Grin’s Mimblewimble Privacy Model Under Threat After Alleged Break-In

Published at: Nov. 23, 2019

On Nov. 18, crypto researcher Ivan Bogatyy published an article on Medium claiming that he had found an extremely easy way of bypassing Grin’s Mimblewimble privacy protocol. As part of his efforts, Bogatyy stated that he was able to trace over 96% of all Grin-related transactions in real time, including the addresses of the senders as well as recipients associated with these sets of transactions.

What’s more striking is the fact that Bogatyy claims he was able to achieve all this by spending just $60 a week on Amazon Web Services computational power, which helped connect him to Grin’s native blockchain nodes. 

Not only that, but the Google AI research alum also claims that he could have quite easily exposed the addresses of “almost all” Grin users if he had decided to connect to all 3,000 of the system’s nodes. In this regard, Bogatyy wrote the following:

“Grin still affords a stronger privacy model than Bitcoin or other non-privacy coins, since amounts are safely encrypted. But Mimblewimble provides a strictly weaker privacy model than Zcash or Monero. This makes it insufficient for many real-world privacy use cases.”

As expected, as soon as these developments came to light, the future of Mimblewimble was immediately called into question by people around the globe, who began saying that the privacy protocol could no longer be trusted, since it was clearly not secure enough. 

However, a few days after the initial report, Daniel Lehnberg, a member of Grin’s core developers team, published a blog arguing that the “alleged” break-in was confined largely to the protocol’s already-acknowledged privacy limitations. He also added that the attack was facilitated through the use of a passive vector that did not have the capacity to acquire any actionable data.

Lastly, Grin makes use of a technology called “Patient Dandelion,” which is basically a modified version of Bitcoin’s Dandelion++ proposal that was outlined in BIP0156. The protocol is commonly used to mask the IP addresses linked with any given transaction because it adds additional stem hops as well as other delays at each node junction. However, since Grin’s latest privacy scandal came to light, many experts are now calling into question the overall operational efficacy of Dandelion as well.

A closer look at Grin and its privacy framework

In its most basic sense, Grin can be thought of as an implementation of the Mimblewimble, or MW, protocol, whose privacy is derived from two key aspects:

The protocol employs confidential transactions to obfuscate transaction amounts.The protocol makes use of aggregated transactions to prevent the linking of native transaction inputs and outputs.

Additionally, the MW transaction format is substantially different from Bitcoin-like cryptocurrencies, as it allows multiple transactions to be aggregated into a single larger transaction. 

This aggregation process is “lossy,” which essentially means that the protocol hides the size of asset transfers taking place between the involved parties, thus improving the overall scalability of the network. The process of mining blocks with Mimblewimble aggregates all of the associated transactions into a single block, thereby making it difficult for bad actors or any third-party entities to link inputs and outputs when viewing the chain on a historical basis.

Are Bogatyy’s assertions valid?

With so many conflicting details currently floating around on the internet regarding the recent Mimblewimble security lapse, Cointelegraph reached out to Jake Yocom-Piatt, co-founder and project lead for Decred, a community-driven digital currency that uses a hybrid proof-of-work and proof-of-stake consensus model. When asked to comment on Bogatyy’s claims and whether he was right or not with his assertions, Yocom-Piatt pointed out:

“Despite an aggressive response from Daniel Lehnberg from Grin, I am of the opinion that Ivan’s attack is valid. The attack links inputs and outputs to most MW transactions, and it achieves this by monitoring the Grin network, where it can log transactions prior to their being aggregated either over Dandelion or in a block.”

He then added that a few months back, he had published an article in which he too had highlighted the exact same weakness that Bogatyy was able to exploit — that is, once Grin’s native blocks have been mined, participating miners and affiliated nodes have the ability to monitor individual transactions that have been published before they are aggregated. 

This basically allows a third-party entity (who may be closely monitoring the transactions being published on the network) to potentially make use of the data in order to link transactions that would otherwise not be possible by looking at the information related to other mined blocks. Yocom-Piatt then added:

“Ivan executes exactly the attack I described. While Daniel takes exception to Ivan’s post for various technical reasons related to terminology, the linking of inputs and outputs is hard to argue against.”

