GRIN Cryptocurrency Developers Say Mimblewimble’s Privacy Is Not Flawed
- In a recent blog post released by the Grin core developer, Daniel Lehnberg, he explained Mimblewimble is not ‘fundamentally flawed.’
These comments come after the release of a report that claimed that Grin’s privacy could be compromised with a very simple and cheap ‘attack.’
Grin’s Privacy is Not Flawed
A few days ago, the researcher Ivan Bogatyy, unveiled Mimblewimble’s privacy model was flawed. In an article titled “Breaking Mimblewimble’s Privacy Model” he mentioned that using just $60 dollars of AWS a week, he was able to uncover the exact addresses of senders and recipients for 96% of Grin transactions in real-time.
According to Mr. Lehnberg, the attack on Mimblewimble is a misunderstanding of a known limitation. At the same time, he explained that while the report released by Bogatyy provides interesting numbers on network analysis, the results do not constitute an attack.
Grin is a privacy-focused cryptocurrency that aims at protecting users’ privacy by using a cryptographic protocol based on Confidential Transactions. This virtual currency offers the same security as Bitcoin but increased privacy and fewer data required to be kept on chain.
The attack reported by Bogatyy is known as the transaction graph input-output-linkability problem that is not new to the whole Grin ecosystem.
He went on saying that the claims, including the title of the article, are ‘factually inaccurate.’ He considers that the Grin team has been working on making Grin’s privacy better knowing these limitations.
In the article, Lehnberg didn’t provide a point-by-point refutation to Bogatyy but he wanted to point out the major issues the team behind Grin had with the research conducted and its conclusions. He said,
“We have to assume that the author conveniently confused transaction outputs (TXOs) with addresses, but these are not the same. And, as we’ve already detailed, the fact that TXOs can be linked is hardly news.”
Secondly, it is not possible to link addresses that do not exist. Lehnberg considers that it is not possible for law enforcement agencies to know anything about non-existent addresses. The main issue with Bogatyy according to Grin’s developer is that he apparently confused transaction outputs (TXOs) with addresses. He states,
“The Grin team has consistently acknowledged that Grin’s privacy is far from perfect. While transaction linkability is a limitation that we’re looking to mitigate as part of our goal of ever-improving privacy, it does not ‘break’ Mimblewimble nor is it anywhere close to being so fundamental as to render it or Grin’s privacy features useless.”
The last point addressed by Lehnberg explains that the headline of the article is misleading considering that nothing is being broken.
Grin’s developer ended the article by saying that all Grin contributors are glad to see that there is a real interest in the project and that they welcome all the scrutiny on the protocol and codebase. Currently, Grin is the 109th largest cryptocurrency in the market with a valuation of $33.49 million and a price per coin of $1.26.