The privacy-focused cryptocurrency, Firo, has relaunched its Lelantus protocol. A hard fork preceded the reactivation on block 365544 on Thursday. In February, the Firo team encountered a series of suspicious transactions and suspended the protocol’s previously launched version. So what changes does the latest version offer?
Firo’s Lelantus Protocol
Lelantus protocol was first launched in mid-January, introducing “on-by-default” privacy. It allows users to anonymize their funds, ensuring the transactions made through official Firo wallets stay private. Additionally, through its burn-and-redeem model, the protocol also grants partial redemptions of its native FIRO coin.
Attacks and Abnormalities on the Network
Earlier this year, the protocol underwent a 51% attack, and not much later, “an unknown attacker” forged fake proofs using Lelantus privacy protocol “to generate new coins,” leading to system malfunctions, shared project steward Reuben Yap. The team soon noticed the “abnormalities” and resorted to “the emergency switch functionality” to temporarily disable Lelantus.
Yap added Lelantus was audited before its mainnet deployment. However, the math to code translation didn’t catch everything, even in the audited cryptographic library. Since then, Firo has incorporated various optimizations to harden the protocol.
Attack Technicalities
In the mentioned attack, a spend was forged. The attacker “time travelled” to set up the events necessary to make the transaction seem legit. Starting with devising the first proof, the person stopped halfway and made a different proof. Following the second proof’s completion, the attacker went back and edited the first proof, with the required back-calculation ensuring the math would check out. Now both proofs will work together to fool the verifier.
This sort of double-spend attack enables fund-duplication. As Aaron Feickert, a former Monero Research Lab researcher, efficiently explained, “if the audience sees you shuffle the deck first,” they’ll think “you did something wild and magical.” However, this trick is to “examine the deck and order it in front of the audience.” “Doesn’t seem so magical anymore,” remarked Feickert.
Feickert’s Contributions in V2
Recently, Feickert joined the Firo team under a full-time contract through Cypher Stack, a blockchain consultancy and digital utility provider. He has since helped the team analyze suspicious activity attacks and design fixes. Several of the Firo implemented optimizations to harden the Lelantus version 2 were recommended by him.
