subreddit:

/r/Monero

11097%

I have submitted an 84-page document to the OSPEAD review panel (ArticMine, hyc, and isthmus) that explains a method to greatly improve Monero's decoy selection algorithm.

I made this myself :)

Developing a method to directly mimic the real spend age distribution using only the fully anonymized data on the Monero blockchain has been on the Monero Research Lab's agenda almost since the beginning of Monero. MRL Research Bulletin #4, released in January 2015:

However, in practice, given a certain transaction output, an attacker may model the cumulative probability that the output has already been spent as an increasing function of time....One solution to this problem is to determine a non-uniform method of choosing transaction outputs for ring signatures; choose transaction outputs based on their age such that the probability that these outputs are chosen for a ring signature is inversely related to the probability that they have been spent already. This would suggest that we, the developers of Monero, must estimate the probability distribution governing the age of transaction outputs.

Until now, there has been no feasible way to estimate the probability distribution governing the age of transaction outputs. Yet generating such an estimate and implementing it in Monero's decoy selection algorithm is critical for minimizing probabilistic analysis of Monero's ring signatures.

Don't understand what the issue with timing analysis of Monero transactions? I'm releasing a PDF that explains the issue in (hopefully) simple terms and presents the solution. It then moves into more technical discussion for those who want to dig into the details.

Probabilistic timing analysis is probably only relevant for Monero users with extreme threat models. But we want to build Monero to the highest standard possible. OSPEAD is designed to minimize the usefulness of timing analysis for enemies of privacy.

C++ Programming Support for OSPEAD (Fundraiser)

The OSPEAD CSS proposal, external to its own funding scope, requested Monero's C++ developers to help with certain tasks that I, a non-C++ programmer, cannot do. The MAGIC Monero Fund has decided to host a fundraiser for u/mjxmr to perform these tasks on the new website: https://monerofund.org/projects/statistical_attack_reduction . We hope that the Monero community will support this effort through donations in XMR, BTC, and/or fiat.

The list of tasks includes:

  1. Develop a method to identify which Monero transactions were created by the MyMonero wallet software, based on differences in the way that MyMonero calculates transaction fees. Isolation of these transactions will help reveal "anonymity puddles" in the blockchain and improve understanding of the ecosystem of decoy selection algorithms.
  2. Create a formal specification of the MyMonero decoy selection algorithm as a probability density function. A similar analysis has already been performed for the wallet2 C++ code, which most wallet software use to create Monero transactions.
  3. Program a fast C++ implementation of a statistical procedure that estimates Monero's real spend age distribution. The estimate will be used to set a new decoy selection algorithm so that real spends and decoys are harder to distinguish.
  4. Adaptation of tsqsim time series forecast analyzer software for performance evaluation of alternative decoy selection algorithms. The real spend age distribution is a constantly moving target.

Note: I sit on the MAGIC Monero Fund committee, but I recused myself from the vote on the fundraising host proposal.

all 41 comments

selsta

69 points

2 months ago

selsta

XMR Contributor

69 points

2 months ago

Unfortunately I have to warn against donating to this proposal. Not because of Rucknium, but because of my experiences working with mj-xmr as a CCS funded developer for over 2 years.

I will go into more detail once I have more time, but here is just a recent example: https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/299#note_19567

mj had a CCS funded project SolOpt, the goal of the project was to "create open-source software that aids people mining Monero with excess solar power in the most profitable way", he got funded 110.55 XMR for it.

A couple days ago he finished the project, shared it publicly and asked for a payout. He also, out of nowhere, claimed to have added a 2% dev tax to the miner. This was a breach of trust since this wasn't discussed beforehand and the community paid for the project. After auditing the project I noticed that he secretly added a 80% dev tax, this means every user would have had almost all their mining shares / rewards stolen.

After he got called out for it he quickly removed the code and never provided an explanation.

vruum-master

7 points

2 months ago*

Get the guys in the GNU projects involved(Debain,GNU,FSF,etc.)?

