I have not seen any commentary on the #FloodXMR attack although the conclusions of the paper highlight massive #privacy implications for #Monero #XMR.
“Assuming an attack timeframe of 12 months, our findings show that an attacker can trace up to 47.63% of the transaction inputs at a cost of just 1,746.53 USD. Moreover, we show also that more than 90% of the inputs are affected by our tracing algorithm.” nostr:note18j26av9fg4kjfrdzqz6e4we2ppj37zhmph3s284cu5k8xy2tpyfqd78ap2
»Yes, it could be. But if the recent high transaction volume is black marble flooding, the attack effectiveness is much lower than the scenarios in that paper. The finished published version of that paper is at MoneroResearch dot info: Chervinski, Kreutz, & Yu (2021) Analysis of transaction flooding attacks against Monero.
Their scenario that's closest to what we're seeing now is flooding with 2input/2output transactions. The suspected spam now is 1in/2out transactions. They use the old ring size (11) in the paper and their black marble outputs make up 82% of all daily outputs on the blockchain. What we have now is ring size 16 and the suspected spam outputs taking up 75% of all outputs.
These different parameters makes a very big difference in the probability that a normal user's ring will randomly select all of its decoys from the adversary's set of owned outputs. The probability is described by the binomial probability distribution. If the flooding continues for a very long time, 12% of rings in the Chervinski et al. 2021 scenario have effective ring size 1 because the attacker's black marbles occupy all decoy "slots" in the ring. In the very long term, at the current March 2024 volume of the suspected spam, only 1% of real user rings would have all their decoy slots occupied by outputs controlled by an adversary. « Quote from Monero Research Lab.
