DeAnonymised: All is not lost

Greetings fellow Shadowers. It brings me pain to say that the security flaw has been proven. What does this mean for us? The keyimages used in our ringsignature transactions have been compromised, so transactions can now be traced backwards. We still have the basic privacy that stealth addresses provide, and no one can easily prove who a transaction was sent to if it was sent as shadow, but if we know who sent us shadow, we can prove where it initially came form.

We would like to say thank you to @ShenNoether for finding the flaw, and the bounty will be paid in SDC at the SDC price before the flaw was revealed to the public. This is the reason we set up the bounty program in the first place, to improve shadow's privacy, usability, etc.

We are currently working on a more secure mechanism to secure the keyimages, which will probably involve using a different generator instead of the basepoint of the public key. Once we have fixed our hash, we will need a whole new set of shadow tokens, as the current set are all compromised. We will leave in the existing mechanism for backwards compatibility, so that no tokens will be lost, but unfortunately those no longer have the privacy we once thought they did.

We will keep you guys all updated in the coming week, and get the fix into the PoSv3 release that is currently in testing. The way we implemented our anonymous transactions initially was designed in such a way that we could move forward to better privacy should the need arise.

Our attention will now immediately be focussed on fixing our privacy, where we will then carry on with the market place. We would like to say thanks to all the community members for all the discussions and support.

Best Regards,
The Shadow Team