Broken Privacy? The Allegations Against Monero Are Old News

Nothing spreads faster than FUD.

Case in point, a new research paper has sparked panic across the monero community in that it alleges the privacy-oriented cryptocurrency is not so private. Yet, while the findings are genuine, the media aftermath ignores that much of the research in question was originally published in 2017, and the vulnerability it highlights was resolved with monero's September 2017 hard fork upgrade.

Titled "An Empirical Analysis of Linkability in the Monero Blockchain," the 2017 paper, written by Andrew Miller, Malte Moser, Kevin Lee and Arvind Narayanan, highlighted how ring signatures could cause types of linkability that could, in turn, cause users to be identified. According to the paper, up to 62% of transactions up until February 2017 were linkable.

Accompanied by a website that allowed users to check whether their transactions could be linked, the release of the original paper sent shock waves throughout the community.

The paper was heavily scrutinized by the monero team, who wrote that the study came with some significant oversights, including a failure to mention that many of the exploits had already been documented.

But the damage had been done, and so monero developers moved to make RingCT, a confidential signatures technology, mandatory (where they were optional before) through the September hard fork.

Now, in the newly released version of the paper – which at least speaks to monero's work to secure its systems – authored by a larger team, the findings related to the loss of privacy remain unchanged, even though the vulnerability has since been resolved.

“The monero project would like to remind everyone that the largest vulnerability in this paper was noted over two years before, was mitigated over a year before and was nearly completely resolved before the first version of the paper was published,”Justin Ehrenhofer, a developer that goes by the name SamsungGalaxyPlayer, wrote in a statement.

Yet, the news has spread like wild fire across social media and mainstream media outlets, this week, leading to bitter in-fighting on many privacy-focussed channels.

A post on a dedicated forum on social media site Hacker News called the team “irresponsible and reckless,” citing the failure of monero to educate its users on the privacy threats to the cryptocurrency. Articles in Wired, Naked Security, Slashdot and on security researcher Bruce Schneier's blog echoed similar sentiments, warning users that monero comes with dangerous security risks, a traceability that could extend into future transactions as well.

Sarang Noether, a pseudonymous cryptographer at Monero Research Lab, told CoinDesk:

“They don't seem to acknowledge that there was an earlier version of this at all.”

Misplaced timelines

What is particularly frustrating to monero developers about the update to the paper is that while it depicts the cryptocurrency in a more positive light, the timelines its using to prove the past linkability problem don't explain the full story.

For instance, because the most recent analysis only takes into account monero since April of last year, it doesn't take into consideration the full effectiveness of RingCT, which monero developers said almost completely reduced the instance of linked transactions. And it's upcoming hard fork is likely to eliminate those instances altogether.

Plus, in a statement, monero developers emphasized that the algorithm deployed by the paper's research team was outdated, an oversight that could have falsified certain results.

Speaking to the misleading nature of the paper, monero core developer Gingeropolous wrote:

”[Article] Should read: Cryptonote is less untraceable than it seems, so monero has been altruistically making improvements.’”

Yet, even with less technical members of the cryptocurrency community worried, several members of the Monero Research Lab said the paper was better than the original in that it mentioned the adoption of RingCT.

“It's a much better paper now than it was, it actually mentions RingCT, our confidential transaction scheme. The graphs tell a pretty fair story, and it's obvious that monero's privacy is improving just by eyeballing the paper,” Surae Noether, monero mathematician, said.

New mitigations

And on top of that, the paper comes with some fresh insights, namely an analysis of monero's public mining pools.

In response to last year's paper, the monero team recommended that more research be done into the identification of transactions originating from public mining pools. And in this update of the paper, the authors moved to provide that research.

“This is the first time I am aware of that the proportion of pool transactions have been estimated,” Ehrenhofer said.

The paper also includes a discussion on monero’s usage in crime, particularly its use for payments on darknet market Alphabay. A source told CoinDesk this research was intended to emphasize the importance of privacy robustness for sensitive transactions.

As such, the paper concludes with a number of recommendations for improving monero going forward.

For one, a new algorithm is suggested that could reinforce the cryptocurrency’s ring signature scheme. There’s also a new “mixin” method for sampling random inputs in ring signatures. Further methods of instilling the utmost privacy include avoiding payouts from public pools and more carefully informing users that transactions prior to early 2017 are vulnerable to tracing analysis.

Indeed, the new research is useful for the cryptocurrency.

"It's important to keep in mind that this isn't some issue on which we're throwing up our hands and saying 'oh well, this is life from now on,'" Sarang Noether wrote on reddit. "I personally look forward to the day when we have the math to move past ring signatures altogether to a more complete sender anonymity set."

Echoing this, Ehrenhofer wrote in a statement:

"The monero project is thankful to have many of the world's top researchers evaluating the effectiveness of monero's ring signatures."

Newspapers image via Shutterstock