Closed real-or-random closed 6 years ago
What would be the steps to have this formally reviewed? Would love to get this audited by more folks. I only wrote the server side, and have limited context on the plugin itself.
So just to be clear, a plugin that is in development and not released is something you are actively going to tell people not to use? Well we didn't intend for it to be used either, that would be why we put out a dev release, to get reviews started, and fix bugs in the underlying implementation.
At no time have we said this is production ready. Just to be very clear.
I don't know your intentions and I see your point that there is no official release so far. The thing is: Neither the website nor the README mention that it is a development version. Instead, the README contains detailed installation instructions that not only advanced developers can use. And even advanced developers probably don't want to lose their coins. If your intention is that people should not use this currently, then this should be made very clear. Even better, it should be configured to only work on testnet.
If you need an audit: There are people who do security audits for money. Personally I'm not interested in doing an audit, because I think this old version of CoinShuffle is obsolete. There is CoinShuffle++, which is much faster and simpler. That also means it easier simpler to implement. There is no reason to use the old CoinShuffle.
There is already effort underway to do CoinShuffle++. We did this first to become more familiar with the protocol. That was already our plan.
Since you worked on the original CoinShuffle, do you have suggestions on people who we should reach out to for an audit?
Appreciate the feedback. I have gone ahead and updated the README to be very clear that this is a pre-release.
Okay, then you should know that CoinShuffle++ is pretty different from the old CoinShuffle. The biggest similarity is that it follows the same paradigm of "try to shuffle. if it fails, break anonymity and exclude the evil guy".
duplicate ciphertexts are checked now
Peers need to check if there are duplicate ciphertexts after decryption. If not, attacks on unlinkability are possible. This check is missing here after this line: https://github.com/cashshuffle/cashshuffle-electron-cash-plugin/blob/bcd9d668dcde92649be78e445da5820ee79b7ffa/shuffle/coin_shuffle.py#L243
As co-author of the CoinShuffle paper, I recommend everybody not to use this plugin. It has not been audited properly and potentially contains more serious flaws. Moreover, the CoinShuffle protocol is outdated, CoinShuffle++ is better in every aspect. No coin mixing protocol should be used without very careful coin control mechanisms built in the client, because it's a huge cannon for anonymity.