From BoingBoing:
In some ways, this is normal: security is a process, not a product, so technologies thought to be secure are often revealed to be defective in some way and need to be patched.
But the Monero problems exemplify a special problem of blockchain anonymity. By design, every transaction in the blockchain is irrevocably, universally, permanently public. That means that when new defects are discovered in a blockchain-based anonymity tool, attackers can download all the transactions that ever took place under the flawed anonymity protocol and go to work de-anonymizing them.
That's a problem in other privacy domains: spy agencies are understood to be storing vast quantities of encrypted traffic intercepted from the public internet against the day that a defect is discovered in the encryption method used to scramble it; hashed password archives live on forever in the web, waiting to be decrypted using new, superior attacks on their hashing algorithms, and so on.
But one of the defenses against future disclosures of defects in encryption techniques is to throw away the old messages once they're done with, to reduce the availability of decryptable ciphertexts. And that's not possible on the blockchain, because the blockchain only works if you can't delete things from it.
It's a hard problem of anonymity in blockchainland: there's no way to deploy a security system and be assured that no one will ever find a new flaw in it, someday in the future, so any anonymity tool used in combination with the blockchain poses a special threat in that any defects that do emerge could uncloak all of the anonymized data ever generated by that tool.
In the Monero case, it's especially grave, as the cryptocurrency's initial adopters were largely people producing illegal substances on dark markets, who face legal reprisals if they're unmasked.
Full Wired article.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://boingboing.net/2018/03/27/perfect-forward-secrecy.html