HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ianmiers

no profile record

comments

ianmiers
·10 mesi fa·discuss
This is inaccurate and in a hilarious way. Treasury is not coming after Bitcoin. There's an update in an ongoing rulemaking process that got reported here[0] as banning mixing and privacy tools. It may have been blown out of proportion[1], but I am not a lawyer, and certainly banning these tools would be bad. The thing is, Bitcoin's not private—every transaction is public for everyone to download. It's Twitter for your bank account. And that comes with serious privacy, safety, and boring commercial counterparty risks that should be addressed. These kinds of tools exist to mitigate that problem. The irony is that Bitcoin has largely refused to address this obvious issue, so no, Treasury isn't coming for Bitcoin. Indeed, there been years of people arguing Bitcoin would be just fine with no privacy protections. [0] https://www.therage.co/us-government-to-bring-patriot-act-to... [1] https://x.com/valkenburgh/status/1966174324701778071"
ianmiers
·anno scorso·discuss
This is by no means a comprehensive analysis. This analysis misses the most major limitation with Monero's decoy based approach to transaction obfuscation: Eve-Alice-Eve attacks (also known as ABA attacks). It also misses an analysis of the possible insecurity of churning and a significant history of randomness implementation errors and flooding attacks specific to Monero. The exact consequences of some of these attacks remain an open question, but worthy of mention.

A simple and surprising limitation of Monero and any other decoy-based approach is that if you repeatedly withdraw money from one exchange and then deposit it to another, those transactions are not private (edit: even if we ignore payment value). This is a form of Eve-Alice-Eve attack.

Monero uses decoy transactions to obscure the transaction history on-chain, but it does not remove the history. There's a reason every other major privacy protocol (Zcash, Tornado Cash, Railgun, Aleo, Penumbra, etc.) does not use Monero's decoy-based approach, and even the Monero developers are moving to the standard zero-knowledge proof over an accumulator (IIRC a merkle tree like everyone else) based approach that they call Full Chain Anonymity Proofs.

As a meta-comment, this is one of a genre of Monero "privacy" analysis documents that are circulated as a way to claim there are no known actively used exploits. This is little better than the classic "my scheme is secure; here's a bounty for anyone who breaks it" form of cryptographic analysis we often see with flawed encryption schemes. Breaks will not always be public.