[HN Gopher] Chainalysis: A startup that helps governments trace ...
___________________________________________________________________
Chainalysis: A startup that helps governments trace crypto
Author : helsinkiandrew
Score : 102 points
Date : 2022-09-22 12:23 UTC (10 hours ago)
(HTM) web link (www.bloomberg.com)
(TXT) w3m dump (www.bloomberg.com)
| tb_technical wrote:
| We will never be free.
| m00dy wrote:
| Let's see what they can do for Zero-Knowledge proofs.
| atian wrote:
| Is not a panacea.
| m00dy wrote:
| that's the foundation of our society 3.0
| xrd wrote:
| Recent ZK Knowledge podcast recently discussed a lot of this,
| how you can determine IP addresses inside blockchain
| transactions, and DDoS, and Chainanalysis usage of IP for KYC.
|
| https://zeroknowledge.fm/246-2/
|
| I'm not clear if the conversation concluded with zk is
| impervious, or whether it is an active question of research.
| zeroclip wrote:
| They can't do anything except create harsh regulations for
| anybody using this kind of math. This is what US is doing and
| it does work at stripping away user privacy.
| dang wrote:
| Related:
|
| _Chainalysis in Action: Justice Dept Demands Forfeiture of 280
| Crypto Addresses_ - https://news.ycombinator.com/item?id=24306511
| - Aug 2020 (54 comments)
| GeorgeJIrwin wrote:
| bannedbybros wrote:
| pclmulqdq wrote:
| As far as I know, the state of crypto privacy is that everything
| is directly traceable except:
|
| * Bitcoin lightning transactions when the lightning nodes
| involved are trusted to not keep logs
|
| * Transactions through mixers with a lot of users
|
| * Monero transactions
|
| * Zcash private transactions
|
| And everything is de-facto traceable except:
|
| * Tornado cash users who use standard-size amounts (or users of
| another equivalently large smart-contract-based mixer)
|
| * Monero users who are careful about their entry/exit
|
| Zcash privacy doesn't have enough users for anonymity, most
| mixers are too small, and lightning users generally use nodes
| from exchanges which do log a lot of information that isn't kept
| on chain.
|
| Am I missing anything? This seems kind of bad for
| cryptocurrencies in general if everything is basically traceable.
| pcthrowaway wrote:
| Secret Network has private transactions as well
| olalonde wrote:
| > Am I missing anything?
|
| Bitcoin transactions that use CoinJoin (e.g. Wasabi Wallet).
| https://en.bitcoinwiki.org/wiki/CoinJoin
| MerelyMortal wrote:
| It's been a couple of years, but I thought Chainalysis said
| they could break CoinJoin.
| olalonde wrote:
| A 2020 Europol (European Cybercrime Center) report seemed
| to think it was effective[0]:
|
| > is a very effective decentralised Bitcoin mixer with many
| privacy-focused options
|
| > provides possibly the most convenient and secure way to
| mix Bitcoins
|
| [0] https://www.tbstat.com/wp/uploads/2020/06/Europol-
| Wasabi-Wal...
| acdha wrote:
| The category of risk I'd add is that a public ledger means you
| have to also consider the odds of future improvements -- for
| example, if someone else's data leak contributes some
| information about a set of transactions[1] or the analysis
| tools get more sophisticated then people who thought they were
| secure at the time might turn out not to be. This seems like a
| fairly risky gamble versus simply not publishing a detailed
| transaction log.
|
| 1. e.g. what happens if a large exchange's records leak / are
| subpoenaed, a criminal group being compromised by law
| enforcement, etc. means that a fair fraction of a mixer's
| transaction volume at a particular time can be identified,
| making it easier to focus on the remainder?
| null_object wrote:
| Genuine question: is there a possibility that Monero is being
| monitored covertly?
|
| It seems an obvious target to be a Trojan horse in the midst of
| criminals and tax-evaders.
| cowtools wrote:
| It is possible but unlikely. It is likely that clearnet use
| of monero is monitored, for example. But in terms of
| security, monero users are very cautious. The code has been
| independently audited, and has generally succeeded where
| other cryptonote-based cryptocurrencies have taken fatal
| missteps.
|
| I suspect that most monero black markets are taken down by
| sting operations. The black markets all have a limited shelf
| life and these days they tend to intentionally retire before
| getting "silk-roaded"
| TimJRobinson wrote:
| aztec.network is a L2 for Ethereum that is private while still
| allowing interactions with (some) smart contracts on L1. It
| batches requests to them.
