Mimblewimble's privacy restrictions do exist, and how to solve it is the focus

Last night, an article by Ivan Bogatyy, a researcher from Dragonfly Capital, about Mimblewimble and Grin sparked a lot of discussion, claiming that his attack method could track the "address" of Grin senders and recipients in real time at very low cost. Therefore, he believes that Mimblewimble's privacy model is bad.

So, does the problem it says exist? In fact, let's leave the "address" problem aside. This is actually a limitation of the Mimblewimble protocol that the Grin development team clearly pointed out at the end of 2018 (before the launch of the Grin main network).

Grin is implemented as a MimbleWimble, which uses a transaction format called Secure Transaction (CT) to hide the identity of the sender and receiver, so it is actually that it has no public amount and address information.

The information that a Grin transaction has includes:

  1. Input: can usually be thought of as a reference to past output;
  2. Output: A 33-byte fuzzy data set called a commit, which encodes the amount and ownership, and a proof that the amount is not negative;
  3. Proof that the sum of the input and output plus the cost matches (ie no new currency is created);

In addition, Grin also used a technology called Dandelion relay to make IP address-based attacks unreliable.

In general, Grin has a good privacy protection in terms of address, amount, IP address, and additional data embedded in the transaction, but it is true in both the "input and output links" and the "transaction exists". There are limits.

88

(Figure: privacy features currently implemented by Grin)

That is to say, in terms of privacy, the current Grin is not as good as Monroe and Zcash (but the advantage of using Mimblewimble is that it has good scalability, while other privacy coins are usually very bloated).

For those who are listening to the network, it is possible to build a transaction graph and bring the entities together.

For example, Ian Miers, a postdoctoral fellow at Cornell Technologies and one of Zerovac's papers, published an article on privacy protocols in February of this year, which mentioned an attack called Flashlight .

56

And it concludes that confidential transactions (CT), invisible addresses, or Dandelion technology cannot provide comprehensive or perfect privacy protection. These technologies cannot solve the Flashlight attack problem, and they also appreciate the honesty of the Grin development team. Because it mentioned the limitations of the agreement at the outset, and did not advocate that its agreement is completely private.

Since the problem exists, is there a corresponding solution?

As of now, the Grin development team is exploring the use of a technology called Dandelion++ to alleviate this problem, but it also mentions that this solution is not sufficient to completely solve the linkability problem of the above-mentioned chain output.

In addition, the plan given by Liteco coin founder Charlie Lee is:

“For better privacy, you can use CoinJoin before the broadcast transaction. The cooperation between CJ and MW is very good.”

6

At present, reducing the linkability of the output on the chain is one of the major research directions that the Grin development team is exploring.

In general, the Mimblewimble protocol does have short-board issues in terms of privacy, but this level of privacy protection is sufficient for ordinary people, and the use of Mimblewimble's Grin is not the same, the development behind it. From the very beginning, the team recognized and announced the shortcomings of the agreement and explored the corresponding solutions, which is worth learning.

Reference materials:

1. https://github.com/mimblewimble/docs/wiki/Grin-Privacy-Primer

2, https://www.zfnd.org/blog/blockchain-privacy/#flashlight

3, https://github.com/mimblewimble/docs/wiki/Grin-Open-Research-Problems#7-reducing-linkability-of-outputs-on-chain

4, https://twitter.com/SatoshiLite/status/1196504546479968256

5, https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Deep analysis of the intent behind SEC's lawsuit against Binance: a jurisdictional dispute or a show of power?

Some observers believe that the SEC may be suing Binance to compete with the Commodity Futures Trading Commission (CF...

Market

Interview with Circle CEO by Fortune What role does stablecoin play in the cryptocurrency market?

This article discusses the differences between the cryptocurrency crash in 2022 and the late 1990s internet bubble, t...

Opinion

Tokyo and Kyoto, the rising encrypted 'twin stars

In an era where technological advancements are shaping the future of economies around the world, Japan is taking a st...

Blockchain

"Black Horse" Exchange FTX Receives Liquid Value to Participate in Round B Investment, The Next Crypto Unicorn Is Coming Soon

The Hong Kong-based FTX exchange appears to be the latest unicorn cryptocurrency company with a valuation of $ 1 bill...

News

Exclusive speech by Li Xiaojia, the Hong Kong Stock Exchange: In the 5G era, technologies such as blockchain will give birth to new exchanges and trading models.

On March 31, Li Xiaojia, Chief Executive Officer of the Hong Kong Stock Exchange Group, delivered a speech entitled &...

Blockchain

Italian securities regulator establishes cryptocurrency regulations, has closed 2 cryptocurrency trading sites

Cointelegraph reported on February 11 that Italian securities regulators recently closed six foreign exchange trading...