Merge branch 'monero-project:master' into master

plowsof · Mar 10, 2024 · 11082cb · 11082cb
2 parents aaac735 + 883b88d
commit 11082cb
Show file tree

Hide file tree

Showing 8 changed files with 84 additions and 11 deletions.
diff --git a/.github/workflows/hashes.yaml b/.github/workflows/hashes.yaml
@@ -46,18 +46,18 @@ jobs:
               filename="${the_line[$length]}"
               echo "${filename}"
           }
-          # expects cli files between lines 2-13 and gui 14-18 (comments do not count, 1st line = 0)
-          # to add a new file to the cli, $num must be -gt 1 and -lt 15.
-          # gui $num is now -gt 14 and -lt 20 (new line has been added above)
+          # expects cli files between lines 2-14 and gui 15-19 (comments do not count, 1st line = 0)
+          # to add a new file to the cli, $num must be -gt 1 and -lt 16.
+          # gui $num is now -gt 15 and -lt 21 (new line has been added above)
           # a new gui file will only increase the -lt number by 1
           # changes to extensions / new files must be reflected in the cli_files / gui_files lists below
           num=0
           for line in "${lines[@]}"; do
-              if [ $num -gt 1 ] && [ $num -lt 14 ] ; then
+              if [ $num -gt 1 ] && [ $num -lt 15 ] ; then
                   #CLI
                   filename=$(get_filename "${line}")
                   filenames_cli+=("${filename}")
-              elif [ $num -gt 13 ] && [ $num -lt 20 ] ; then
+              elif [ $num -gt 14 ] && [ $num -lt 21 ] ; then
                  #GUI
                   filename=$(get_filename "${line}")
                   filenames_gui+=("${filename}")
@@ -71,6 +71,7 @@ jobs:
           "monero-freebsd-x64-${version_cli}.tar.bz2" \
           "monero-linux-armv7-${version_cli}.tar.bz2" \
           "monero-linux-armv8-${version_cli}.tar.bz2" \
+          "monero-linux-riscv64-${version_cli}.tar.bz2" \
           "monero-linux-x64-${version_cli}.tar.bz2" \
           "monero-linux-x86-${version_cli}.tar.bz2" \
           "monero-mac-armv8-${version_cli}.tar.bz2" \
@@ -140,6 +141,7 @@ jobs:
                       *cli/linux32) filename=monero-linux-x86 ;;
                       *cli/linuxarm8) filename=monero-linux-armv8 ;;
                       *cli/linuxarm7) filename=monero-linux-armv7 ;;
+                      *cli/linuxriscv64) filename=monero-linux-riscv64 ;;
                       *cli/androidarm8) filename=monero-android-armv8 ;;
                       *cli/androidarm7) filename=monero-android-armv7 ;;
                       *cli/freebsd64) filename=monero-freebsd-x64 ;;

diff --git a/_data/downloads.yml b/_data/downloads.yml
@@ -80,6 +80,11 @@ cli:
      link: https://downloads.getmonero.org/cli/linuxarm7
      icon: icon-linux
      vers:
+   - platform: Linux RISC-V 64-bit 
+     hash: 
+     link: https://downloads.getmonero.org/cli/linuxrisc64
+     icon: icon-linux
+     vers:
    - platform: Android ARMv8
      hash: 6d9c7d31942dde86ce39757fd55027448ceb260b60b3c8d32ed018211eb4f1e4
      link: https://downloads.getmonero.org/cli/androidarm8

diff --git a/_i18n/en.yml b/_i18n/en.yml
@@ -169,6 +169,9 @@ merchants:
   centrexchangesp: If you prefer to use centralized exchanges, here is a list of renowned CEXes and swappers. Many more exchanges support Monero, we list here only a few reputable ones.
   cexp: Centralized exchanges that offer exchanging Monero for national currencies and cryptocurrencies.
   swappersp: Swappers let users exchange XMR for other cryptocurrencies.
+  basicswapdexdesc: Decentralized P2P atomic swaps with a strong focus on the user experience.
+  visitbasicswapdex: Visit BasicSwapDEX
+  setreq: Setup required
 
 sponsorships:
   intro: The following businesses actively support the Monero Project in its goal to bring financial privacy to the world. We couldn't be more grateful for their contributions. If you would like to sponsor the Monero Project and be listed on this page, please send an email to [email protected].
@@ -942,6 +945,8 @@ library:
   zkbasicscheatsheet20220621p: >
     A lightly theoretical interlude (hopefully still gentle, trying to stress concepts more than formalism and selecting the approached topics) to lay the foundations for Bulletproof and other future Zero-Knowledge-related features, if any.
   newsletters: Newsletters
+  revuomonero: >
+    Revuo Monero is a weekly newsletter where you can find the most recent Monero news.
   themonerostandard: >
     Monero Standard is a weekly publication by recanman, providing up-to-date news and information on the Monero protocol.
     In addition to covering the latest developments in the Monero community, The Monero Standard also includes a weekly price chart, mining pool chart, blockchain statistics, and even a Meme of the Week.