|
| Similar tech to this could become standard on Ethereum L2s in
| the future after more optimisations.
|
| I'm pretty sure withdraws from Ren darknodes are private as
| they come from the network itself and aren't correlates to your
| node.
| zeroclip wrote:
| Seems about right. More users would use Tornado Cash if
| regulation was clear and allowed it. Zcash and Monero lack
| smart contracts which limits their use cases.
|
| ZK based privacy was possible and working fine for many users
| through TC before the sanctions. Now it is risky as you may end
| up with locked funds or in jail for seeking privacy.
|
| Edit: Should also mention Aztec and Aleo. These are working
| currently but in the same position that TC was before its
| sanctions. Hard to know what regulators will do as these tools
| allow for absolute privacy which is antithetical to the US
| government's goals.
| pjc50 wrote:
| > More users would use Tornado Cash if regulation was clear
| and allowed it
|
| This is simply not going to happen in the current anti-money-
| laundering environment. The US made _Switzerland_ give up
| hiding money, they 're not going to let some random geeks
| make trillions of dollars vanish.
| TrapLord_Rhodo wrote:
| >they're not going to let some random geeks make trillions
| of dollars vanish.
|
| i've heard this sentiment conveyed in the crypto space
| since 2011... still waiting on this prophecy to come true.
|
| Due to incompetence, profit motive or traitors to their
| country, who can tell the difference? (Paraphrasing
| Robespierre here)
| edgyquant wrote:
| In what way has this not come true? It isn't random geeks
| getting rich off of crypto anymore it's institutions
| TrapLord_Rhodo wrote:
| well... these institutions are a bunch of random geeks?
| Have you ever been to any of the crypto hackathons? From
| Jump Capital, to Parity It's a bunch of geeks who where
| obssesed with flipping on the grand exchange in
| runescape, got into crypto and are now adept at Rust,
| flipping bots and essoteric coding concepts like
| "Ownership".
| zeroclip wrote:
| The blockchain does pose new questions about digital
| privacy rights. Cryptography that privatizes transactional
| flow of USDC tokens is indistinguishable from the same
| cryptography that privatizes transactional flow of digital
| assets.
|
| Want to purchase an ENS name without corporations and the
| US government having clear knowledge of it? Too bad, the US
| government will not allow that. The privacy that we enjoy
| wish cash purchases will erode as we continue down the path
| of stripping away privacy in digital transactional systems.
| [deleted]
| notch656a wrote:
| Didn't US and FATF pressure other nations into giving up
| 'hiding money' through threats to cut them off from the US
| or partner financial systems? What happens if some coin and
| its developers have no interest in being connected to the
| US financial system -- it seems like then there would be
| limited ability to influence them and off/on ramps would
| still exist through criminal networks (and the mere
| _presence_ of an on /off ramp lends USD/"X" pair value,
| even if the person using "X" doesn't use the ramp).
| hamiltonians wrote:
| how would funds be locked
| jl2718 wrote:
| USDC has a block list in the smart contract. Other
| possibilities include validator block lists, and of course
| exchanges.
| zeroclip wrote:
| Many who had USDC on TC pools have had their assets frozen.
| Others might have a hard time sending or receiving these
| assets to typical US-based services because they will be
| hesitant to touch anything that has been through TC.
| mccorrinall wrote:
| Can you explain the entry/exit thing of monero? I always
| thought i'm fine when using monero, but never looked into what
| ring signatures imply.
| tmoravec wrote:
| It's about how you purchase and sell it. If you sell Monero
| for USD on a centralised exchange, they might ask you for
| your ID, the source of the funds, source of the funds of your
| source of the funds (really!) and similar.
|
| AFAIK ring signatures hold. It's like a mixer on every
| transaction so trying to track more than a few transactions
| back, the complexity explodes.
| pclmulqdq wrote:
| If you do BTC-XMR-BTC in a specific amount, you can get
| traced through that. Tornado cash is the same. All the exit
| points from Monero are non-anonymous, so you need to be
| careful that you don't enter and exit in ways that can be
| correlated.
| MerelyMortal wrote:
| A relatable, simplified, example: If you withdraw $3858.28
| from a bank under the name Alice, and then deposit $3858.28
| in a different bank under the name Bob, and those two banks
| share data, then someone could reasonably say Alice and Bob
| are connected.
| cowtools wrote:
| He may be referring to opsec more generally (onramps,
| offramps), or he may be specificially referring to poisoned
| output attacks: https://www.youtube.com/watch?v=iABIcsDJKyM
|
| TL;DR Ring signatures, like all sender-obfuscation methods,
| have a limited anonymity set: it limits you to a pool of
| possible senders. If Alice frequently sends funds to Bob, who
| frequently sends funds to Carl, who frequently sends to
| Alice, she can see that Alice->Bob->Carl->Alice is one
| possible outcome. She does this because she can trace the
| coin she associates with Bob to a coin she associates with
| Carl. There is a ton of plausible deniability at first, but
| the relationship between Bob and Carl becomes more obvious
| the more Alice->Bob->Carl->Alice continues to happen.
|
| Alice can be multiple exchanges collaborating using KYC.
|
| How to resist poisoning: limit your risk, churn, bigger ring-
| size/anonymity set, do atomic swaps (this severs chain of
| ownership, but is not generally sybil-proof), do multi-output
| transactions if you are sending to multiple people at once
| who can co-ordinate (this reduces the number of coins they
| can co-ordinate).
| hanklazard wrote:
| A couple of other projects for privacy on ethereum: zk.money
| and railgun.ch Also dark.fi is a project that aims to produce
| easy-to-use developer tools for private transactions.
| triyambakam wrote:
| A doctor that is also interested in privacy and crypto - so
| interesting. Do you have a blog?
| houstonn wrote:
| Satoshi's largest error was not making Bitcoin private by
| default and it strikes me as out of character given his/her
| level of commitment to being anonymous.
| WHATDOESIT wrote:
| Perhaps it was a tradeoff they knowingly made to not have it
| become illegal immediately.
| cowtools wrote:
| No, it wasn't.
| TrapLord_Rhodo wrote:
| The BTC core team was highly concerned with the legality
| of the network due to previous failed currency's (eCash,
| B-money, Bit Gold, and Hashcash) that ended up driving
| certain decisions in architecture.
|
| The original btc had a networked pokergame along with the
| wallet, but was taken out for a couple of reasons,
| including regulatory issues.
|
| I'm not saying parent is right, or wrong but to dismiss
| it and to speak for the core team out of hand is folly.
| WHATDOESIT wrote:
| Please share your reasoning - as the sibling comment
| mentions, there was a series of high profile online cash
| cases at the time, KYC being the biggest problem. It'd be
| weird if they didn't think hard about avoiding the same
| fate and perhaps this was they way they've chosen.
| rorrim wrote:
| Nope:
| https://bitcointalk.org/index.php?topic=770.msg8637#msg8637
| wyre wrote:
| >Privacy for me, but not for thee
| beauHD wrote:
| So is it safe to say Monero is a sort of Bitcoin 2.0? I mean
| if Bitcoin had 'versions' that would be great. Then we
| wouldn't have to invent entirely new cryptocurrencies, we
| could just iterate on existing ones, and have our userbase
| intact without having to 'gain traction' for an entirely new
| alt-coin.
| cowtools wrote:
| I suppose the monero userbase has similar attitudes as the
| early bitcoin userbase, but monero/cryptonote is not a
| bitcoin fork in the same sense that zcash/zerocoin is.
|
| >we could just iterate on existing ones, and have our
| userbase intact without having to 'gain traction' for an
| entirely new alt-coin.
|
| I think there are some fundamental limits to the throughput
| of a single cryptocurrency due to network latency and
| bandwidth. Perhaps the solution to scalability is simply to
| have multiple cryptocurrencies and to facilitate atomic
| swaps between them. So in this sense, the creation of new
| cryptocurrencies with minor feature changes (litecoin,
| bitcoin cash, wownero, cheapeth, etc.) is actually good for
| network diversity.
|
| That being said, the owners of existing "big"
| cryptocurrencies will usually want to make changes that
| increase its usability to compete with these "trivial
| forks"
|
| Bitcoiners have been soured by the idea of a hard fork
| since the XT dispute, while the monero userbase has
| commited itself to regular hard forks every 6 months to
| upgrade the network.
| grappler wrote:
| many cryptocurrencies do have 'versions' of a sort. See
| ethereum's recent one known as "the merge" which moved that
| currency to a completely different consensus algorithm!
| tromp wrote:
| No; Monero is not an improved Bitcoin; it just makes
| different tradeoffs [1].
