Hacker News new | past | comments | ask | show | jobs | submit login

I don't know why you are being down voted, since you said exactly what I was alluding to. Monero's ring signature traceability is very hard to analyze. Even if the ring signature is not broken in a cryptographic sense, transactions can still be linked by the other fingerprints they leave, or by wide spectrum analysis.

It's a bit like a game of sudoku. A mixin input could have 4 different coins, and technically you can't be certain from the signature which is the real input. But in reality you can do downstream or source analysis and come up with probabilities for whether the prior transactions were authored by the same wallet, or associate with other keys used by other mixin inputs. Every little bit adds to the probability of two addresses being linked, and it really doesn't take many bits of information to confirm or eliminate mixin inputs as being real or fake.

This is notably different from how ZeroCoin operates, where the anonymity set is everyone and it is fully untraceable. However ZeroCoin has problems with respect to performance and deployment :\




You also forget Confidential Transactions. How can you do any kind of useful downstream or source analysis when you don't know the amounts and you have stealth addresses? Also you can have huge amount of mixins which use the total pool of TXs ever done.

It's the same as RSA4096, in theory you could bruteforce eventually crack a key, but in reality it's not a viable attack.

You're just saying abstract things without backing them up with details. Also Zcoin has scaling issues with TXs being 50x of Zcash (another Zerocoin-based implementation)


There are more ways of linking transactions than just values. I enumerated some of them in my comment.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: