With the continuously repeating story from November that seems to be appearing in crypto feeds about CipherTrace's ability to track Monero, we, as a group of three mathematicians, feel we have have the necessary skills required to test the feasibility of these claims. This report, which goes back to November 2020 and hasn't been updated, is being used as FUD by numerous twitter accounts and non-creditable news sources. Each time I read a different source, more has changed since the original post. Claims such as tracking all the way back to the original wallet, which given the strcuture of ringCT, is impossible.
The claims we wish to address stem directly from CipherTrace's post in the above link and we are interested in reproducing the following claims:
- Development of original tracing methodologies based on simulation techniques and Bayesian approaches.
- Monero decoy reduction.
- Statistical and probabilistic methods for scoring transaction and clustering likely owners.
- Transaction visualization tools and ways to track stolen Monero currencies or illicit Monero.
- Methodologies for gaining intelligence about transactions that rely on third party nodes.
This will of course require us to generate enough traffic on the Monero network to be able to understand the likelihood of these claims. It is our anticipation that we will reach out to the MRL (Monero Research Labs) to see if this project is of interest, if it's currently being conducted, and whether or not funding can be obtained. We will provide a detail outline of our approach methodology with a timeline.
We write this post as we have gathered basic intelligence on the feasibility of CipherTrace's claims. Namely the following:
- For 10 "decoys" in a ring signature (linkable ring singature with alterations), the probability of determining the origin of the transaction is roughly 22.88%.
- If CipherTrace, using their claimed "decoy reduction", is able to reduce the number of decoys by half - with 100% confidence - the probability of determining the origin of the transaction becomes 50.40% [1]
Given these numbers, it seems as though CipherTrace is claiming the impossible. With a maximum of 50% probability in determining the origin, it would seem that this would be useless to law enforcement. A 50/50 chance that is or isn't the origin is a poor outcome.
In closing, you can look for updates on our page as we begin to detail reports of our findings. Please note that, sensitive research on this matter will be handed directly over to MRL for review and we will leave it to MRL to decide whether or not they want to publish the results. This could prove to be useless or useful depending on the methods we determine to be adequate in reproducing CipherTrace's claims. Our goal is to give MRL an understanding of the capabilities of these organizations that wish to undermine the core values of the Monero Project.