This emergency release fixes a bug which results in Lelantus spends to fail verification when a new anonymity set is started. Additionally, it also adds a fix to ensure that in the case where a spent coin’s cover set is constructed from two parts, both parts are included in the corresponding Groth/Bootle proof’s transcript.
We recommend users to update immediately to ensure you will be able to sync with the correct chain when a new Lelantus anonymity set is started (approximately in a week with current usage).
It also corrects the halving block numbers following the acceleration in block time from 5 minutes to 2.5 minutes to be in line with the original emission schedule. This change is because we used nTime instead of a block number to switch to the new block time and therefore the block number was only known once the switch happened.
You will need to update to this version even if you have updated to the earlier v0.14.11.0.
Understanding Sliding Windows for Anonymity Sets
Firo uses an innovative way to ensure Lelantus transactions always have a strong level of privacy. As more Lelantus transactions come about, the verification time of the proofs gets longer due to the nature of Groth-Bootle proofs which scale linearly in verification time with the amount of commitments.
To maintain a balance between efficiency and high anonymity, all Lelantus mints go into a bucket (or what we call an anonymity set) that sets the max amount of Lelantus mints to 65,000. When it hits this limit, a new bucket is opened and all Lelantus mints thereon go into this new bucket.
However, to prevent users in the new bucket from having limited anonymity, we pre-seed the new bucket with 16,000 mints from the previous bucket and thus the new set and the old set overlap. This is why we call it “sliding windows”. The nature of the zero knowledge proof means we don’t know which of these 16,000 mints have been spent or not. As such even if someone spends from the second bucket, they immediately start with an anonymity set of 16,000 instead of having to wait till the bucket fills up for strong anonymity.
If you’re using the Firo QT wallet, you can see this in action if you enable the Lelantus tab in settings.
Read more about Firo’s research Here