Grin Devs Respond: Mimblewimble Privacy Isn’t 'Fundamentally Flawed'

Published at: Nov. 19, 2019

The developers of privacy-centric cryptocurrency Grin (GRIN) have hit back at the fundamental claims of an article purporting to have “broken” the coin’s privacy model.

In a Medium blog post published on Nov. 19, Grin core dev Daniel Lehnberg argued that the so-called breakage did not go beyond the already-acknowledged privacy limitations of the coin’s protocol and relied on a passive attack vector that would be insufficient to glean actionable data.

Some basics of Grin’s protocol

Lehnberg’s post does not consist of a point-by-point takedown of the original article, which was published yesterday by Ivan Bogatyy, a researcher at United States-based Dragonfly Capital Partners. 

Instead, it targets what it deems to be the purportedly unsubstantiated logical leaps and factual inaccuracies used by Bogatyy to corroborate his claim. 

As previously reported, Grin’s protocol “Mimblewimble” is a variant of the cryptographic protocol known as Confidential Transactions, which uses cryptographic primitives known as “Pedersen commitments.” 

These obfuscate sensitive transaction data rather than showing plaintext transaction values and can, therefore, prevent double-spending while improving privacy. They allow for the use of basic arithmetic using public parameters to validate transactions, while the correspondent transaction input and output values remain unknown variables.

The protocol notably does not use wallet addresses or public keys, only inputs and outputs. Because of this, each sender must contact a receiver via a private channel in order to construct a transaction.

Supplemental privacy features

As outlined in Cointelegraph’s coverage yesterday, Bogatyy had focused on the use of a default, supplemental feature to MimbleWimble called CoinJoin, which creates small “anonymity sets” by combining encrypted inputs into a single large transaction in such a way as to make it is difficult to distinguish which inputs are paying which outputs. 

Bogatyy also claimed to have conducted a successful “attack” on a supplemental feature called “Dandelion” that is used by Grin to reduce the chance of so-called “spy nodes” recording transactions before cut-through, while they are still in an unconfirmed transaction pool (or “mempool”). 

While the limitations of Grin’s overall privacy model — which is significantly more complex than space permits to outline here — are known, Lehnberg’s critique of Bogatyy’s research rests on what he judges to be key “inconsistencies.”

These include the implication that it would be possible for law enforcement to link intercepted data to a user address — when, as Lehnberg states, addresses do not exist within Grin’s privacy model at all. He adds: 

“We have to assume that the author conveniently confused transaction outputs (TXOs) with addresses, but these are not the same. And, as we’ve already detailed, the fact that TXOs can be linked is hardly news.”

Lehnberg’s critique of Bogatyy’s claims continues to address several further points, with his central line of argument — details aside — resting on the statement that:

“The Grin team has consistently acknowledged that Grin’s privacy is far from perfect. While transaction linkability is a limitation that we’re looking to mitigate as part of our goal of ever-improving privacy, it does not ‘break’ Mimblewimble nor is it anywhere close to being so fundamental as to render it or Grin’s privacy features useless.”

Recent developments

As reported, Grin underwent its first network hard-fork this summer to introduce tweaks to its consensus algorithm in order to achieve greater resistance to ASIC miners.

In October, the Litecoin Foundation published two new draft proposals that pave the way toward integrating MimbleWimble in order to establish privacy features for the Litecoin (LTC) network.

Earlier this month, Grin received an anonymous 50 Bitcoin (BTC) donation to its General Fund, sparking a bizarre rumor that the generous soul behind it was Satoshi.

Tags
Related Posts
Privacy protocol’s dogged focus on untraceable coins and anonymous communication
In a battle of animal-themed cryptocurrencies, a bullock-branded, anonymity-focused protocol is making the case that it is faster, safer and cleaner than the shiba inu-faced joke coin that became a top 10 cryptocurrency this year, largely on the strength of Elon Musk’s memes. Animals aside, the Oxen privacy coin does have some reason to compare itself with market darling Dogecoin. Speed, for one. While DOGE’s block time is one minute compared to OXEN’s two, Oxen can use what it calls Blink technology, which is the default setting for OXEN to make the transactions nearly instant. On top of that, Oxen …
Technology / June 28, 2021
The IRS offers a $625,000 bounty to anyone who can break Monero and Lightning
The United States Internal Revenue Service has offered a bounty of up to $625,000 to anyone who can break purportedly untraceable privacy coins such as Monero (XMR) as well as trace transactions on Bitcoin’s (BTC) Lightning Network. The official proposal, published last week, says the IRS will accept submissions in the form of working prototypes until Sept. 16. If accepted, applicants will receive an initial payment of $500,000. This grant will allow applicants to develop their prototype into a working concept over the next eight months. Once the pilot test is completed and approved by the government, a further $125,000 …
Technology / Sept. 11, 2020
BitBay Crypto Exchange to Delist Monero Due to Money Laundering Concerns
Cryptocurrency exchange BitBay will delist privacy-centric cryptocurrency Monero (XMR) due to money laundering concerns. The exchange announced the decision on Nov. 25, noting that the delisting will take place on Feb. 19, 2020. The exchange explained its decision “Monero (XMR) can selectively utilize anonymity features among projects. This feature of XMR is a subject to end of transaction support. The decision was made to block the possibility of money laundering and inflow from external networks.” On Nov. 29, the exchange will already stop accepting XMR deposits. Due to the upcoming Monero blockchain fork, XMR withdrawals will not be possible from …
Regulation / Nov. 26, 2019
ZEC price jumps 20% in one day as Zcash devs unveil transition to Proof-of-Stake
Zcash (ZEC) surged by nearly 20% in the past 24 hours, helped by the euphoria surrounding its core protocol's decisive transition from Proof-of-Work (PoW) to Proof-of-Stake (PoS). The ZEC price logged an intraday high at $188.80 on Binance after rising two days in a row by more than 27%. The cryptocurrency's move upside also wiped out a big portion of the losses it had faced earlier this week, in the wake of a downside retracement across the crypto market. ZEC price jumped after the cryptocurrency's main developer, Electric Coin Company (ECC), announced that it would move Zcash's protocol from PoW …
Bitcoin Price / Nov. 20, 2021
Edward Snowden reveals he was one of six who helped launch Zcash
Cybersecurity poster boy and government surveillance whistleblower Edward Snowden has revealed he played a pivotal role in the creation of privacy token Zcash (ZEC). A video from Zcash Media featured an interview with Snowden where he outlined his involvement as one of the six individuals who had a piece of the Zcash multisignature private key to launch the project on October 23, 2016. In the video, Snowden stated: “My name is Edward Snowden. I participated in the Zcash original ceremony under the pseudonym John Dobbertin.” Edward Snowden is the whistleblower who revealed United States government surveillance tactics and went into …
Altcoin / April 28, 2022