anesthesia

Yes you are right, it was too early in the morning for me to process properly...

Statistically you should see each output used an average of 16 times, that makes sense.

Cheers!

I didn't know the protocol tried to use every output in around 16 transactions. I know about the 16 ring size, but I didn't know it also tried to use each output 16 times. If so, that is very smart and interesting. You learn something new every day!

The idea of sweeping them and then churning the merged output is also smart.

Oh well I guess we just have to wait for FCMP++ where theoretically all this will be no longer relevant :)

I remember watching the breaking monero series, when it was mentioned that (paraphrasing) "Rings are what give security to Monero but I really hope we get rid of them"... That time is finally getting closer :)

I think there is one very good usecase for churning though.

And before anything, yes I know that one should not use CEX but in some cases it is just much more convenient. Although I am now starting to use Haveno, I get not everyone is up to it, and CEX is just plain easier.

Imagine the following scenario:

I buy a shitcoin over at a KYC'd CEX.

I send that coin to a centralized swap, or trade it with a compromised person, in exchange of XMR.

Lets say I repeatedly do that procedure with the same person or CEX. Then I end with multiple "small" outputs on my wallet, all from the same entity. Let's say for example 10 outputs of 0.1 XMR, which all have been sent to me by the same entity.

Now I want to buy something that costs 1 XMR. I need to use my 10 existing outputs. I make a transaction that takes 10 inputs and 2 outputs (what I buy + change). The transaction has 10 inputs, and all of those inputs have a ring, where one of the members of each ring is an output controlled by the compromised entity.

The likelihood of someone making a transaction with 10 inputs, where those 10 inputs happen to contain a member in the ring that was sent by that specific exchange and that is linkable to my identity is near zero, unless it is me who is spending those 10 outputs.

Therefore, the person that sent me those 10 outputs can make a very well educated guess that it was me who bought that item for 1 XMR.

This "vulnerability" is actually talked about in the Breaking Monero series, and as far as I know, it will be solved when FCMP++ comes, since we will get rid of rings altogether.

However let's say I do one step of churning with all those outputs without mixing them with eachother. That is, I send to myself 10 transactions of 0.1 XMR, so I just "forward" each output to myself once, without making any transaction that contains two poisoned inputs at the same time.

Then I will still end up with 10 outputs of 0.1 XMR, but all the "poisoned" outputs are present in different and unlinkable transactions, and the negative actor does not know whether they are truly spent or not.

Then I can actually join those 10 outputs into one 1XMR transaction safely, knowing that I am the only person who knows where those 10 outputs come from.

Am I wrong in this thought process?

Am I understanding this correctly?

https://moneromarket.io/listing/911d9a4a-c4a0-446c-a155-4efdfaf7002f

86KwquavD1THnRG5iuBDyJ5fEbJECY8Cmjfp68Kpx3TM4HXXpuMy3RvBbwM7DWnBXETSg3iSuTK2PTuxh3mXacFd1Zqt6GD

Am I understanding this correctly?

https://moneromarket.io/listing/911d9a4a-c4a0-446c-a155-4efdfaf7002f

86KwquavD1THnRG5iuBDyJ5fEbJECY8Cmjfp68Kpx3TM4HXXpuMy3RvBbwM7DWnBXETSg3iSuTK2PTuxh3mXacFd1Zqt6GD