Always happy to get a tip!

  • 1 Post
  • 7 Comments
Joined 23 days ago
cake
Cake day: October 7th, 2024

help-circle


  • Just watched the 3 available episodes.

    Quite impressed with the quality so far, and really excited for you to make more episodes!

    This is a very nice continuation to Breaking Monero, nicely updated to the current times.

    Hopefully it will not stop without closure like Breaking Monero though, all my luck to you! Keep up the good work :)



  • I didn’t know the protocol tried to use every output in around 16 transactions. I know about the 16 ring size, but I didn’t know it also tried to use each output 16 times. If so, that is very smart and interesting. You learn something new every day!

    The idea of sweeping them and then churning the merged output is also smart.

    Oh well I guess we just have to wait for FCMP++ where theoretically all this will be no longer relevant :)

    I remember watching the breaking monero series, when it was mentioned that (paraphrasing) “Rings are what give security to Monero but I really hope we get rid of them”… That time is finally getting closer :)


  • I think there is one very good usecase for churning though.

    And before anything, yes I know that one should not use CEX but in some cases it is just much more convenient. Although I am now starting to use Haveno, I get not everyone is up to it, and CEX is just plain easier.

    Imagine the following scenario:

    I buy a shitcoin over at a KYC’d CEX.

    I send that coin to a centralized swap, or trade it with a compromised person, in exchange of XMR.

    Lets say I repeatedly do that procedure with the same person or CEX. Then I end with multiple “small” outputs on my wallet, all from the same entity. Let’s say for example 10 outputs of 0.1 XMR, which all have been sent to me by the same entity.

    Now I want to buy something that costs 1 XMR. I need to use my 10 existing outputs. I make a transaction that takes 10 inputs and 2 outputs (what I buy + change). The transaction has 10 inputs, and all of those inputs have a ring, where one of the members of each ring is an output controlled by the compromised entity.

    The likelihood of someone making a transaction with 10 inputs, where those 10 inputs happen to contain a member in the ring that was sent by that specific exchange and that is linkable to my identity is near zero, unless it is me who is spending those 10 outputs.

    Therefore, the person that sent me those 10 outputs can make a very well educated guess that it was me who bought that item for 1 XMR.

    This “vulnerability” is actually talked about in the Breaking Monero series, and as far as I know, it will be solved when FCMP++ comes, since we will get rid of rings altogether.

    However let’s say I do one step of churning with all those outputs without mixing them with eachother. That is, I send to myself 10 transactions of 0.1 XMR, so I just “forward” each output to myself once, without making any transaction that contains two poisoned inputs at the same time.

    Then I will still end up with 10 outputs of 0.1 XMR, but all the “poisoned” outputs are present in different and unlinkable transactions, and the negative actor does not know whether they are truly spent or not.

    Then I can actually join those 10 outputs into one 1XMR transaction safely, knowing that I am the only person who knows where those 10 outputs come from.

    Am I wrong in this thought process?