Breaking Monero Episode 09 Poisoned Outputs (EAE Attack)


February 8th, 2019

31 mins 41 secs

Your Hosts

About this Episode

Monero's ring signatures provide plausible deniability, but they aren't perfect. We model examples where two colluding parties 'E' attempt to learn information about an individual 'A.' By sending outputs to individuals and tracing their transaction graphs, these colluding parties may perform powerful statistical tests to learn significant information, especially for repeated transactions where they would not normally occur by chance.