Very interesting article. Would it be possible to write one that details the effort involved here and just how likely governments are to use such analysis to go after an individual. From the above it looks like quite an involved process.
Other thoughts: how big of a net does the above process cast? Is it all encompassing, capturing large and little fish alike, or does it go after one individual/entity at a time? How expensive and time consuming? What about time delay; suppose you own XMR and keep them in an offline wallet for months to years does this effect the process?
Please, more thoughts from a practical perspective would be useful here.
Hi! One doesn't have to "cast a net", one has to simply analyze onchain activity, just like it's done with bitcoin. Analyzing onchain activity means extrapolating information you are not supposed to know, from what you already know. In Monero's case the knowns are TXOs and key images of spent TXOs (as published onchain, unconnected to their TXOs), TXO metadata, CEX TXO metadata, other metadata from other centralized parties. The extrapolated information from this data includes bypassing cryptographic functions that are supposed to ensure privacy, such as mapping TXOs to their key images. The amount of known variables in a specific point in time is the sum of all knowns plus all the extrapolated data from the knowns up to that point. The latter includes a set of burnt TXOs. This set grows with time as it's fed new information and it allows deanonymization either of live transactions or with a lag for transactions whose decoys are not burnt TXOs. Those are eventually deanonymized with a lag as their decoys are burnt. The Chainalysis video shows that by using this process Chainalysis is already capable removing decoys and deanonymizing senders in single input transactions.
Thanks for getting back to me; I appreciate both the time you have taken to write about this and your prompt response.
I was however looking for a less technical response. I'm no crypto expert just someone looking to use crypto anonymously when possible. So I guess what I'm trying to figure out (and I know I'm not alone in this) is what are the probabilities or the likelihood that government will come after an ordinary low money user (let's say less than $1000 per transaction and less than 10k per year) and how much money and effort would the government have to expend to target people like us.
Also is there an alternative to XMR?
Perhaps for the future an article that summarizes the above Monero debacle and goes into the practical user side for average crypto users would be very helpful.
Based on this article, to deanonymise a wallet (not even a person) you either need:
1. A database with every Monero transaction/key image to deanonymize a wallet
2. Many transactions from the same wallet
Since Monero has, fortunately, been banned from most central exchanges, because governments are afraid of its anonymity capability, the database for 1 does not exist.
Spending only a handful of times or changing wallets makes 2 impossible, too.
Nice try! Monero is still extremely secure. It may not be 100% bulletproof. The best you might get would be a probability, likely not even a majority.
Based on this article, there is already a tool out there with a database of all spent TXOs. That tool most likely combines exchange data and onchain pattern analysis. We saw the tool in action in Chainalysis' latest leak (https://t.me/techleaks24/27). We also know that for regulatory reasons all CEXes report their transactions quarterly to Chainalysis, which explains why they have the data pool required for the tool to work. So, to go back to your initial question, to trace a TXO in Monero all you need to do is contact Chainalysis (or other chain analysis firms) so they can run their tool and identify all the downstream TXOs where the money flows from the target TXO. And if ANY of those downstream TXOs is an exchange or has metadata that lead to an exchange then we can identify the owner of the mother TXO. Read also the second part of this article to understand how CEX data are not even required to trace Monero, although they make it a lot easier. https://techleaks24.substack.com/p/how-ai-can-perform-key-image-analysis
Very interesting article. Would it be possible to write one that details the effort involved here and just how likely governments are to use such analysis to go after an individual. From the above it looks like quite an involved process.
Other thoughts: how big of a net does the above process cast? Is it all encompassing, capturing large and little fish alike, or does it go after one individual/entity at a time? How expensive and time consuming? What about time delay; suppose you own XMR and keep them in an offline wallet for months to years does this effect the process?
Please, more thoughts from a practical perspective would be useful here.
Hi! One doesn't have to "cast a net", one has to simply analyze onchain activity, just like it's done with bitcoin. Analyzing onchain activity means extrapolating information you are not supposed to know, from what you already know. In Monero's case the knowns are TXOs and key images of spent TXOs (as published onchain, unconnected to their TXOs), TXO metadata, CEX TXO metadata, other metadata from other centralized parties. The extrapolated information from this data includes bypassing cryptographic functions that are supposed to ensure privacy, such as mapping TXOs to their key images. The amount of known variables in a specific point in time is the sum of all knowns plus all the extrapolated data from the knowns up to that point. The latter includes a set of burnt TXOs. This set grows with time as it's fed new information and it allows deanonymization either of live transactions or with a lag for transactions whose decoys are not burnt TXOs. Those are eventually deanonymized with a lag as their decoys are burnt. The Chainalysis video shows that by using this process Chainalysis is already capable removing decoys and deanonymizing senders in single input transactions.
Thanks for getting back to me; I appreciate both the time you have taken to write about this and your prompt response.
I was however looking for a less technical response. I'm no crypto expert just someone looking to use crypto anonymously when possible. So I guess what I'm trying to figure out (and I know I'm not alone in this) is what are the probabilities or the likelihood that government will come after an ordinary low money user (let's say less than $1000 per transaction and less than 10k per year) and how much money and effort would the government have to expend to target people like us.
Also is there an alternative to XMR?
Perhaps for the future an article that summarizes the above Monero debacle and goes into the practical user side for average crypto users would be very helpful.
Based on this article, to deanonymise a wallet (not even a person) you either need:
1. A database with every Monero transaction/key image to deanonymize a wallet
2. Many transactions from the same wallet
Since Monero has, fortunately, been banned from most central exchanges, because governments are afraid of its anonymity capability, the database for 1 does not exist.
Spending only a handful of times or changing wallets makes 2 impossible, too.
Nice try! Monero is still extremely secure. It may not be 100% bulletproof. The best you might get would be a probability, likely not even a majority.
Based on this article, there is already a tool out there with a database of all spent TXOs. That tool most likely combines exchange data and onchain pattern analysis. We saw the tool in action in Chainalysis' latest leak (https://t.me/techleaks24/27). We also know that for regulatory reasons all CEXes report their transactions quarterly to Chainalysis, which explains why they have the data pool required for the tool to work. So, to go back to your initial question, to trace a TXO in Monero all you need to do is contact Chainalysis (or other chain analysis firms) so they can run their tool and identify all the downstream TXOs where the money flows from the target TXO. And if ANY of those downstream TXOs is an exchange or has metadata that lead to an exchange then we can identify the owner of the mother TXO. Read also the second part of this article to understand how CEX data are not even required to trace Monero, although they make it a lot easier. https://techleaks24.substack.com/p/how-ai-can-perform-key-image-analysis