We present various examples of side-channel leakage in the communication between a Monero wallet and P2P node. Communication patterns and timing leak whether the wallet is the payee of a transaction that is sent into the transaction pool or mined in a block—thereby breaking transaction privacy, as well as enabling linking of stealth addresses. If a user connects their Monero wallet to a remote node, the required leakage in commu- nication patterns and timing is observable by a malicious (yet passive) remote node provider, or by a passive network adversary that monitors the encrypted traffic between a wallet and a trusted node. Even if the wallet and node are both hosted locally and trusted, side-channel leakage can be observed by an active remote attacker with a P2P connection to the node.
The attached report (which we also sent to email@example.com and firstname.lastname@example.org via PGP) explains the different vulnerabilities and how they can be exploited.
[list any additional material (e.g. screenshots, logs, etc.)]
XMR address: 45jPGGu9QPYSoNgZPuVpbaMcvrKEJ8TGMd4bPc9VVFKWKqmmfUuzEHDi6sremu2H2idVgySvCmam48RvhKCPRDtBTPj2be3
A remote attacker (either in control of a public node, or a network adversary monitoring communication to a remote node, or even a remote P2P participant connected to a wallet's local node) can infer when the wallet is the payee of a transaction added to the mempool or mined in a block.