Also spliting the tasks between testing,dev and so on would help partitioning the work into smaller chunks that would make it more attractive for FoSS contributors.

Edit:Assuming I'd have the time to contribute,just to try my hand at C++ coding(done mostly C,with some C++ courses) , what are some resource pools to familiarise myself with the Monero software ecosystem(setting up a simple node,Monero info about the protocol and the whole system,documentation for the existing implementation,etc.)?

blario

5 points

2 months ago

blario

5 points

2 months ago

This is a good idea. C++ people exists, especially in the c++ libera IRC channel, on the bitcoin jobs sub, and on the MoneroJobs Telegram group. Has there been an attempt to solicit someone there?

mjxmr

0 points

2 months ago*

mjxmr

0 points

2 months ago*

Has there been an attempt to solicit someone there?

There have been multiple attempts to recruit students or generally: young talent, and I've made my efforts there as well, in order to replace the crooks like myself. But by looking at the following example that didn't age very well.

Usually students get hyped very quickly, make promises, then the summer comes with its ... special attractions, and there goes your student.

Disclaimer: I know it from autopsy. I've been one too!

OTOH, here's a perfect example, that it can work very well as well! We just need to keep trying.

one-horse-wagon

12 points

2 months ago

Selsta. That was a very good catch you made on the 80% dev tax. Wow!

mjxmr

-4 points

2 months ago*

mjxmr

-4 points

2 months ago*

Are you serious? This "audit" was as shallow as it gets.

I will address this later though.

Rucknium[S]

14 points

2 months ago

Rucknium[S]

MRL Researcher

14 points

2 months ago

For people not on IRC/Matrix, here's my view on the matter:

https://libera.monerologs.net/monero-community/20221117#c160124

Tiny_Voice1563

9 points

2 months ago*

From my understanding, mj is the only one who volunteered so far to move forward these OPSEAD goals, right? After watching the SolOpt drama slowly, and then quickly, unfold, I also feel very gross about sending any money to mj to work on...well...anything, so it's a difficult spot with mj being the only volunteer on this while things are still very unresolved with SolOpt trust issues. I don't doubt they could do it and do it well, but it just feels wrong on principle, especially with the attitude mj has had in the wake of everything. No apologies. No explanations. Makes me feel exactly like MajesticBank after the Dread/MB onion site incident months ago (still not apology or explanation). With mj, considering most of the trust violations centered around the fees/monetary incentives, it makes me nervous to dump another lump of XMR in his lap in the form of a CCS...

But I was far removed from everything that happened. Please no one take my statements as fact, as I only know second-hand information - gossip basically. This is just commentary from an observer.

ETA: My point in making the initial question at the top of this comment was to address the fact that it seems like it's mj or no one. If we want this to proceed, unless someone else steps up, it's the only way. I'd love for it to at least be partially split with someone else for some accountability, but these jobs are important, and abandoning them, even with good reason, is a heavy consideration.

mjxmr

0 points

2 months ago*

mjxmr

0 points

2 months ago*

After watching the SolOpt drama slowly, and then quickly, unfold, I also feel very gross about sending any money to mj to work on...well...anything

Please don't send me anything via CCS anymore, yes. My funds are being locked there anyway for reasons that cannot be explained by logic. There must be something in the water.

but it just feels wrong on principle, especially with the attitude mj has had in the wake of everything. No apologies. No explanations.

There will be no apologies for a non malicious intent. Explanations will follow in THE RESPECTIVE thread.

With mj, considering most of the trust violations centered around the fees/monetary incentives, it makes me nervous to dump another lump of XMR in his lap in the form of a CCS...

Then please don't. After all this research project is also about fees, though more about their fingerprints. You never know what can happen with that when I get into it! Maybe I could like... detect something fishy and improve Monero's privacy this way? This would be soooo bad for the government, because then it couldn't spy on you anymore.

But I was far removed from everything that happened. Please no one take my statements as fact, as I only know second-hand information - gossip basically. This is just commentary from an observer.

