Published : 4/28/2020

Privacy as priority

As a cryptocurrency, Monero might seem very boring to the naked eye. It doesn’t have a big claim to fame such as being a ‘world computer’ or ‘revolutionizing xyz industry’. It’s just trying to be a private, digital, fungible money, and every upgrade and new technology just furthers this end. Those that deem this goal as too narrow or uninteresting generally don’t understand how difficult it is to achieve meaningful privacy, especially on a permanent, open ledger like a blockchain. Any avenue for metadata leakage is a potential for privacy erosion. Monero takes precautions to obfuscate on-chain data, such as the receiver, sender, and amounts, via stealth addresses, ring signatures, and Pedersen commitments respectively. This minimizes the chances of a casual observer from deducing critical info after transactions have already been sent and are now just a part of recorded history. There are, however some attacks that can be done the moment a transaction occurs that cannot be performed any time later.

Attack to reveal IP address

These attacks revolve around identifying which IP address a transaction came from. If this information is deduced it could reveal that an individual sent a Monero transaction. It’s not able to show to who, and how much, but there are some cases where the knowledge of someone using Monero is enough to cause harm.



The good news is, that if this information is not gleaned the moment the transaction is made, then it cannot be learned at a later date, since IP addresses are not stored on the blockchain. It is also comforting to know that such an attack is unlikely to be seen in the wild, as, in order to pull it off, the attacker would need a large majority of nodes on the network. If a person was able to command this large majority, however, they would be able to identify the “direction” a transaction came from.



This may be confusing, so we’ll explain some background info here. Each node connects to other nodes on the network, so that they can keep their blockchain up to date, as well as share what they know with others. These connections allow them to learn about new transactions, propagate them, and send their own. Since a node can only tell their peers about transactions they know about, it stands to reason that the very first node that propagates a transaction is the node that is actually sending Monero.



If an attacker owns a large majority of nodes on the network, each node will hear about a transaction from one of their peers, and based on the timing in which each node receives this information, they can deduce likely candidates for where the transaction started.



If this is still confusing, we offer this example. Suppose we both have a mutual friend that is hiding from our vision. This friend calls out loudly. I hear his call first, and I hear it louder than you do. From this information, we can know that I am likely closer to our friend than you are. The fact that you hear the sound later (even by just a split second) and the sound is fainter means that we should start our search around my area, not yours.



If an attacker is able to successfully guess which of their peers sent the transaction, since they have the IP address that is connected to their node and forwarded it to them, they can be certain of the IP address that sent it. This is powerful information, as IP addresses contains information about the country and internet service provider (ISP) of the user, and the ISP themselves know which user is linked to which exact IP address, effectively deanonymizing the Monero user.

The mitigation(s)