|
| [1] https://phyro.github.io/grinvestigation/why_grin.html
| imdsm wrote:
| Bitcoin may not be private but it's pseudonymous, multiple
| public keys per private key. I think if it had have been
| private though, it never would have taken off. The
| transparency and exploitability of blockchains is key to
| their success. Without Bitcoin & other prominent open source
| blockchain-based crypto-currencies and crypto-assets, private
| crypto-currencies and crypto-assets wouldn't stand up.
| cowtools wrote:
| I couldn't disagree more. Without the silk road, bitcoin
| would have never taken off. monero has seemingly displaced
| bitcoin here.
|
| The transparency of the ledger is key to the censorship,
| control, and abuse of the network.
|
| >open source
|
| Are you implying that the cryptonote/zerocoin projects like
| monero aren't open source?
| SkyMarshal wrote:
| I don't recall why that decision was made, but there could be
| a couple reasons.
|
| First, it isn't easy technically. Especially back when you're
| designing the very first decentralized cryptocurrency and
| have no prior experience informing your design. ZCash,
| Monero, MimbleWimble and others came later after learning
| from Bitcoin, and there's zero chance they could have come
| first.
|
| Second, shielded transactions risk undetected inflation bugs,
| which actually happened to ZCash some years ago.
|
| Third, Bitcoin was designed shortly after the Liberty Dollar
| founder was arrested and jailed, and everyone in Bitcoin was
| concerned about that too, including Satoshi. He may have
| decided just not to push his luck.
| cowtools wrote:
| Let's not speculate:
|
| https://satoshi.nakamotoinstitute.org/quotes/privacy/
|
| https://bitcointalk.org/index.php?topic=770
|
| It seems like satoshi thought pseudo-anonyminity was
| sufficient. The integration of zero-knowlege proofs into
| cryptocurrencies was not really well understood at the
| time.
| SkyMarshal wrote:
| Thanks, I knew there were discussions of it back then on
| bitcointalk and probably bitcoin wizards irc, just not
| where to find them. The bitcointalk thread seems to
| confirm #1 - it was just technically difficult to do back
| then.
| rorrim wrote:
| Quit it with this revisionist history nonsense, your
| second link contains where Satoshi specifically mentioned
| that a ZK-based version of bitcoin would be better, he
| just didn't know how to do it: https://bitcointalk.org/in
| dex.php?topic=770.msg8637#msg8637
| SkyMarshal wrote:
| I wouldn't call it revisionist, he's referencing the
| source.
| wickoff wrote:
| He wanted to, but blockspace-efficient privacy cryptography
| wasn't discovered back then.
| TrapLord_Rhodo wrote:
| its not an error or oversight but a feature.
|
| Being anonymous to the 'Real world' but carry an identity in
| the "BTC world". Wallets, mining, interactions are all public
| within the network and significantly contributed to it's
| 'Community', 'make btc wallet size go up', and increase
| account nonce with use.
|
| Early in the community, these metrics where your
| 'leaderboards'.
|
| BTC never was anonymous, but rather a 'seperate idenitity'.
| earnesti wrote:
| Dude, he was the inventor of cryptocurrency, did you except
| him to get everything right at once.
| olalonde wrote:
| "Alexander Graham Bell's largest error was to not build
| end-to-end encryption by default in the telephone."
| derangedHorse wrote:
| When using one's own lightning node it doesn't matter if
| individual nodes on the path to your destination node keep
| logs, they can't collect much information besides who the last
| and next node are in the route. The original and final
| destination (as well as any other useful payment information)
| are obscured through onion routing and the information you
| _can_ learn from traffic analysis is limited and difficult to
| perform well.
| pclmulqdq wrote:
| If you use your own lightning node, the other nodes on the
| path to your destination can still tell which node the
| information came from, and that can be used to de-anonymize
| your transaction. If you are the only user of your lightning
| node, it is trivial for the next person in the chain to
| attribute transactions to you.
| can16358p wrote:
| And aren't there any open source tools to do roughly similar
| analyses?
|
| I'd be surprised if there aren't any. Any large-scale criminal
| action can be strategically simulated and analyzed on those to
| make these guys' job harder up to the point that it's no longer
| feasible for many situations.
|
| (clarification: while I do not support any criminal action, I
| equally hate government survelliance)
| interleave wrote:
| I built a tool for myself for Algorand that's (maybe?) somewhat
| similar to their Reactor offer.
|
| It's called Ballet and it's open source, too!
