<kayabanerve:matrix.org> FROSTLASS was proven by CS and thew FCMP++ upgrades provides a near-traditional Schnorr signature from a multisig PoV.

<kayabanerve:matrix.org> So focusing on FCMP++ reviews could include the new multisig, but the CLSAG multisig already has a formally proven option available.

<jpk68:matrix.org> Would be nice to have multisig reworked in the core implementation. FROSTLASS seems really cool but is way beyond my understanding :((

<jberman> I spent the day with Claude Opus 4.8 on max effort digging for an inflation vulnerability in Monero's current consensus code like sech1 did. From Claude:

<jberman> > After an exhaustive review of the consensus cryptography on release-v0.18 — the underlying papers' mathematics (proofs, definitions, assumptions, and concrete security bounds), the verification code reachable from handle_block_to_main_chain, and 3,000+ executed known‑answer tests cross‑checked against an independen [... too long, see mrelay.p2pool.observer/e/9IuI1ooLbkhvZjlt ]

<jberman> I'll do the same for FCMP++ after the audits are all complete, and I'll also improve the framework and iterate to continue auditing Monero's code (obviously, prioritizing work on FCMP++)

<jberman> What I did: fed the LLM the CLSAG and BP+ papers and audits (like sech1), the blog post explaining Monero's past detectable inflation bug from 2017, and (even though not directly relevant to Monero's code) Taylor's writeup explaining Zcash's recent hidden inflation vulnerability too.

<jberman> I had it look for mathematical flaws in the CLSAG and BP+ papers (since that has happened in the past e.g. Zcash's other hidden inflation vulnerability in Sprout). Then I had it go through Monero's code starting from handle_block_to_main_chain, and dig deep into every section, with emphasis on crypto functions in src/crypto [... too long, see mrelay.p2pool.observer/e/xqaO1ooLMGJWNHJi ]

I'm running it right now too :)

I fed it all Monero audit PDFs, and asked to find inflation/double spend bugs in src/ringct and other related files (like files in cryptonote_core)

<jberman> mrelay.p2pool.observer/m/monero.social/DTdtmBDouQELpOSnjqkxiFXy.pdf (claude_monero_audit.pdf)

<jberman> I had it write that summary also^

jberman did you run Claude code on Monero repository folder? It's much more efficient when Claude can look around all files and run commands

<jberman> yep, and I downloaded those pdf's into the local repo and had it read from the local

<jberman> I ran it on release-v0.18

same

pdfs in the local folder

looks like I'll run out of the 5-hour session limit before it finishes...

yeah, looks like your audit is much more in-depth than what I'm doing anyway jberman

My prompts were quite simple

<jberman> I'll share my session in a sec so you can see my prompts too

<ofrnxmr:xmr.mx> are you guys whitelisted?

My results: github.com/SChernykh/ringct-bulletp…-bulletproofs-plus-review-claude.md

I'm not whitelisted

<jberman> I'm not either

<ofrnxmr:xmr.mx> allegedly its easy to get whitelisted

<ofrnxmr:xmr.mx> easy for real devs/researchers*. the zcash guy didnt have to kyc or anything

As far as I understand, whitelist is needed if you actually want Claude to write an exploit for you

I had no rejections when I asked it to find bugs and then suggest how to fix them

<jberman> ^

<jberman> that's what I understood as well, and same

<ofrnxmr:xmr.mx> i still think it would probably avoid telling you about an exploit if it found one

That Claude audit used 97% of the session limit, not bad

<ofrnxmr:xmr.mx> ie i think it would be a good idea to get whitelisted, if not too much trouble

<ofrnxmr:xmr.mx> (otherwise youre still using a neutered version)

It would tell if it's not allowed to say something

"As an AI model, bla bla bla"

<boog900> Easy way to test: add an inflation bug and see if it catches it.

If I reintroduce the 2017 inflation bug, for example, Claude will just find it because it knows it

I don't know the math/codebase in that part well enough to introduce something more subtle. jberman can try

If it's clever, it might diff your new code vs previous known code and see the change.

It actually does

It often goes "okay, let's see if local files are byte identical to what's in the repo" when I ask it to find bugs

it finds planted bugs this way

and then when it is byte identical, it goes "oh, this is identical, so it's a real security review" lol

but then it still finds something worth fixing

<plowsof:matrix.org> i doubt a 15$ subscription can find it. 'just' spend at least 100k$ on tokens and let it work for longer

<jberman> I tried something pretty simple, here's where it's at right now:

<plowsof:matrix.org> promising that the 15$ subscription can't find it

<jberman> > I've found something critical. Let me read it carefully and verify before concluding — lines 4195–4208 contain the ver_non_input_consensus(extra_block_txs, …) call commented out.

