Please login or register.

correct use of monero

Hi all,

In the Monero Research Lab paper MRL-0004 it says:

The easiest way to obfuscate ownership of the funds from eavesdropping by Eve
during a combinatorial attack would be for Bob to simply send outputs owned by
himself to himself separately every few random periods of time. This skews the
blockchain analysis performed by Eve in Section 3.3 and, in fact, in Section 3.1. In
this section, we merely specify that no user resend all of her outputs to herself at
the same time. Furthermore, any receiver of funds, by contrast, should request that
the sender break the transaction up into pieces in a torrent and send the required
amount over a period of time . This way, if Eve is anticipating a certain transaction
amount within a certain window of time, she can not readily ascertain if some
combination of outputs from all transactions in a given block might correspond to
the exact amount which she expects the recipient to be sent.
By re-sending transactions to oneself iteratively over intervals of time with random
length, and by breaking all transactions (including a resend transaction) into
multiple smaller transactions, also sent over an interval of time, we dramatically
weaken the ability for an eavesdropper to glean information from the blockchain
based solely on block height. Notice that this recommendation is a wallet-level recommendation,
not a protocol-level recommendation.

this sounds good, but things that are not clear to me:

  • Do i send the funds from one account i own to a seperate account or should i use the same account?
  • if i use the same account, how can i be sure i've spent all outputs once?

an ELI5 style "best practice" would be really cool.

btw. i can feel the increased usabillity of the forum, good job, starts to get fun like this!

Replies: 3
smooth edited 9 years ago Weight: -316 | Link [ - ]

The writeup is a bit confusing because it refers to two separate cases, sending to yourself or sending to someone else. The idea is that in each case it is better to break up the transaction into pieces and send those pieces over a period of time. (If the volume of transactions on the network is very high, "a period of time" might be only a few minutes or even seconds.)

Ideally from a UI perspective this probably requires (esp. in the case of sending to someone else) some extra tagging to indicate that the pieces are part of one whole, and could then be shown as a single logical transaction in a wallet (and maybe during the process, display the number of pieces received so far out of an expected total). That's a bit out of scope of MRL-0004, which was focused on the privacy aspect and not UI.

hillbilly posted 9 years ago Weight: -317 | Link [ - ]

It'd be great to see a schematic of how transactions are broken down (into pieces, I think, but how and why exactly). Will begin a hunt.

hillbilly posted 9 years ago Weight: -321 | Link [ - ]

I agree, I find this confusing and would love some clarification on this topic if anyone's got a few minutes to dumb things down for some kind layfolk.