Part 2 out of 4 in our Cryptonote tracking series.

Guess what? Privacy is not a sliding scale. It is a minefield that you need to navigate.

What is an attack?

As we are heading into more technical topics of Cryptonote tracking, I will be using term “attack” for anything that can be used to deanonymise ring signatures. It is important to know that, similar to most practical attacks against cryptography, those attacks don’t tackle cryptography directly. Instead they rely on how transactions and people making the transactions interact. In fact this attack is a simple application of textbook forensic techniques to ring signatures.

As no single attack that I’m aware of is an “I win” button, it is important to understand their relative strengths and weaknesses.

What are the general properties of metadata analysis?

A single expression that I would use to describe is “churn killer”. Since the anonymity set provided by a ring signature is fairly small, a very naive and stupid advice would be “just send money to yourself a couple times”. Metadata attack turns churning into incriminating evidence in a scenario where you are trying to prove beyond reasonable doubt that a transaction occurred between Alice and Bob.

Another interesting property of metadata analysis is that larger ring sizes are more incriminating. It can be only countered with smarter output selection. For one such idea, see section 6.2 here.

https://medium.com/@crypto_ryo/tracing-cryptonote-ring-signatures-using-external-metadata-8e4866810006