18:51:39 <needmoney90> https://pastebin.com/raw/ZMtQAE0k
18:51:44 <needmoney90> sarang :D
18:52:18 <sarang> -_____-
18:52:28 <needmoney90> ur a wizard
18:52:42 <needmoney90> casting math spells
18:52:45 <needmoney90> on the evil ciphertrace demon
18:53:16 <sarang> They aren't demons!
18:53:28 <sarang> Just applying very well-known simple techniques in a FancyTool (tm)
18:53:29 <thrmo> tiny imps?
19:00:04 <ErCiccione[m]> Chainanalysis company that aims to sell survelliance tools to governments? I think the evil demon is appropriate :)
19:02:58 <needmoney90> The banality of evil and all
19:03:24 <thrmo> so you're saying that they're soon going to be guarding concentration camps?
19:03:35 <sarang> If anything, I'm disappointed they aren't doing more interesting math
19:04:23 <needmoney90> Nah, just that dutifully carrying out government directives without introspection as to the end results/world those directives bring into existence can cause people to be evil without realizing it.
19:04:30 <needmoney90> The lack of introspection is the big part
19:04:34 <thrmo> I for one I'm thankful they're not doing more interesting math
19:04:35 <thrmo> lol
19:05:04 <thrmo> I was joking needchainalasys90
19:05:24 <needmoney90> I wasn't trying to make an explicit reference to the nazis, but yeah, that's where the quote is from
19:06:02 <needmoney90> Whoops, sorry to OT in -lab
19:06:12 <ErCiccione[m]> needmoney: 100% agree. People often confuse "right" with "legal"
19:07:14 <sarang> Oooof
19:07:21 <xmrmatterbridge> <nik> Time to increase ring size ?
19:07:25 <sarang> Yeah, anything not research-related, please take elsewhere
19:07:34 <sarang> Ring size? Not marginally IMO
19:07:58 <sarang> If the r/Monero example is to be believed, this is about wallet behavior related to output management
19:08:02 <sarang> not ring size
19:12:45 <xmrmatterbridge> <nik> So a churn or two in between would make it pretty much untraceable?
19:13:50 <dEBRUYNE> We also have to differentiate between active and passive here
19:14:05 <dEBRUYNE> Presumably, the observer here knows that the two outputs belong to the entity
19:14:17 <dEBRUYNE> Which is, as a passive observer normally, quite difficult (if not impossible) to discover
19:15:09 <sarang> Yes, but some (like knaccc) would argue that an exchange breach basically makes every adversary "active" in this way
19:15:21 <sarang> I'm not sure what I think about this particular threat model
19:16:17 <sarang> Absent that, the information presented so far suggests this is in _no way_ generalizable to transactions where prior merges are not suspected
19:16:28 <sarang> However, research on merge distributions is active and ongoing
19:23:09 <gingeropolous> nonsense! ringsize a bajillion!
19:23:58 <sarang> Well, IMO there's a big difference between marginal increases and order-of-magnitude increases
19:24:17 <sarang> OoM increases can certainly help to diffuse certain merge analyses, depending on the setup
19:24:36 <sarang> Repeated controlled spends? That's a different story that's very hard to mitigate with this type of protocol
19:24:57 <knaccc> or easy with subaddress-tagging :)
19:26:48 <needmoney90> Sarang I kinda disagree a little bit
19:27:01 <needmoney90> If we look at the number of recent txes that get included in a ring
19:27:11 <needmoney90> It's a fraction of the total
19:27:32 <needmoney90> Idk, we could prioritize increasing that part
19:27:35 <needmoney90> Over historical txes
19:27:41 <needmoney90> It makes churn more effective
19:27:45 <sarang> A lot of this depends on the metrics/methods you're using, and how you threshold them
19:28:04 <sarang> and at some point it becomes a cat-and-mouse game
19:29:19 <sarang> Additionally, a lot of this depends on how CipherTrace presents the results of their tools to their customers
19:29:32 <sarang> In any kind of CoinJoin-type operation, _every_ input was involved in the signature
19:30:06 <sarang> Even in a merge analysis, there is _no_ guarantee that any particular input signed (assuming no set-theoretic analysis, which no longer applies)
19:30:16 <sarang> The most this does is say "eh, maybe this input"
19:30:31 <sarang> and then you hope you can identify the entity via some exchange KYC or something
19:30:37 <sarang> This whole process is quite subtle
19:35:02 <midipoet> I think we should make a churn wallet
19:36:06 <needmoney90> or a mixer
19:36:25 <sethsimmons> Monero Mixer
19:36:26 <sethsimmons> :O
19:36:33 <midipoet> No just a wallet. Which a churn button
19:36:44 <needmoney90> I've suggested a mixer multiple times, jokingly and not, over the years lol
19:36:44 <midipoet> me2me
19:37:02 <sarang> The algorithms for a Monero mixer are trickier than you might expect
19:37:04 <midipoet> *with a churn button
19:37:09 <sarang> I assure you, we've examined them carefully
19:37:16 <needmoney90> "The negligible improvement to your privacy that you never knew you needed, and probably don't"
19:38:08 <needmoney90> ok, so, get me, what if we make stake-incentivized "master" nodes that facilitate the mixing process
19:38:39 <needmoney90> 🙃
20:06:35 <knaccc> sarang whoa, i just checked out the forward-in-time references to a particular output, and the number of txs that references the original output directly or indirectly absolutely explodes! this is fantastic news!
