SimpleX Chat

Private and Secure messaging platform without user IDs

Will this new messenger replace Signal?

Watch on Youtube

by Evgeny Poberezkin

Seraphis wallet development, 1 year report

TL;DR: A group of Monero devs is busy implementing "next generation" technologies for Monero called Seraphis and Jamtis that will bring solid improvements. After about 1 year passed since project start they did not yet get very far unfortunately but do have some interesting results to show, and speed will likely pick up considerably soon. Still, the corresponding hardfork is years out, and the design of those technologies is not yet fully settled nor fully reviewed for security.

Next month it will be 1 year that a number of Monero devs formed something like a workgroup with the goal to develop a wallet for the upcoming Seraphis and Jamtis based Monero and I took on the job to care about the project management side. It's therefore a good time for a report about what happened so far.

You find general info about Seraphis, Jamtis and the workgroup here on our wiki. The Seraphis and Jamtis FAQ linked there may be especially useful.

A word of caution here: Regardless of any implementation work, Seraphis and Jamtis as cryptographic designs still need a review by at least 1 competent independent third party, and so-called security proofs developed for them wherever possible. Efforts to find such a party are under way.

The Seraphis wallet workgroup does not build a new wallet app, like Cake Wallet or Monerujo are wallet apps. We build a new component within the Monero core code that most of those apps will rely on internally once reworked for Seraphis. For lack of a good and unambiguous term we also call that component wallet.

I admit right away that we don't yet have many hard results to show, i.e. very little actual reviewed code that has a chance to become part of the final Monero software, and no prototype of any sort yet, despite the almost full year that passed.

Personally, I have mixed feelings about that but wouldn't call it an outright failure. I see several factors that resulted in this still modest result.

When UkoeHB, the designer / inventor of Seraphis, set out about 2 years ago to implement Seraphis and Jamtis as designed by Tevador, the idea was that he would crown his dev work with a prototype of a wallet that we other devs would then flesh out and improve until it reached production quality and finally became ready for a hardfork.

Unfortunately building a wallet prototype turned out to be out of reach within his work. What he finally built was "only" a general-purpose Seraphis and Jamtis library that could be used to implement, among other things, a wallet. The good news however: That library turned out to be a marvel of solid software engineering and a very good base for our work.

In the first weeks we had so many devs showing interest in contributing work that I started to worry about coordination and finding enough reasonably independent parts of the wallet to work on concurrently. Alas, this never developed into a real problem: For the people without knowledge yet about the Monero codebase the challenge mostly proved to be too daunting, and the people with such knowledge had many additional Monero things on their hands at the same time and couldn't concentrate on the wallet alone.

Still, I can report some pretty good results:

u/j-berman wrote a scanner, a piece of software that reads through the blockchain starting at a specified height and finds all enotes / outputs that belong to a given Monero address - a core part of every wallet. He was using the Seraphis library to do so because that has full "read support" for pre-Seraphis transactions. The encouraging result: The scanner, although still at an early "version 1" so to say, is already faster than the true-and-tried scanner inside the current component called wallet2, up to a surprising 40% when using a remote node.

u/dangerousfreedom1984 originally set out to write something like a frame for a wallet prototype. The bad news: That is still work in heavy progress. The good news: He wrote some nice so-called proofs on the way. For example, the basic code that allows to construct a proof that it was your wallet and not any other that made a particular Seraphis transaction exists already.

jeffro256 joined the workgroup a few months ago. He wrote a new component to read today's wallet files that is fully independent from code that will be retired after getting superseded by the Seraphis library and the Seraphis wallet, which will be essential for a seamless migration. It's nice to have that settled already, but on the other hand this did not further the wallet proper yet.

So, how will things probably continue? I see again a mix of good news and bad news.

All 3 devs mentioned above know their way around the Seraphis library now and are able to productively write code that will be relevant for the switch to Seraphis and Jamtis. I think right now we have more dev capacity working on Seraphis related stuff than other, more general Monero stuff.

On the other hand there are surprising developments on the design front over the last few months. For quite some time it looked as if the designs of Seraphis and Jamtis were complete and set, and we "only" had to implement them.

That has changed on two fronts at once.

jeffro256 started an initiative to fix a weakness of Jamtis that plays a role in connection with possible future third-party blockchain scanning services, somewhat similar to what MyMonero servers are doing today, but much more privacy-friendly. The already long and quite technical discussion starts here. Personally, I would love to see that weakness gone, but it's also a bit disturbing that quite deep changes are on the table for something that looked rock-solid already, and if this gets accepted it means more delays of course.

u/kayabanerve started an even bigger "attack" on the current design of Seraphis: He set out to once and for all get rid of the weakest of Monero's privacy technologies, the rings, by using so called full chain membership proofs. Info about this story can be found here.

On the one hand it would be fantastic to see it implemented, or at least prepared to avoid the potential logistical nightmare of people having to change all their Monero addresses twice. On the other hand this alone may push the hardfork to Seraphis and Jamtis a full year further out, and as a more immediate consequence it will absorb a big chunk of u/j-berman 's capacity while he connects kayabanerve's code with the Seraphis library to test the feasibility of the technology.

