Post-Quantum : Monero

[CEO]

Hello

FCMP++ enhances Monero’s quantum resistance by providing forward secrecy, ensuring that a quantum adversary cannot break the privacy of past transactions even if they solve the ECDLP.

By replacing ring signatures with full chain membership proofs, it eliminates vulnerabilities that quantum computers could exploit to deanonymize transactions.

While FCMP++ does not make Monero fully quantum resistant due to its continued reliance on ECC and RingCT vulnerabilities, it is a critical step toward integrating post quantum cryptography, such as lattice or hash based schemes, in future upgrades.

Combined with Monero’s proactive research and hard fork adaptability, FCMP++ strengthens its position as a privacy centric cryptocurrency resilient to emerging quantum threats.

Reference.

Blog: Full-Chain Membership Proofs Development

A CCS to develop Full-Chain Membership Proofs has been successfully funded.

www.getmonero.org

Veridise Audit: Monero FCMP++ PDF.

 

[void]

as the latest events from Aug showed Monero faces far bigger challenges than quantum computing - even the biggest enthusiasts now probably understand it's no money, it's not safe and holding wealth in Monero is foolish

 

[JohnnyDoe]

as the latest events from Aug showed Monero faces far bigger challenges than quantum computing - even the biggest enthusiasts now probably understand it's no money, it's not safe and holding wealth in Monero is foolish

It’s not intended to be used for holding wealth. Despite the challenges though, it’s holding value quite well.
The upcoming update will solve the problem (which could have affected btc too some time in the past) and increase transaction speed.

 

[void]

the safety of the asset is equivalent to the level of decentralization and energy burnt to back the network - having that said it's a tough spot to be in for Monero to gain more significance no matter how sexy features it offers, as an L2 over BTC it might be more useful

 

[JohnnyDoe]

Anonymous>pseudonymous.

 

[void]

Anonymous>pseudonymous.

pseudonymous>anonymous

 

[JohnnyDoe]

pseudonymous>anonymous

Only anonymous=private. You could do handstands and achieve privacy with your btc, but xmr comes with privacy as a standard feature.
Xmr is therefore superior as a cash payment system.
Btc too was intended to be “electronic cash” for “online payments” (Nakamoto, 2008), but it seems to be something else today.

As for the majority attack, it was already well described by Nakamoto: “The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.”
But there are solutions.

 

[void]

first of all, I'm not advocating for anything... it's just an academic discussion

Only anonymous=private.

agreed

You could do handstands and achieve privacy with your btc, but xmr comes with privacy as a standard feature.

true

Xmr is therefore superior as a cash payment system.

it's maybe a superior technical solution/implementation of a payment (cash if you will) system but its underlying asset is no money

Btc too was intended to be “electronic cash” for “online payments” (Nakamoto, 2008), but it seems to be something else today.

we have no clue what he meant and to me it's not important whatsoever - important is what it became which is a superior layer for conservation of energy (i.e. money)

As for the majority attack, it was already well described by Nakamoto: “The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.”

and that's exactly why XMR is insecure as it doesn't have enough decentralized energy behind it - it could probably serve as a useful transport protocol and temporary rails to move money though
just like cashu, fedimint, LN, stable coins (putting aside these are mostly backed by fiat instead of BTC) - i.e. solutions that bring additional features (like bearer instrument, speed, instant centralized settlement, ....) in exchange for losing security or accepting (temporary) counter party risk, etc.

 

[JohnnyDoe]

we have no clue what he meant and to me it's not important whatsoever - important is what it became which is a superior layer for conservation of energy (i.e. money)

To me he seems very clear. “Electronic cash for online payments” doesn’t leave anything to interpretation.
Cash can also be used for many other things, but its purpose is not accumulation.

and that's exactly why XMR is insecure as it doesn't have enough decentralized energy behind it - it could probably serve as a useful transport protocol and temporary rails to move money though
just like cashu, fedimint, LN, stable coins (putting aside these are mostly backed by fiat instead of BTC) - i.e. solutions that bring additional features (like bearer instrument, speed, instant centralized settlement, ....) in exchange for losing security or accepting (temporary) counter party risk, etc.

