TL;DR: Popular privacy concept Mimblewimble “is fundamentally flawed,” claimed Ivan Bogatyy of Dragonfly Research. “Using only $60/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time,” insisting “Mimblewimble should no longer be considered a viable alternative to Zcash or Monero when it comes to privacy.”
Mimblewimble Privacy Fundamentally Flawed
“The problem is inherent to Mimblewimble, and I don’t believe there’s a way to fix it,” Bogatyy stressed. For BTC maximalists especially, projects such as Grin have become something of a rallying point. Their and its championing of the privacy-oriented protocol has come-on strong in recent years due in large part to Mimblewimble and the perceived promise it holds — BEAM, Tari, and Litecoin have all flirted with its implementation.
Gaps in the tech are not new claims, as Bogatyy acknowledged. “Several researchers have hypothesized a possible privacy weakness in Mimblewimble. My contribution is to demonstrate the precise way to perform an attack, prove its viability on a live network, and measure its efficacy,” he noted. During a Grin live test, he “was able to unmask the flow of transactions with a 96% success rate.”
While he wasn’t able to determine transaction amounts, his attack uncovered “who paid who.” Bogatyy accomplished doing so through what he calls linkability, “linking transactions together and [determining] the flow of payments.” Linkability attacks exploit tracing risks, and he uses exchanges’ KYC as an example of how it could be exploited further through “deobfuscating” in order to shut down accounts or determine a sender’s support of a political dissident — all aspects of a transaction Mimblewimble was supposed to prevent. Privacy oriented coins like Zcash, he claims, are immune. “This is because Zcash is unlinkable — or in other words, every Zcash shielded transaction has a large anonymity set. The anonymity set is essentially the set of transactions that your transaction is indistinguishable from.” And something similar prevents Monero from suffering Grin’s fate.
Ultimately, he’s unsure if Mimblewimble can be saved at this point. Grin, Bogatyy believes, is toast on that score, as it “has no clear path to unlinkability. Simply ratcheting up the Dandelion factor can be easily combated by a motivated attacker.” Mimblewimble, he urged, whatever its other features, such as better aggregation and hiding transaction amounts, should never be regarded as a privacy tool. “If you want strong privacy, you can always combine Mimblewimble with another protocol that obscures the transaction graph, such as in Ethereum 9¾ (which combines Mimblewimble with a Zerocash-style commitment-nullifier scheme),” he offered. No mention was made of using bitcoin cash (BCH) with CashShuffle, however.
CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.
DYOR: CoinSpice is your home for just spicy crypto things. We’re not affiliated with any cryptocurrency project or token. Each published piece is intended for information purposes only, not investment advice and not in the hope of impacting speculative markets. There are plenty of trading sites and coin-specific advocacy journals out there, we’re neither. CoinSpice strives for rigorous accuracy in our reporting. Information presented here is contingent usually on a host of factors, and the ecosystem moves fast — prices change, projects change, and at warp speed. Do your own research.
DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.