Progress Report on OSPEAD: Fortifying Monero Against Statistical Attack

Progress Report on OSPEAD: Fortifying Monero Against Statistical Attack

I have submitted an 84-page document to the OSPEAD review panel (ArticMine, hyc, and isthmus) that explains a method to greatly improve Monero's decoy selection algorithm.

I made this myself 🙂

Developing a method to directly mimic the real spend age distribution using only the fully anonymized data on the Monero blockchain has been on the Monero Research Lab's agenda almost since the beginning of Monero. MRL Research Bulletin #4, released in January 2015:

However, in practice, given a certain transaction output, an attacker may model the cumulative probability that the output has already been spent as an increasing function of time….One solution to this problem is to determine a non-uniform method of choosing transaction outputs for ring signatures; choose transaction outputs based on their age such that the probability that these outputs are chosen for a ring signature is inversely related to the probability that they have been spent already. This would suggest that we, the developers of Monero, must estimate the probability distribution governing the age of transaction outputs.

Until now, there has been no feasible way to estimate the probability distribution governing the age of transaction outputs. Yet generating such an estimate and implementing it in Monero's decoy selection algorithm is critical for minimizing probabilistic analysis of Monero's ring signatures.

Don't understand what the issue with timing analysis of Monero transactions? I'm releasing a PDF that explains the issue in (hopefully) simple terms and presents the solution. It then moves into more technical discussion for those who want to dig into the details.

Probabilistic timing analysis is probably only relevant for Monero users with extreme threat models. But we want to build Monero to the highest standard possible. OSPEAD is designed to minimize the usefulness of timing analysis for enemies of privacy.

C++ Programming Support for OSPEAD (Fundraiser)

The OSPEAD CSS proposal, external to its own funding scope, requested Monero's C++ developers to help with certain tasks that I, a non-C++ programmer, cannot do. The MAGIC Monero Fund has decided to host a fundraiser for u/mjxmr to perform these tasks on the new website: https://monerofund.org/projects/statistical_attack_reduction . We hope that the Monero community will support this effort through donations in XMR, BTC, and/or fiat.

The list of tasks includes:

  1. Develop a method to identify which Monero transactions were created by the MyMonero wallet software, based on differences in the way that MyMonero calculates transaction fees. Isolation of these transactions will help reveal "anonymity puddles" in the blockchain and improve understanding of the ecosystem of decoy selection algorithms.
  2. Create a formal specification of the MyMonero decoy selection algorithm as a probability density function. A similar analysis has already been performed for the wallet2 C++ code, which most wallet software use to create Monero transactions.
  3. Program a fast C++ implementation of a statistical procedure that estimates Monero's real spend age distribution. The estimate will be used to set a new decoy selection algorithm so that real spends and decoys are harder to distinguish.
  4. Adaptation of tsqsim time series forecast analyzer software for performance evaluation of alternative decoy selection algorithms. The real spend age distribution is a constantly moving target.

Note: I sit on the MAGIC Monero Fund committee, but I recused myself from the vote on the fundraising host proposal.

submitted by /u/Rucknium
[link] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *