Decoy Selection Issue

I was interested to take a look at the privacy level of this project, so I’ve been reading the various documentation and source code to understand it.

One thing I noticed is that the decoy selection seems to be from a uniform distribution. This is a problem because the timestamp of the actual input is usually more recent than all of the randomly selected decoys. I’ve had a look at recent transactions in the explorer and for most the actual input was quite obvious.

Monero had this issue a few years ago and they updated their decoy selection algorithm to select 50% of decoys from the past 1.8 days. See point 8 here: https://www.getmonero.org/2018/03/29/response-to-an-empirical-analysis-of-traceability.html

I hope someone is able to take a look at this issue.

Welcome here to incongito forum. I’m not sure to tag to see this but I think someone will see it in the next 24 hours

Thanks a lot for your pointing this out. Our cryptographer will look into and get back here very soon.

This very critical issue does not seem to draw much attention from the core team.

The comment above you is a member of the core team

Hi @1393nd, thanks for your notice!

You are right, in the current version, the decoys are randomly selected. In privacy 2, we will consider the new way to fix this issue. The solution did not finalize yet due to some statements recently about tracing ability on Monero from CipherTrace:

• https://ciphertrace.com/ciphertrace-announces-worlds-first-monero-tracing-capabilities/
• https://ciphertrace.com/ciphertrace-files-two-monero-cryptocurrency-tracing-patents/

We will update the community when we have the finalized solution.

@hieutran so you are ok with sacrifying user’s privacy until the Privacy V2 goes live? For the last 1 year, there is no privacy (except for shielding transaction amounts) on Incognito? And thus, most of transactions could be traced.

@aaron I know that Duc is from the core team, but he didnot jump in to resolve or explain the situation.

I’m not a cryptographer, that’s why I said that I would have somebody who has better knowledge than I do answer the concern.
Your blame here (plus another one you posted in the forum) isn’t totally constructive, but it’s noted. We recently announced that we will be focusing on privacy and decentralization, and they take the highest priority.
If you’re concerned about the current privacy level of Incognito, feel free to check back in a few months to see how it’s improved.

I assume this will be a blockchain codebase change, and will take a fork to accomplish?

If so, you do not them to rush this @AloneWalker. Also delaying till a major release will minimize the amount of forks, and thats a great thing. Less forks is less risk for the network and also less work for node holders.

Hi @AloneWalker,

It is not totally leaking user privacy. If you want to trace Incognito transactions, you must monitor the coin indexes. Then, you only can guess with high probability that the newest coin is the real coin from the decoys. However, noted that this is a probability to guess.

In my opinion, the improved decoy-selection algorithm adopted by Monero has insignificant impact to the untraceability. Although an attacker can guess the actual input among the decoys with overwhelming probability, he can NEVER prove to anyone other than himself that his guess is correct. Therefore, he can NEVER convince anyone other than himself that Monero’s transactions, in which the decoys are uniformly chosen using the obsolete decoy-selection algorithm, are traceable.

Agree with you that less fork will be better but the chain’s focus is about privacy. There’s a tradeoff between them, depending on your favor.

We aim to minimize the probabilistic differences between decoys, don’t we?

Surely I cannot prove to anyone since it’s all about probability. But there are many decisions we make based on probability.

Sorry you felt that way.