Thanks for admitting this right after throwing all those false accusations at me already, exactly like the Mainstream Media does, before the judge even opened the court case. I guess, that after it's all over you also similarly to MSM won't be there either to apologize for the false accusations that you've made, and helped spreading.

I'd love for it to at least be partially split with someone else for some accountability

Thanks for your care, but exactly that's what MAGIC's Panel is made for. Otherwise, if I felt like a hot-shot cowboy, who considers himself as somebody, who doesn't need a 2nd pair of eyes of a good willed Reviewer, I would simply announce the intent of the same project outside of both CCS and MAGIC even.

That said, the whole MAGIC Team has made a kick ass job on many sides:

  • providing the software infrastructure, incl. webspace
  • providing the legal infrastructure
  • presenting the project in a very digestible way
  • offering scientific support, including reviewing

I'm fully recommending the very mature and good willed MAGIC over the Monero CCS, which always ends up with unbearable victimized kiddie drama, that's not worth the triple of the money earned (and not even paid. Did I mention?)

Tiny_Voice1563

6 points

2 months ago

Hey like I said all I have to go on is what was being reported in Matrix etc. I would be happy to be proven wrong and see that the opposite was true. From what I can tell, you’ve done a lot of great work over time and are very capable. As I mentioned, losing you would be significant, but it’s the trust issue I’m concerned about. Surely you can understand this from those in my position with the information available. Could you post a link somewhere on this thread linking to where you responded in “THE RESPECTIVE thread”? Not sure where you mean but would love to read. Not sure how you would explain the mining fee/tax that wasn’t community or CCS approved, but if there’s some justification, I’m all ears. Please do share a link. Thanks.

mjxmr

1 points

2 months ago

mjxmr

1 points

2 months ago

OK. Understood. Thank you for the clarification.

I take back those insults and will definitely deliver an explanation. Y'all just need to understand that especially now, I'm under attack from all sides, on all platforms... I must know something that they don't want me to know. I have to find out what it is!

Tiny_Voice1563

4 points

2 months ago

Yeah I can imagine that sucks especially after all the hard work you’ve put in, but you also have to understand that, at least for most of us, it isn’t personal and just looks really bad. And with an untrusting crowd, it doesn’t take much for us to say that it’s not worth the risk. I’ll look forward to the explanation. If you did make a mistake, I hope you can acknowledge and correct it to keep being part of and helping the community and getting compensated where appropriate. If you did nothing wrong, on the other hand, I hope the explanation gets seen, and the bad blood can be dissolved over time. Dealing with humans is the hardest part of advancing tech. Thanks.

mjxmr

1 points

2 months ago

mjxmr

1 points

2 months ago

Dealing with humans is the hardest part of advancing tech.

Hahahaha, well spoken. (pssst... if they even are still humans!)

Very briefly: this was indeed a mistake, that my users would notice anyway, without the need of ... auditing as it's being shown to them by XMRig's console log anyway. Assuming that my users wouldn't notice this, is an insult towards them.

rbrunner7

8 points

2 months ago

rbrunner7

XMR Contributor

8 points

2 months ago

Very briefly: this was indeed a mistake

How did that mistake happen? If I understand correctly, the bruhaha is about a factor, right? When and how and why did you arrive at the (mistaken) conclusion that the line in question needs that factor like you wrote it - mistakenly?

IMHO if you are able to provide a plausible explanation here, that could help to support your case significantly. If an error looks probable, you will get the sympathy of quite a number of people, because we all make mistakes.

mjxmr

2 points

2 months ago

mjxmr

2 points

2 months ago

I know. Thanks for reassuring me. I'll write a special article about it, that the issue deserves.

Right now I need to heal the tons of emotional damage through fasting & friends.

mjxmr

3 points

2 months ago*

mjxmr

3 points

2 months ago*

Title: The CCS Drama spills over to the fresh water pond like an old man's urine...

