Catalogue of Monero decoy selection algorithms
Rucknium opened this issue · 7 comments
Monero wallet developers are free to choose decoys for ring signatures almost any way they wish. Currently, the "standard" Decoy Selection Algorithm of the official GUI wallet uses a log-gamma distribution with shape parameter 19.28 and scale 1/1.61. To assess the impact of nonstandard Decoy Selection Algorithms on Monero user privacy, it is important to collect information about how wallets are choosing decoys.
Collection of this information is meant to be a collaborative effort. If you know what decoy selection method any of these wallets use, please comment with a link to the code that implements the wallet's Decoy Selection Algorithm. Many wallets will simply incorporate the Monero GUI wallet's Decoy Selection Algorithm. If wallets are not open source, reaching out to the wallet developers would be beneficial. Any leads of nonstandard Decoy Selection Algorithms used by centralized exchanges or other services would also be helpful. I am mostly interested in what wallets have been using over the past two years.
| Wallet | Decoy Selection Algorithm | Source |
|---|---|---|
| Monero GUI | Standard | ■ |
| Feather | Standard | ■ |
| Cake | Standard | ■ |
| Monerujo | Standard | ■ |
| MyMonero | monero-lws |
■ |
| Edge | monero-lws |
■ |
| Exodus | unknown | |
| ZelCore | monero-lws |
■ |
| Guarda | unknown | |
| Exa | unknown | |
| WooKey | unknown | |
| Atomic | unknown |
Feather Wallet 1.0.1 (current) uses wallet2 (v0.17.2.3).
https://github.com/feather-wallet/monero/tree/v0.17.2.3_1-feather
Cake Wallet and Monero.com use wallet2.
https://github.com/cake-tech/cake_wallet/blob/main/cw_monero/ios/Classes/monero_api.cpp#L13
monerujo uses wallet2 through wallet2_api.h
https://github.com/m2049r/monero/tree/release-v0.17.3.0-monerujo
For the light wallets listed there, MyMonero, Edge and Zelcore. decoys are selected on the light wallet server.
All 3 wallets by default use the MyMonero servers and decoy selection is the same algorithm found in monero-lws. https://github.com/vtnerd/monero-lws/blob/develop/src/util/random_outputs.cpp
@devinpearson Thank you! Do you have a source for the statement that Edge and Zelcore use the monero-lws method? Is it based on your personal communication with the Edge and Zelcore dev teams?
@Rucknium you can confirm with them but they use our libraries. Which handles the decoy selection as part of the sending process. They would need to run their own light wallet compliant server and modify the libraries to change this behaviour.
monero-serai uses a Rust implementation of the monero-lws algorithm post-patch to resolve differences with wallet2.