The potential scenario in which future technology (i.e. quantum computers) allows machines to break the security of the discrete log problem poses a threat to the economic security and privacy of the Monero network. FCMP++ mitigates most of the of on-chain privacy concerns posed by a quantum adversary, however, it does not address the economic security threats due to such a machine's ability to forge FCMP++ proofs. Tthe Monero network should migrate to post-quantum (PQ) cryptography before the first working quantum computer is suspected of breaking an Ed25519
jeffro256
/ pq_carrot_fcmp_turnstile.md
Last active
December 4, 2025 18:46
Post-quantum Turnstile Design for Carrot/FCMP++ Enotes
jeffro256
/ compile-fcmp++-stressnet.py
Last active
October 30, 2025 16:24
FCMP++ Alpha Stressnet Builder Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import argparse | |
| import contextlib | |
| import os | |
| import requests | |
| import subprocess | |
| MONERO_REMOTE = 'seraphis-migration' | |
| MONERO_REPO = 'https://github.com/{}/monero.git'.format(MONERO_REMOTE) |
jeffro256
/ carrot_followup_audit.md
Last active
August 25, 2025 19:35
Carrot follow-up audit proposal
Cyperstack finished their audit of Carrot in November of 2024. Since then, a handful of tweaks were made to Carrot that may be worth reviewing. There were also a couple misunderstadings by Cypherstack on the protocol shown in the review because the lack of spec clarity. It makes the most sense to ask Cypherstack to do the follow-up audit since they are already so familiar with Carrot.
In a nutshell, the scope is the set of changes in the Carrot specification repository since commit dbb04d91d40b68b2a8b82b895acf762c864b4cbc and revisiting some previous assumptions in the first audit.
jeffro256
/ qc_noview_scanning.md
Last active
March 8, 2025 18:21
How to View-scan Monero without View Keys, public nor private
jeffro256
/ qc_addr_to_seed.md
Last active
January 1, 2025 21:06
Extracting Monero Wallet Seeds From Addresses with a Quantum Computer
- Not multisig
- The private spend key is the seed src
- The private view key is a hash of solely the private spend key src
- Subaddresses are generated by adding the public spend key to a base point multiplied by a scalar hash of the private view key and a small "index" space src
This is not the exact math, but here is a simplified deriviation scheme which preserves all the relationships that we care about:
SOME CATS is a scheme to send 16-byte transaction memos in 2-out transactions using Carrot. SOME CATS memos are:
- Encrypted - Memos are encrypted to the receiver, optionally visible to the sender as well
- Indistinguishable - Transactions containing a SOME CATS memo are indistinguishable from normal Carrot transactions
- Available on-chain - The memo will always be available on-chain as long as its associated transaction is
- Receiver agnostic - The receiver doesn't need to support SOME CATS to spend funds sent in a SOME CATS transaction, so long as they support the Carrot addressing protocol
CRIBPOET lets you prove you knew about information before some point in time by posting a Carrot transaction from your wallet to the Monero blockchain.
- Carrot - Uses the Carrot addressing protocol, so any wallet with the new Carrot key hierarchy will have the ability to support this scheme by default
- Indistinguishable - Uses steganography to look like a regular old 2-out transaction
- Blinded - The commitment to the information contains a blinding factor that makes it impossible to guess the message from the commitment
- Recoverable - The blinding factor is recoverable through normal Carrot balance recovery, which means you don't have to keep track of any ephemeral information.