Do we have to worry that Seraphis and Jamtis are still years away? If you ask me, Monero as of today stands pretty solid. For all we know, currently we don't have exploits, we don't have spam attacks, and the privacy holds up quite well. This does not look like an emergency of any kind to me.

Still, of course we will try to move much faster in our second year than we did in our first. The signs that we will be able to look good.

If you are a dev and could imagine to become part of this adventure, read our "job offering" page here.

- Reddit -

cross-posted from: https://monero.town/post/444500

Your data is YOUR data!

An iPhone or an Android smartphone collects several megabytes of your personal data every day to Google Servers, even when it is inactive.

Murena smartphones have been designed to offer a different approach to users who care about privacy and data-hungry handsets.

Those smartphones are running the open-source “/e/OS” operating system, which is fully “deGoogled”: by default it doesn’t send any data to Google and it’s been designed to offer a great and natural user experience.

/e/OS is paired with carefully selected applications. They form a privacy-enabled internal system for your Murena smartphone. And it’s not just claims: open-source means auditable privacy.

https://murena.com

https://e.foundation

cross-posted from: https://monero.town/post/444500

Your data is YOUR data!

An iPhone or an Android smartphone collects several megabytes of your personal data every day to Google Servers, even when it is inactive.

Murena smartphones have been designed to offer a different approach to users who care about privacy and data-hungry handsets.

Those smartphones are running the open-source “/e/OS” operating system, which is fully “deGoogled”: by default it doesn’t send any data to Google and it’s been designed to offer a great and natural user experience.

/e/OS is paired with carefully selected applications. They form a privacy-enabled internal system for your Murena smartphone. And it’s not just claims: open-source means auditable privacy.

https://murena.com

https://e.foundation

Your data is YOUR data!

An iPhone or an Android smartphone collects several megabytes of your personal data every day to Google Servers, even when it is inactive.

Murena smartphones have been designed to offer a different approach to users who care about privacy and data-hungry handsets.

Those smartphones are running the open-source “/e/OS” operating system, which is fully “deGoogled”: by default it doesn’t send any data to Google and it’s been designed to offer a great and natural user experience.

/e/OS is paired with carefully selected applications. They form a privacy-enabled internal system for your Murena smartphone. And it’s not just claims: open-source means auditable privacy.

https://murena.com

https://e.foundation

cross-posted from: https://monero.town/post/422188

The Mullvad Browser is a privacy-focused web browser developed in collaboration with Mullvad VPN and the Tor Project. It aims to eliminate data collection and provide user-centric browsing services, ensuring online activity remains private and secure. The browser has the same fingerprinting protection as the Tor Browser, but connects to the internet without Tor Network or VPN instead. The Mullvad Browser provides anti-fingerprinting protections.

The idea is to provide one more alternative – beside the Tor Network – to browse the internet with more privacy. To get as many people as possible to fight the big data gathering of today. To free the internet from mass surveillance.

Here: >> mullvad browser official <<

For the privacy-conscious XMR crowd cross-posted from: https://monero.town/post/422188

The Mullvad Browser is a privacy-focused web browser developed in collaboration with Mullvad VPN and the Tor Project. It aims to eliminate data collection and provide user-centric browsing services, ensuring online activity remains private and secure. The browser has the same fingerprinting protection as the Tor Browser, but connects to the internet without Tor Network or VPN instead. The Mullvad Browser provides anti-fingerprinting protections.

The idea is to provide one more alternative – beside the Tor Network – to browse the internet with more privacy. To get as many people as possible to fight the big data gathering of today. To free the internet from mass surveillance.

Here: >> mullvad browser official <<

🍵 There have been discussions about monero-pow randomX improvements for newer processor versions. One idea came to my mind: How about doing a check if a tee (trusted execution environment) is available?

Those could provide shortcuts to make CPU's more efficient compared to that CPU's that are currently used by ASIC-producers?

AMD:

• Platform Security Processor (PSP)
• AMD Secure Encrypted Virtualization and the
• Secure Nested Paging extension

ARM:

• TrustZone
• Realm Management Extension / Confidential Compute Architecture (CCA)

IBM:

• IBM Secure Service Container, formerly zACI, first introduced in IBM z13 generation machines (including all LinuxONE machines) in driver level 27.
• IBM Secure Execution, introduced in IBM z15 and - LinuxONE III generation machines on April 14, 2020.

Intel:

• Trusted Execution Technology
• SGX Software Guard Extensions
• "Silent Lake" (available on Atom processors)

RISC-V:

• MultiZone™ Security Trusted Execution Environment
• Keystone Customizable TEE Framework
• Penglai Scalable TEE for RISC-V

The Mullvad Browser is a privacy-focused web browser developed in collaboration with Mullvad VPN and the Tor Project. It aims to eliminate data collection and provide user-centric browsing services, ensuring online activity remains private and secure. The browser has the same fingerprinting protection as the Tor Browser, but connects to the internet without Tor Network or VPN instead. The Mullvad Browser provides anti-fingerprinting protections.

The idea is to provide one more alternative – beside the Tor Network – to browse the internet with more privacy. To get as many people as possible to fight the big data gathering of today. To free the internet from mass surveillance.

Here: >> mullvad browser official <<

Cake Wallet can now connect to I2P Monero nodes! Watch it in action on Android! >> Link to Video on Twitter <<