Posted by: Sarang Noether, Ph.D.
July 31, 2020
Contributing researchers to the Monero Research Lab and the Monero Audit Workgroup are pleased to announce the results of a recent audit of the CLSAG ring signature construction. As described in this post, CLSAG enables smaller and faster transactions with rigorous security. Users can expect to see these benefits seamlessly integrated into Monero software at the next network upgrade, which will occur in October of this year.
Read the complete audit report by JP Aumasson and Antony Vennard.What is CLSAG?
Monero uses a signer-ambiguous transaction protocol that includes many cryptographic components. One of these is a ring signature construction called MLSAG. When you generate a transaction, one or more MLSAG signatures are generated to obfuscate the signers and amounts in the transaction.
Monero Research Lab contributing researchers developed CLSAG as a drop-in replacement to MLSAG to improve efficiency. Using some simple but clever mathematics, CLSAG signatures achieve the same functionality as MLSAG signatures, but at a much smaller size. And thanks to some optimizations of the underlying cryptography, Monero software can verify CLSAG signatures more quickly.
Security is also improved. Good cryptographic constructions are built with a formal security model in mind. Security models are a way of formalizing the capabilities of hypothetical attackers, and then rigorously proving that such attackers cannot break particular security properties. In the case of CLSAG, for example, the imaginary attacker is given the ability to corrupt honest users to obtain their keys, and to convince honest users to generate specific transactions of the attacker's choosing. CLSAG is proven secure in a more robust security model than was original...