Litecoin’s Charlie Lee, Grin developers respond to attack on MimbleWimble
Dragonfly Research’s Ivan Bogatyy recently published a blog post expanding on how he ‘broke’ MimbleWimble. The researcher elaborated on how he used merely $60 every week of AWS spend [Amazon cloud computing platform] to present the addresses of the senders, as well as the receivers, for about 96 percent of Grin real-time transactions. He wrote,
“In live testing on Grin, I was able to unmask the flow of transactions with a 96% success rate. Therefore, it’s now clear that Mimblewimble should not be relied upon for robust privacy.”
Even though MimbleWimble is yet to be implemented on Litecoin, it is constantly making the news. Some Litecoin community members have expressed concerns over the altcoin’s potential delisting from exchanges after the implementation of MW as it might put Litecoin under the Financial Action Task Force’s [FATF] travel rule. Bogatyy’s blog post, however, accuses MimbleWimble of being just a lightweight privacy protocol.
Bogatyy pointed out that there was no way to fix it as the problem was “inherent to MimbleWimble.” His blog post read,
“This means Mimblewimble should no longer be considered a viable alternative to Zcash or Monero when it comes to privacy.”
He went on to elaborate on why an attack wouldn’t be a success with regard to a privacy coin like Zcash. Since every Zcash-shielded transaction possesses a “large anonymity set,” it makes it unlinkable, he added. Similarly, with Monero, every transaction’s anonymity set is considered to be the set of all decoy transactions. However, MimbleWimble allows the linking of transactions, allowing the estimation of the exact addresses involved.
However, Grin’s Daniel Lehnberg soon responded to Bogatyy’s post with another blog post expanding on the “factual inaccuracies” of the attack on MimbleWimble. The blog post was co-authored by other developers of Grin. The blog post pointed out six major “inaccuracies,” starting with MimbleWimble doesn’t have addresses as such since the value is exchanged among people by adding one-time outputs to a transaction. Since the addresses don’t exist, they cannot be linked, the post read. This was followed by several other alleged errors in Bogatyy’s post. Lehnberg’s post read,
“The described “attack” on Mimblewimble/Grin is a misunderstanding of a known limitation.While the article provides some interesting numbers on network analysis, the results presented do not actually constitute an attack, nor do they back up the sensationalized claims made.”
Furthermore, several influencers of the industry went on to comment on Bogatyy’s post by indicating that they were well aware of the limitations of MimbleWimble. Litecoin’s Charlie Lee has been responding to FUD surrounding the implementation of MimbleWimble on Litecoin lately and he took to Twitter to address this as well. His tweet read,
This limitation of MimbleWimble protocol is well known. MW is basically Confidential Transactions with scaling benefits and slight unlinkability. To get much better privacy, you can still use CoinJoin before broadcasting and CJ works really well with MW due to CT and aggregation. https://t.co/M5sx92nzlZ
— Charlie Lee [LTC⚡] (@SatoshiLite) November 18, 2019
One of Grin’s developers, David Burkett, also responded to the same and pointed out that this wasn’t news and he was surprised as only 96 percent was traceable. His tweet read,
“There are a number of ways to help break linkability in Grin, but none are implemented and released yet. As I always say, don’t use Grin if you require privacy – it’s not there yet.”