{"id":46769,"date":"2021-07-27T16:42:44","date_gmt":"2021-07-27T13:42:44","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=46769"},"modified":"2025-09-01T18:04:49","modified_gmt":"2025-09-01T15:04:49","slug":"monero-developers-uncover-flaw-in-privacy-preserving-algorithm","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/monero-developers-uncover-flaw-in-privacy-preserving-algorithm\/","title":{"rendered":"Monero developers uncover flaw in privacy-preserving algorithm"},"content":{"rendered":"<p>The Monero team, the privacy-focused cryptocurrency project, uncovered a bug in the decoy selection algorithm that could affect the privacy of users&#8217; transactions. One of the first to notice it was developer Justin Berman.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">A rather significant bug has been spotted in Monero\u2019s decoy selection algorithm that may impact your transaction\u2019s privacy. Please read this whole thread carefully. Thanks <a href=\"https:\/\/twitter.com\/justinberman95?ref_src=twsrc%5Etfw\">@justinberman95<\/a> for investigating this bug. <\/p>\n<p>1\/6<\/p>\n<p>\u2014 Monero || #xmr (@monero) <a href=\"https:\/\/twitter.com\/monero\/status\/1419852036913475587?ref_src=twsrc%5Etfw\">July 27, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Monero blockchain uses <a href=\"https:\/\/ru.wikipedia.org\/wiki\/%D0%9A%D0%BE%D0%BB%D1%8C%D1%86%D0%B5%D0%B2%D0%B0%D1%8F_%D0%BF%D0%BE%D0%B4%D0%BF%D0%B8%D1%81%D1%8C\">ring signatures<\/a>, which include mixins in the form of inputs and outputs from other people\u2019s prior transactions. They help obscure traces and conceal the true operation.<\/p>\n<p>According to Berman, if a user spends the funds they received within the first two blocks allowed by consensus (<a href=\"https:\/\/support.exodus.com\/article\/1478-monero-faqs-learn-more-about-xmr\">10 blocks<\/a> after receipt or ~20 minutes), there is a high likelihood that the true transaction could be identified among the mixins.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cToday, if a user spends an output directly in the block that they unlock, and that output was originally included in a block with fewer than 100 outputs, [in the ring signature] its true output will be clearly identifiable. For comparison, the average is about 63 outputs,\u201d writes Berman.<\/p>\n<\/blockquote>\n<p>The project team noted that the bug does not reveal addresses or transfer amounts and does not put users\u2019 funds at risk. Developers stressed that they have not yet fixed the issue\u2014the bug is present in the official wallet code.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Users can substantially mitigate the risk to their privacy by waiting 1 hour or longer before spending their newly-received Monero, until a fix can be added in a future wallet software update. A full network upgrade (hard fork) is not required to address this bug. <\/p>\n<p>4\/6<\/p>\n<p>\u2014 Monero || #xmr (@monero) <a href=\"https:\/\/twitter.com\/monero\/status\/1419852325380837380?ref_src=twsrc%5Etfw\">July 27, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cUsers can substantially mitigate the privacy risk by waiting at least an hour before spending freshly received Monero. The bug will be fixed in a future wallet software update. A full network upgrade (hard fork) is not required,\u201d the statement says.<\/p>\n<\/blockquote>\n<p>Earlier users had already flagged the decoy selection issue. In March, a member of the private Incognito <a href=\"https:\/\/we.incognito.org\/t\/decoy-selection-issue\/10953\">noted<\/a> that the timestamp of the true input is usually \u201cnewer\u201d than that of randomly chosen mixins.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cI looked at the latest transactions in the explorer \u2014 for most of them the actual input was fairly obvious,\u201d he added.<\/p>\n<\/blockquote>\n<p>Earlier in May, the Ethereum Foundation <a href=\"https:\/\/u1f987.com\/en\/news\/ethereum-operated-for-two-years-with-a-dos-exploit-that-could-take-the-network-offline\">disclosed details of a vulnerability<\/a>, allowing a DoS attack on the blockchain of the second-largest cryptocurrency.<\/p>\n<p>Follow ForkLog news on <a href=\"https:\/\/twitter.com\/ForkLog\" target=\"_blank\" rel=\"nofollow noopener\">Twitter<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Monero team discovered a bug in the decoy selection algorithm that could affect the privacy of users&#8217; transactions. One of the first to notice it was developer Justin Berman.<\/p>\n","protected":false},"author":1,"featured_media":46770,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Monero bug in decoy selection may affect privacy.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,513,1256],"class_list":["post-46769","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-monero","tag-privacy-and-personal-data"],"aioseo_notices":[],"amp_enabled":true,"views":"26","promo_type":"1","layout_type":"1","short_excerpt":"Monero bug in decoy selection may affect privacy.","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/46769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=46769"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/46769\/revisions"}],"predecessor-version":[{"id":46771,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/46769\/revisions\/46771"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/46770"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=46769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=46769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=46769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}