-
br-m
-
br-m
<rbrunner7> Although those are not really attempts to crack the "math". How would you even do that?
-
br-m
<silicon.dystopia:matrix.org> @rbrunner7: i mean who knows
-
br-m
<silicon.dystopia:matrix.org> on paper it might be solid, but the implementation might give cracks to sophisticated attacks
-
br-m
<silicon.dystopia:matrix.org> maybe there are still some signals that are possible to extract
-
br-m
<silicon.dystopia:matrix.org> ig i should be speaking in the past tense- i ofc dont mean any unfixed 'vulnerabilities'. im strictly interested in the past/fixed ones
-
moneromooo
There is a tool in src/blockchain_utilities that attempts to determine which outputs are spent by examining small rings. Ideally, spent status should not be knowable, but historically, the combination of very small rings (1 and 3 members IIRC) allowed chain reactions. While theoretically possible nowadays still, the larger rings used mean the probability of still doing so with modern
-
moneromooo
outputs is vanishingly small.
-
moneromooo
It's not a flaw in the math though, so might not be what you're after.
-
moneromooo
Another one closer to a flaw in the math is the ability to spend an output up to 8 times. AFAIK it was not actually exploited before we patched it.
-
moneromooo
Then there's presumably a lot of private work into probabity theory to break rings, but the people doing that are typically siding with the fash and not us, so that work isn't public.
-
moneromooo
There's an interesting use of change outputs if you're sending regularly to some party. If that party often sees, in a tx sent to them, a recurrence of an output created a change to another output they received earlier, they know there's a fair chance the tx comes from the same party. The same applies if the earlier output is a recent possible-ancestor of the output sent in the newer
-
moneromooo
tx, but probability goes down (rather fast I think) with ancestry depth.
-
moneromooo
All this attack surface is going to go with fcmp. AFAIK the other two layers of monero (stealth addressing and amount commitments) offer no purchase.
-
moneromooo
About implementation side issues, there are a lot of small fingerprinting things that can help group txes probabilistically too, such as "this tx was likely created by version x of monero-wallet-cli", etc. Nothing to do with math though.
-
br-m
<rucknium> @silicon.dystopia:matrix.org: Can you be more specific? Depending on what you mean, there have been a lot of attempts or zero. Do you mean the privacy (and deterministic or probabilistic), counterfeiting and theft protection, network stability, etc.? > <@silicon.dystopia:matrix.org> hi
-
br-m
<milas900:matrix.org> Hello I have a question .. can ai agents exploit the private key on monero on your device ?
-
br-m
<-----0:zano.org> @milas900:matrix.org: yes
-
br-m
<milas900:matrix.org> @-----0:zano.org: Can you elaborate more
-
br-m
<-----0:zano.org> @milas900:matrix.org: no. just don't do it
-
br-m
<-----0:zano.org> haha. joking. yes i will elaborate
-
br-m
<-----0:zano.org> most people recommend running your agents on a standalone set up, to avoid this and other issues
-
br-m
<plowsof:matrix.org> #monero.social:monero.social hardly an MRL topic is it . 'is my hot wallet safe' type of question
-
br-m
<-----0:zano.org> good point
-
br-m
<-----0:zano.org> @milas900:matrix.org: ask in the social lounge
-
br-m
<silicon.dystopia:matrix.org> @rucknium: hiii
-
br-m
<silicon.dystopia:matrix.org> (I'll respond to the earlier messages by moneromoo later when I have a chance to sit down :3)
-
br-m
<silicon.dystopia:matrix.org> honestly I'm deiven by curiosity; dont have any goal in mind[... more lines follow, see
mrelay.p2pool.observer/e/gKHmyvwKb0pRYjJl ]
-
br-m
<silicon.dystopia:matrix.org> probabilistic is also good tho
-
br-m
-
br-m
<rucknium> Here is an example of what happens if you don't implement Monero's cryptography correctly:
github.com/kayabaNerve/zephyr-verify-bulletproofs
-
br-m
<rucknium> Check out
moneroresearch.info too
-
br-m