofs verification function in RUST (which will be useful for Serai – thank you kayabaNerve for the help) and started scanning the blockchain for the Bulletproofs era as the performance is now comparable to the C++ code.
- Fixed some mistakes in notations, improved some pages and wrote some more information (for example about inflation on the website www.moneroinflation.com
Personal comments about this project and Monero
- I really learned a lot in the past months by writing all the main crypto functions in Python (some in Rust too) and some educational material. I'm now familiar with the code and the development history of Monero.
- My only criticism is related to the choice of allowing non-canonical scalars and points to be stored in the blockchain. Although these fungibility and malleability issues are not really a security problem they will be annoying when other implementations of Monero appear, which is inevitable as the project grows.
- It is really incredible to see the commitment of the developers (koe, moneromooo, selsta, jberman, rbrunner, tevador, luigi, xmrack, gingeropoulos, mj, rucknium, etc) towards improving Monero. I'm really thankful for the resources and interactions we had in the past months.
- I did not find any shady thing or any taboo subject regarding the code or the core developers. People are really honest in explaining and discussing the strengths and limitations of the code. Really awesome.
What is next?
I still did not finish scanning the blockchain (as BP+ did not exist when I submitted the proposal) so I'm planning to create the tools to quickly finish scanning up to the present. Also, I feel like I have the necessary tools and skills to help in the development of Jamtis/Seraphis, therefore, I will write another CCS proposal soon to do it.
Thank you very much for your support! I usually take every comment/suggestion seriously so please do not hesitate to contact me if you wish 😉