Hardforks and airdropped coins are always an attractive opportunity for cryptocurrency users. These are viewed as free giveaways and are often viewed as a bonus for the coin holder.
Users often make the assumption that using the forked coins is risk free and will not have any impact on the security of the legacy chain. This is often a misguided assumption and there are risks that come with claiming badly forked coins.
In the case of Monero, a Reddit user raised a valid concern around how a fork would impact user privacy on the main chain. Given that privacy is of utmost importance to Monero users, it had quite a few users slightly concerned.
Let’s take a deeper look.
A potential risk that many may know about when forking a blockchain is that posed by replay attacks. This is essentially the risk that someone can use your transaction credentials on the separate chain to forge a similar payment.
This risk exists because the signature that you have on the one chain is valid on both. Hence, if you send a transaction on the forked chain to someone, they can use the same information in the legacy chain to repeat the payment.
Developers have usually been able to mitigate the risk posed by a replay attack through the use of replay protection. This replay protection, for example, was implemented in the Bitcoin Cash fork last year.
However, the risk that could potentially be posed by hardforking Monero has to do with the use of Key images and decoy transactions. These are the backbone of the Monero protocol and allow users to completely hide their transaction information.
If these terms are foreign to you, then we suggest you read more about it in our Monero overview.
Identical Key Images
The “Key” to the Transaction
The question was first posed casually by a user on the the Monero subreddit. The OP was musing out loud about the possibility of taking part in the Monerov hard fork that was happening in March.
However, the question he posed was far more fundamental than many initially thought. This is because the similarities between transactions on the separate chains could weaken the privacy of the user on the original Monero chain.
More specifically, the Key image that is produced on the two different blockchains will be identical. In each of those Key images will be 4 decoy transactions together with the real transaction output. This is done to hide the transaction from public view.
Hence, someone could identify the actual transaction output by cross referencing the identical key images on the two chains. This means that you have already removed a layer of privacy from your transactions.
Many may then think that they can just ignore the fork, not spend on the forked chain and keep their privacy completely 100% secure on the Monero legacy chain.
This is unfortunately not the case and it could lead to the potential of all user’s privacy being compromised by the transactions of a user who has spent on both chains. This all has to with the decoy transactions.
Identifing the Decoys
User dnale0r was able to very comprehensively go over the risks that all users faced from transactions across the chains. He was able to effectively explain how users who spent on both chains compromised their privacy.
However, he also analysed the other “side of the coin” from the perspective of the decoy transactions being identified as decoys. If someone was able to identify the identical key images and then extract the actual transaction output, they would know that this was spent and hence could have been a decoy in a previous transaction.
This unmasking of the decoy transactions removes a layer of plausible deniability to the transaction that existed before. dnale0r was able to effectively summarise the threat posed as such:
So the fact that another user broadcasts a transaction on the XMR-chain, weakens the privacy of another user!
So, quite simply, the risk of deanonymization of transactions increases the more people choose to transact with the decoys across the two separate chains.
Potential Solutions Proposed
It is clear that this threat is created by users who decide to transact on chains that are identical after the hardfork. Hence, the ecosystem is much safer when all Monero users choose not to claim their coins or, at the very least, not transact regularly.
However, given the allure of “free coins” this may be too hard to pass up especially for many of the newer users who were not aware of the threat it posed. Similarly, no one can police how often other users spend their coins and where.
One can only hope that the highly capable Monero core team is working on a potential solution that will reinforce the protection of the main chain in the face of these forks.
Images via Fotolia