Overview
Full-Chain Membership Proofs (FCMPs) are a proposed improvement for Monero, aiming to replace the current "ring" method used for sender privacy. Rings, while effective, have some weaknesses such as vulnerability to specific attacks, difficulties with chain reorganizations, and potential for statistical analysis of transactions. FCMPs, however, eliminate these risks by proving that a spent output could be any output on the chain, greatly increasing privacy. For example, this increases the anonymity set for every input from 16 to over 100 million.
Two Proposals for Full-Chain Membership Proofs (FCMPs):
-
Original Proposal (2023):
- Announced at MoneroKon 2023 and intended to work with/after Seraphis (an upgrade to Monero's transaction format).
- Involves two key elements:
- Membership Proof: Verifies that the spent output is one of many outputs.
- Spend Authorization: Proves the output being spent is authorized by the holder of the private key.
- Proposed a method called Grootle Proofs (effectively a ring size of 128).
-
Second Proposal (2024 - FCMP++s):
- Introduced in response to spam attacks and is independent of the Seraphis upgrade.
- Added Spend Authorization + Linkability to improve Monero without requiring a switch to Seraphis.
- Features of this proposal include:
- Transaction Chaining: Allows a transaction to reference another transaction that hasn't yet been mined, enabling layer-two solutions like payment channels.
- Outgoing View Keys: Improves wallet privacy by allowing outgoing transactions to be tracked in a more secure and efficient manner.
- Forward Secrecy: Protects against future quantum computing attacks.
Comparison to Seraphis
- Seraphis introduces all of the features mentioned above but requires a complete migration to a new address format (which would invalidate all old addresses).
- FCMP++s aims to offer these features faster and without the need for a complete migration.
- The actual protocol might launch without all features fully available, with wallets gradually implementing them later.
Technical Details
- FCMP++s are built on Curve Trees and elliptic curve divisors. These concepts aim to make the proof system more efficient and secure.
- The overall design has been mostly specified and is currently undergoing review.
Funding and Contributions
- The development of FCMP++s has been funded, and additional funds are being raised for academic review and auditing.
- Those interested in contributing are encouraged to reach out through the Monero Research Lab on IRC or Matrix.
Final Thoughts
FCMP++s are a significant step forward for Monero's privacy and transaction efficiency. While it won't immediately offer all the new features, it lays the groundwork for improving privacy, transaction security, and the wallet user experience over time, without requiring major migrations or breaking changes to the Monero ecosystem.
Member discussion