New ashigaru whirlpool coordinator can de-anonymize users
Discussion
#FreeSamourai
"Conclusion: Users should not trust this centralized coordinator and do their own research before paying 5% coordinator fees."
nostr:npub1v6qjdzkwgaydgxjvlnq7vsqxlwf4h0p4j7pt8ktprajd28r82tvs54nzyr
😵💫
Is it not fixed in this re-launch from #Ashigaru ??
nostr:npub1yxp7j36cfqws7yj0hkfu2mx25308u4zua6ud22zglxp98ayhh96s8c399s nostr:npub12aqfngts2xc0z0n47lyfx03p8prhz4kqcel29mukgwydeuatawqqg5dvgy nostr:npub1nccwjspr3nv7h67xx2qhdh2dzzvpyy55gte2dsu8yl7xd7n74y9qydz7mj
Can the Ashigaru Whirlpool coordinator de-anonymize users?
I don't know but what I can say is that developing a trustless protocol/service is extremely hard, especially when your starting point is a trustful one.
Whirlpool is a ZeroLink implementation similar to Wasabi Wallet 1.x was and even when the protocol and the cryptography involved are simple, there are many chances to make mistakes. During the early days Wasabi team introduced bugs using RSA and then using Schnorr, for example.
This is something to celebrate anyway as we need more privacy tools and because it was sad to witness the level of cowardy raining in the environment while a bunch of "purists" attacked all privacy tools as if they were able to do it better.
At your feet, nostr:npub1nccwjspr3nv7h67xx2qhdh2dzzvpyy55gte2dsu8yl7xd7n74y9qydz7mj .
I feel a great sadness witnessing developers and users spending their valuable energy pointing out flaws, while very little is directed towards reconizing the effort and goals of #Ashigaru (that are also ours as user community). Thank you once again for dedicating your valuable time to reply and provide context to this uproar.
I think we need a comment from the devs on this isssue directly
nostr:npub15c88nc8d44gsp4658dnfu5fahswzzu8gaxm5lkuwjud068swdqfspxssvx what do you think?
It says on their blog post that it's fixed.
Yeah but is there a way to verify that independently other than the trust me bro approach? I'm not capable but I'm sure plenty of people are
Ah I see, the OP is saying that it isn't in code. Guess we'll have to wait for public comment. I dont have the tech chops to verify either way, nor do I have any direct contact with anyone from Ashigaru.
but isn't that wording kind of weird?
we're not concerned with the keys being sent to the client... we're concerned the *coordinator being able to link inputs/output, not the clients.
it seems like theyre addressing a different issue there.
what I'm saying is that the blog post doesn't seem to be addressing that issue at all
Looks like he might be barking up the wrong tree.
Bug is in whirlpool and not the wallet.
Seems like the terminal client has a hard coded key. Is the client using that to check that against the one sent from the coordinator?
No match, no mix?
Yes they have hardcoded a key in terminal. This introduces another vulnerability. I will add the details in the bitcointalk post.
its not a vulnerability if they're modulating the hardcoded key per CJ round correct?
as nostr:npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7 suggested on original vulnerability disclosure post Jan 7th?
either way, the server CANNOT give clients a unique key for identification.
No
False
Any info as to why it's false?
afaict its false because they have hardcoded a key into the client.
therefore the server cant assign different RSA keys to different clients to map their inputs/outputs.
fd0 was premature in thinking the vulnerability hasnt been addressed.
https://bitcointalk.org/index.php?topic=5547639.msg65512594#msg65512594
this guy only repeats stuff that fits his bias, without understanding them himself.
nobody has had time to thoroughly review Ashigarus Whirlpool implementation yet.
so far it's clear they have done some work to fix that vulnerability.
And now, if the coordinator signs outputs with the same static blind key in all rounds, an attacker can accumulate those signatures and redeem them later to register additional outputs without contributing new inputs. It does not allow them to steal funds, but it breaks the round balances and causes it to fail, blocking all other participants (DoS).
And on top of that, they don't mitigate the vulnerability they've tried to remedy with this crap...
If they were at least humble, they would get help...
Do you think the same was true for the old coordinator ran by Samourai? What about the existing Wasabi coordinators?
this aged poorly