samourai-wallet-android icon indicating copy to clipboard operation
samourai-wallet-android copied to clipboard

Published 20 hours ago verified publisher icon Samourai-Wallet

Improvements in Ricochet

Open belane opened this issue 5 years ago • 2 comments

First, thanks for the great work you're doing Samourai team. I really like the Ricochet functionality, although it is not a functionality that guarantees anonymity, but it does provide a layer of protection against prying eyes.

I think there are some points that could be improved:

  • Don't use static addresses for the samourai fee. Now, by always using the same address, all Ricochet transactions are being tagged/tainting. Maybe you could use PayNym here. https://github.com/Samourai-Wallet/samourai-wallet-android/blob/develop/app/src/main/java/com/samourai/wallet/ricochet/RicochetMeta.java#L60

  • Ricochet's fee is currently 0.002 BTC, I think a random value between 0.015 and 0.002 BTC (or any other range) would help against statistical attacks. https://github.com/Samourai-Wallet/samourai-wallet-android/blob/develop/app/src/main/java/com/samourai/wallet/ricochet/RicochetMeta.java#L67-L68

  • A Ricochet transaction is constructed with three outputs, the amount sent, the samurai fee and the change,. Followed by four 1-to-1 transactions in a row. If the change were sent in the first or second hop and the samurai fee in the second or third, some more privacy would be gained.

  • Have you studied the possibility of reusing intermediate addresses more than once over time?

belane avatar Aug 11 '19 23:08 belane

Thank you for your comments. Just a few things to note:

  • static fee addresses are being phased out.
  • fees are paid via PayNym if the user has a claimed PayNym connected to our own PayNym. The individual amounts are randomised.
  • Ricochet txs w/ fee paid via PayNym have different footprints than the 1-1 txs.

We will be using the Orchestrator for further Ricochet improvements.

SamouraiDev avatar Aug 12 '19 08:08 SamouraiDev

I think it still doesn't work as expected.

I have repeated the test with PayNym using the latest version of Play store (v0.99.86). First of all I added the samurai wallet to my PayNyms contacts.

Now, the Ricochet function results in a normal transaction from origin to destination without Ricochet or any intermediate transaction, just a common transaction.

belane avatar Aug 24 '19 11:08 belane