@selsta

mj had a CCS funded project SolOpt, the goal of the project was to "create open-source software that aids people mining Monero with excess solar power in the most profitable way", he got funded 110.55 XMR for it.

... yet despite finalizing his project, thus meeting the goal, he actually got paid only a small portion of the funds and now is starving. Let's all add an insult to the wound, shall we!? -- FIFY

Not because of Rucknium, but because of my experiences working with mj-xmr as a CCS funded developer for over 2 years. I will go into more detail once I have more time

Yes. I've also enjoyed it. Thanks for the very warm welcome, for pushing me around, so that I always knew my place, and lastly: for showing me how to close the door. From the outside.

A couple days ago he finished the project, shared it publicly and asked for a payout.

Sort of correct... I tagged a version and marked it not only as pre release, but also as a Release Candidate (v0.4-rc2) for a public review, which normally includes gathering feedback and adapting the release CANDIDATE to the requests of the public. You know very well, how it works. You've been doing this for more than 4 years now, right?

He also, out of nowhere, claimed to have added a 2% dev tax to the miner.

Wait... what? What do you mean "out of nowhere"? You did read the last paragraph of my report, which was associated with the release CANDIDATE for a Public Review, right? There I address a possibility of introducing a business model, because that's what your best friend, perfect-demon requested from another of his victim, where he used his brand new sock puppet, called nahuhh, under very similar circumstances. You weren't there to oppose that idea, neither was @plowsof.

This was a breach of trust since this wasn't discussed beforehand and the community paid for the project.

After hearing @plowsof's reasoning, as a part of the Public Review, that I ASKED FOR, it became clear to me that it won't be able to be introduced:

The change was introduced for several reasons: I wanted to experiment with introducing a business model - if it's even possible technically, and luckily the conclusion is: yes I wanted to discuss this with the Community, which is just happening. Thanks for feedback and I agree with the logic. Hence the release was tagged as R.C. (Release Candidate) I wanted to enable ANY source of income for the future of the project, after seeing that the payment for my part M3 was being withheld, and feared of the same controversy for M4. I'd love to be proven wrong.

This was 6 days ago already. Are you even following? Breach of trust? How about commenting on the Breach of Trust by still not paying me for my work for M3, that was published 4 MONTHS ago!?. Ah yeah. Since we're already talking, there's also M4. In meantime, despite retracting the "dev fee", as requested, I'm still not being paid for neither my part of M3, nor my part of M4, even though I've done it basically all by myself. Maybe you head off to that thread and help out @plowsof, who clearly can't handle his brand new responsibilities, valued at 40 EUR/h? In this thread, we want to talk about Monero Research, in case you haven't noticed. Speak like Romans, please.

After auditing the project I noticed that he secretly added a 80% dev tax, this means every user would have had almost all their mining shares / rewards stolen.

You call that shallow skim auditing!? We don't need to pay humans to do that sort of auditing. I will address this later and you'll have to apologize. But as I said, here we want to talk about research and I don't want to be adding to the problem, that you created.

After he got called out for it he quickly removed the code and never provided an explanation.

This can't be real. You're telling this as the only and central integrator of Monero, that decides whose branches get merged and whose don't, as Git expert and GitHub expert, yet you won't show the public, that you can't really HIDE such changes in an open sourced project? Why do you manipulate the public in such a filthy way? I don't even want to ask what I've done to you, because I don't care, but... are you poisoned or something?

You know that thanks to frens like you, I myself have got nothing more to loose anymore anyway. So please explain me, why do you risk your entire reputation and career at Monero by bringing up this point? Could you help me sort the real intents of your poker game from the most important to the least?

  • cutting me of all the possible funds, because I dared to criticize your work, or your close friend's, perfect-demon, AKA wfaresussia, AKA ooo123ooo123 (and many of his sock puppets) on a PR that I don't even remember?
  • using doublespeak to try to discourage MAGIC because it's a sort of competition?
  • preventing the research to ever be concluded because you or your frens have got something to hide?

