Please login or register.

Creating a bounty for people to break XMR cryptography

I think Monero would benefit from setting aside some sort of bounty (1000XMR or whatever) for anybody who can break the cryptography and deanonymize a transaction or address. The typical protests against a creation of this bounty are typically that (1) people testing for vulnerabilities can make a lot more money shorting XMR and then publishing the bounties publicly, or (2) a bounty might incentivize one of our developers to actually plant some sort of weakness into the cryptography themselves so that they can claim the bounty later.

Despite these protests, I think a bounty is a good idea. We will never have a bounty larger than an adversary can make by shorting the market, but we can incentivize our own community to do testing on their own.

Example: "John" is a huge fan of Monero who also enjoys cryptography (a Luigi1111 type). While visiting the GetMonero forums, he comes across the bounty for breaking Monero's cryptography. John sees the logic in wanting to test for vulnerabilities, so he takes a cursory glance at the code. One thing leads to another, and suddenly John realizes he has broken Monero's math. He privately reports the vulnerability to Monero Research Labs and gets the bounty. MRL patches the math issue, and our cryptocurrency remains unaffected overall.

Edit: Just realized this is a duplicate idea https://forum.getmonero.org/6/ideas/6219/create-bounty-for-disproving-ringct-finding-bugs-etc-in-monero-s-code That said, I still think it should get done.

Replies: 0