this post was submitted on 23 Oct 2023
48 points (100.0% liked)

Technology

37750 readers
240 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

New California law limits cash to crypto at ATM machines at $1000 per day per person and also the fees that can be imposed by the machines.

The industry says this will hurt the business, hinting that they're profiting from the lack of KYC policies

I don't see any legitimate use from those machines. Who would have a legit need to exchange $15k from cash to crypto at 33% fees????

you are viewing a single comment's thread
view the rest of the comments
[–] megopie@beehaw.org 5 points 1 year ago (2 children)

If it is a block chain, that records transactions to specific wallets, then those wallets can be linked to an individual.

[–] jet@hackertalks.com 3 points 1 year ago* (last edited 1 year ago) (1 children)

Monero works hard to make sure that wallet contents and transactions are private.

https://www.getmonero.org/get-started/what-is-monero/

The sender, receiver, and amount of every single transaction are hidden through the use of three important technologies: Stealth Addresses, Ring Signatures, and RingCT.

Because every transaction is private, Monero cannot be traced. This makes it a true, fungible currency. Merchants and individuals accepting Monero do not need to worry about blacklisted or tainted coins.

[–] megopie@beehaw.org 2 points 1 year ago (1 children)

Can the block chain of the system be viewed by anyone? Is the wallet ID listed on the blocks?

It doesn’t matter how many fancy protocols are thrown up. If the history of the block chain is viewable and verifiable, then the history of transactions can be tracked to a wallet. Thus it is not truly anonymous.

[–] jet@hackertalks.com 4 points 1 year ago* (last edited 1 year ago) (1 children)

Yes, no.

The IRS currently has a $600,000 Bounty for anyone who can deanonymize monero transactions.

That money is yours, just show us the way.

The wiki explains it better than I ever could, even have animations wiki

The transaction outputs, or notes, of users sending Monero are obfuscated through ring signatures, which groups a sender's outputs with other decoy outputs.[12] Encryption of transaction amounts began in 2017 with the implementation of ring confidential transactions (RingCTs).[6][13] Developers also implemented a zero-knowledge proof method, "Bulletproofs", which guarantee a transaction occurred without revealing its value.[14]

[–] megopie@beehaw.org 2 points 1 year ago (1 children)

You did not answer my question, is the history of transaction on a block chain? Are the transactions listed to wallets?

Yes or no?

[–] jet@hackertalks.com 2 points 1 year ago* (last edited 1 year ago) (1 children)

Yes to your first question no to your second.

The ledger is open in public and verifiable.

The wallet IDs involved in transactions are not including the transaction amounts. I'll reference you to the wiki.

I'm not a mathematician, I'm not a cryptographer, so I cannot defend the mathematics with you. I referenced the bounty to indicate that the problem has not been solved. I referenced the Wikipedia for more details. If you want to ask them specific questions about the protocol, you can join the matrix conversation, or even the Reddit community is pretty active.

[–] megopie@beehaw.org 2 points 1 year ago (1 children)

So, all transactions are listed on a ledger? That is publicly accessible?

Then it is not anonymous. Flat out.

[–] jet@hackertalks.com 3 points 1 year ago (1 children)

Verifying a transaction exists, and verifying that the transaction occurred is not the same as making the destination address, and the amount public.

This goes into the crypto note bulletproof proofs. Kind of like homomorphic encryption, I don't have to trust a third party to do cryptographic operations, as long as they don't have the key they can do the cryptographic operations and I can trust the outputs.

[–] megopie@beehaw.org 2 points 1 year ago (1 children)

All it takes is one transaction on a wallet to be concretely connected to you and then every pervious transaction is clearly linked back to you. And that link does not have to be digital, it can be as simple as you being found in person with an item purchase through the system.

The strength of the encryption and cleverness of the protocols with in the system are irrelevant if there is a public list of transactions.

[–] jet@hackertalks.com 2 points 1 year ago* (last edited 1 year ago) (1 children)

In your scenario that's not true. If you reveal yourself in the transaction. That reveals that transaction.

But using just that data in the public ledger, does not reveal your transaction history

This is due to the crypto note architecture, and their use of bulletproofs. Every transaction is verifiable, but the outputs and inputs of that transaction are not.

That being said, if you give up The wallet private read key, then somebody could use that Read key and go through the public ledger and find your transactions. But that's not publicly available, that private read key is yours, you don't give that up. Even if you accidentally tell people this transaction is yours

[–] megopie@beehaw.org 2 points 1 year ago* (last edited 1 year ago) (1 children)

The way the value of a wallet is calculated is by the sum of previous transactions. For a transaction to be verified, previous transactions must be summed to show a positive balance larger than the payment. That means all previous transactions made by that wallet are publicly available and linkable.

