Skip to content

Instantly share code, notes, and snippets.

View jeffro256's full-sized avatar
☢️

Jeffro jeffro256

☢️
45 followers · 10 following
  • data.mdb
View GitHub Profile
@jeffro256
jeffro256 / carrot_followup_audit.md
Last active August 25, 2025 19:35
Carrot follow-up audit proposal

Carrot follow-up audit

Background

Cyperstack finished their audit of Carrot in November of 2024. Since then, a handful of tweaks were made to Carrot that may be worth reviewing. There were also a couple misunderstadings by Cypherstack on the protocol shown in the review because the lack of spec clarity. It makes the most sense to ask Cypherstack to do the follow-up audit since they are already so familiar with Carrot.

Scope

In a nutshell, the scope is the set of changes in the Carrot specification repository since commit dbb04d91d40b68b2a8b82b895acf762c864b4cbc and revisiting some previous assumptions in the first audit.

@jeffro256
jeffro256 / qc_noview_scanning.md
Last active March 8, 2025 18:21
How to View-scan Monero without View Keys, public nor private

How to View-scan Monero without View Keys, public nor private

Requirements

  1. Working quantum computer
  2. Address spend pubkey of target, main or subaddress

How it works

Background

@jeffro256
jeffro256 / roadmap.md
Last active February 16, 2025 18:42
Personal Roadmap for Monero

Jeffro256's Roadmap of Long-term Goals for Monero

In rough order of when I think they could be done.

Known paths forward

  • FCMP++ integration
  • Carrot address protocol integration
  • Carrot key hierarchy wallets
  • Better multisig integration
@jeffro256
jeffro256 / qc_addr_to_seed.md
Last active January 1, 2025 21:06
Extracting Monero Wallet Seeds From Addresses with a Quantum Computer

Extracting Monero Wallet Seeds From Addresses with a Quantum Computer

Wallet Derivation Assumputions

  1. Not multisig
  2. The private spend key is the seed src
  3. The private view key is a hash of solely the private spend key src
  4. Subaddresses are generated by adding the public spend key to a base point multiplied by a scalar hash of the private view key and a small "index" space src

This is not the exact math, but here is a simplified deriviation scheme which preserves all the relationships that we care about:

@jeffro256
jeffro256 / some_cats.md
Created December 12, 2024 02:17
SOME CATS

Short On-chain Memos Encrypted in Carrot Anchors in Two-out Selfsends

What

SOME CATS is a scheme to send 16-byte transaction memos in 2-out transactions using Carrot. SOME CATS memos are:

  • Encrypted - Memos are encrypted to the receiver, optionally visible to the sender as well
  • Indistinguishable - Transactions containing a SOME CATS memo are indistinguishable from normal Carrot transactions
  • Available on-chain - The memo will always be available on-chain as long as its associated transaction is
  • Receiver agnostic - The receiver doesn't need to support SOME CATS to spend funds sent in a SOME CATS transaction, so long as they support the Carrot addressing protocol
@jeffro256
jeffro256 / crib_poet.md
Last active December 6, 2024 22:24
CRIB POET

Carrot Recoverable Indistinguishable Blinded Proof Of Existence before Timestamp

What

CRIBPOET lets you prove you knew about information before some point in time by posting a Carrot transaction from your wallet to the Monero blockchain.

  • Carrot - Uses the Carrot addressing protocol, so any wallet with the new Carrot key hierarchy will have the ability to support this scheme by default
  • Indistinguishable - Uses steganography to look like a regular old 2-out transaction
  • Blinded - The commitment to the information contains a blinding factor that makes it impossible to guess the message from the commitment
  • Recoverable - The blinding factor is recoverable through normal Carrot balance recovery, which means you don't have to keep track of any ephemeral information.