Hacker News: hushhush

New comment by hushhush in "“I will slaughter you”"

hushhush — Fri, 19 Feb 2021 13:36:52 +0000

Death threats are pretty normal for open source devs but I actually got a rape threat recently, which kind of surprised me. Cultural differences from international communities. It was not in English.

New comment by hushhush in "GitHub Deceased User Policy"

hushhush — Wed, 17 Feb 2021 12:01:58 +0000

Github suspended my account after 12 years and ignores me in every possible way to try to fix it, even though I know various company that work at the company. Github=Microsoft, Github died the day MSFT bought it.

New comment by hushhush in "Smashing the Stack for Fun and Profit (1996)"

hushhush — Mon, 25 Jan 2021 23:25:04 +0000

No, there are many privacy coins, but most are indeed just copies of Monero or Zcash. The author of that paper has discovered multiple CVE's in Zcash (https://www.cvedetails.com/cve/CVE-2019-16930/ and https://www.cvedetails.com/cve/CVE-2019-11636/ ).

There are very few unique source codebases which implement privacy coins, maybe a half dozen depending on how lenient you are (i.e. is DASH a privacy coin? Barely, but it could be considered one. Blockchain analysis companies make fun of the "privacy" of DASH.)

I believe when he says "inventing a whole new field" he means inventing a whole new field of attacks and defenses, just like the Phrack paper invented a whole new industry of attacks and then their defenses.

Taking these new kinds of attacks into account, all existing privacy coins are vulnerable. Monero is more vulnerable than Zcash Protocol, since it does not have Zero Knowledge Math. It uses Group Theory, which leaks metadata like crazy.

New comment by hushhush in "Smashing the Stack for Fun and Profit (1996)"

hushhush — Mon, 25 Jan 2021 22:22:10 +0000

This paper also inspired the recent academic paper "Attacking Zcash Protocol For Fun And Profit" available at https://attackingzcash.com and on IACR: https://eprint.iacr.org/2020/627

It describes new kinds of metadata leakage attacks that can be launched against privacy coins, by adversaries with large budgets, such as professional criminal organizations, blockchain analysis companies and nation states. The privacy coin HUSH has developed this defensive technology and was first to implement it in September 2019.

There is a YouTube video where the author explains why he named the paper this way, this link has the timestamp where it's talked about: https://youtu.be/berM7Dnnoz4?t=405

"This is a whole new research field I am creating, that is why I called it Attacking Zcash Protocol For Fun And Profit, just like Smashing The Stack for Fun And Profit, it created a whole new field"

Also, for the hardcore HN nerds: The paper focuses on Zcash Protocol, but the ideas apply to any cryptocoin with a transaction graph, so Monero is definitely vulnerable. Much more vulnerable that Zcash Protocol.