Mimblewimble's privacy restrictions do exist, and how to solve it is the focus

Last night, an article by Ivan Bogatyy, a researcher from Dragonfly Capital, about Mimblewimble and Grin sparked a lot of discussion, claiming that his attack method could track the "address" of Grin senders and recipients in real time at very low cost. Therefore, he believes that Mimblewimble's privacy model is bad.

So, does the problem it says exist? In fact, let's leave the "address" problem aside. This is actually a limitation of the Mimblewimble protocol that the Grin development team clearly pointed out at the end of 2018 (before the launch of the Grin main network).

Grin is implemented as a MimbleWimble, which uses a transaction format called Secure Transaction (CT) to hide the identity of the sender and receiver, so it is actually that it has no public amount and address information.

The information that a Grin transaction has includes:

  1. Input: can usually be thought of as a reference to past output;
  2. Output: A 33-byte fuzzy data set called a commit, which encodes the amount and ownership, and a proof that the amount is not negative;
  3. Proof that the sum of the input and output plus the cost matches (ie no new currency is created);

In addition, Grin also used a technology called Dandelion relay to make IP address-based attacks unreliable.

In general, Grin has a good privacy protection in terms of address, amount, IP address, and additional data embedded in the transaction, but it is true in both the "input and output links" and the "transaction exists". There are limits.

88

(Figure: privacy features currently implemented by Grin)

That is to say, in terms of privacy, the current Grin is not as good as Monroe and Zcash (but the advantage of using Mimblewimble is that it has good scalability, while other privacy coins are usually very bloated).

For those who are listening to the network, it is possible to build a transaction graph and bring the entities together.

For example, Ian Miers, a postdoctoral fellow at Cornell Technologies and one of Zerovac's papers, published an article on privacy protocols in February of this year, which mentioned an attack called Flashlight .

56

And it concludes that confidential transactions (CT), invisible addresses, or Dandelion technology cannot provide comprehensive or perfect privacy protection. These technologies cannot solve the Flashlight attack problem, and they also appreciate the honesty of the Grin development team. Because it mentioned the limitations of the agreement at the outset, and did not advocate that its agreement is completely private.

Since the problem exists, is there a corresponding solution?

As of now, the Grin development team is exploring the use of a technology called Dandelion++ to alleviate this problem, but it also mentions that this solution is not sufficient to completely solve the linkability problem of the above-mentioned chain output.

In addition, the plan given by Liteco coin founder Charlie Lee is:

“For better privacy, you can use CoinJoin before the broadcast transaction. The cooperation between CJ and MW is very good.”

6

At present, reducing the linkability of the output on the chain is one of the major research directions that the Grin development team is exploring.

In general, the Mimblewimble protocol does have short-board issues in terms of privacy, but this level of privacy protection is sufficient for ordinary people, and the use of Mimblewimble's Grin is not the same, the development behind it. From the very beginning, the team recognized and announced the shortcomings of the agreement and explored the corresponding solutions, which is worth learning.

Reference materials:

1. https://github.com/mimblewimble/docs/wiki/Grin-Privacy-Primer

2, https://www.zfnd.org/blog/blockchain-privacy/#flashlight

3, https://github.com/mimblewimble/docs/wiki/Grin-Open-Research-Problems#7-reducing-linkability-of-outputs-on-chain

4, https://twitter.com/SatoshiLite/status/1196504546479968256

5, https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

OKEx CEO Jay Open Letter: The decision to launch Jumpstart is really tough

Yesterday, the dust settled. The participation rules of our Utility Token sales platform OK Jumpstart were officially...

Blockchain

Demystify Bybit's new product "black technology", you can open both long and short, insurance contracts!

If you have seen Jobs's Apple conference, Rebus' Xiaomi conference, or Lao Luo's wee phone conference....

Market

The short-lived boom is hard to sustain, the second major crash after FTX is on its way.

Macro recession, will it make crypto become a safe haven asset, or will it collapse the entire crypto world? Original...

Blockchain

FTX on the Brink of Bankruptcy: Decisions Await!

Fashionista, get the scoop on FTX's post-bankruptcy plans as they weigh options for a potential sale or partnership.

Policy

Sam “SBF” Bankman-Fried Faces the Fury of the Court (with a Twist of Humor)

Sam Bankman-Fried, the ex-CEO of FTX, took the stand in a New York court and testified about communication and custom...

Bitcoin

Beware! FTX Users Targeted in Hilarious Yet Insidious Withdrawal Scam

Fashionista alert Reports of FTX users falling victim to phishing scam through enticing emails and withdrawals.