|
| - Quick demo video: https://www.youtube.com/watch?v=7hnNzSf2-Ak
|
| - Live application: https://alexisrondeau.me/algorand-ballet/
|
| - Github repo: https://github.com/akaalias/algorand-ballet
| frozencell wrote:
| > Governments
|
| Specifically U.S. and protectorates right?
| drummer wrote:
| Good luck tracking monero and pirate chain boyzzz
| manholio wrote:
| This is mostly snake oil, perhaps efficient against the dumbest
| of criminals. The newer generation coin laundry service, for
| example Chipmixer, will have pre-funded addresses already waiting
| in the blockchain before the "client" even makes an account. In
| exchange for a deposit in a wallet controlled by Chipmixer, the
| client will receive a set of corresponding private keys that add
| up to the total value being laundered.
|
| You might trace that the coins went into a laundry, but you will
| never associate with the previously laundered coins that the
| client got.
| TobyTheDog123 wrote:
| >Chainalysis software puts the lie to the idea that Bitcoin
| guarantees anonymity.
|
| I, for one, am shocked that moving decentralized currency to a
| centralized service that knows your identity de-anonymizes said
| currency.
| cowtools wrote:
| Almost any use of bitcoin will de-anonymize you through some
| heuristic.
| sampa wrote:
| Almost.
| Canada wrote:
| They help anyone who wants to pay trace crypto. Their product is
| well implemented, and they have skilled and motivated people.
| There are competitors who offer similar, and in my opinion not as
| well done, but for considerably money.
|
| I don't like the way any of these companies encourage authorities
| to impose requirements for KYT, but it's unsurprising.
| wikitopian wrote:
| I hope the feds hunt down and arrest everybody who used multiple
| slurp juices on a single ape.
|
| There's XMR, some interesting little projects like DERO, and a
| vast sea of tokenomic pyramid scheme garbage that governments can
| and should stop.
| mmastrac wrote:
| Context for the joke:
|
| https://www.buzzfeednews.com/article/katienotopoulos/you-can...
| Stamp01 wrote:
| > I hope the feds hunt down and arrest everybody who used
| multiple slurp juices on a single ape.
|
| Can I get this on a t-shirt? I have no idea what it means, but
| it sounds amazing.
| easrng wrote:
| a lotta yall still dont get it. ape holders can use multiple
| slurp juices on a single ape. so if you have 1 astro ape and
| 3 slurp juices you can create 3 new apes. tonight's slurp
| juice mint event is essentially a minting event for both Lab
| Monkes and Special Forces.
| helsinkiandrew wrote:
| https://archive.ph/fxWwT
| yieldcrv wrote:
| > people have the right to financial privacy, but technology
| shouldn't be "warrant-proof."
|
| _people_ aren't warrant proof, the government is just used to a
| brief period of time where they could go to intermediaries
| instead of doing an actual investigation. this is just a
| reversion to the mean.
| jqpabc123 wrote:
| Imagine the outcry if government announced that every transaction
| you ever do will be recorded in a publicly available database.
|
| Bitcoin as it currently exists will never be a replacement for
| fiat --- not even close --- for a multitude of reasons.
| vecio wrote:
| This is a popular layer 2 solution to make Bitcoin anonymous on
| the public blockchain, already handled more than 30M
| transactions.
| https://v2.viewblock.io/mixin/asset/fe6b7788944d328778f98e3e...
| jqpabc123 wrote:
| https://coingeek.com/bitcoin-mixers-are-illegal-and-
| anonymit...
| jcbrand wrote:
| Transactions are moving to layer 2 solutions like the lightning
| network.
|
| Individual lightning transactions are not recorded on the
| blockchain and are not subject to chain analysis.
| cowtools wrote:
| They are not subject to chain analysis, but they are still
| subject to analysis.
| jejeyyy77 wrote:
| by that logic, so is every fiat payment processor, bank,
| what have you.
| cowtools wrote:
| The privacy characteristics of the lightning network are
| probably worse than that of the traditional banking
| system, but this depends on implementations.
| helsinkiandrew wrote:
| But aren't lightning transactions limited to 0.5 BTC?
| thinkmassive wrote:
| No, there was a limit in the early days (0.16777215 BTC for
| channels, 0.04294967 BTC payments) but it's been optimal
| for about two years.
|
| Direct peers are only limited by channel capacity, and the
| biggest nodes (exchanges like Bitfinex) keep 5+ BTC public
| channels (could be much larger unannounced channels).
