Breaking the Anonymity in the Cryptocurrency Monero

Researchers have exploited a flaw in the cryptocurrency Monero to break the anonymity of transactions.

Research paper. BoingBoing post.

EDITED TO ADD (4/13): Brad Tempelton wrote about this years ago.

Tags: , , , ,

Posted on March 28, 2018 at 2:25 PM • 10 Comments

Comments

My 02 CentsMarch 28, 2018 2:41 PM

"But one of the defenses against future disclosures of defects in encryption techniques is to throw away the old messages once they're done with, to reduce the availability of decryptable ciphertexts. And that's not possible on the blockchain, because the blockchain only works if you can't delete things from it."

I said it dozens of time over the years, I'll say it again. Encryption is a honeypot. Learn it grok it.

If you need to throw something away to protect your privacy then the privacy lies in the your ability to throw it away, not in the encryption.

Which, of course, is why data retention standards are so important.

Douglas CoulterMarch 28, 2018 3:28 PM

I tend to agree with 2 cents as far as that goes, but really, flying totally under the radar is extremely difficult anyway.

My Dad, worked for NRL doing things like secure comm. They defined two levels of security for their situation - tactical, and strategic.
Both are somewhat below the absolute level 2cent is talking about.

For tactical security, you'd be thinking about say, comm between planes, boats, or maybe tanks or field human units. It's no secret you're there, it's only secret what you're about to do. If the adversary decodes "start bombing mission now" the next day - so what?

Strategic security - hey, everyone already knows who the main adversaries are, there's no point trying to make that secret, really. You might be on the fence in some cases, so you just don't share some things. But what you're after here is not keeping secret who your friends and enemies are - presumably that's known.
But due to the power of planning - you'd like to keep those plans secret beyond when you might need them, to keep surprise a possibility and exploit a disorganized response to a smoothly operating plan of attack. Or vice versa.

In neither of those two, admittedly limited, cases, does it really matter whether you can throw things away. As 2cent qualified "if...you have to throw things away" - himself.

People thinking crypto or any behavioral kata will keep them safe even if they break laws or anger powerful people are in fact delusional. There's a risk to doing that, which is why illegal stuff commands a higher dollar price - the old risk-reward ratio works for activities other than the mainstream ones.

For most other things, there's crypto and careful fieldcraft.
It's true that if you think *anything* makes it safe for little to challenge big - you're riding to a fall.

If God made men and Colt made them equal, it was still a one on one kind of thing. One guy with a gun vs an army of mere ants - or people with bare hands - you lose. Better not to fight.

polkMarch 29, 2018 4:50 AM

That's also why schemes to put sensitive information, like health data, on the blockchain is problematic.

The data may be safely encrypted for now, but at some point the algorithm will be figured out. Since it's blockchain, copies of the data are available publicly with no way of pulling it back. So there is no way to keep anyone from accessing your sensitive data.

wumpusMarch 29, 2018 9:27 AM

@my 02cents

That sounds suspiciously like the DRM fantasy. Anything that can be copied will be copied, and will be copied in a place that doesn't have/enforce retention standards.

Encryption at least makes it easier to simply throw away the key, deleting the physical data can be harder (although obviously recommended).

Bruce has pointed out that data can well be a toxic asset. There's little new about this idea, other than avoiding encryption to make it that much easier for somebody to copy it and horde it elsewhere.

justinacolmenaMarch 29, 2018 9:37 AM

There are certain drawbacks to the crypto-heaven envisioned by cypherpunks, with such perfect anonymity and censorship-proof file-sharing, and all the cryptocurrencies.

  • revenge porn
  • drug dealing
  • child prostitution
  • murder for hire

The broken anonymity of crypto-currencies is most likely to be used by druggers demanding their money back for a deal that went south or inferior product or the like.

chuckMarch 29, 2018 4:10 PM

FUD from for-profit competitors. Wired in fact mentions this, but Bruce for some reason does not.

BobMarch 29, 2018 5:20 PM

Wait... am I missing something or this isnt news? This piece I read almost a year ago links to the same paper

https://www.coindesk.com/monero-link-transactions-debate/

I've even seen snowden twitting about it, and theres this response from the monero community explaining why is not nearly as bad as it is made to look

https://github.com/SamsungGalaxyPlayer/monero-site/blob/1634b0d8014d5172be74d420a15385aeaa29ecca/_posts/2017-04-19-an-unofficial-response-to-an-empirical-analysis-of-linkability.md

ATNApril 3, 2018 4:17 AM

Yep, that is the argument of people having invested in Zcash for the last few years, nothing new.
Now, is the "proof without knowledge" used by Zcash better, using a (very) complex system to proof that no coins were created in a transaction - not knowing the buyer, the seller nor the value of the transaction? Moreover that system in only used in few transactions, due to its complexity.
Myself, I do not care about drugs or illegal stuff, but I am not sure countries will never destroy their own official currency by doing too much "quantitative easing" like the creator / early adopters of bitcoins. Or by hyper-inflation, so called crypto-currencies do not do uncontrolled inflation of the number of coins.

bobSeptember 9, 2018 4:41 PM

@Hmm

"Bruce hasn't fleshed out his agreement with it beyond skepticism."

I mean "Bruce hasn't fleshed out his agreement with it beyond pessimism."

"If you don't want to hear his opinion on CC" No, that's not what I said, I said "Bruce should stop himself from giving his opinion or, at least, include a disclaimer (like he probably would if giving his opinion on chemistry) underlining his probable ignorance and referring to cryptocurrency experts (not cryptography/security experts)."

"Sure, but does that mean he can't have insights into that landscape?" He can, he can also have insights into chemistry and that doesn't take away anything of what I said.

"Maybe you're right, you should seek the utmost authority in the field instead..." More like, "authority enough".

"We agree to disagree." I take by it that you have had enough of this conversation, that's ok. Also, my last post was retained by the spam filter/moderator for some time, so I don't know how much longer they'll keep showing up. I want to say I appreciate your time anyway, even if I wished for more.

As an example, I would have wanted you to say something about the post I linked on "Breaking the Anonymity in the Cryptocurrency Monero". There Bruce's ignorance is pointed at (his ignorance, not my disagreement), by me and by a CC expert. And one mistake does not turn him into a complete ignorant on the subject, but it adds something.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

← Tracing Stolen Bitcoin Another Branch Prediction Attack →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.