diff --git a/_posts/2024-03-08-clsag-security-proof-revisions.md b/_posts/2024-03-08-clsag-security-proof-revisions.md
@@ -0,0 +1,40 @@
+---
+layout: post
+title: CLSAG security proof revisions
+summary: Issues with CLSAG formal security proofs were identified. Monero's implementation of CLSAG is not affected.
+tags: [crypto]
+author: Cypher Stack
+---
+
+**TL;DR**: A recent review conducted by Cypher Stack identified issues with CLSAG formal security proofs, and proposed fixes. 
+These fixes don't affect the Monero implementation of CLSAG, so users are not at risk, and no action needs to be taken.
+
+The Monero transaction protocol uses [CLSAG](https://eprint.iacr.org/2019/654), a linkable ring signature construction, to authorize transactions.
+The CLSAG preprint and implementation were written by Monero contributing researchers and developers, and improve on an earlier design, [MLSAG](https://eprint.iacr.org/2015/1098).
+
+The [Zano](https://zano.org/) team recently engaged Cypher Stack, an applied cryptography consultancy, to review [d/v-CLSAG](https://github.com/hyle-team/docs/tree/master/zano/dv-CLSAG-extension), their generalization of CLSAG.
+This generalization is intended to accommodate different types of transactions that the Zano protocol supports, but retains much of the original CLSAG design and security model.
+Because of this, as part of Cypher Stack's review of d/v-CLSAG, aspects of the original CLSAG preprint were reviewed as well.
+
+Cypher Stack identified two issues with formal security proofs that also apply to CLSAG, and proposed updates to the proofs and protocol description to address them.
+Neither the existing Monero implementation of CLSAG nor the in-progress Zano implementation of d/v-CLSAG is affected by these issues, so users are not at risk and no action needs to be taken.
+Despite no vulnerabilities resulting from the findings, Cypher Stack responsibly disclosed the findings to Monero contributing researchers.
+
+The review report, which details the findings, is [available](https://github.com/cypherstack/zano-clsag-review/releases/tag/final).
+While it is quite technical in nature, we encourage interested researchers and others to read it.
+
+The first finding applying to CLSAG concerns an argument in an unforgeability proof that references an earlier signature design, [LSAG](https://eprint.iacr.org/2004/027).
+The argument in LSAG fails to identify an implicit requirement that certain parts of verification equations be nonzero.
+While the argument is somewhat more subtle in CLSAG and d/v-CLSAG, there are several ways it can be addressed.
+Both the Monero and Zano implementations already check that certain values in verification are nonzero, so they are not affected by this finding.
+
+The other finding that applies to CLSAG deals with another technical aspect of the unforgeability proof relating to how the proof reduces to a certain discrete logarithm hardness problem.
+Essentially, the proof shows that if there existed a way to forge a CLSAG signature, there would be a way to break a cryptographic problem that is widely believed to be infeasible.
+Because of the way certain operations in the proof are performed, the method of analysis does not formally hold.
+The review proposes a modification to the security proof that uses a different, and more standard, hard cryptographic problem instead.
+Making this change doesn't affect the CLSAG protocol or any implementations, but ensures the formal proof is fixed.
+
+Formal analysis in applied cryptography is challenging and subtle, and it's not uncommon to discover issues in security proofs.
+Cypher Stack hopes these findings, and the proposed proof updates, will be useful to the ecosystem.
+
+Onward!
diff --git a/community/merchants/index.md b/community/merchants/index.md
@@ -85,6 +85,25 @@ meta_descr: merchants.descr
           </div>
         </div>
       </div>
+      <div class="right half no-pad-sm col-lg-6 col-md-6 col-sm-12 col-xs-12">
+        <div class="info-block">
+          <div class="center-xs">
+            <img class="merch" src="/img/merchants/basicswapdex.png" alt="BasicSwapDEX Logo" title="BasicSwapDEX">
+            <p>{% t merchants.basicswapdexdesc %}</p>
+          </div>
+          <div>
+            <p><b>{% t merchants.cardfoss %}</b> <span class="check"></span></p>
+            <p><b>{% t merchants.noncustodial %}</b> <span class="check"></span></p>
+            <p>{% t merchants.cardkyc %} <span class="check"></span></p>
+            <p><b>XMR &#8596; fiat:</b> <span class="cross"></span></p>
+            <p><b>{% t merchants.cardonion %}</b> {% t merchants.setreq %} </p>
+            <p><b>{% t merchants.cardi2p %}</b> <span class="cross"></span></p>
+          </div>
+          <div class="center-xs">
+            <p><a href="https://basicswapdex.com" class="btn-link btn-fixed btn-primary-top">{% t merchants.visitbasicswapdex %}</a></p>
+          </div>
+        </div>
+      </div>
     </div>
     <div class="full col-lg-12 col-md-12 col-sm-12 col-xs-12">
       <div class="info-block">
@@ -94,20 +113,19 @@ meta_descr: merchants.descr
         <p>{% t merchants.cexp %}</p>
         <ul class="logo">
             <li><a href="https://www.kraken.com/">Kraken</a> (EUR*, USD*, CAD, GBP, JPY, AUD, CHF)</li>
-            <li><a href="https://www.binance.com/trade.html?symbol=XMR_BTC">Binance</a> (USD, EUR, RUB, TRY, NGN, UAH, KZT, INR, ...)</li>
             <li><a href="https://dvchain.co/">DV Chain (OTC)</a> (USD*, CAD*, GBP*, EUR*, JPY*, ...)</li>
             <li><a href="https://www.bitfinex.com/">Bitfinex</a> (USD*)</li>
-            <li><a href="https://bitcoinvn.io?deposit=vnd&settle=xmr">BitcoinVN</a> (VND)</li>
+            <li><a href="https://bitcoinvn.io?deposit=vnd&settle=xmr">BitcoinVN</a> (VND*)</li>
           </ul>
           <p>*Fiat currency to Monero trading pair (e.g. XMR/USD, XMR/EUR)</p>
         <h3>Swappers</h3>
         <p>{% t merchants.swappersp %}</p>
         <ul class="logo">
             <li><a href="https://fixedfloat.com/">Fixedfloat</a></li>
-            <li><a href="https://sideshift.ai/">Sideshift.ai</a></li>
             <li><a href="https://simpleswap.io/">SimpleSwap</a></li>
             <li><a href="https://changenow.io/">ChangeNow</a></li>
             <li><a href="https://godex.io/">Godex</a></li>
+            <li><a href="https://stealthex.io/">StealthEX</a></li>
           </ul>
       </div>
     </div>