If they were not, then there would be no way to verify that your wallet had enough value to make a transaction.

If all transactions are linkable to a wallet, than one real world link can be used to link all previous transactions.

Ergo, not anonymous.

[–] jet@hackertalks.com 2 points 1 year ago (1 children)

https://www.getmonero.org/library/Zero-to-Monero-2-0-0.pdf

Chapter 5 page 43. Address how amounts are hidden. Commitments, and range proofs, but ring CT is the thing you really care about - The main mechanism by which transaction amounts and spend limits are verified.

Ring CTs, range proofs both rely on bulletproofs.

The zero to monero document references the bulletproofs, but does not go through the math and that document. If you want to also verify the bulletproof math here's the bulletproof paper https://eprint.iacr.org/2017/1066.pdf

[–] megopie@beehaw.org 2 points 1 year ago (2 children)

All transactions are listed on the chain. All transactions can be linked to a wallet to prove the liquidity of the wallet.

Therefore all previous transactions made by a wallet are public record.

Not, anonymous.

[–] jet@hackertalks.com 3 points 1 year ago* (last edited 1 year ago)

The whole point of range proofs, and bulletproofs, is the ability to prove a transaction is balanced, without revealing the transaction history.

Ring CT, and key images, prevent double spend and prevents transaction history from being public.

I've given you the reference documents. If you'd like to read those documents and then discuss the details with me I will engage you in a reading group no problem.

But just repeating the same point back at me without reading what I've indicated or even acknowledging what I've said isn't productive for either of us.

I want to thank you, however, I've been meaning to go through all of the paperwork on monero. And this gave me an opportunity to do so.

[–] t3rmit3@beehaw.org 2 points 1 year ago* (last edited 1 year ago)

You are hinging the claim of non-anonymity on a previous transaction on the wallet having linked a real-world person to the wallet, but that is not a given. Additionally, you could simply use a new wallet for each transaction to avoid (or at least massively minimize) this.

I don't like cryptocurrency, but your claim is kinda like saying that TLS between you and your bank is not secure because I shoulder-surfed you. That's not a failure of TLS (or in this case, their anonymization system), it's a failure of your own privacy practices.

[–] jarfil@beehaw.org 2 points 1 year ago* (last edited 1 year ago)

records transactions to specific wallets

First, that's not how crypto blockchains work. A "wallet" holds the private key to a bunch of possible addresses (2^128^ for Bitcoin, or something around that, arguably up to 2^160^, or technically infinity, depending how you look at it), there is no way to know whether two addresses belong to the same "wallet" until they get spent (transactions signed by the same key), and transactions get recorded between specific addresses, not wallets.

In an ideal world, people would never use the same address twice, always creating a new one... but people gonna people, so they started reusing addresses, publishing them along their personal data and photos on the web, shoving all that data into the hands of exchanges, and stuff like that. Bye-bye anonymity, hello traceable pseudonymity.

Still, fungibility means an address can receive coins from multiple others, then send them on without marking where each came from, so the more times coins get fused and split across more addresses and transactions, the harder it is to prove a given amount came from a given address some transactions away.


Monero takes that a few steps farther, and forces every user to use crypto as it was originally intended:

  • all on-chain addresses are single-use only, they can't be reused neither for receiving nor sending
  • every time someone sends coins, they get some single-use address/es (where they received some coins) and sign it with their own key, plus 15 "decoy keys" picked from among other ones on the chain, then sends that as a new transaction
  • the amount being sent is encrypted, so only the sender and receiver can see it
  • some mathematical magic goes on to avoid spending from already spent addresses, and prove to everyone that the transaction is "more than 0" without revealing by how much more

Meaning:

  • Only the wallet owner can track which addresses their wallet used
  • Someone tracking transactions, has to choose between several (16) possible source wallets for every address spent in a transaction, only one of them being the real one, and can't know how much has been transferred to some target addresses, or whose wallet they belong to

You can check that here:

https://localmonero.co/blocks/

Pick any block, any transaction, try figuring out who had control over the coins before the transaction, what is the target's balance, or even how much got sent to where.

If a single address gets de-anonymized:

  • the incoming transaction says nothing about how much was sent to it, and casts serious doubt about which wallets were the real ones that actually authorized it
  • if there is an outgoing transaction, an attacker can only know whether the address got spent or not, they can't know whether, or which one of the other transactions on the blockchain used it as the real source, or as one of its 15 decoys

If a whole wallet gets captured and de-anonymized:

  • an attacker can see all its associated addresses, with all the associated transactions, and how much was sent in each one, but still can't be sure where exactly did the funds come from (the uncertainty increases 16-fold with each transactions)
  • a separate key is used for outgoing transactions, but it only allows seeing how much was spent vs. sent back to an address controlled by the wallet