قاعدة المعرفة

مختبر البحث

Monero ملتزم بالبحث المستمر في خصوصية المال كما يتضمن العملات المشفرة. أدناه ستجد عملًا من باحثينا، مع المزيد من الأوراق قادمة.

تقدم الخصوصية في العملات المشفرة

مختبر بحث Monero (MRL) هو فريق مفتوح وتعاوني من الباحثين يعملون على التشفير المتقدم وتقنيات الخصوصية. يركز عملنا على تحسين بروتوكول Monero، تحليل التهديدات المحتملة، وتقدم حالة البحث في خصوصية المال.

MoneroResearch.info

نشرات MRL 10 IACR 3 أخرى 2

MRL-0010

Discrete Logarithm Equality Across Groups

This technical note describes an algorithm used to prove knowledge of the same discrete logarithm across different groups. The scheme expresses the common value as a scalar representation of bits, and uses a set of ring signatures to prove each bit is valid.

MRL-0009

Thring Signatures and their Applications to Spender-Ambiguous Digital Currencies

We present threshold ring multi-signatures (thring signatures) for collaborative computation of ring signatures, present a game of existential forgery, and discuss uses in digital currencies including spender-ambiguous cross-chain atomic swaps for confidential amounts.

MRL-0008

Dual Linkable Ring Signatures

This bulletin describes a modification to Monero's linkable ring signature scheme that permits dual-key outputs as ring members. Key images are tied to both output one-time public keys, preventing both keys from being spent separately.

MRL-0007

Sets of Spent Outputs

This technical note generalizes the concept of spent outputs using basic set theory. The definition captures a variety of earlier work on identifying such outputs. We quantify the effects of this analysis on the Monero blockchain.

MRL-0006

An Efficient Implementation of Monero Subaddresses

We document a new address scheme that allows a user to maintain a single master wallet address and generate an arbitrary number of unlinkable subaddresses. Each transaction needs to be scanned only once to determine if it is destined for any of the user's subaddresses.

MRL-0005

Ring Signature Confidential Transactions

This article introduces a method of hiding transaction amounts in Monero. A new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature, is described which allows for hidden amounts, origins and destinations with reasonable efficiency.

MRL-0004

Improving Obfuscation in the CryptoNote Protocol

We identify several blockchain analysis attacks available to degrade untraceability of CryptoNote 2.0. We analyze solutions, discuss merits and drawbacks, and recommend improvements including protocol-level minimum mix-in policies.

MRL-0003

Monero is Not That Mysterious

The purpose of this note is to clear up misconceptions and remove mystery surrounding Monero Ring Signatures. We compare the mathematics in CryptoNote ring signatures to the original paper on which it is based.

MRL-0002

Counterfeiting via Merkle Tree Exploits within Virtual Currencies Employing the CryptoNote Protocol

This research bulletin describes deficiencies in the CryptoNote reference code allowing for an attack on 4 September 2014, describes the solution, and elaborates upon what the offending block did to the network.

MRL-0001

A Note on Chain Reactions in Traceability in CryptoNote 2.0

This research bulletin describes a plausible attack on ring-signature based anonymity systems. It demonstrates that untraceability can be dependent upon all keys used in composing a ring signature, allowing for chain reactions in traceability.

IACR 2020/312 This paper has been retracted, but it's possible to view it clicking on 'All versions of this report'.

Arcturus: efficient proofs for confidential transactions

We extend Triptych to build Arcturus, a proving system that proves knowledge of openings of multiple commitments to zero within a single set, correct construction of a verifiable random function, and value balance across a separate list of commitments within a single proof.

IACR 2020/018

Triptych: logarithmic-sized linkable ring signatures with applications

We introduce Triptych, a family of linkable ring signatures without trusted setup based on generalizations of zero-knowledge proofs of knowledge of commitment openings to zero. Signatures are logarithmic in the anonymity set size and can be efficiently verified in batches.

IACR 2019/654

Concise Linkable Ring Signatures and Forgery Against Adversarial Keys

We demonstrate that a version of non-slanderability is a natural definition of unforgeability for linkable ring signatures. We present a linkable ring signature construction with concise signatures and multi-dimensional keys.

Uniformly Most Powerful Tests For Ad Hoc Transactions In Monero

We introduce a general, low-cost, low-power statistical test for transactions in transaction protocols with small anonymity set authentication (TPSASAs), such as Monero. The test classifies transactions as ad hoc or self-churned. We extend these tests to exploit prior information about user behavior and discuss test parameterization.

Unpublished

Understanding ge_fromfe_frombytes_vartime

Monero uses a unique hash function that transforms scalars into elliptic curve points. This document translates its code implementation into mathematical expressions.