The MMGen Project

Is there a moral element to cryptographic work? Cryptography rearranges power. It configures who can do what, and to whom. That makes it political by nature, and it gives anyone who builds it a moral position whether they want one or not. Rogaway argued that his colleagues had spent decades treating encryption as pure mathematics, a set of elegant puzzles with no politics attached. Over the same decades the world assembled the most complete surveillance apparatus in history. He told a room full of cryptographers that their claimed neutrality had been a kind of failure, and that the discipline owed the public secure, decentralized systems ordinary people could actually use. That is the gap DarkFi was built to close.

Today a crazy quantum story just got wilder. On March 31, the Google Quantum AI team published a landmark result on Shor's algorithm for elliptic curve cryptography. Technically, the paper was a bombshell: a dramatic 10x improvement over the state-of-the-art. As a stunt and wakeup call to the blockchain space, those optimisations were illustrated on secp256k1, the elliptic curve underlying Bitcoin and Ethereum signatures. But perhaps the most striking part of the paper was sociological, not technical. Instead of following standard academic process, the optimisations were kept secret, hidden behind a zero-knowledge (ZK) proof. Google's accompanying blog post mentions they "engaged with the U.S. government". The ZK proof demonstrates the existence of algorithmic improvements without leaking details. Academic censorship with ZK, a historic first! As a co-author of the Google paper I witnessed some of the context surrounding this censorship. To be honest, multiple aspects of that context don't sit well with me. As much as I believe the general public ought to know more, I am limited in my ability to whistleblow. Though let me be clear about one thing: the Google team's professionalism has been absolutely exemplary, and they deserve nothing but praise. Censorship has a way of backfiring. The Streisand effect, where an attempt to bury something only draws more attention to it, is exactly what's unfolding today. First, Google's key optimisation has been rediscovered by the French. And in a thrilling turn of events, a collaborative Shor-at-home challenge just launched. The initiative, available at ecdsa[.]fail, breached a new Shor world record in a matter of hours. Let's start with the rediscovery. Just two months after Google's paper, French quantum expert André Schrottenloher cracks the main secret optimisation. His paper, titled "Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms", landed on the arXiv today. Big congrats to André, who beat several other nerdsnipped experts to it. In a blog post also published today, Craig Gidney, the world expert on Shor optimisations, revealed that he'd been sitting on this very optimisation for a whole year under censorship pressure. Interestingly, André missed a handful of minor optimisations, both from Google's original publication and from improvements found since. It's plausible there's still plenty of juice left to squeeze out of Shor, and this is exactly what the ecdsa[.]fail challenge is about. The verifier program developed for the ZK proof does double duty, automatically filtering for valid submissions. Dozens of compounding small and micro improvements are rolling in. As of the time of writing there's an 8.4% improvement to Google's circuit, as measured by the product of logical qubit count and Toffoli gate count. Nice! The nerdsnipping ran deeper than anyone expected. Over the last few weeks it became clear it extended well beyond André and other quantum experts. Behind the scenes, a small army of amateurs quietly got to work. Inspired by Karpathy-style autoresearch, they turned AI on Shor. Ironically, the verifier program for the ZK proof makes an ideal reward function for AIs. The barrier to entry for this modern style