Cryptocurrencies had been originally launched with the vision of being decentralized, digital and anonymous replacements of fiat currency. However, when the veil of anonymity was lifted from Bitcoin’s blockchain, it was widely speculated that Monero would be leading the industry regarding privacy. The Monero development team were so confident about that, in fact, that they claimed it was near impossible to backtrack a Monero transaction to any individual.
Several years later though, it turns out that those claims may not be entirely true, at least according to some researchers. A recently updated study, co-written by a group of experts in the field, attempts to lay out the case that Monero may not be as privacy-centric as it seems.
An Old Chesnut
The paper, titled ‘An Empirical Analysis of Traceability in the Monero Blockchain,’ first surfaced April 13, 2017. In it, the authors argued that it was possible to link accounts to their past Monero transactions. It further claimed that Monero mixins sampled from a distribution did not resemble real transaction inputs, thus, making the identity of the real input vulnerable. The release of the report turned many heads in the cryptocurrency industry and forced the Monero team to issue a statement.
As a measure to further strengthen privacy, Monero ultimately underwent a hard fork in December 2016/January 2017 and adopted RingCT, a confidential transaction scheme. RingCT became mandatory in April 2017, with a mixin of 3 and is due to be raised again to 7 in the upcoming scheduled upgrade on April 6, 2018.
BTCManager covered the original MoneroLink paper and addressed the criticisms of the research, released just before a scheduled hard fork of the Monero network, which gave it an inaccurate representation of the blockchain network.
Months later, the researchers have now proposed a new paper highlighting even more reasons why, according to them, Monero isn’t a completely secure cryptocurrency. The new report also includes scholars from prestigious institutes like Carnegie Mellon, Boston University, University of Illinois, Massachusetts Academy of Math and Princeton University.
“At Best, You are Still Guessing…”
Monero was designed to mix a transaction’s Monero coins with several other chaff coins. By doing so, the true worth of the transaction, as well as the source and destination, gets obfuscated to a significant degree. The report, however, highlighted that these chaff coins could potentially be previously used Monero coins.
Such a situation would end up creating a closed loop of transactions. If even one of these so-called chaff coins ended up being tracked, there was a very high probability that other coins too could be similarly tracked. This was referred to as the “ring transaction problem” in Monero and was the exact issue RingCT was supposed to fix.
According to the initial paper, 62 percent of all past transactions could be traced successfully and, therefore, vulnerable to being tracked. In the updated version, it is claimed that 45 percent can be traced, but as Monero developer smooth points out, “at best you are still guessing.”
While the new paper published March 28, 2018, acknowledges the steps taken by Monero team to improve privacy, the authors steadfastly hold their ground, stating that Monero is not as secure as its developers claim it to be. Nicolas Christin, a researcher who was the part of the team, said, “People took privacy guarantees of the currency at face value. Those who used Monero for making dubious transactions over the dark web could be at risk.” It is important to note, however, that the Monero project has denounced the use of the cryptocurrency as a payment method for illegal transactions.
Monero Responds to Updated Research
SamsungGalaxyPlayer has responded to all theories proposed by the researchers. He wrote, “Transactions with zero decoy have no ring signature protection,” further adding that “Monero uses a specific input selection algorithm for choosing which decoys to include in its ring signature. This algorithm has changed over time to be more realistic. In the past, the selection algorithm typically selected decoys that were significantly older than the real input, meaning the newest input was the real one the majority of the time.”
The Monero team has said that authors of the report need to acknowledge all improvements that have been made. The original vulnerability that the paper highlighted in April 2017 had, in fact, already been spotted by Monero developers in 2015 and a major update was already underway when the first edition of the paper was released.
Notably, a Reddit user, Riiume, had started a weekly Monero tracking challenge with 23 XMR ($4,140) as its reward in August 2017. However, there were no takers, but itcould be a proposal worth funding in the future via the project’s Forum Funding System to further assess the claims made by the researchers.