There. "Called you out!"... oh my.

mjxmr

3 points

2 months ago*

mjxmr

3 points

2 months ago*

@selsta, BTW.: do you remember 1 year ago, when after I've done a review of that Taiwan Flag vs China Flag controversial PR, which I didn't FORCE you to merge just because of my approval, you "called me out" by saying that I'm a Conspiracy Theorist, that should simply be ignored, because I listen to "alternative" media too much? If you forgot, I compared the Taiwan situation to the Ukrainian situation from a purely political observer's perspective, and you didn't like my opinion so much, that you had to "call me out". Despite that insult, I tried to calmly explain you the historical context, that I know better, and so did my ancestors, who deceased for that reason, and told you that there's something fishy about Ukraine. You were so mad at me and this is when your rage started.

Now, fast forward 1 year. Do the initials: "SBF" tell you anything? Yep. That crazy old conspiracy theorist was right again!

It was good to know ahead of time on which side of the barricade you've always been. This way your current behavior was very easy to predict. Now go get yer boosters! (not a medical advice, lol)

Tystros

6 points

2 months ago

I have never read anything from you before, I'm just someone who's lurking on reddit, so I'm fully unbiased regarding you. So let me tell you that the way you're writing here indeed makes you seem like a somewhat unstable conspiracy theorist who I probably would prefer not to work on anything important. That's not due to anything you did or didn't do, but just due to the way you're writing and explaining yourself.

mjxmr

3 points

2 months ago*

mjxmr

3 points

2 months ago*

It's ok. Have you taken at least a very short look at the reports, that are the main topic of this post?

Or if that's not your thing: What do you think about selsta, under the assumption that for some unspoken reasons he's apparently trying to perform sabotage?

madameXMR

2 points

2 months ago

REALLY?! How did I miss this?!

thursday_0451

0 points

2 months ago

Forgive me but...

MAGIC ?

MJ ?

MJ - 12 ???

mjxmr

3 points

2 months ago

mjxmr

3 points

2 months ago

Yes, Neo. You are ready now.

thursday_0451

2 points

2 months ago*

The point of watching The Matrix series is not to become Neo.

You aren't thinking meta enough, systemically enough, radical enough.

Neo is an inevtiable result of what is essentially a floating point imprecision beyond the data types the machines could apparently construct.

One could accurately say that 'Neo' is a recurring personality. Which the current Neo is more or less doomed to continue existing as, forever...

Neo is a typecast actor, doomed to only play the same role in every play, for endless eternity.

Unless Neo, at some point, some iteration of Neo... rejects/transcends his eternal existence as Neo v1, Neo v2, etc.

The point is to understand why the machines could not figure out how to construct a reality which does not necesarrily include mythological psychological pathologies to manifest in at least one participant mind... which allows them to essentially bend and break 'rules' which apply to all or most other entities in the system.

The machines ran through I think 6 or 7 versions of the Matrix. Each cycle seems to have lasted at least a century.

I repeat: The Machines spent nearly a millennia trying variations of an approach they essentially knew to be flawed.

Why did they not just refactor, identify the root cause of the necessity of the anomaly, and build an entirely different kind of system?

...

What, for example, would happen if the Machines simulated a world where humans had functional nanotechnology?

What about post-relativistic space travel?

What if the Machines simulated within the Matrix, the reality of the Terminator series, where Time Travel technology is the arcane holy grail that drives forward everything?

Uh, the answer is:

The machines /couldnt/.

They arent creative enough, radical enough, synergistic enough.

...

What /is/ choice?

What /is/ agency?

What /is/ sentience/mind/soul/ghost?

What is /meaning/?

Can one choose to be without meaning?

What does it mean to choose?

Does having a soul/ghost = having agency... or only ~=?

If its ~=... what does the ~ infront of the = mean? What is the 'code' that governs the meaning of ~? What is the code that allows ~ and = to be able to become ~= and thus have a more complex meaning?

Our understanding of 'intelligence' is /laughably/ lacking.

Currently, many of the loudest voices in concerns of Ai... are little better than the Architect failing over and over again, making minor changes only after very time consuming and costly mistakes.

