Defend against zaddr input arity metadata leakage attack #74
Comments
|
This paper seems to be the source of this new type of attack: https://orbilu.uni.lu/bitstream/10993/41278/1/Post_sapling_ZC_paper.pdf |
|
Our new consolidation code changes take this attack into account, by only allowing 8 zinputs, we do not allow a high input arity to be spent at once, defeating attacks that send a unique number of dust outputs to an address and look for them to be spent. |
|
I consider our new "sapling consolidation" plus our modifications to add Sietch outputs and limit inputs to 8 are a good and viable defense against these kinds of attacks. They are not enabled by default, so the issue doesn't seem fully closed. Keeping this open to see what we learn. |
|
Current plan is to enable consolidation by default for SD, not sure what to do about SDL @DenioD |
This is to track upstream issue: zcash#4332
The current plan is to automate
z_mergetoaddressoperations for the user at the GUI wallet layer, detecting potential "zdust attacks" (lots of small unique amount zutxos) and triggering a "zsweep" with no user action. This fix does not need to change any RPC layer methods nor consensus rules, and does not address the issue for full nodes.For CLI full nodes, we can provide an RPC to opt-in to the "zsweep" or we can go the route of changing internals of hushd to autodetect the dust attack and auto-sweep the wallet.
This issue is to track this concern for hushd itself, SilentDragon, SilentDragonLite and any other wallets or software should get their own issue.
The text was updated successfully, but these errors were encountered: