I just read a news story so bizarre that I had to go through with it with an analytical eye

Summary of Howard’s claims [1]. Take good note of timing — 20 minutes into the flight. Dates will become important

Ed Caro, senior engineer at NASA in charge of the system Howard claims so gallantly saved mid-flight, makes following claims:


Today I woke up to 3 separate people asking me “WTF is going on with Bitcoin Cash” — mostly from LTC controlled Telegram channels. Let’s have a quick critical look to see if anything is amiss, shall we?

Let’s go atomic

According to Monero talking heads atomic swaps are impossible until you buy Tari. This is of course just a marketing strategy that we have seen thousands of times — gimp the current product to release a new one.

We are working on support atomic swaps with BTC via P2SH addresses. The mechanism of atomic swaps is extremely simple and described well here . All we need to implement in Ryo is a conditional timelock that allows earlier spending if you know the shared secret of the swap.

Quasar web-wallet and 64-bit “ChooChoo” Elliptic Curve Crypto library

You might recall me writing it over a year ago. It has proven…

Final nail in the coffin of Monero privacy

*Update to the story* I got banned by Monero community rep (Justin Ehrenhofer) from a “neutral” subreddit by giving this link to people trying to sell Monero — apparently that’s “diruptive” [source]


In the previous articles we discussed how to turn churning into incriminating evidence using external metadata [ 1 ] and how lack of churning will let your funds be tracked through simple output tagging (Knacc attack)[ 2 ]. In this article we will discuss how to track churning — and do active tracking attacks on-chain without help of any metadata. …

*Update to the story* I got banned by Monero community rep (Justin Ehrenhofer) from a “neutral” subreddit by giving this link to people trying to sell Monero — apparently that’s “diruptive” [source]


This is part 3 out of 4 of my Cryptonote Tracking series. We created a permanent home for it in /r/CryptoNoteTech subreddit. Feel free to drop by if you are interested in the privacy side of Cryptonote coins.

This attack, as the name suggests, was found by Knacc somewhere in early 2017. The original write-up that his article is based on can be found here. TLDR readers should…


While discussing the previous Monero vulnerability, I confused the issues (they are both related to the fact that the encrypted amount and commitment are separate entities in RingCTs) and accidentally disclosed this one [ 1 ]. Monero team has had over a week now to examine the source code and surprisingly they have not asked us for any details about the bug.

Description of the issue

Wallet does not perform sufficient error handling when an invalid encrypted amount is met. While the RCT library correctly throws an exception; it is caught and the returned amount is set to zero.

While there is nothing inherently…

Foreword to Ryo community

This bug has been fixed in Ryo 7 months ago. Patch is available here, however in case of Monero it might cause a hard fork on exploitation. Another fix is possible by ignoring non-null RingCT coinbase transactions in the wallet.

How does the exploit work?

RingCT has extremely insecure design where the amount displayed to the user (from now called masked amount) is different from the amount checked by the network (from now called commitment).

When a coinbase transaction is minted it will include a plaintext amount and a null rct signature. Network will construct commitment from this plaintext amount.

However if the coinbase transaction…


In what has become a familiar pattern for anyone following our news feed, Monero community got red-faced angry at a mere proposition of me writing this guide, and are likely to do so now. You should be aware that if you provide intelligent criticism of Monero in any way (you don’t even need to be a Ryo supporter, /u/hapticpilot springs to mind) you will be accused by a sock-puppet of being my sock-puppet. The most glorious case was the now-deleted sock-puppet stipulating that actually I run the whole 5 man team of Ryo myself [ 1 ]. …

Graveyard of “ASIC/FPGA-proof” and a need for paradigm shift

To anyone observing development of cryptonight mining algorithms, one thing will become immediately apparent — the claims ASIC resistance simply don’t stack up with historical reality. Current approach, something I call “Look, ma! No hands!”, where the algorithm designers ask “Maybe ASICs can’t do X?”, and then find out how wrong they were, simply does not work.

Can FPGAs do floating point instructions?

Of course they can. In fact in HPC this is a bit of a marketing number — similar to MPG for cars, therefore you will be easily able to find theoretical TFLOPS in their brochure.

So let’s do just that — “Intel boasts…

*Update to the story* I got banned by Monero community rep (Justin Ehrenhofer) from a “neutral” subreddit by giving this link to people trying to sell Monero — apparently that’s “diruptive” [source]

Background reading — “Why metadata matters?” by EFF.

What is an attack?

As we are heading into more technical topics of Cryptonote tracking, I will be using term “attack” for anything that can be used to deanonymise ring signatures. It is important to know that, similar to most practical attacks against cryptography, those attacks don’t tackle cryptography directly. Instead they rely on how transactions and people making the transactions interact. …

Ryo Cryptocurrency

Telegram : @fireice_uk Reddit: fireice_uk Twitter: fireice_uk

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store