The Firo privacy coin’s Lelantus protocol has been reactivated following a hard fork on April 22. The hard fork took place on block 365544.
The protocol was disabled due to a number of suspicious transactions while the Firo team investigated. This was the second recent obstacle for the protocol, which also underwent a 51% attack earlier this year.
“In February, an unknown attacker utilized Firo’s Lelantus privacy protocol to forge fake proofs in an attempt to generate new coins, which led to abnormalities in the system,” said project steward Reuben Yap in an email. “The Firo team swiftly noticed this and used the emergency switch functionality to temporarily disable Lelantus until the situation could be resolved.”
According to Yap, Lelantus was audited before its deployment on the mainnet. However, while translating the math to code not everything was caught – even in the audited cryptographic library.
Firo has since incorporated a variety of optimizations to harden the protocol.
How the attack occurred
In this case, the attacker forged a spend, but in order to make the transaction seem legit the person “time traveled” back a bit to set up the necessary events. Specifically, the attacker started constructing the first proof. Halfway through, the person stopped and made a different proof.
Upon completing the second proof, the attacker went back and edited the first proof, doing the necessary back-calculation to ensure the math would check out (balancing the serial numbers to fool the verifier) and both proofs would work together.
When executed properly, this sort of double-spend attack allows the nefarious actor to “duplicate” funds.
“If the audience sees you shuffle the deck first, it’s easier to think you did something wild and magical,” said Dr. Aaron Feickert, a former Monero Research Lab researcher, describing the attack. “This attack is like being allowed to examine the deck and order it in front of the audience. The trick doesn’t seem so magical anymore.”
Earlier this month, Feickert joined the Firo team under a full-time contract through Cypher Stack, a blockchain consultancy and digital utilities provider. In this role, he has helped Firo analyze the suspicious activity attack and implement fixes. He also recommended several of the optimizations Firo added, helped harden the protocol and provided design feedback for Lelantus version 2.
The Lelantus protocol was originally launched in mid-January. It introduced “on-by-default” privacy and prompts users to anonymize their funds with the goal of ensuring transactions sent by official Firo wallets stay private. Transparent transactions have to be explicitly selected. It also allows for partial redemptions of its native FIRO coin through its burn-and-redeem model.