Mimblewimble, a privacy-focused blockchain protocol, is allegedly not private at all. According to an expert at blockchain research firm Dragonfly Research, Mimblewimble’s privacy is fundamentally flawed, which he reportedly proved by discovering the exact addresses of senders and recipients for 96% transactions of Mimblewimble’s privacy-centric coin Grin (GRIN).
Ivan Bogatyy, a researcher at United States-based Dragonfly Capital Partners, published a Medium post on Nov. 18 in which he claimed that he was able to break Grin’s purported privacy while spending just $60 per week on Amazon Web Services (AWS).
Mimblewimble should no longer be treated as an alternative to Zcash or Monero
According to the researcher, the problem is inherent to Mimblewimble, and there is no way to fix it. Based on new findings, Mimblewimble should no longer be considered as a “viable alternative to Zcash or Monero when it comes to privacy,” Bogatyy declared.
The expert added that Mimblewimble developers have been aware of the technical feasibility of such an attack since he posted a Reddit thread on the issue a year ago.
Bogatyy lists three approaches to privacy in crypto
In the analysis, Bogatyy referred to anonymity sets, which are patterns that aggregate multiple transactions into a set, such that they can no longer be distinguished. Based on anonymity sets, Bogatyy pointed out three major approaches to privacy in cryptocurrencies such as Zcash, Monero and Mimblewimble.
According to the researcher, Zcash purportedly provides the maximum possible anonymity as its anonymity set includes all the shielded transactions. In Monero, users should pick their own anonymity set of size 10-25 for any existing on-chain unspent output from Bitcoin transactions (UTXO). In Mimblewimble, all transactions in a block are aggregated into one big CoinJoin, purportedly ensuring that an anonymity set is all the transactions that ended up in the same block.
However, Bogatyy says he has managed to catch 96% transactions before they could be aggregated with others for anonymity. “So in reality, there is no one in their anonymity set,” the expert claimed, adding that he was not able to hack all 100% transactions because there was a small minority of transactions that merged before most nodes could see them.
Following Bogatyy’s tweet, Ethereum co-founder Vitalik Buterin replied to emphasize that Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) is an example of the only global anonymity sets that are secure. He tweeted:
“If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (eg. as done with ZK-SNARKs) are truly robustly secure.”
Zcash is reportedly the first widespread application of zk-SNARKs, according to the firm.
Amid the news, Grin token has seen a sharp drop of price. With a market share of 12.7 million, the token is down more than 11% over the past 24 hours at press time and trades at $1.34, according to Coin360.
Grin 24-hour price chart. Source: Coin360