The cryptocurrency world is evolving at a speed that leaves many newcomers lost in a haze of uncertainty. A team of researchers from various institutions — including Princeton, Carnegie Mellon, Boston University, MIT, and the University of Illinois at Urbana-Champaign have found flaws in Monero cryptocurrency which could lead to the identification of clients.
What is Monero?
According to its website , Monero is a secure, private and untraceable currency system. It uses a special kind of cryptography to ensure that all of its transactions remain untraceable. But a group of researchers has discovered that Monero’s security assurances, while superior to anything Bitcoin’s, still aren’t the shroud of imperceptibility they may appear. Let’s take a look at what they found.
Monero is a privacy-centric cryptocurrency based on the Cryptonote protocol. Researchers found two flaws. In Monero, new transactions “mix” with other previous transactions in the blockchain in the way the protocol itself dictates. In other services, users “mix” their coins with other users’ coins to make one transaction with many inputs and outputs. They are as follows:
Flaw 1: Most Monero transaction inputs prior to February 2017 contain deducible mixins, and can be traced to prior transactions via analysis.
Researchers first discovered that minute observations enable anyone to recognize a portion of the bait mixins used to cover for a genuine coin being spent. In Monero’s first year, for example, it enabled clients to quit its security assurances and go through coins with no mixins by any means. (Today, Monero requires at least four mixin imitations for each exchange.) The issue with that quit framework: When an officially spent and distinguished coin is later as a mixin, it can be effortlessly culled out of the blend to help recognize the rest of the coins. In the event that outcomes in another coin being distinguished, and that coin is itself utilized as a mixin in a resulting exchange, it can decrease the stealth of those later exchanges, as well.
According to this paper, “The Monero software allows users to configure the default number of mixins to include in each transaction. Most Monero transaction inputs (64.04% of all transaction inputs) do not contain any mixins at all (“0-mixin transactions”), but instead explicitly identify the prior transaction output (TXO) they spend, much like ordinary Bitcoin transactions”
Flaw 2: Monero mixins are sampled in such away that they can be easily distinguished from the real coins by their age distribution; in short, the real input is usually the “newest” input.
In any mix of one genuine coin and an arrangement of fake coins packaged up in an exchange, the genuine one is probably going to have been the latest coin to have moved preceding that exchange. Prior to a current change from Monero’s designers, that planning investigation effectively recognized the real coin in excess of 90 percent of the time, essentially invalidating Monero’s security shields.
In short, when the Monero client spends a coin, it samples mixins to include by choosing randomly from a triangular distribution over the ordered set of available TXOs with the same denomination as the coin being spent. How-ever, when users spend coins, the coins they spend are not chosen randomly from the blockchain, but instead appear (based on our empirical observations) as though drawn from a highly skewed distribution.
Researchers have suggested three recommendations so that privacy can be improved for legitimate uses in the future
- The mixing sampling distribution should be modified to closer match the real distribution
- Avoid including publicly deanonymized transaction outputs as mixins
- Monero users should be warned that their prior transactions are likely vulnerable to tracing analysis
Instant Crypto Credit Lines™ from only 5.9% APR. Earn up to 8% interest per year on your Stablecoins, USD, EUR & GBP. $100 million custodial insurance.
This post may contain promotional links that help us fund the site. When you click on the links, we receive a commission - but the prices do not change for you! :)
Disclaimer: The authors of this website may have invested in crypto currencies themselves. They are not financial advisors and only express their opinions. Anyone considering investing in crypto currencies should be well informed about these high-risk assets.
Trading with financial products, especially with CFDs involves a high level of risk and is therefore not suitable for security-conscious investors. CFDs are complex instruments and carry a high risk of losing money quickly through leverage. Be aware that most private Investors lose money, if they decide to trade CFDs. Any type of trading and speculation in financial products that can produce an unusually high return is also associated with increased risk to lose money. Note that past gains are no guarantee of positive results in the future.
You might also like
More from Crypto
The Akropolis team announced on Jul 01 that its DeFi aggregation and automation focused Akropolis Protocol has gone live on …
Loopring team announced on Jun 6 that zkRollup powered Loopring Pay system has gone online. The functionality was previously limited …