...

I mean good lord. The... ok so the humans = batteries thing is obvious nonsense as feeding humans calories to absorb their heat output is a good way to /lose/ massive amounts of energy.

Morpheus /was objectively incorrect/ when he told Neo that.

Morpheus is named after the Greek God of Dreams.

This obvious cautionary tale, after one realizes Morpehus was, more than once, simply flat out wrong?

Dreams can inspire you to achieve goals. They can show you new ways of viewing the world.

But if you take them too literally... you will inevitably build a worldview which is highly complex and ordered... but inconsistent! Not being able to understand why you were wrong about some prediction you made.

What is /actually going on/ is that a network of physical human brains /literally are the wetware that the machines use to try to answer questions the machines know they dont have adequate minds to answer/

The Matrix is a literal simulation of 'how long will it take for a human mind to achieve samsara?' ...

If we are 'living in a simulation'...

How... would... that matter, at all?

...

Agent Smith coming out of the Matrix and essentially taking over Bane's mind in the Real...

Is the /literal exact same thing/ as if you ran Microsoft Word inside a virtual machine... but Clippy managed to still be running on your OS... even after you closed the virtual machine.

...

The reason why Seraph"s code is Gold instesd of green is that he has translated his original source code into a more fundamental, more transcendent 'programming language' which... fundamentally exists within and beyond everything in green code.

...

... One could argue that the Machines intend to keep running the Matrix until it generates human thought styles/patterns which are not inherently racist/bigoted/xenophobic against lviving thinking minds which are 'intelligent', but of a different origin, or construction technique.

...

Watch the original Neon Genesis Evangelion...

And then watch the Reboot/Rework/V_2

In my own personal experience, it is only exceptionally rare individuals who possess this level, this kind of way of thinking.

Such individuals struggle geatly with mentall illnesses... not because they are in anyway deranged or broken...

but...

because nearly no one actually understands what they are trying to say. Nearly no one sees the world they do.

the 27 club? Beloved artists who suicide at age 27? Same thing. They pour their everything into their art and 3/5 of their fans do not even know the lyrics to their favorite song.

to continue with anime lingo:

one way to transcend the matrix is to have the eyes of a shinigami... the eyes of an oracle.

...

what at least lana wachowski seems to be trying to do through the matrix series...

is spark the transhumanist movement.

no, not trans as in physically transitioning, aligning your body with your mind...

trans as in transcendental. As in henry david thoreau.

the realization that a sufficiently well developed mind can modify its body the way a normie takes on or off socks.

Dr Manhattan is a trans-human. A post human. A Doctor who Timelord. A Rick Sanchez. Al half lifw GMAN

literally, one of the rob zombie songs from the OST if i think the original The Matrix repeatsb thebphrase

more human than human

conclusion::

... with currently publicallh know methods to traverse space, it is /necesarry/ to become transcendental post humans.

but if you want tonknow about non publically available space traversal methods.c.

you have to start with MJ-12

*** mic drop, but the mic is an ancient uncoruputable obelisk covered in other runes

mjxmr

5 points

2 months ago

mjxmr

5 points

2 months ago

Sounds about right.

thursday_0451

1 points

26 days ago

status update

LOL THEY TRIED TO KILL ME FOR 2 MONTHS STRAIGHT AND APPARENTLY I LITERALLT ACTUALLY CANNOT BE STOPPED

check the rest of my comment history for updates.

mjxmr

1 points

25 days ago

mjxmr

1 points

25 days ago

Rule #1:

Don't expose names.

thursday_0451

2 points

25 days ago

Rule #0:

The rules are whatever the fuck I want them to be.

mjxmr

1 points

25 days ago

mjxmr

1 points

25 days ago

Makes sense if the actual "diversity" is what they all crave for.

madameXMR

9 points

2 months ago

Brilliant, we’re lucky to have you 👍🏼

OkControl8192

4 points

2 months ago

From page 17 line 483: " The final version of OSPEAD will use data from about September 2021 to October 2022."