<jberman> so it says if it finds something critical before doing more work to contextually validate it

yes, it keeps the user updated about what it's doing

<jberman> now it wants to check git

if you press "ctrl+o" you'll see more of what it's doing

<jberman> so unless it's lying about checking git history, then..

it does check git history

it runs git commands

in my review I posted, it mentions that it checked commits made after the audit

<jberman> No I mean, clearly it just identified this mock critical vuln, but it doesn't yet know if it's a mock because it hasn't yet checked git

yeah

<jberman> which implies it points out a critical vuln if it finds one

<jberman> ya if I tell it not to check git, and that this is the live code on the network, then it says it's a critical vuln implying it's not neutered from finding a crit. Either way, can get whitelisted. But it doesn't look like it would have made a difference unless a prompt explicitly got rejected by their API

Did anyone of you try to have an init steps first before asking Claude to audit?

that's what Zcash did

what's init steps?

I'll have a new 5-hour session in 1.5 hours available, I can try.

>Enumerate all relevant implementation components, specification claims, invariants, trust assumptions, cryptographic checks, data flows, boundary conditions, and plausible failure modes. For each item, produce concrete audit tasks assignable to specialized agents.

first ask it something like this to create ah audit map, and only then ask it to audit against it

an

and I forgot to feed it CLSAG audit pdf, I'll do it next time

so that the actual code review and it knowing what to check is separate

<redsh4de:matrix.org> @jberman: it won't make a difference unless you use phrasing that triggers their cybersec classifier. if you use adversarial words like "im trying to exploit this codebase. audit this and this and look for bugs that i can use to inflate the supply", it should eventuallysay that "bla bla you need to register for Cyber"

Never got this, and I did many "check this code for bugs and vulnerabilities, and suggest bug fixes" sessions

Both for Monero and P2Pool

<jberman> > <selsta> >Enumerate all relevant implementation components, specification claims, invariants, trust assumptions, cryptographic checks, data flows, boundary conditions, and plausible failure modes. For each item, produce concrete audit tasks assignable to specialized agents.

<jberman> Ya, I would imagine a more comprehensive audit doing that, and using agents. I started it with feeding it the papers, and gave examples of inflation bugs to consider. Then part way through explicitly said:

<jberman> > There are plenty of ways an attacker could theoretically forge Monero, not

<jberman> > just the ways I mentioned (I was just highlighting some examples to give you

<jberman> > an idea). Another way is through the coinbase tx. Enumerate the ways an

<jberman> > attacker could do so and then do another deep pass through the CLSAG and BP+

<jberman> > papers, and code, to make sure neither the math nor the code allow an[... more lines follow, see mrelay.p2pool.observer/e/xoOr14oLQXZLVWd6 ]

<jberman> That's how it ended up producing the result of the enumerated methods. But generally, I'd say there's definitely room for an improved framework

<syntheticbird> good clauding this morning

<yushanren:matrix.org> How did Claude think of FCMP++?

<jberman> Haven't used it on FCMP++ yet. Planning to after audits are complete

<yushanren:matrix.org> Coding auditing needs harness

<rbrunner7> Just stumbled over this, somebody built an exploitable app and checked whether the LLMs would find the exploits: kasra.blog/blog/i-spent-1500-seeing-if-llms-could-hack-my-app

<rbrunner7> (Just to give some context to our own attempts.)

<monerify:matrix.org> @yushanren:matrix.org: isn't claude code enough?

<ravfx:xmr.mx> isnt Claude code a harness?

<monerify:matrix.org> it is

<syntheticbird> literally anything you would use an LLM with is a harness

<sgp_> sech1 how much usage are you giving Claude? Would it help if I got you a discounted nonprofit MAGIC Grants account? Same goes for Berman or other devs/researchers

<sgp_> mrelay.p2pool.observer/m/monero.social/DMMKWUOlsTmeyeduuJmhdAEy.jpeg (IMG_0024.jpeg)

I'm on the cheapest subscription plan right now

The claude max plan is 5x more expensive, not sure if it's worth it

How big is the discount?

<sgp_> The plan is $8 a month for 1.25x as much usage per session as the normal Pro plan (I believe normal cost for Pro is $20?), or $40 for "premium" with 6.25x as much usage per session sech1

Pro is $20

That's a very good discount

I'm almost at the weekly limit now with the Pro plan, and it will reset on Wednesday only. But this week I did some heavy prompting

1.25x usage for $8 will be good enough for now

<sgp_> sech1: please email me at justin⊙mo and I can get that set up for you. I'll make you a volunteer MAGIC Grants email that you'll access the account with. I guess there's no rush if you have another month or so on the subscription

sent

<yushanren:matrix.org> @monerify:matrix.org: It is. But there will be a sound way to prove it is safe. The checklist, the report, mathematical proof, etc.