Replying to Avatar Hanshan

its not wrong to say you can know true spends on the chain, since theres a chain to be monitored.

and you can know the true spends to the extent you have access to wallet data.

so Sybil attacks are a thing

short EAE traces are a thing.

and best practices on a L2 could fix that.
Avatar
Papa Figos 7mo ago

Of course you can know if you have the wallet data. You spent it. Is that so different from grabbing two lightning wallets, seeing a payment for X sats at Y timestamp and concluding you have the sender and receiver wallets?

Personally I don't see that as a flaw.

As for knowing true spends on chain, that's the thing, you can't.

All you can say is a certain output is part of a ring signature. You don't know whether it's a decoy or a real spend.

Could this be improved? Yes, and it will (FCMP++ soon™).

Are a few statistical attacks around this weakness known & understood? Yes.

So.. his arguments are a nothing burger, really.

Reply to this note

Please Login to reply.

Discussion

Avatar
Hanshan 7mo ago

i mean

its different that you need both wallets and not just the sending one.

and its just timing analysis instead of cryptographic proof.

so its different but i agree its meh

and the point is that if you have access to the sending wallet you DO know which are the true spends .

nobody is saying they can identify the true spend in a ring as a 3rd party.

but it's pertinent to know there IS public information and what it is.