Nostr Web Client

OSPEAD (Optimal Ring Signature Research) is a recent study (April 2025) that measures anonymity efficiency and detected a risk: the attacker could guess the anonymous signature in 1 out of 4.2 cases instead of 1/16.

But beware: this is only a theoretical finding. So far, an "ospead fix" has not been implemented, because it would involve a hard fork, and the intention is to resolve it in a more comprehensive way with FCMP++.

So:

OSPEAD illustrates a real vulnerability in the selection of decoys, but there is still no technical solution in production.

The definitive solution will be part of FCMP++, which will robustly solve the modeling and privacy issues (and will arrive when the code is fully audited and tested).

https://www.getmonero.org/2025/04/05/ospead-optimal-ring-signature-research.html?utm_source=chatgpt.com

paranoia machinery 6mo ago

Do you think the community will just wait it out for fcmp++ or does the delay justify a hard fork sooner for improving ring signatures like mentioned in the ospead report, before fcmp++ gets implemented?

Reply to this note

Please Login to reply.

Discussion

kidwarp 6mo ago

Fork it

LiberLion 6mo ago

This 👇🏻

"OSPEAD illustrates a real vulnerability in the selection of decoys, but 𝐭𝐡𝐞𝐫𝐞 𝐢𝐬 𝐬𝐭𝐢𝐥𝐥 𝐧𝐨 𝐭𝐞𝐜𝐡𝐧𝐢𝐜𝐚𝐥 𝐬𝐨𝐥𝐮𝐭𝐢𝐨𝐧 𝐢𝐧 𝐩𝐫𝐨𝐝𝐮𝐜𝐭𝐢𝐨𝐧.

𝐓𝐡𝐞 𝐝𝐞𝐟𝐢𝐧𝐢𝐭𝐢𝐯𝐞 𝐬𝐨𝐥𝐮𝐭𝐢𝐨𝐧 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐅𝐂𝐌𝐏++, which will robustly solve the modeling and privacy issues (and will arrive when the code is fully audited and tested)."