People transact with what works. Monero isn’t trying to be a vault for generational wealth. Cash doesn’t need to “conserve energy,” it needs to settle fast, privately, and reliably.

The August scare proved something important: when hashrate concentration pops up, the Monero network reacts. Bitcoin couldn’t even agree on block size without a civil war.

Xmr today is the only thing left in crypto that actually behaves like cash.

 

[void]

To me he seems very clear. “Electronic cash for online payments” doesn’t leave anything to interpretation.

I don't think you design a tool for ONLINE payments and at the same time hardcode difficulty adjustment to achieve ~10min period of mining a block (not mentioning the fact that he was perfectly aware from the very beginning that one confirmation is not enough and chain can legitimately split by design) - this TO ME clearly implies that "online" didn't mean "instant" or "fast"

Cash can also be used for many other things, but its purpose is not accumulation.

yes, that's a sensible assumption - means of exchange - which also says there is no need whatsoever this kind of cash to be permissionless and trustless - there is absolutely no reason why we shouldn't/couldn't use custodial and centralized rails to achieve instant, reliable and cheap settlement IF you're free to choose which technology/provider you want and it's backed by true money

People transact with what works. Monero isn’t trying to be a vault for generational wealth. Cash doesn’t need to “conserve energy,” it needs to settle fast, privately, and reliably.

fair enough... but the money (tool that reliably conserves energy and allows for transfer of generational wealth in time and space) must be underneath as a settlement base layer - otherwise you end up with fractional reserve system, dilution and fiat money

The August scare proved something important: when hashrate concentration pops up, the Monero network reacts. Bitcoin couldn’t even agree on block size without a civil war.

agreed, yet this lack of flexibility and sign of ossification is not a bug but a desirable feature

Xmr today is the only thing left in crypto that actually behaves like cash.

could be...
XMR is like a brass coin - no bearer value of the metal itself, just flexible, private and fast tool, however what you hold in the end is nothing
Cashu for example is an ultimate electronic bearer instrument, even more flexible, even faster, even cheaper, more private, what it represents is the real eternal value BUT involves trust in the mint the user has voluntarily chosen

as usual... art of compromise

 

[JohnnyDoe]

The fact is that today, whenever I have the option, I choose xmr for payments.

 

[Columbus]

I don't think you design a tool for ONLINE payments and at the same time hardcode difficulty adjustment to achieve ~10min period of mining a block (not mentioning the fact that he was perfectly aware from the very beginning that one confirmation is not enough and chain can legitimately split by design) - this TO ME clearly implies that "online" didn't mean "instant" or "fast"


yes, that's a sensible assumption - means of exchange - which also says there is no need whatsoever this kind of cash to be permissionless and trustless - there is absolutely no reason why we shouldn't/couldn't use custodial and centralized rails to achieve instant, reliable and cheap settlement IF you're free to choose which technology/provider you want and it's backed by true money



fair enough... but the money (tool that reliably conserves energy and allows for transfer of generational wealth in time and space) must be underneath as a settlement base layer - otherwise you end up with fractional reserve system, dilution and fiat money


agreed, yet this lack of flexibility and sign of ossification is not a bug but a desirable feature


could be...
XMR is like a brass coin - no bearer value of the metal itself, just flexible, private and fast tool, however what you hold in the end is nothing
Cashu for example is an ultimate electronic bearer instrument, even more flexible, even faster, even cheaper, more private, what it represents is the real eternal value BUT involves trust in the mint the user has voluntarily chosen

as usual... art of compromise

These things are interesting but too complicated.

I personally like LTC, very low fees, and transaction is settled in 7-15 minutes.