On Nov. 18, crypto researcher Ivan Bogatyy published an article on Medium claiming that he had found an extremely easy way of bypassing Grin's Mimblewimble privacy protocol.
As part of his efforts, Bogatyy stated that he was able to trace over 96% of all Grin-related transactions in real time, including the addresses of the senders as well as recipients associated with these sets of transactions.
"Grin still affords a stronger privacy model than Bitcoin or other non-privacy coins, since amounts are safely encrypted. But Mimblewimble provides a strictly weaker privacy model than Zcash or Monero. This makes it insufficient for many real-world privacy use cases."
The protocol is commonly used to mask the IP addresses linked with any given transaction because it adds additional stem hops as well as other delays at each node junction.
The protocol employs confidential transactions to obfuscate transaction amounts.
The protocol makes use of aggregated transactions to prevent the linking of native transaction inputs and outputs.
The MW transaction format is substantially different from Bitcoin-like cryptocurrencies, as it allows multiple transactions to be aggregated into a single larger transaction.
The process of mining blocks with Mimblewimble aggregates all of the associated transactions into a single block, thereby making it difficult for bad actors or any third-party entities to link inputs and outputs when viewing the chain on a historical basis.
"Despite an aggressive response from Daniel Lehnberg from Grin, I am of the opinion that Ivan's attack is valid. The attack links inputs and outputs to most MW transactions, and it achieves this by monitoring the Grin network, where it can log transactions prior to their being aggregated either over Dandelion or in a block."
"Grin does not have anything like Bitcoin addresses. In fact, every time you want to send someone an asset, you need to interact with them in a live computation, working together to create a transaction. Given this fact, my understanding is that being able to construct a transaction graph on Grin is not a major security issue, as transactions don't have anything like public addresses that tie them together."
Grin's Mimblewimble Privacy Model Under Threat After Alleged Break-In
Published on Nov 23, 2019
by Cointele | Published on Coinage
Coinage
Mentioned in this article
Recent News
View All
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.