

























Thomas Haines, Australian National University
Session is a decentralised secure (anonymous) messenger that combines onion routing with the Oxen Proof-of-Stake blockchain to provide metadata-private communication. Our study presents the first comprehensive analysis of Session's messaging protocol and its integration with the Oxen blockchain. In analysing Session and the underlying Oxen blockchain, we uncovered seven vulnerabilities. Most notably we discovered flaws in the Oxen consensus protocol which could allow network takeover in a realistic setting, thereby undermining the integrity guarantees on which Session's anonymity layer depends. We also discovered serious vulnerabilities in Version 1 of Session's group chat protocol. We conducted extensive simulations to analyse the impact of these vulnerabilities and provide recommendations to reinforce both the Oxen protocol and the Session client to mitigate these attacks.
BibTeX
@misc{cryptoeprint:2026/773,
author = {Tingfeng Yu and Thomas Haines},
title = {Practical Attacks on Session Messenger and Oxen Blockchain},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/773},
year = {2026},
url = {https://eprint.iacr.org/2026/773}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。