-
Isthmus
Hey @Inge- yep, the example you mentioned is the main takeaway that is user-actionable.
-
Isthmus
Since (public spend key) = g^(private spend key) and Shor’s algorithm breaks the discrete log problem, a hypothetical quantum adversary could extract a wallet’s spend key from public addresses.
-
Isthmus
-
Isthmus
We should assume that massive OSINT surveillance is underway to collect any/all Monero addresses posted on Reddit/Twitter/etc. While mostly harmless now (excluding dusting attacks) thanks to stealth addresses, that database would be very useful in the future to anybody that can leverage Shor’s algorithm.
-
Isthmus
Since subaddresses all share the same private spend key, that means that users who include retroactive deanonymization by quantum computers should use a separate account/wallet if they’re going to post an address publicly.
-
Isthmus
Most of the other recommendations are protocol upgrades that would need to be implemented by developers rather than end users.
-
Isthmus
s/computers should/computers in their threat model should
-
monerobux
Isthmus meant to say: Since subaddresses all share the same private spend key, that means that users who include retroactive deanonymization by quantum computers in their threat model should use a separate account/wallet if they’re going to post an address publicly.
-
TheCharlatan
who is around today?
-
Isthmus
I'm still here
-
TheCharlatan
Hi Isthmus :P
-
TheCharlatan
If nobody else is joining, I'll just brief the happenings of last week (that I know of).
-
TheCharlatan
moneromooo has opened a bunch of pull requests to deal with the sybil peers currently attacking the network.
-
TheCharlatan
The main detection and deterent work is done through pr #6936. Some more review on all of these would definitely help.
-
Isthmus
"attacking" presumes intent. Could be spies. Could be research. Could be a monitoring tool.
-
Isthmus
(I feel obliged to point this out, because Insight has built some community-funded open-source tooling that monitors which tip organic nodes are on to alert if a global consensus fault occurs, such as a large portion of nodes that stall in syncing, or are on a different tip)
-
Isthmus
Not saying we shouldn't ban them, just noting in the interest of transparency that there are other use cases that result in this behavior, and I am occasionally behind them :- P
-
Isthmus
We actually had nodes like this up in Monero for a month to analyze propagation time, but that was last year
-
TheCharlatan
The basic functionality is that upon receiving a block the node checks if another peer it is connected to is also capable of relaying it.
-
sech1
Monitor/research nodes are fine as long as they are fully capable nodes
-
sech1
These spy nodes are not
-
sech1
Adding monitoring to the vanilla node is much easier than writing such spy node. They don't just drop transactions, they also try to poison peer lists.
-
kayront
they do?
-
Isthmus
In some cases, research nodes *cannot* relay blocks, since experimental results are completely invalid/useless if measurements perturb the system under observation
-
sech1
they only point to each other in peer lists
-
kayront
the plot thickens
-
Isthmus
haha
-
selsta
they also embed IPv4 inside IPv6 to get around /16 filtering
-
selsta
also host 7 nodes on one host
-
Isthmus
Can somebody privately send me a few IPs from this network? I have some ideas for passive countersurveillance that could elucidate their function
-
kayront
so, if this is a problem over clearnet (where at least ips can be compiled into a list and blocked), couldn't it become a big issue if they switch to tor/i2p ?
-
selsta
-
Isthmus
perf, thanks
-
kayront
if they're faking block height, 'tis not a stretch to imagine they might start faking peer ids, if they already don't
-
selsta
-
selsta
> The design is intended to maximize privacy of the source of a transaction by broadcasting it over an anonymity network, while relying on IPv4 for the remainder of messages to make surrounding node attacks (via sybil) more difficult.
-
Isthmus
7 nodes on one host, that's interesting...
-
kayront
but that's my point, doesn't it actually end up hurting our chances? if we can't filter by peer id (easily fakeable?) or ip (it's tor), what prevents this guy/group with 100+ servers from faking hundreds of peers ids over tor, and connect aggressively to other onion nodes they know are not part of their group?
-
kayront
either i'm missing something or the damage could actually be greater
-
Isthmus
Yea @kayront that's a good point. At least it's harder (not impossible!) on Tor to pull off attacks like sybil or ecllipse that require specific network topolog.
-
Isthmus
*topology
-
kayront
is it though? my node can find other .onions just fine it seems, by design of course
-
kayront
others can find mine too
-
Isthmus
Oh, maybe not. I'm not super tor-savvy
-
moneromooo
Depends what it's for. If for DoS, you can spin up a lot of nodes, yes. If for mapping txes to IPs, no.
-
kayront
it wouldn't be an issue until/if some greater-than X number of nodes is relaying through tor afaics. it's the same problem we have atm but seemingly accidentally and potentially (!) magnified
-
kayront
yeah moneromooo, i'm thinking DoS here
-
Isthmus
Oh yea DoS is just a numbers game, regardless of clearnet or tor
-
selsta
18:20 <Isthmus> 7 nodes on one host, that's interesting... <-- moo fixed it here
monero-project/monero #6939
-
kayront
yes Isthmus, i brought it up because it seems that there might actually be bigger risk of accidentally DoSing the network (way more txs being tarpitted by evil nodes than now) by trying to make it safer against IP linkage
-
kayront
by using tor (many operators making that choice)
-
kayront
tor, i2p, wtv
-
TheCharlatan
As a follow-up to last week's discussion on the unlock_time removal, I have opened this issue:
monero-project/research-lab #78 to gather more opinions/use-cases
-
TheCharlatan
does anybody else have something to share?
-
Isthmus
Just ran some batch whois on the AHP's and they are almost exclusively from Canada and France
-
Isthmus
With a few in UK
-
Isthmus
Of course that could just be their VPN endoints, need to go deeper
-
hyc
thought they were all on OVH networks
-
Isthmus
-
Isthmus
OVH SAS yea
-
TheCharlatan
seems to be it for today, have a good week :)
-
Isthmus
Oops I tabbed out
-
Isthmus
I do have one quick preliminary update
-
Isthmus
One of the Insight Fellows put together an MVP for analyzing empirical uniformity of fields on the Monero blockchain
-
Isthmus
For a given field X (e.g. fee) we look at EVERY value on the blockchain, and perform statistical tests
-
Isthmus
One of which searches for duplicates/collisions (that are more frequent than birthday expectations)
-
Isthmus
-
Isthmus
Some interesting results, running over data from n3ptune, are reuse of encrypted payment IDs, transaction public keys, and stealth addresses
-
Isthmus
-
Isthmus
*description
-
Isthmus
(that's all from me)
-
h4sh3d[m]
Isthmus: what does the "Pass all tests?" column means? It only has a sense when uniformity is expected that's why for line 2-3 it says "no"?!
-
h4sh3d[m]
...and it's expected in the note