Network confidentiality related parameters
Hi people. I was wondering if someone could help me debug my understanding of the parameters that make the de-anonymization harder on Particl. Here is my limited understanding of those parameters:
A. Higher % of the non-staking supply being held in anon balances is better.
Reasoning: This is not helpful on it own, right? We also need a large number of anon outputs. e.g. if say that all the non-staking supply was transferred to anon balances by 10 wallets that each did a single convert anon->public. Would that result into 10 anon outputs and consequently lead into a privacy disaster ?
B. Higher total number of anon outputs is better.
Reasoning: More anon outputs available to select for participation in a confidential ring groups the harder it is to de-anonymize txs, right? Here is not clear to me is if the size of the anon outputs matters. I mean what is better when transferring 100 Parts anon2anon, 100,000 anon outputs with 100 part each or 10,000,000 anon outputs with 1 Part each ?
C. Higher number of anon txs on the network is better.
Reasoning: For each anon2anon transaction there is single CT ring formed, comprised by your and other random anon outputs. The sender, receiver and amount are always obfuscated but one can see the participants of the group, right? So the more of these rings formed the higher your chances are that your anon outputs have participated in other peoples CT rings, thus making it much harder to track any potential targeted de-anonymization and tracking of specific outputs, correct ?
D. The anon2blind txs also harden the confidentiality of the network in similar way as anon2anon txs do.
Reasoning: anon2blind still creates a CT ring indistinguishable at this step from any other CT rings, right?
I would be forever grateful if someone could debug or maybe provide a more complete picture.
Pancake last edited by
Some very interesting questions and I certainly can’t give you a technical skilled answer on any of them. From my understanding I would guess that every anon2anon transaction helps to increase the number of outputs, which might be used as a later input for other Rings. Since the amount of each tx supposed to be hidden, it shouldn’t be a problem having maybe 5 other anon-tx with originally only 1 Part for hiding your transaction of maybe 1.000.000 Part.
I could imagine the number of anon-tx as crucial, since an attacker could spam the network with many, many anon outputs, and when forming a ring, then there’s the risk of having your transaction together with 5 transactions of this attackers outputs. So I would guess that in general the number of anon-tx is more important than the amount of Part hold on anon balances.
I don’t know whether blind-tx also creating CT rings. I thought only the amounts are hidden and the addresses are public In Monero tx from pre-RingCT also can not be used to form a ring with RingCT tx
Here are some links to videos on RingCT:
Would be really interesting for the community to know how to set up their balances and transactions to improve the overall network anonymity.
Pancake last edited by
Here’s an answer @kewde gave on July 10th 2020 in regards to this topic on discord:
PoS is made out to be contradictory because it motivates holding coins in the public circuit while the privacy benefits the most of having many potential RingCT outputs in the system. But the only correct statement you can make is that the system benefits from having lots of potential RingCT outputs available to mix with, but to take it further and say that “the system benefits from having lots of balances stored in RingCT outputs” isn’t the same. Once a RingCT output is created, it doesn’t get destroyed from a third party perspective and it remains a potential mixin, and that’s the only counter that matters. The aggregate sum of funds in the public circuit can be used to calculate the funds in the private system, you could argue that the changes in this amount allow you to track abnormally large transactions (given that they happen in a relatively small timespan so you can attribute them temporally to someone) and that’s a fair argument but can technically be solved by moving PoS to the blind circuit and removing the public circuit as a whole. That way no amounts get leaked and completely eliminates any amount correlation attacks.
The problem is not related to PoS, although it’s being made out to be like that, the issue is rather the existence of the public circuit. Moving funds from the anonymous circuit to the public circuit does reveal the amount and can be used in a correlation attack, against you and others. But most of that risk resides in how you pick the inputs, a simplistic input selection mechanism may reveal more information than desired but as soon as you start having multiple inputs (> 1), the problem becomes exponentially harder.
D : Almost, anon2anon still generates a new potential RingCT input that can be used, so it is slightly better for the security of the system overal