by Jamie Holmes
Fork mania has arrived for the blockchain network Monero. There are plans to fork and provide an airdrop for holders of the altcoin during early March, dubbed MoneroV. The cash grab could be a way to uncover the individual identities of those who use Monero if they fall into the trap. Here, we outline the facts about MoneroV (XMV) and why you should cautiously consider claiming these coins.
What’s so bad about on airdrop on the Monero network? It’s free money right? Not necessarily; some people say there’s no such thing as a free lunch. As bitcoin has experienced, sometimes the promise of free money has resulted in malware or phishing attacks.
Furthermore, the launch of XMV produces adverse effects similar to the attack described in MRL-001 during September 2014. The privacy of users may be compromised because, if their same address is on both the Monero and MoneroV blockchain, when they spend any transaction in any of those chains it will produce the same key image. A key image, in simple terms, allows the Monero network to confirm whether an output has been spent or not quickly.
How Does the Attack Work?
Spending the same transaction on another chain means that the ring signature to that same key image will be visible, which will have the same output but different decoys. From there, you could deduce which input was the one that was spent, and hence uncover some of the privacy offered by Monero affecting one of the three parts of its privacy; ring signatures, which allow for transaction mixing. But by claiming XMV, you could be revealing which inputs of yours are really being spent. Since the Monero network appears to be in such a state that participants are transacting with everyone else all the time to cover the tracks, if you reveal which of your inputs are actually being spent, crosschecking with other transactions, it can reduce the privacy for the individual somewhat.
But it gets worse; suppose that one of the inputs of yours acts as a decoy for someone else’s transaction, this means that the negligence of other Monero users can affect the state of privacy for the network as a whole. For instance, suppose you have transactions for where the key image is the same, and hence we know what input was spent for sure. When broadcasting this transaction, using the default ring size of five, the input that has been revealed can be discarded as a decoy, limiting the privacy of other users. With four other inputs yet to be determined as decoys, the problem is exacerbated if other inputs have also been revealed.
The problem mentioned above is more severe for the XMV chain. It is reasonable to suggest that only a fraction of Monero users will use the MoneroV chain and most will stay on the parent chain. If the people staying on the Monero chain do not exclusively use their key on the XMV chain, the majority of XMV transactions will be identifiable, whereas privacy can still be retained on the Monero network according to Monero contributor dnale0r.
The Monero ripoff also has a pre-mine of 10 percent, which is not looked upon favorably by many in the cryptocurrency space and is likely to be part of a pump and dump to dupe people into claiming their coins and selling them. With low trading volumes and no attention paid to it, the scheme will not be as profitable for its founders. However, the more hype there is, the more volume that goes toward it, the more profitable their 10 percent pre-mine will be.
What did MoneroV Have to Say?
When reaching out to the MoneroV team and asking what’s the reason for the fork and why they chose to depart from the monetary design of Monero so significantly, the following was part of their response:
“We believe in the original Satoshi Nakamoto’s Bitcoin whitepaper in which he states that “once a predetermined number of coins have entered circulation, the incentive can transition entirely to transaction fees and be completely inflation free.” We believe Monero’s infinite coin supply was a mistake and is a tax in the form of inflation for all XMR holders. This is a fundamental flaw that MoneroV fixes by putting a cap on the total MoneroV coins that can be created.”
Of course, the supposed flaw they are talking about is the ongoing block reward in monero, also known as the tail emission. To find out more about the tail emission and how this serves as an alternative to a fixed supply, you can find a great explanation here. Maybe it would be an interesting experiment to see what would happen with a Monero fork that implemented a fixed supply, but with a pre-mine and no accountability on the part of the development team, MoneroV is unlikely to serve as a lab rat for the sake of cryptocurrency.
When looking at the data, we see that the inflation of monero and bitcoin are not that different. In fact, one of CryptoNote’s contributions to the cryptocurrency space is an alternative to Bitcoin’s model of fixed supply, which has many unknowns when the block reward goes to zero; how will miner’s earn money?, how will the security of the network be incentivized?, and prevent hashrate dropping like a rock? No one knows definitive answers to these questions.
The MoneroV team argues that “Monero was forked from Bytecoin and the supply was never thought about. There was no discussion whether to cap the supply or not.” But looking at bitcointalk’s Monero Economy thread, we find a detailed discussion of the supply factor. Add to that ignorance of the fact Bytecoin’s emission curve was modified to make it closer to Bitcoin’s in an effort to make monero more competitive.
Examining the MoneroV whitepaper, we see that Austrian economics is thrown around like a buzzword, in attempt to attract some libertarian minded people as well as some from the Monero community. But with little more than espousing ‘fixed supply’ as an expression of their fondness for Austrian economics, we cannot be sure that there is any intention of actually improving anything about Monero or that they even genuinely adhere to the Austrian school of economic thought. When asked who was behind the project or if there were any significant names or experienced people on the team working on MoneroV, the response was that they are all ‘anonymous.’