of research is refreshingly low, with several non-experts, even a teenager, finding nice optimisations. Get in touch if you'd like to join a Telegram group with fellow autoresearchers :) Part 2: neutral atoms and qday The story doesn't end with Google. On the same day Google went public, a stealthy startup called Oratomic published its own Shor paper in a coordinated release. It made a splash, ultimately becoming the most upvoted paper on scirate[.]com, a website ranking arXiv papers. Oratomic's claim was wild. By building on Google's logical optimisations and applying custom physical optimisations for neutral atoms, they claimed just 10K physical qubits were sufficient to run Shor's algorithm on secp256k1. That number is mind-bogglingly low. Knowing essentially nothing about neutral atoms when Oratomic's paper landed, I was intrigued and decided to learn more about the tech. I fell straight down the rabbit hole and spent a couple hundred hours on the topic. I got a little obsessed and watched every YouTube video I could find and spoke to a bunch of experts. My conclusion? The tech is real, very real. Even Google recently decided to start a neutral atom lab, a notable pivot from their sole focus on superconducting qubits. If you care about qday, i.e. the day a quantum computer will break the first piece of cryptography in production, neutral atoms demand your attention. I shared some of my learnings on Shor and neutral atoms in a 30min talk at the ZKProof cryptography conference. You can find it on YouTube by searching "zkproof neutral atom". Here's an interesting observation about this duo of breakthrough papers: neither Google nor Oratomic say a word about what their results mean for qday. No timelines. Zero. Nada. That is especially baffling given that the whole point of whitehat quantum cryptanalysis is to inform qday estimations and help the general public make good decisions. So let me attempt to partially fill the silence, similarly to what Scott Aaronson did in his April 29 post. Given everything I know, including scary non-public information, I now put the odds of qday by 2032 at 50%. 10% by 2030. Anecdotally, the US government has its own date: 2035. Originating at the NSA and later adopted by NIST, it's when branches of the US government will be disallowed from using quantum-vulnerable cryptography. In plain language: with hindsight, that date is a joke and should be discounted entirely. I don't see how NIST avoids being forced to pull it forward by years. Part 3: post-quantum cryptography There are good reasons to sound the alarm today, but please do not panic. Rushing carelessly towards immature post-quantum cryptography is a recipe for disaster. IMO a good target date for migration is 2029, roughly 3.5 years out. 2029 happens to be the date selected by Google, Cloudflare, and the Ethereum Foundation. These days most of my time goes to safely migrating Ethereum towards post-quantum cryptography as part of the broader lean Ethereum effort. There's a lot to do. We need to rip out and replace BLS signatures at the consensus layer, KZG commitments at the data layer, and ECDSA signatures at the execution layer. The plan to get there is compelling, and is based on hash-based cryptography. Within the Ethereum Foundation we've developed a Swiss army knife called leanVM (github[.]com/leanEthereum/leanVM) powered by the magic of hash-based SNARKs. Thanks to truly exceptional work by Emile, Thomas, and others, its performance is derisked. Regarding security, leanVM is a jewel, a minimal zkVM crafted for end-to-end formal verification and maximum security. Want to help? There are two $1M initiatives. First, the Proximity Prize (proximityprize[.]org). Solve a long-standing mathematical conjecture in coding theory, improve hash-based SNARKs, and go home a millionaire. Second, the Poseidon Initiative (poseidon-initiative[.]info), offers $1M for breaking Poseidon, the SNARK-friendly hash function.

