Mimblewimble Attack is ‘Factually Inaccurate’, Grin Team Responds
The claim that hired computing power could “break” the Mimblewimble privacy tool for Litecoin (LTC) is inaccurate, according to a response from the Grin development team.
Weakness Did Not Reveal Final Senders or Receivers
The Grin team admitted that the protocol held a known weakness, but directing hired computing power from AWS did not constitute an ‘attack’. The analysis of Ivan Bogatyy managed to glean some network data, but the conclusions that the flaw could not be repaired were also inaccurate.
While transaction linkability is a limitation that we’re looking to mitigate as part of our goal of ever-improving privacy, it does not ‘break’ Mimblewimble nor is it anywhere close to being so fundamental as to render it or Grin’s privacy features useless
The creator of Litecoin, Charlie Lee, also tweeted that Mimblewimble had a known weakness, but this did not challenge the system as a privacy feature for LTC.
This limitation of MimbleWimble protocol is well known. MW is basically Confidential Transactions with scaling benefits and slight unlinkability. To get much better privacy, you can still use CoinJoin before broadcasting and CJ works really well with MW due to CT and aggregation. https://t.co/M5sx92nzlZ
— Charlie Lee [LTC⚡] (@SatoshiLite) November 18, 2019
The information that could be gleaned was not as valuable as previously thought. The breaking of Mimblewimble veiling could not yield addresses, but only information about transaction outputs. The Grin team added that this could not link identities to wallets and addresses, an approach often used by law enforcement.
The team admitted that so-called “sniffer nodes” collected data, but only for a particular time period. By no means were all Mimblewimble transactions being tracked. Additionally, the information was not as relevant as previously thought, only linking outputs. For the team, this was old knowledge, which did not compromise the veiled identities of users.
Another inaccuracy was that the analysis did not unravel the “transaction graph”, and did not arrive at any possible identifying information about counter parties. The “sniffer nodes” mapped the activity, but could not trace where transactions originated. Within the Mimblewimble network, transactions never appear as identifiable information to outside observers, and no addresses exist.
Mimblewimble Offers Stripped-Down, Private Blockchain
Mimblewimble was proposed back in 2016, as a protocol to obscure transactions for multiple coins. The protocol was most prominently adopted by Litecoin, as a tool to make the asset a rival to Monero (XMR) and ZCash (ZEC).
The Grin project is an implementation of the Mimblewimble blockchain. The protocol uses limited data to keep the distributed ledger, without linking addresses. So far, Mimblewimble has minimal usage, with very few transactions within the network. The GRIN token currently trades at $1.27, after a daily slide of 10% following a downturn across all markets.
Mimblewimble is the brainchild of pseudonymous user Tom Elvis Jedusor, none other than the French anagram of “Je suis Lord Voldemort”.
What do you think about Grin’s response? Share your thoughts in the comments section below!
Images via Shutterstock, Twitter @SatoshiLite