What Can Monero Users do?
The best thing to do for Monero users is to resist claiming the airdrop for the chance to dump XMV and obfuscate their funds by a technique known as ‘churning’ to increase the overall health of the network. For more specific details, BTCManager reached out to Monero’s Justin Ehrenhofer to find out more.
Is There Anything Monero Users Should be Doing Apart from Churning and Not Claiming MoneroV?
“I would make clear that churning only works if you possess full control over the wallet. Do not do this on an exchange, across multiple exchanges, or in a wallet that holds your private key and/or view key.”
“After MoneroV, it’s hard to say how much churning will help them. However, it will increase the proportion of “good” outputs to “bad” outputs on the network, thus making the network as a whole robust. I would not count on churning providing significant protection for these individual users until everything settles down, but it will increase the health of the overall network.”
“I also recommend that they wait. People are likely to claim their MoneroV shortly after it is available, which means there will be a relatively large proportion of “bad” outputs during this time. If people can wait a few days after everything has settled down, their transactions avoid most of the risk.”
Suppose that Enough People Claim their XMV coins to Warrant Concerns, How Will Users Know that the Privacy of the Network is in an OK State or not? Is it an Attack that is Supposed to Work over a Long Timeframe?
“With the current minimum ring size of five, Monero has relatively strong resilience against one of these chain splits. The split would have to make over 1/3 of all recent outputs “bad” to have a meaningful impact.”
“People are most likely to spend their outputs after big events, such as large price movements in MoneroV, MoneroV being added to exchanges, etc. I recommend avoiding spending sensitive Monero transactions during that time. It is hard to say what the approximate timeline is where this remains a concern.”
What are the Chances They are Unsuccessful in Compromising Privacy?
“I think it is most likely they will be unsuccessful. They may trick some users who redeem MoneroV into losing some of their privacy, but it should have a limited impact on the network as a whole.”
The MoneroV team Stated, “we are also glad that we had contributed to the future privacy of both coins by helping to reveal an unknown flaw that researchers and cryptographers in the community had missed for years.” Is it True that this Issue was Unforeseen?
“For me (not able to speak for anyone else), this was a new way of executing an old attack. We can approach this issue in a similar way that we approached the 0-mixin problem. Unfortunately, it is difficult to prevent people from splitting, but there are still several ways the community can respond to these threats to protect the privacy of users who do not claim the dividend.”
“I think it’s fair to say that related research began looking into the effects of these attacks as early as September 2014. I think key image reuse is a new catalyst for these attacks that I personally had not previously considered. I cannot speak for MRL and others in the Monero community in speaking on their behalf.“
Do you Have any Ideas Who is Behind it and Why it is Being Done (or in Other Words, Do You Think it’s Sole Purpose it to Attack Monero?)
“No, I do not know who is behind this chain split. Given that they are purposefully going forward with a possible Monero exploit that damages their network even more than it damages Monero, this team is incredibly unlikely to truly care about the value of privacy their claim to represent. Thus, the people behind MoneroV are likely scammers or attackers. In any case, this is an attack on the Monero network.”
It is unlikely that MoneroV will gain any traction, since the method in which they are launching is claimed to hurt the privacy of their users more so than anything else. The Monero network is built to resist attacks such as these, and Ehrenhofer’s estimation shows that more than 33 percent of the inputs will have to be tainted in such a way to have an effect on the network.
As for a concrete solution to chain split attacks, a higher minimum enforced ring size could be the answer. Ehrenhofer, along with Brandon Goodell, recommends a higher ring size and increasing this figure from five to eight, but comes with the cost of increasing fees and transaction sizes, “For a modest increase in fees and transaction size, we can be much more assured that Monero’s ring signatures are prepared for large chain split attacks.” Goodell proposed a range between eight and 16. With a ring signature of eight, every transaction will have eight signatures instead of five and eight possible inputs for one actual input spent, providing greater obfuscation. The attractiveness of this solution is that it is easily implemented.
By working from the observation of the bitcoin cash hard fork that around 50 percent of the UTXO’s can spent, the risk to users is reduced signficantly by increasing the ring size to eight if the chain split temporarily compromised of 50 percent of the outputs. While more than six percent of transactions would be compromised with a ring size of five, less than 0.8 percent would be compromised with a higher size of eight, according to Ehrenhofer’s estimates.
Users are recommended to churn after the fork once everything has settled down and avoid making any transactions over the period of the split (around March 14), or when XMV is added to exchanges and experiencing large price gyrations. With an anonymous team, there is no recourse if something similar happens as did with the fork of bitcoin, bitcoin gold, where the development team promoted wallets containing malware.