Avatar
Sjors Provoost 10mo ago 💬 7

Quite a few wallet fingerprints, which you can't really blame on the protocol. But it does seem that combining lots of funds in a single transaction undoes the benefits of decoys. Bad news for merchants.

Hiding among N decoys is of limited use when law enforcement is really interested in you and just checks all N of them. Chainalysis has tools to make that easier. The video doesn't explain how they filter some of the decoys.

Also Chainalysis once again admits they're collecting IP addresses without consent. And that they're running bait "RPC" nodes, though it's really insane that any wallets connect to them over clearnet (albeit sometimes with VPN). But there are very bad Bitcoin wallets too.

Dandelion and 1-shot Tor broadcast (easier) remain good ideas.

Perhaps increasing the number of decoys to hundreds would fix the issue for a while.

Fundamentally though, it's better to not leave any bread crumbs on a blockchain, or other public spaces, to begin with. Which is why I think Lightning is a better design in theory. But beware of practice. If you e.g. use a custodial wallet, they know who you're paying (until blinded paths). As a recipient things are even worse.

So I guess both Monero and Lightning still suck for merchants (charities), but might be good enough for individual customers (donors).

Also note that the goal of chain analytics isn't necessarily to collect sufficiently strong evidence for conviction. Finding a (tractable number of) suspect(s) may be enough, then they know where to look for additional evidence. Being marked as a suspect by a black box algorithm should still be serious legal issue though.

nostr:nevent1qvzqqqqqqypzqgvra9r4sjqapufyl0vnc4kv4fz70e29em4c655y37vz206f0wt4qytkummnw3ez66tyvgaz7tmrv93ksefdwfjkccteqqs94pqute8hjxqv3kfjhwmlwu72yz6fkx72mylux6fxp5lutgj438sxglley

Reply to this note

Please Login to reply.

Discussion

Avatar
Sjors Provoost 10mo ago

When will Bitcoin Core have one-shot Tor broadcast? WHEN YOU REVIEW THIS PR

https://github.com/bitcoin/bitcoin/pull/29415

Avatar
Sjors Provoost 10mo ago

When will it have Dandelion? Probably not before we see some drastic improvements to the mempool. Otherwise it seems too DoS sensitive.

https://bitcoin.stackexchange.com/a/81504

Avatar
Hypno Kitty 10mo ago

The real abuse of these tools comes when they are used not just to generate hypotheses for further investigation but as proof of guilt in and of themselves, as they were, for example, in the case of Roman Storm.

Avatar
rafael_xmr 10mo ago

Good post, the next upgrade FCMPs++ fixes all issues with decoys, plus opens the door for tx chaining and for Monero to have a L2 like the LN therefore competing directly with bitcoin's L1 and bitcoin's LN

Avatar
Sjors Provoost 10mo ago

What do you mean by "all issues"? Does it increase the number? Or did you figure out what Chainalysis does to rule them out, and develop a counter measure?

L2 capability is nice. So there's a hash-time lock construct?

Avatar
rafael_xmr 10mo ago

FCMP = Full chain membership proofs, that means every tx includes a ring where the "decoys" are all transactions in existence, that bumps the anon set from 1 in 16 senders, to 1 in 100 million, basically removing the concept of decoys and saying your transaction has a sender that is unknown, and can be anyone ever

You should research more about it! I'm not a genius on it but it's the current hot topic in the space, you can watch the dev Luke Parker, or read the paper on it, it also explains a bit more on tx chaining:

https://www.youtube.com/watch?v=jxPulIjhXwg

https://github.com/kayabaNerve/fcmp-plus-plus-paper/blob/develop/fcmp%2B%2B.pdf

https://www.getmonero.org/2024/04/27/fcmps.html

Avatar
Saberhagen The Nameless 10mo ago

Instead of having 15 decoys, as currently, every transaction on-chain becomes your decoy (100,000,000+)