what? you dont want another essay 😢
lol
basically
so we're hiding the true output with 15 other decoy outputs.
if The Adversary can get access to the wallet that sent a tx (perhaps an exchange colliding with LE), they know the true spend.
so if we use the compromised exchange to receive monero regularly
and then
consolidate some or all of those outputs into a single TX0, the common input heuristic is effective.
also
because we're dealing with decoys, theres the question of HOW decoys are selected.
although its mostly standardized, its not like its a consensus rule and some wallets are different.
so if the sampling of decoys isn't truly random its possible we could use the wallet "bias" to probabilistically eliminate decoys.
if the user is aware of these attacks they're easy to compensate for.
and if you're not concerned with targeted surveillance it doesnt matter anyway,
but there *are attacks.
which is why Monero expects to fork out Ring sigs in favor of FCMP by the end of this year (Coming Soonâ„¢).
Then it will be a zcash-like "could be any output" situation.