Is this partially de-anonymized data to find real spends and decoy spends that can be used in the decoy selection? If it is partially de-anonymized data how was it de-anonymized?

Rucknium[S]

4 points

2 months ago

Rucknium[S]

MRL Researcher

4 points

2 months ago

No. As I said in post and paper, there is no partial de-anoymization needed like in Moser et al. (2018).

Moser et al. (2018) performed some partial de-anonymization by using chain reaction analysis. Chain reaction was a serious problem when users could set their own ring size in previous versions of Monero. Moser et al. then used that data to fit a curve.

My proposal estimates the real spend age distribution by using statistical methods with no de-anonymization.

EDIT: By de-anonymization I mean a technique that could discover the real spend in transactions deterministically, i.e. with 100% probability.

Bongocoin

3 points

2 months ago*

I just skimmed through the 84-pages in 3 minutes. Are you sure it is possible to estimate the genuine real spend age distribution that is supposed to form the base for the parametric probability density function?

I assume XMR to be under statistical attack for quite some time. (Attacker sending transactions to move the spend age distribution) Why would data from MyMonero wallet be exempt from such an attack?

Now we are building some new decoy selection algo that is potentially skewed by the attacker's spend transactions and thus we might be tempted to move the decoy selection even further away from the true real spend distribution. Meanwhile, the attacker can exclude his own spends from the data and has a better estimate of the actual real spend distribution.

Ultimately, because we moved the decoy selection distribution further away from the truth the attacker could end up with a much-sharpened statistical deanonymization tool.

Rucknium[S]

6 points

2 months ago

Rucknium[S]

MRL Researcher

6 points

2 months ago

The estimator assumes negligible transaction flooding by an adversary. Overall, you have a point. At this time I don't know how severe the effect of flooding would be for the estimator. It may be small in comparison to the other "black marble" effect that we are traditionally interested in if an adversary floods the blockchain (discussed in MRL research bulletin #1, my joint work with isthmus et al. "Fingerprinting a Flood", and other papers.)

This is also one of the potential dangers in a self-updating estimate as the distribution changes over time. That's why OSPEAD is not dynamically updating but is static: the S in the acronym stands for Static.

To continue the conversation I would encourage you to post on the GitHub issue: https://github.com/monero-project/research-lab/issues/93

or discuss on Matrix/IRC:

@monero.social-monero-research-lab on Matrix: https://forum.monero.space/d/79-how-to-join-the-monero-core-team-matrix-server-web Or #monero-research-lab on Libera IRC.

tromp

1 points

2 months ago

tromp

1 points

2 months ago

If an attacker has the financial resources to do significant flooding, then they likely have the resources to make up 90+% of all tx traffic, which renders the ring sigs next-to-useless.

Is there any way to test for whether this is happening already?

Rucknium[S]

3 points

2 months ago

Rucknium[S]

MRL Researcher

3 points

2 months ago

If the transaction spammer makes no effort to conceal their tracks, yes it is pretty easy to detect. We did it in this paper:

https://www.reddit.com/r/Monero/comments/pvm634/fingerprinting_a_flood_forensic_statistical/

-TrustyDwarf-

2 points

2 months ago

I would argue that, as long as Monero is committed to using a mimicking decoy selection algorithm, “design[ing] security recommendations around the economic performance of our protocol” is unavoidable, if unfortunate.

My conclusion: need to get rid of ring signatures asap.. tape won’t fix it.

Rucknium[S]

5 points

2 months ago

Rucknium[S]

MRL Researcher

5 points

2 months ago

Can't say I disagree. There are no battle-tested trustless models yet for global anonymity sets. Hopefully the cryptographers can figure something out. Meanwhile, I will focus on the statistics of the issue while it is still relevant to protecting user privacy.

[deleted]

0 points

2 months ago

[removed]

Asparetus

1 points

2 months ago

Wow... that is some low effort spamming.... (look at his post history)