diff --git a/downloads/index.md b/downloads/index.md
@@ -168,11 +168,12 @@ meta_descr: downloads.intro
                     <ul>
                       <li class="downloads"><span class="icon-linux"></span><a class="orange" href="https://downloads.getmonero.org/cli/linux64">Linux 64-bit</a> | <a class="orange" href="https://downloads.getmonero.org/cli/linux32">32-bit</a></li>
                       <li class="downloads"><span class="icon-linux"></span><a class="orange" href="https://downloads.getmonero.org/cli/linuxarm8">Linux ARMv8</a> | <a class="orange" href="https://downloads.getmonero.org/cli/linuxarm7">Linux ARMv7</a></li>
-                      <li class="downloads"><span class="icon-freebsd"></span><a class="orange" href="https://downloads.getmonero.org/cli/freebsd64">FreeBSD 64-bit</a></li>
+                      <li class="downloads"><span class="icon-linux"></span><a class="orange" href="https://downloads.getmonero.org/cli/linuxrisc64">Linux RISC-V 64-bit</a></li>
                     </ul>
                   </div>
                   <div class="col-md-4 col-sm-4 col-xs-4 desktop-only">
                     <ul>
+                      <li class="downloads"><span class="icon-freebsd"></span><a class="orange" href="https://downloads.getmonero.org/cli/freebsd64">FreeBSD 64-bit</a></li>
                       <li class="downloads"><span class="icon-github"></span><a class="orange" href="https://github.com/monero-project/monero" target="_blank">{% t downloads.sourcecode %}</a></li>
                       <li class="downloads"><span class="icon-git"></span><a class="orange" href="https://downloads.getmonero.org/cli/source">{% t downloads.sourcearchive %}</a></li>
                     </ul>

diff --git a/img/merchants/basicswapdex.png b/img/merchants/basicswapdex.png
diff --git a/library/index.md b/library/index.md
@@ -47,10 +47,12 @@ meta_descr: library.description
         <div class="info-block text-adapt">
             <h2>{% t library.newsletters %}</h2>
             <div>
-                <h3><a href="https://localmonero.co/the-monero-standard">The Monero Standard</a></h3>
-                  <p>{% t library.themonerostandard %}</p>
                 <h3><a href="https://monero.observer/tag/blitz/">Monero Observer Blitz</a></h3>
                   <p>{% t library.moneroobserverblitz %}</p>
+                <h3><a href="https://revuo-xmr.com/">Revuo Monero</a></h3>
+                  <p>{% t library.revuomonero %}</p>
+                <h3><a href="https://localmonero.co/the-monero-standard">The Monero Standard</a></h3>
+                  <p>{% t library.themonerostandard %}</p>
             </div>
         </div>
     </section>