How This Monero Bug Could Impact User Privacy
July 27 2021 - 2:00PM
NEWSBTC
A “significant” decoy selection bug has been reported for Monero
via the project’s official Twitter handle. According to the
investigation, carried out by software developer Justin Berman, the
bug “may impact your transaction’s privacy” during a brief window
of time after funds have been received. If users spend funds
immediately following the lock time in the first 2 blocks allowable
by consensus rules (~20 minutes after receiving funds), then there
is a good probability that the output can be identified as the true
spend. Monero Research Lab clarified that the data at risk of
exposure is related to addresses or transactions amounts, the funds
themself are “Never at risk of being stolen”. Since the report was
published around 10 hours ago, the bug has persisted in the
“official wallet code”. In order to mitigate the bug, users can
wait 1 hour before spending funds after receiving them. Developers
are currently working on a wallet software update. This won’t need
to be implemented via a Hard Fork. The Monero Research Lab and
Monero developers take this matter very seriously. We will provide
an update when wallet fixes are available. A Potential Fix For The
Monero Decoy Selection Bug On the Monero Project GitHub repository,
Berman made a detailed explanation of the bug. He revealed that his
investigation was run by core developers before it was published.
He clarified that the decoy selection mechanism that affects the
software wallet has “0 change of selecting extremely recent outputs
as decoys”. Thus, why users can mitigate the bug by spending their
funds after a while. As the developer clarified, the algorithm
introduces 10 “decoys” into a Monero ring, later, it hides the real
output. The selection mechanism has almost 0 chance of selecting a
decoy with less than 100 outputs, but still, the probability is
there: The fact that there is still a chance to select a decoy with
output index <100 is thanks to this part of the algorithm which
takes the output_index determined by exp(x), finds the block it’s
in, and then randomly selects an output from that block. So outputs
from blocks that have >100 outputs have a chance at being
selected as decoys. Although it is still under development, Berman
believes that the solution for the Monero bug will require a
modification to the decoy selection mechanism. This could
potentially impact the uniformity of the transactions if they are
processed by a node without the update versus the way update nodes
will construct rings, the developer said. The fix I’m leaning
toward at the moment is that the algorithm is off by 1 block,
meaning that the paper’s observed gamma distribution simply plotted
observed spents. At a block time of 120 seconds, you would expect
next to 0 outputs to be spent in less than 120 seconds, which the
paper’s recommended gamma distribution seems to corroborate. At the
time of writing, Monero (XMR) trades at $220.95 with a 16.1% profit
in the weekly chart. XMR follows the general market sentiment
moving sideways after a significant push to the upside during the
weekend.
Monero (COIN:XMRUSD)
Historical Stock Chart
From Aug 2024 to Sep 2024
Monero (COIN:XMRUSD)
Historical Stock Chart
From Sep 2023 to Sep 2024