This seems like Samourai vs Wasabi war indeed, and I don't take anyone side here, even if I prefer Samourai and I think it is a bit superior.
Interesting news, and I will follow what happens in next few days.
This is what they tweeted few hours ago:
https://twitter.com/SamouraiWallet/status/1296480000963641346
Salty :/
Topic: Wasabi Vulnerablilities - Drama or real. - page 2. (Read 511 times)
It's impossible to tell until the full details of the alleged vulnerability are released publicly. According to the medium post linked above, that will in no more than 48 hours from when that post was made, which was around 12 hours ago from now. So check back in the next day or two and we should know for sure.
Ok, so i read the article and the statement from samourai.
The two reasons why the vulnerability is critical (according to samourai) are:
If this is based on the assumption that the attacker has to know every UTXO in the wallet, there is no privacy to begin with.
Further, they only reference on multiple mixing events. So the coinjoin itself is not "vulnerable", they claim that multiple coinjoins have the same effect than one coinjoin.
To me, this seems just like the regular war between samourai and wasabi.
The privacy is not broken, the coinjoins are not useless.
Assuming that every UTXO of a user is known before coinjoining and also assuming that all UTXO's are enqued into a coinjoin is a pretty strong assumption to say at least.
And even then, it is not like there is a vulnerability which de-anonymizes people.
The two reasons why the vulnerability is critical (according to samourai) are:
When a mixed output is remixed, these vulnerabilities break the ZeroLink guarantee for the previous mix, cancelling its benefits.
and These vulnerabilities break a core assumption of mixing, with each remix effectively canceling out the privacy gains of the previous mix.
If this is based on the assumption that the attacker has to know every UTXO in the wallet, there is no privacy to begin with.
Further, they only reference on multiple mixing events. So the coinjoin itself is not "vulnerable", they claim that multiple coinjoins have the same effect than one coinjoin.
To me, this seems just like the regular war between samourai and wasabi.
The privacy is not broken, the coinjoins are not useless.
Assuming that every UTXO of a user is known before coinjoining and also assuming that all UTXO's are enqued into a coinjoin is a pretty strong assumption to say at least.
And even then, it is not like there is a vulnerability which de-anonymizes people.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
https://cryptonews.com/news/alleged-wasabi-wallet-vulnerabilities-denied-by-developer-7483.htm
I am not a technical guy, so I do not understand some terms that talked in the article from OXT Research.
However, zkSNACKs is denying the claim and from their statement it seems this is some business interest.
I use Wasabi coinJoin sometimes. Now not sure what to take from this article. Anyway with good technical knowledge can enlighten a bit?
Thanks in advance.
Cheers,
I am not a technical guy, so I do not understand some terms that talked in the article from OXT Research.
Quote
“vulnerabilities break a core assumption of mixing, with each remix effectively cancelling out the privacy gains of the previous mix,” and OXT Research believes that they “have been present in the Wasabi Wallet code base for a long time, thus it is likely someone less than ethical has already discovered [them] and is exploiting” them.
However, zkSNACKs is denying the claim and from their statement it seems this is some business interest.
Quote
“They claimed Wasabi is broken because of the lack of randomness in coin selection for CoinJoins. More specifically, they tried to show that if an adversary knows all the UTXOs in a wallet, then it can tell which coin will be mixed next time. This is pointless as the only entity who knows the UTXOs in a wallet is the user itself,” said Ficsor. “Then they moved onto building more and more on this false premise, repeating their conclusion over and over again, and that's the rest of the technical part of the letter.”
I use Wasabi coinJoin sometimes. Now not sure what to take from this article. Anyway with good technical knowledge can enlighten a bit?
Thanks in advance.
Cheers,
Jump to: