8 Sep 2022 [research]

tevador proposes 'radical idea for forward secrecy and instant wallet sync'

tevador¹ has proposed² a radical idea for forward secrecy and instant wallet sync:

[..] the Diffie-Hellman key exchange will become the weakest point of Monero with respect to forward (or post-quantum) privacy. [..] we can use a 100x faster symmetric key derivation.

The idea is to get rid of the key exchange and that would imply a drastic protocol modification so that every user constructs their own outputs.

Advantages

Smaller public addresses (just 1 pubkey instead of 2-3).
Bypasses the 10 block lock time.³
No publicly observable Diffie-Hellman key exchange.⁴

Disadvantages

The recipient learns the e-notes that are being spent.
Each output needs a separate range proof, which is less efficient.
The sender needs a private communication channel with the recipient to pass the partial transaction.

Consult MRL issue #106² to learn more about the technical details of this proposal.

https://github.com/tevador ↩
https://github.com/monero-project/research-lab/issues/106 ↩ ↩²
https://github.com/monero-project/research-lab/issues/95 ↩
https://wikiless.org/wiki/Diffie%E2%80%93Hellman_key_exchange ↩