Nobody is fully sovereign. Sovereignty exists on a spectrum. It’s not a destination; it’s a direction. Every day, through your decisions, you become either more sovereign or less sovereign. I actually believe many people can get significantly closer to sovereignty with a disciplined ten-year plan. Most don’t, not because it’s impossible, but because they want a one-year plan. The desire for shortcuts and perfection is often the very thing that keeps people trapped. I know this because my audience is full of people who have been steadily moving in that direction for years. They didn’t achieve it overnight. They did it by consistently making choices that increased their freedom, reduced dependencies, and aligned their incentives with their long-term goals. Sovereignty isn’t built in a moment. It’s built one decision at a time. It’s also built by understanding the rules of the game, which is why I spend so much time helping people understand how the world really works based on my own experience. The more you understand the architecture (money, debt, taxation, regulation, incentives, institutions, and power), the more choices become available to you. Most people spend their lives analyzing personalities. I prefer to analyze systems. People come and go. Architecture endures. If you understand the architecture, you can navigate it, avoid its traps, and steadily move toward greater sovereignty over time.

Stories like this are the reason "nothing to hide" misses the point. On a transparent chain, your wallet is a public balance sheet. Anyone with a block explorer can see how much you hold, who you transact with, and how often. Add one doxxing event, and that data has your name on it. Privacy-by-default crypto doesn't just protect your activity. It removes the public balance sheet that turns people into targets. 🔒

Every obedience experiment in history had the same overlooked finding. Not everyone complied. In Milgram’s lab, 35% refused to deliver the final shock. In Asch’s line experiments, 25% never conformed, not once, across any trial. In Zimbardo’s prison, at least one guard refused to dehumanize. One prisoner demanded a lawyer instead of a doctor and broke the psychological frame entirely. We spent decades studying the ones who obeyed. We barely asked what made the others different. That question matters more now than it ever has. The resisters in the COVID era were not difficult to find. Physicians who filed exemptions and lost their licenses. Nurses who walked away from careers rather than mandate patients into decisions they hadn’t genuinely chosen. Scientists who published contrary data knowing what it would cost them. Parents who stood alone at school board meetings. Ordinary people who simply said, quietly, without drama , no. What made them different? Research consistently identifies a cluster of factors. Not personality traits you either have or don’t. Situational and cognitive patterns that can be cultivated. First: prior reflection on authority. The resisters had usually thought, before the crisis, about the limits of institutional trust. They weren’t cynics. They were people who had already asked the question “under what conditions would I refuse?” before anyone was asking them to comply. Second: a concrete reference point outside the consensus. A value, a principle, an oath, a relationship that existed independently of the institutional structure demanding compliance. Something the system couldn’t reach. Third: at least one other person. Milgram found that a single dissenting confederate reduced compliance dramatically. The resisters rarely stood entirely alone. They found each other. Sustained each other. Gave each other permission. Fourth: the willingness to tolerate social pain. Not immunity to it. Tolerance of it. They felt the pressure. They felt the exclusion. They chose the discomfort of integrity over the comfort of belonging. None of this is innate. All of it is learnable. The most important thing Milgram, Asch, and Zimbardo taught us is not how fragile conscience is. It’s that conscience can hold, if you’ve trained it, named its limits, and found even one other person willing to hold theirs beside you. Build that now. Because the experiment is always running. Until then stay humble.

At this stage of my life, I’m focused on educating people about the system so they can protect themselves and withdraw their support from the financial-industrial complex wherever possible. To share the things others may not be able to say, and the experiences others may not have had. I’m doing it without sponsors, monetization, or a business upsell. After becoming sovereign and exiting compromise networks, I learned how to remain uncompromised. Now I share what I’ve learned. Many people who achieve sovereignty stop showing up for the next generation. I haven’t. I’m still here to help anyone who wants to listen. No deception. No distortion. No tailoring the message for personal gain. Nothing to sell. Just sharing what I’ve learned so others can make informed decisions and protect their future. It took me 25 years to get to this position, and I’ve already made many of the biggest mistakes. My goal isn’t popularity. It’s accuracy, as I see it. Agree or disagree, at least you’ll know what I genuinely believe. And I offer solutions after every interview, because most people are trying to win a game without knowing the rules. By design. Whether you agree with me or not is your choice. Whether you like me or not is irrelevant. Take what is useful. Discard what isn’t. My job is to share what I’ve learned. What you do with it is up to you.

everyone is focused on asia vs europe more interesting story is europe vs africa europe’s stablecoin growth is institutional mica, tokenized treasuries, corporate settlements, regulated markets africa’s growth is necessity-driven, people aren’t adopting stablecoins because they’re bullish on crypto, they’re adopting them because local currencies keep losing purchasing power, access to dollars is limited and remittances remain expensive the numbers are telling: - europe accounts for roughly $585b of adjusted stablecoin payment volume per quarter (13% of global volume, according to a16z q1 2026) - sub-saharan africa processed over $88b in stablecoin volume over the last year, growing +52% yoy (according to chainalysis) - nigeria alone represents roughly 40% of africa’s stablecoin market and has become one of the largest real-world stablecoin economies globally europe has more capital - africa has more urgency one region adopts stablecoins for efficiency the other adopts them because they solve real problems: - inflation - currency devaluation - remittances - access to dollars that’s a completely different adoption curve my guess: within the next 1–2 years, africa could become the largest real-world stablecoin adoption story outside asia not because institutions are driving it, but because stablecoins solve a much bigger problem there europe is building a regulated stablecoin market africa is building a stablecoin economy.

