Does anyone have any good resources on how decoy addresses are chosen? I'm specifically trying to determine why the following scenario isn't possible.

I'm assuming decoy's are chosen based on a specific algorithm and that it could be used to determine the probability a specific output will be used as a decoy. From there, would it be possible to determine the expected time between occurrences when a specific output would appear in ring signatures? Could you look at the time between occurrences to determine if the time is unlikely compared to the expected value (too short of a time) and from there determine that one of those two outputs is real and not a decoy?

As a simplified example, if the decoy's were chosen randomly with every output having an equal probability (which I know they're not), then you would expect the average time between when a specific output appears in a ring signature to slowly decrease over time inversely proportional to the number of outputs – which would be increasing. The expected time between occurrences would have a normal distribution and you could determine if the real time between two occurrences was statistically unlikely. I understand that the decoys are not chosen completely randomly with an equal likelihood of being chosen. Could you do the same type of analysis with the algorithm that is used?

The scenario I am trying to wrap my head around is if you were to purchase xmr off a KYC exchange, the exchange would know what output it sent the xmr to, after it left the exchange. Could an analysis be done to determine the possible likely chains that could occur from this initial output by looking first at this specific output's time between ring signatures. If two occurrences are determined to be too close together, then the new outputs in those transactions could also be looked at, and so on? I understand this would quickly require a lot of computing power as the number of outputs you would need to consider would grow by the power of 2, but what is the average number of transactions after a coin leaves an exchange? It seems to me most people would transfer into their wallet and then move them maybe once or twice before spending them so the chain may not be that long. If later on, someone wanted to determine how xmr arrived at a specific address they could check if the address appeared on the chain that started from the exchange. You wouldn't be able to determine where along the chain the xmr changed hands but you could work you way along starting with the customer that provided their KYC info to the exchange.

I understand there was an issue a while back dealing with a bug in the decoy algorithm but that had to do with looking at a specific transaction to determine the real output. I am wondering if you can look at a specific output and determine it's path based on the time between occurrences in ring signatures.

submitted by /u/No-Reputation3807

[link] [comments]