-
@ Super Testnet
2025-05-31 11:53:56
by "unencrypted" I mean this: (1) all 16 members of the ring signature are provided in plaintext -- everyone can see them (2) the "real" sender is definitely one of them -- only 15 ring members are decoys, you can't make them "all" decoys because, as part of monero's design, you must put the real sender's pubkey in the ring signature
by "crackable" I mean this: chain analysts can use data from their own wallets and those of their partners to eliminate some of the decoys in the ring signature -- e.g. if one of the decoy pubkeys belongs to them, and they know they didn't sign the transaction, they can remove that decoy, thus narrowing down the list of possible senders. Often, they can narrow it down to just one person, thus "cracking" monero's ring signature privacy and identifying the real sender. Here is a video where they do this multiple times, starting at minute 26:55
https://v.nostr.build/D4Nzp22vRF35IRnz.mp4