🇦🇷 Peter Thiel has temporarily relocated his family to Argentina, purchased a $12 million mansion in one of Buenos Aires’ most exclusive neighborhoods, and enrolled his children in local schools. 🇺🇸 When a state like California starts introducing a wealth tax, it is not because politicians are socialist or stupid. It’s because they want to drive out the wealthy on purpose and reduce the tax base, deliberately asset-stripping the state for private institutional ownership that can use the tax code to secure exemptions and advantages. It’s not because politicians are stupid. It’s not because they are radical left-wing communists. That’s the narrative that keeps you locked into the belief that the left has the back of the poor, while the right gets to point at the left when the state goes to shit. It’s because the state is being acquired by the financial-industrial complex, and the resulting civil unrest serves the private prison sector of the military-industrial complex. At the same time, they install a police and surveillance system that benefits the technological-industrial complex powered by Palantir. The same one Peter Thiel works for. It’s a business model. Anywhere you see a wealth tax, it’s an end-game asset-stripping exercise that gives more power to the wealthy, not less. They are not coming after billionaires. They are transferring wealth to billionaires. By design. ALL POLITICIANS WORK FOR THEIR CORPORATE LOBBIES. Stop believing in left-versus-right politics. It’s a distraction from the reality that you vote with your money.

Jamtis: Why a new address format? When Monero was created in 2014, it inherited the CryptoNote addressing scheme. Originally, each wallet only had a single public address and payments were disambiguated with payment IDs. In 2017, subaddresses were introduced, which allowed each wallet to generate a virtually unlimited number of seemingly unlinkable addresses. In 2019, a weakness of subaddresses was identified, which allows an attacker to link two subaddresses belonging to the same wallet. This is called the "Janus attack". In 2026, Monero will upgrade to a new transaction protocol called Carrot, which provides mitigations for the Janus attack and offers address-conditional forward privacy (i.e. forward privacy if addresses are kept secret). However, several issues with the legacy addressing scheme remain unresolved: 1. Wallets with publicly known addresses lose nearly all privacy against a quantum-enabled adversary. 2. Wallets that use a third party service for scanning the blockchain lose nearly all privacy. 3. Generating subaddresses requires keeping track of a global counter, which complicates implementations and may cause merchants to prefer legacy integrated addresses. 4. The detection of outputs received to subaddresses is based on a lookup table, which can sometimes cause the wallet to miss outputs. 5. Checking two addresses for equality is difficult for humans because CryptoNote addresses are long and case-sensitive. The goal of Jamtis is to tackle the shortcomings of CryptoNote addresses that were mentioned above. Specifically: 1. Jamtis wallets with publicly known addresses retain a certain level of privacy even against a quantum-enabled adversary. 2. Jamtis wallets using a third-party scanning service retain a certain level of privacy. 3. Jamtis addresses can be safely generated without keeping track of a global counter. 4. Balance recovery for Jamtis wallets can be done reliably without the need to use a precomputed table of keys. 5. Jamtis addresses can be quickly compared thanks to a "visual prefix" consisting of 30 lowercase characters. Jamtis focuses on post-quantum privacy because all past and present Monero transactions are vulnerable to quantum privacy-breaking attacks due to the "harvest now, decrypt later" strategy. Additional goals are: 1. Backward compatibility with Carrot without hard forking changes. 2. Enotes sent to Jamtis addresses are indistinguishable from enotes sent to legacy addresses. 3. Jamtis addresses retain existing security properties of Carrot, especially Janus attack protection. Jamtis also comes with a new 16-word mnemonic scheme called Polyseed that will replace the legacy 25-word seed for new wallets. Non-goals An explicit non-goal of Jamtis is post-quantum soundness. This includes preventing a quantum-enabled adversary from: 1. opening Pedersen commitments to arbitrary monetary values 2. forging spend authorization proofs and linking tags 3. forging membership proofs Past and present Monero transactions are safe from soundness-breaking quantum attacks, assuming no cryptographically relevant quantum computers exist at this moment. Both Carrot and Jamtis support a migration protocol that will be used in a future fully post-quantum upgrade. Read more: https://t.co/ErRZnZziaq