|
| As far as routing larger payments across the network, the
| Loop service handles 1.2 BTC swaps today:
|
| https://twitter.com/alexbosworth/status/1570189188091514880
| jqpabc123 wrote:
| What prevents lightning network operators from making
| transactions records and details available --- for fun and/or
| profit?
|
| Better yet, what prevents a lightning network operator from
| going rogue and draining your account to fund his retirement
| and then moving to Tonga?
|
| Imagine the outcry if government suddenly announced that all
| your fiat bank transactions will be routed through small,
| unregulated 3rd party operators who can do as they see fit
| with them?
| LN_is_a_scam wrote:
| TimJRobinson wrote:
| What are you talking about? The lightning network is
| permissionless, you open channels with other nodes and then
| you can send funds across them, the other nodes can't take
| your funds.
|
| Unless you mean signing up with strike or some centralized
| service in which case the old adage "not your keys not your
| coins" applies.
| pclmulqdq wrote:
| Lightning is a lot less untraceable than people think.
| Settlement payments on a lightning channel are still
| traceable, and can be matched up. Also, lightning nodes get a
| lot of information about transactions that they don't publish
| to the blockchain, and you can bet that most lightning nodes
| that are around today keep logs. Most of them are run by big
| crypto companies, several of which are US-based.
| jejeyyy77 wrote:
| It's not meant to be "untraceable". But it's fast, and as
| mentioned not a public ledger.
|
| If you want untraceable, you can go out of your way to
| achieve that using something akin to tornado.cash
|
| I think the point is that the technology is already here
| and available - it's just not evenly distributed yet.
| pclmulqdq wrote:
| More people have tried to sell me on the lightning
| network on the basis that it offers privacy and reduces
| net transaction fees than on the basis that it offers
| speed.
| jejeyyy77 wrote:
| It does all those things to different degrees?
| cowtools wrote:
| It is quite difficult to compare the obfuscation features
| of lightning network with that of "conventional" systems
| like cryptonote-style ring signatures. Consider two
| different situations:
|
| A) A user picks the economically best peer to open channels
| with, or chooses peers randomly. Neither of these are sybil
| proof, which basically means you are transmitting your
| requests publicly.
|
| B) A user only opens channels privately within a cohort of
| peers that privately agree not to keep logs, have special
| means of transmitting requests privately, etc.
|
| I would assume that most users follow some of A's heuristic
| and some of B's. To the extent that situation B offers
| privacy, it prevents you from transacting with other users
| globally in a more general sense.
|
| In other words, it is useful as a privacy mechanism only if
| you trust your peers not to keep logs, but don't trust them
| not to double-spend, and also you are not worried about
| guilt-by-association of owning a channel with these peers.
| If you were running some sort of dark net market or
| something, it would be easier to implement some sort of
| (cryptocurrency-backed?) chaumian cash, as you already
| implicitly trust the marketplace's sysadmin to some extent
| (as they can simply MITM your relationships unless you
| establish them by keypairs out-of-band (this is another
| sybil problem), which is probably more dangerous than
| double-spending).
| repomies69 wrote:
| Most of the transactions with Bitcoin happen offchain,
| depending of course how you define "transaction". Definition
| for transaction can be stricter or more lax but for sure it is
| not only onchain transactions.
|
| For example Bitcoin onchain transactions are routinely compared
| to Visa network - fairer comparison would also include
| transactions from lightning network and offchain transactions
| within services.
| unstatusthequo wrote:
| Not just governments. I have it and use it.
| guywithahat wrote:
| Yeah considering in the article he says half of his clients are
| private sector this seems like a bad title. Maybe they meant
| because most revenue comes from government? Hard to say
| kache_ wrote:
| https://en.wikipedia.org/wiki/Ring_signature
|
| sorry, federal government. Keep up
| cowtools wrote:
| As much as I appreciate the sentiment, ring signatures are not
| a perfect solution for sender privacy at the moment given
| current ringsizes.
|
| Almost every cryptocurrency with sender-obfuscation features
| bumps up against "poisoned output" attacks for low enough
| anonymity sets: https://www.youtube.com/watch?v=iABIcsDJKyM
|
| But it is good enough for many purposes. The goal is to provide
| a high level of plausible deniability for the sender.
| gillesjacobs wrote:
| You'll be glad to hear Monero increased its ring-size from 11
| to 16 last month making such attacks less feasible.
|
| I sure was.
___________________________________________________________________
(page generated 2022-09-22 23:02 UTC)