I read that in order to break the trace from the sender of my Monero to the recipient of my Monero, I need to make several transactions between my wallets, for example:

someone sent me 1 XMR --> my wallet 1 --> my wallet 2 --> recipient of my 1 XMR

(that i consider 1 additional transaction in aim to break the trace)

Can anyone explain so even layman understands chance/probability of breaking the trace when doing 0,1,2 such transactions between own wallets?

  • jetA
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    7 months ago

    Nothing is guaranteed, you can read the monero white paper Zero to Monero for the details. Depending on your threat model you have to assume it would get probabilistically traced in the future at some point.

    Basic operational security ideas:

    • Over randomized time intervals
    • Using different wallets
    • Using different amounts

    Enough iterations until your comfortable with the risk level. I.e. is it going to be too much work for whoever would care about this to trace it?

    Bonus points

    • Deposit in an exchange and withdraw later
    • Use atomic swaps multiple times, etc
  • azalty@jlai.lu
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    6 months ago

    XMR currently takes 16 outputs per input, where 15 of them are decoys and 1 of them is the true one

    Assuming you’re not using any traceable pattern like churning every 30mins (you should split your churns, avoid churning too frequently), then the formula is 1/(16^(churn amount)).

    So after 1 churn, there is a 1 in 16 chance (6.25%) that this transaction is yours. After 2 churns, it’s a 1 in 16x16 = 1/256 = 0.39% chance that the final output of the route is yours. After 3 churns, 1 in 16x16x16 = 1/4096 = 0.0244%

    The probability decreases exponentially.

    Please note though, that even after 3 churns, it’s still possible to figure out a link with you. 4000 outputs way less than the total amount of outputs in the blockchain, and you can likely be traced depending on your threat model. As an example, let’s say you own a darknet market. If you deposit to an exchange, you’ll be one of the few with a link to the output that came out of the market to deposit. The closer you are to the output, the riskier it gets. That example alone might not put you in trouble, but you’ll be put on a list. Now imagine this happens again. A second list is formed, and you appear in both lists. It is already really unlikely that the same person appears twice. Third deposit, you appear again. Now you’re probably the only one with this pattern.

    Solution? Either churn a lot so that a lot of outputs are in contact (through being chosen as decoys at some point), so you’re not the only one to regularly have outputs linked with the poisoned output. Depositing outputs with no link at the time of deposit would also be beneficial, but that’s not always possible. That’s considering you got the worse threat model, which is a gov sending you outputs and getting them back (through CEXs). Another good solution: withdraw to DEXs!

    • azalty@jlai.lu
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      6 months ago

      By the way, you can churn to your own wallet, as it’s not possible to link the output to the wallet. You can use the wallet accounts feature to separate coins

      Just make sure you don’t use 2 churned outputs together (too early) or you’ll link them, and don’t use a churn output with an unchurned output. Feather Wallet with coin control is a good choice.

      If you’re going to use 2 of your churned outputs together, that could relink the outputs together and make it stand out, although I haven’t really thought about it. It might not be that bad if you’ve churned enough, because at some point it’s logical that outputs from 2 big pools intersect

      • hetzlemmingsworld@lemmings.worldOP
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        6 months ago

        don’t use a churn output with an unchurned output

        You mean that the churning by sending from my wallet to this same wallet(i can also say account or sub account of the wallet) (sending to self) just part of its ballance, will result in churned and non churned outputs in that wallet and these will be joined together if i later (after a week) send a big transaction (or wallet sweep) causing my previous churning be pointless? Maybe in this case is better for simplicity to always churn (part or full balance - i do not know if there is any benefit in sending in parts or in full) to second account within my wallet (instead of sending to self/same address) to prevent this. And i will be sending XMR to a third parties only from that secondary account?

        • azalty@jlai.lu
          link
          fedilink
          English
          arrow-up
          3
          ·
          6 months ago

          You got it right! It’s exactly that.

          I personally put everything on the same account and use coin control to spend only specific outputs but that’s just because I don’t like changing accounts

          You’ll have to know that one you spend an output on the second account, it will pretty much result in a change output that isn’t as much churned (still no link to the original withdrawal, but could be statistically linked to the transaction you just made with it). In the end it’s all about what you think are the capacities of your opponent, their motivation to get you, and the risk for you if that happens. Most of the time and with the current situation, no one is good (nor interested) at statistically tracing XMR, but that might happen in the future.

  • shortwavesurfer@monero.town
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    It really depends on your threat level for the vast majority of people. It’s perfectly fine just to do one transaction. You receive Monero and then you send Monero to the person you wish to send it to with no problems.

    • hetzlemmingsworld@lemmings.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      Thanks, I would like to be able to understand how big improvement would be to send the same or similar amount to secondary wallet of mine when comparing to direct sending mentioned by you. I think that i want above average protection, but i am unable to estimate impact (on TX traceability) of 1,2 more transactions of similar amount between my wallets and i am not enough technical to read and understand tens of technical pages of the Monero whitepaper.

      • shortwavesurfer@monero.town
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        7 months ago

        So currently, each time you make a transaction, you are one of 16 possible outputs. So when you make the first transaction, you have 16 outputs that could possibly be yours. And then at a second transaction, you have 32 outputs that could possibly be yours.

  • xmr_unlimited@monero.town
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 months ago

    I guess it’s good to be paranoid. Have 2 wallets. One you use to only receive and send to your second wallet only. Age them before Sending to your second wallet. Always spend from second wallet after aging second time.

    • hetzlemmingsworld@lemmings.worldOP
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      7 months ago

      I assume that you mean to receive XMR on own wallet 1, wait for example one week, send to own wallet 2, wait a few days and then spend it (for example in an e-shop)?

      According to @jet@hackertalks.com jet@hackertalks.com suggestions, i assume that to improve this, i can split the first transaction between my wallets into two payments (hours or a day delay between each) and each sent to different wallet of mine, then making sure i do not send these two outputs later into same wallet of mine, which would compromise my anonymization attempt? Is this split into 2 payments doubling the difficulty to trace the payment?

      The method described in this whole post of mine can be considered very unlikely to be traced by any government in the next decade? Thank you

      • azalty@jlai.lu
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        I would argue that splitting an input into 2 outputs that’ll both go in the same wallet and could be used together would severely harm your privacy and make tracing easier

        • jonycoo@fosstodon.org
          link
          fedilink
          arrow-up
          2
          ·
          6 months ago

          @azalty @hetzlemmingsworld
          I have just a shallow understanding of XMR
          With one Input and two Output you would set two addresses of the anonymity set.
          With time correlation tecniques etc an attacker might be abel to infer traces.
          Also you cant use this combination, or any of these out keys again.
          Increasing the anonynity set makes a transaction stand out even more.

  • magicbeergut@monero.town
    link
    fedilink
    arrow-up
    3
    ·
    7 months ago

    It depends on how soon you think XMR will be cracked with Quantum Computing. The more churn the better. A pair of hops and you’re good I guess.