Jumblr: Protection Against Attacks
Jumblr technology works automatically with addresses that a user chooses. This means that the technology monitors the address that the user specifies and if funds arrive at the address while Jumblr is anonymizing the previous amount, the technology would simply add them to the previous amount and will continue the process.
The technology does not simply move funds into Z addresses or between them. Instead, it uses randomization algorithms to increase privacy and anonymity. Jumblr blends funds from all users of the ecosystem, making the funds impossible to trace.
Jumblr gathers all the anonymization requests on the network and clusters them around blocks with numbers that are multiples of 10, meaning that the heights of such blocks end with at least one zero, for example 773210. This means that all anonymization requests become a part of one large set that the network creates once every ten minutes, since the speed of block creation on the Komodo blockchain is one block per minute. When active, Jumblr either performs the next step in the process of anonymization that has been described earlier in this article or it does nothing.
Jumblr has two commands that allow users to pause and resume the anonymization process manually. The commands have these exact names, pause and resume. The third way to pause the process would be to manually shut down the Komodo software on a local machine.
Once the funds go through an anonymization process, they will stay in a Z address, awaiting further action from the user. To complete the process, the user needs to use the command jumblr_secret that moves the funds from a secret Z address to a transparent spendable T address. Jumblr technology does charge users a fee for anonymizing the funds. The fee is 0.3% of the overall amount of funds.
Komodo developers recommend that users store funds in private Z addresses and never share the information about the addresses with anyone.
Jumblr technology and the Timing Attack
While the Komodo platform does give the users an opportunity to conduct transactions in private by using Jumblr technology, these are two main attacks that a malicious user could employ. The first one is the Timing Attack. In this attack, a hacker could be monitoring a public T address on the network and look for funds leaving the address. Then, the hacker would look for funds appearing in a different address once they go through the Jumblr anonymization process. This address is also known on the Komodo network as secretKMDaddress. If a user on the Komodo network uses Jumblr at predictable times, a hacker could eventually figure out user’s secret KMD address.
The process of anonymization provides one layer of security, but the Timing Attack can be an issue if there’s only one person using Jumblr to anonymize the funds at a given time, which theoretically is a possibility and in this case, even though the funds go through the anonymization process, in reality no anonymization takes place because an attacker would be able to see the funds leaving an address and later being added to an address. For this reason, to be effective Jumblr needs to have more than one member of the Komodo ecosystem using it at any given time. The technology will also become more powerful as the adoption of it grows.
Users can add another level of protection by using pause and resume features of Jumblr technology. The longer a user maintains the privacy of a Z address, the less the probability that the attackers would be able to identify the secret address of the user. The probability goes down because other users engage in transactions between each other, which makes it harder to monitor the activities of one specific user. For this reason, Komodo developers recommend extending the time between the steps of the Jumblr process.
The Knapsack Attack
This attack is similar to the timing attack with the difference being that a hacker would use it to track the amounts. For example, if 773KMD leaves one address and then appears in a different address, the hacker would know that the new address is the secret KMD address of a certain user. To protect Komodo users from this attack, Jumblr has another feature, called Multiple Secret Addresses. When a user takes advantage of this feature and creates multiple secret addresses with Jumblr, the technology randomly chooses one of the addresses when it reaches the stage of moving the money from a secret Z address to a public T address.