XMR誘餌選擇算法的私密漏洞 - 數位貨幣

新聞來源連結：
門羅幣官方twitter
https://twitter.com/monero/status/1419852036913475587?s=20
門羅幣論壇

https://forum.monero.space/d/
94-privacy-bug-decoy-selection-algorithm-ignores-very-recent-outputs

新聞本文：
Privacy bug: Decoy selection algorithm ignores very recent outputs

sgp_17 days ago Edited

A rather significant bug has been spotted in Monero's decoy selection
algorithm. Please read this whole message carefully.
在門羅幣的誘餌選擇算法中發現了一個相當顯著的錯誤。

If users spend funds immediately following the lock time in the first 2
blocks allowable by consensus rules (20 minutes after receiving funds), then
there is a good probability that the output can be identified as the true
spend. This does not reveal anything about addresses or transaction amounts.
Funds are never at risk of being stolen.
如果用戶在共識規則允許的前2個區塊的鎖定時間之後立即花費資金（收到資金後20分鐘
），那麼有高機率將輸出可被識別的真正花費。這不會透露有關地址或交易金額的任何信
息。資金也沒有被盜的風險。

This bug persists in the official wallet code today. Users can substantially
mitigate the risk to their privacy by waiting 1 hour or longer before
spending their newly-received Monero, until a fix can be added in a future
wallet software update. A full network upgrade (hard fork) is not required to
address this bug.
使用者可以在花費新收到的門羅幣之前等待1小時或更久，直到可以在未來的錢包軟體更
新中添加修復程序，從而大大降低其隱私風險。解決此錯誤不需要完整的網絡升級（硬
分叉）。

The Monero Research Lab and Monero developers take this matter very
seriously. We will provide an update when wallet fixes are available. Please
read this GitHub issue for more details:
https://github.com/monero-project/monero/issues/7807

I have invited the individual who spotted this bug, Justin Berman, to join me
on an episode of Breaking Monero once we can more easily explain the required
fix to people.

評論：
大家收到XMR後記得等一下再使用就沒事了，雖然不太方便不過先頂著先。

--
If yesterday was two days ago tomorrow,
will the day after tomorrow be today or yesterday?
Temporal Manipulation 101 final exam, Tolarian Academy
如果昨天到了明天會變成兩天前，
試問後天應該是今天或是昨天？
時間操縱緒論期末考，陶拉里亞大學院

--