- In February, an attacker forged fake proofs using Lelantus privacy protocol to generate new coins leading to system malfunctions.
- Noticing the abnormalities on the network, the team decided to disable Lelantus temporarily.
- Even though the protocol was audited before its mainnet deployment, not everything was caught in the math to code translation.
The privacy-focused cryptocurrency, Firo, has relaunched its Lelantus protocol. A hard fork preceded the reactivation on block 365544 on Thursday. In February, the Firo team encountered a series of suspicious transactions and suspended the protocol’s previously launched version. So what changes does the latest version offer?
Firo’s Lelantus Protocol
Lelantus protocol was first launched in mid-January, introducing “on-by-default” privacy. It allows users to anonymize their funds, ensuring the transactions made through official Firo wallets stay private. Additionally, through its burn-and-redeem model, the protocol also grants partial redemptions of its native FIRO coin.
Attacks and Abnormalities on the Network
Earlier this year, the protocol underwent a 51% attack, and not much later, “an unknown attacker” forged fake proofs using Lelantus privacy protocol “to generate new coins,” leading to system malfunctions, shared project steward Reuben Yap. The team soon noticed the “abnormalities” and resorted to “the emergency switch functionality” to temporarily disable Lelantus.
Yap added Lelantus was audited before its mainnet deployment. However, the math to code translation didn’t catch everything, even in the audited cryptographic library. Since then, Firo has incorporated various optimizations to harden the protocol.
Attack Technicalities
In the mentioned attack, a spend was forged. The attacker “time travelled” to set up the events necessary to make the transaction seem legit. Starting with devising the first proof, the person stopped halfway and made a different proof. Following the second proof’s completion, the attacker went back and edited the first proof, with the required back-calculation ensuring the math would check out. Now both proofs will work together to fool the verifier.
This sort of double-spend attack enables fund-duplication. As Aaron Feickert, a former Monero Research Lab researcher, efficiently explained, “if the audience sees you shuffle the deck first,” they’ll think “you did something wild and magical.” However, this trick is to “examine the deck and order it in front of the audience.” “Doesn’t seem so magical anymore,” remarked Feickert.
Feickert’s Contributions in V2
Recently, Feickert joined the Firo team under a full-time contract through Cypher Stack, a blockchain consultancy and digital utility provider. He has since helped the team analyze suspicious activity attacks and design fixes. Several of the Firo implemented optimizations to harden the Lelantus version 2 were recommended by him.
Andrew is a blockchain developer who developed his interest in cryptocurrencies while pursuing his post-graduation major in blockchain development. He is a keen observer of details and shares his passion for writing, along with coding. His backend knowledge about blockchain helps him give a unique perspective to his writing skills, and a reliable craft at explaining the concepts such as blockchain programming, languages and token minting. He also frequently shares technical details and performance indicators of ICOs and IDOs.