Breaking Monero is a series of episodes by Justin Ehrenhofer, Sarang Noether and Brandon Goodell (Surae Noether) from Monero Research Lab that explain the limitations of Monero’s security and privacy in a comprehensive and understandable way. They give a sneak peek into some of the work done behind the scenes to evaluate risks and to make Monero better. The links below feature each episode, along with a transcription, or you can watch the entire YouTube Playlist.

01: Introduction

Introduction to the Breaking Monero series.

02: Ring Signatures Introduction

The history of Monero’s ring signatures and past approaches to improve them.

03: 0-Decoy and Chain Reactions

Sarang and Justin discuss 0-decoy (0-mixin) rings, perhaps the oldest and best-studied past limitation of Monero.

04: Chain Splits (Key Image Reuse Attack)

In this episode, Sarang, Brandon (Suare), and Justin introduce key image reuse concerns.

05: Input Selection Algorithm

Sarang and Justin explain more about how Monero selects decoys for ring signatures, more than just “randomly.”

06: Unusual Ringsize

Discussing the unfortunate tradeoff when sending Monero transactions with unusual ringsizes.

07: Remote Nodes

The limitations of remote nodes, remote node attacks, and how to mitigate against them.

08: Timing Attacks

Network topography concerns and ways for users to mitigate their exposure to timing heuristics.

09: Poisoned Outputs (EAE Attack)

Monero’s ring signatures provide plausible deniability, but they aren’t perfect.

10: Public Mining Pools

Public mining pools provide a service to miners, but they also reveal a lot of output information that observers can use to learn more about transactions.

11: Mailbag Episode

Breaking Monero answers questions from audience members.

12: Input/Output Metadata

How the metadata collected by looking at the number of inputs and outputs can limit privacy in some circumstances.

13: Blockchain Explorer OpSec

This is a quick reminder to pay attention to the information you give block explorers.