20:07:03 <knaccc> i took an output in block 2159385 and searched for all txs that either directly or indirectly referenced it
20:07:04 <sarang> ?
20:07:08 <sarang> go on
20:07:26 <knaccc> and 313532 of 333463 txs referenced it directly or indirectly
20:07:37 <sarang> Which tool did you use for this (for verifying)
20:08:03 <knaccc> i have java stuff i've been working on, it's a mess but i'm cleaning it up so it can be released
20:08:07 <sarang> righto
20:08:17 <sarang> How old was that output?
20:08:21 <knaccc> i hope i don't have a bug, cos that is a very encouraging finding
20:08:24 <sarang> Relative to the search space
20:08:35 <sarang> And at what block did you stop searching forward?
20:08:50 <knaccc> 2020-08-07 onwards, block 2159385
20:09:01 <needmoney90> knaccc we kinda worked out most of the bugs didn't we
20:09:01 <knaccc> i stopped at the most recent block in monerod
20:09:19 <sarang> What was that block height, just to be clear?
20:09:25 <sarang> For verifying later
20:09:30 <knaccc> yeah big time, needmoney90 helped me work through the issues with his challenge
20:09:48 <sech1> what do you mean by "indirectly"? How many hops to this tx?
20:09:54 <knaccc> i'll check
20:10:09 <needmoney90> I assume it means "There is a path from this % of all txes to this particular output"
20:10:30 <needmoney90> looks like 94%
20:10:30 <knaccc> yes, you start with one output, and going forward find all outputs that reference that output and add it to the list of observed outputs
20:10:42 <knaccc> and then you keep going forward and looking for references
20:10:52 <needmoney90> so, if you have a 'tainted' output, 94% of the time, after that many blocks, it will be implicated in a given tx
20:11:05 <knaccc> essentially this means you can churn two outputs independently of one another, then combine later, and that later combination won't be noticable at all
20:11:13 <needmoney90> ehhhh
20:11:37 <needmoney90> huh
20:11:38 <needmoney90> actually
20:11:39 <needmoney90> yes
20:11:51 <needmoney90> even with 5 combined txes thats 73% absolute probability
20:11:58 <sech1> not surprising as this process gives 11 outputs after 1 hop, 121 after 2 hops and so on. 11^N quickly overwhelms the real number of outputs on the blockchain
20:12:12 <sech1> so they all get covered (almost)
20:12:15 <knaccc> sech1 this is going forwards not backwards
20:12:31 <sech1> direction doesn't matter, you're dealing with exponent growth here
20:12:32 <knaccc> and i was worried it might not be great if chains of outputs were not as long as we'd want
20:12:48 <sarang> I am interested to know what metrics CT use in their FancyTool(tm) for this, and how they present to their clients
20:12:53 <knaccc> yeah but if outputs don't keep appearing in long chains it breaks down when going forward
20:14:28 <knaccc> sarang: starting output id 19572539 in block 2159385, ending block 2176676, 313532 of 333463 txs directly or indirectly reference the original output
20:15:05 <sarang> thanks
20:15:14 <sarang> good to have this info on record for later checks
20:15:50 <sech1> this is what's expected from a good decoy selection algorithm, right?
