{"body":"Breaking Monero: The Series\n\n1. Breaking Monero: Introduction\nDescription: Introduces the purpose of the Breaking Monero series (openly discuss past, current, and possible future privacy and security implications)\nIn Scope: Introduction, hint of what will be covered\nOut of Scope: any specifics\n\n2. Breaking Monero: Ring Signatures Introduction\nDescription: overview of what ring signatures are and why they are imperfect. Discuss plausible deniability, and introduce concepts of huristics\nIn Scope: basic explanation of ring signatures and why they are a major pain point. Explain why we use them nevertheless\nOut of Scope: Any specific attacks using ring signatures (refer to future Breaking Monero episodes)\n\n3. Breaking Monero: Chain Reactions\nDescription: introduce concept of Monero ring signature chain reactions and their impact\nIn Scope: showing how different ringsizes deal with the chain reactions, initial research and history, and other basics to understand future topics\nOut of Scope: any specific causes of the chain reaction attacks in detail\n\n4. Breaking Monero: 0-Decoy Outputs\nDescription: Monero's previous difficulty with 0-decoy outputs\nIn Scope: history, analysis, research, and explanation of how things have improved. tie in with chain reactions and how they caused a significant impact\nOut of Scope: everything else\n\n5. Breaking Monero: Chain Splits (Key Image Reuse Attack)\nDescription: what chain splits are and their implications on Monero's security and privacy\nIn Scope: security considerations from decreased hashrate, privacy considerations from key image reuse attack, mitigation methods, largest possible impacts over periods, best practices\nOut of Scope: most of the community dynamics and politics regarding chain splits\n\n6. Breaking Monero: Input Selection\nDescription: how Monero's imput selection algorithm determines its privacy\nIn Scope: history of selection algorithm (detailed timeline), research, impact on transactions, spend history from Bitcoin and Monero, coinbase inputs, blackball tool\nOut of Scope: keep pool information as light as possible to save for the other relevant episode\n\n7. Breaking Monero: Timing Attack\nDescription: how timing attacks can be used to learn information about spend patterns and combine with other heuristics to learn a lot about transactions and identities\nIn Scope: what timing metadata is, anticipated heuristics, connection to other metadata\nOut of Scope: most selection algorithm stuff (other episode)\n\n8. Breaking Monero: Poisoned Outputs (EAE Attack)\nDescription: introduce EAE attack and how it's difficult to defend against\nIn Scope: how Monero's ring signatures provide some protection, and how some aspects (eg: amount metadata when deposited on exchange) can't reasonably be mitigated. Explanation of impact of exchanges and other large merchants\nOut of Scope: all else\n\n9. Breaking Monero: Public Pool Outputs\nDescription: how public mining pool data reveals information on many outputs\nIn Scope: coinbase outputs, proportion of public mining, impact on chian reactions, pool transactions, how to mitigate\nOut of Scope: most of the input selection stuff except explicitly relevant\n\n10. Breaking Monero: Unusual Ringsize\nDescription: short episode on how transaction with unusual ringsizes stick out\nIn Scope: history of unusual ringsizes, explanation, arguments for setting a fixed ringsize, other relevant metadata considerations\nOut of Scope: everything else\n\n11. Breaking Monero: Input/Output Structure\nDescription: how visible information on the NUMBER of inputs and outputs degrades privacy\nIn Scope: how the number of visible transaction inputs and outputs impacts privacy, and what Monero does to limit learned metadata\nOut of Scope: most other metadata discussion, other cryptocurrencies (Zcash Sapling)\n\n12. Breaking Monero: Subaddress Association\nDescription: how on-chain and other data helps link subaddresses\nIn Scope: situations where subaddresses can be linked, best defenses against leakage\nOut of Scope: in-depth explainers on ring signatures traceability (already covdered in previous episode)\n\n13. Breaking Monero: IP Address Linking\nDescription: how clients (especially remote nodes) can learn information about transactions\nIn Scope: impact of remote nodes, impact of IP leak, difficulty in performin attack, clarification about consensus layer, possible mitigation methods\nOut of Scope: Tor/I2P large debate beyond basics, in-depth discussion of Monero's node structure\n\n14. Breaking Monero: View Key Traceability\nDescription: sharing view keys to parties limits privacy, especially for transactions between two individuals using the same service\nIn Scope: intended use of view keys, limitations of transacting with public view key, information revealed\nOut of Scope: everything else\n\n15. Breaking Monero: Transaction Spam and Large Holder Attacks\nDescription: how spamming the network causes security and privacy concerns (block size, congestion, output visibility)\nIn Scope: basics of Monero's dynamic block size, concerns with holders having visibility of lots of outputs, exchanges and their likely privileged position\nOut of Scope: in-depth dynamic block size economics, ranting about exchanges\n\n16. Breaking Monero: Undetected Inflation\nDescription: Monero's technology makes it more difficult to audit the supply\nIn Scope: difficulty in using confidential transactions, tradeoffs, explanation about previous responsible disclosure, how people can sleep at night\nOut of Scope: everything else\n\n17. Breaking Monero: Quantum Computing\nDescription: how quantum computing could pose threats to Monero, but Monero isn't alone and these threats are difficult to predict\nIn Scope: quantum computing basics, general quantum computing concerns for privacy, security, and cryptography, estimated resistance, possible courses of action\nOut of Scope: everything else\n\n18. Breaking Monero: Manipulated Spent Output List (Blackball List)\nDescription: how a manipulated spent output list could reduce your privacy\nIn Scope: what blackball lists are, why people use them, should you even use them?, history and research\nOut of Scope: running blackball list and investigating beyond discussing basics","name":"Breaking Monero Ideas","extension":"txt","url":"https://www.irccloud.com/pastebin/XI0H2aU9/Breaking+Monero+Ideas","modified":1544461741,"id":"XI0H2aU9","size":6203,"lines":91,"own_paste":false,"theme":"","date":1544461741}