20:16:39 <knaccc> well the decoy selection isn't actively trying to create chains, but it just works out well that it does
20:16:47 <needmoney90> ehhhh
20:16:53 <needmoney90> our distribution heavily selects for recent outputs
20:17:06 <needmoney90> If thats not "actively trying to create chains", its pretty darn close
20:17:39 <sech1> yes, recent output are selected more often, but this is in line with real usage (outputs are often spent after 1-2 days)
20:17:49 <sech1> so chains occur naturally with this selection
20:17:50 <knaccc> needmoney90 good point, i agree
20:18:19 <sarang> "good selection algorithm" depends on your criteria
20:18:27 <sarang> it turns out that not following spend patterns is bad
20:18:32 <sarang> just straight-up bad
20:18:35 <knaccc> sarang check this out: https://paste.debian.net/plain/1162052
20:18:37 <sarang> controlling for other heuristics can get tricky
20:18:54 <sarang> Any questions I should ask of CipherTrace's CEO in an interview today?
20:19:29 <sech1> I mean good selection = breaks all known heuristics (so far)
20:19:51 <sarang> I don't think "breaking all known heuristics" is uniformly possible
20:19:56 <sarang> Some are at odds
20:20:40 <moneromooo> "Why do you think people 30 years ago were aghast at the mass spying behind the iron curtain, but are clamouring for it now ?"
20:21:06 <sech1> well, at least if it doesn't break some heuristics, they can only reduce 11 to 7-8 or so if it's good
20:21:08 <needmoney90> Thoughts on china's new social ID program? :p
20:21:19 <knaccc> sarang also: https://paste.debian.net/plain/1162053
20:21:36 <needmoney90> I'm curious if ciphertrace supports privacy or intends to subvert it. If they keep any developed tools private, their intention is obviously to use them until we figure it out. If they publish their research in good faith, we can react to it.
20:22:49 <sarang> knaccc: https://usercontent.irccloud-cdn.com/file/WKRPTMCB/4ddng5.jpg
20:22:53 <ErCiccione[m]> Any questions I should ask of CipherTrace's CEO in an interview today? -> sarang instead of asking if they spammed transactions for their analysis i would ask if the transactions they analyzed were organic or created ad hoc.
20:23:13 <knaccc> :)
20:23:18 <sarang> ErCiccione[m]: yep
20:23:22 <ErCiccione[m]> So to avoid giving them the possibility to give a "safe" answer :)
20:23:23 <sarang> already have a set of questions for that
20:23:37 <sarang> I'm going to assume PR answers
20:23:44 <knaccc> what time is the interview?
20:24:15 <sarang> It's not live, but starts in ~30 min
20:24:24 <ErCiccione[m]> great. Yeah, that's what i expect, hopefully that won't be 100% the case. I would be happy with only few straight answers
20:24:58 <sarang> Yeah, I'm setting my expectations low and hoping to be pleasantly surprised
20:25:08 <moneromooo> Actually more than 30 years ago now. Wheee.
20:25:44 <knaccc> obviously ask what monero could do to totally destroy their ability to trace txs and get their contract cancelled
20:25:45 <moneromooo> Maybe that's why. People don't remember things before they were born and can't be arsed reading about history.
20:29:05 <moneromooo> "Did your grandfather fight in WWII against oppression ?"
20:29:51 * moneromooo going straight for the over the top
20:29:58 <sarang> o_0
20:30:32 <moneromooo> Well, it's well known govt databases were instrumental in rounding up jews in northern europe.
20:30:44 <moneromooo> And these people are not waking the fuck up,
20:30:59 <needmoney90> are we back to nazis again
20:31:06 <needmoney90> I thought I closed that
20:31:08 <moneromooo> In the US, close.
20:31:18 <moneromooo> fuck I'm feeling angry again
20:31:24 <needmoney90> :c
20:32:55 <sarang> Oof, off topic
20:33:17 <needmoney90> ban
20:33:27 <needmoney90> :P
20:54:50 <midipoet> sarang and CT are having a chat?
20:55:00 <midipoet> that's good
20:55:02 <sarang> Along with sgp_ yes, an interview
20:55:07 <sarang> starts shortly, not live
20:55:26 <midipoet> have fun!
20:55:30 <midipoet> Be nice
20:56:56 <needmoney90> can the CEO of monero be involved too
20:57:12 <needmoney90> sorry
20:57:20 <needmoney90> OT again, keep missing the channel name
20:57:31 * needmoney90 slinks away
20:57:55 <needmoney90> Looking forward to the video
21:03:20 <midipoet> just remember the importance of fungibility when there is no central body to decree such
22:41:44 <sarang> Interview completed!
22:41:53 <sarang> sgp_ says the video will be posted in a couple of hours
23:01:16 <sarang> Interesting result: CiperTrace does perform their own transactions as part of analysis