Is Lehnberg’s recent blog post just damage control?

Many crypto enthusiasts firmly believe that Lehnberg’s recent post is a defense tactic. With enough technical know-how, hackers or other third-party entities could easily retrieve a huge volume of the input/output data about the majority of the involved entities, as long as MW-based native transactions can be reliably surveyed before they are aggregated.

With that being said, Ethan Fast — a co-founder of security-oriented crypto exchange Nash — is of the opinion that Bogatyy’s findings are incorrect because of his flawed understanding of how the Mimblewimble protocol works. On the subject, Fast told Cointelegraph:

“He [Bogatyy] is able to demonstrate that an adversary can construct a transaction graph on the network, in the sense that input A became output B. But because of how the protocol works, this is not like identifying an output address on Bitcoin. Just knowing A=>B does not imply you know who received the funds in any useful sense. So my interpretation is that what Ivan found was already publicly known and he mischaracterized its implications in the article he published.”

Fast then pointed out that a big part of the misunderstanding seems to have stemmed from the confusion surrounding what an “address” within the Grin ecosystem actually represents. To further solidify his stance, Fast highlighted to Cointelegraph a number of other instances where similar issues over Grin’s native operational framework came to light. He further added:

“Grin does not have anything like Bitcoin addresses. In fact, every time you want to send someone an asset, you need to interact with them in a live computation, working together to create a transaction. Given this fact, my understanding is that being able to construct a transaction graph on Grin is not a major security issue, as transactions don’t have anything like public addresses that tie them together.” 

The conversation continues

Despite Grin’s reputation being called into question after the allegations put forth by Bogatyy started to gain widespread attention on the internet over the last week, the platform’s core backers (as well as community members) have continued to claim that the assertions put forth by Bogatyy are inherently wrong and that there are many factual inaccuracies — six, to be exact — in his findings. 

Also, it is quite obvious that due to this entire episode, Grin’s financial value has taken quite a beating. The currency has dropped from $1.52 to just under $1 over the space of the past seven days.

Tags
Related Posts
Crypto Payment Firm: ‘Volume of Transactions in Africa Has Risen 130 percent in 2018’
A site enabling consumers to buy Bitcoin using hundreds of different payment methods says demand is thriving despite declining cryptocurrency prices — with Africa being its biggest market. Paxful says the volume of transactions it has processed from the continent has risen by more than 130 percent — and now, an average of 17,351 trades per day are being made by its users in Africa. As well as enabling consumers to buy crypto using debit cards and platforms such as PayPal, the company has carved a niche in the market by allowing users to exchange gift cards and vouchers for …
Blockchain / Jan. 29, 2019
Is Crypto Space Fated to Become Another Dotcom Bubble?
The views expressed here are the author’s own and do not necessarily represent the views of Cointelegraph.com. The cryptocurrency craze over the past year saw the prices of crypto tokens rise to tens of thousands of times their original values. And Bitcoin wasn’t the only token to reach its all-time high. Even the prices of altcoins like Ethereum, Cardano, Ripple, Stellar, and NEO were all buoyed to new heights by the increased demand from investors seeking to take a piece of the action. The cryptocurrency market hit a peak of total capitalization of nearly $800 billion in January earlier this …
Blockchain / April 1, 2018
What the SEC can learn from the German regulator
The United States Securities and Exchange Commission’s chairperson Gary Gensler announced this month that the crypto industry should not escape the purview of the regulator. He highlighted that decentralized finance (DeFi) trading and lending protocols need particular attention when it comes to investor protections. Regulation can extend into a menu of options that covers custody, reporting, counterparty verification and asset classification and issuance. Reports are surfacing that people are waiting with bated breath on how the SEC will regulate the DeFi industry, but Germany's Federal Financial Supervisory Authority, also known as BaFin, has found a way to apply existing securities …
Technology / Aug. 12, 2021
Altcoins notch triple-digit gains as Bitcoin price pushes toward $60K
If this past weekend is any indication of the current bull market cycle, then an altcoin season may be well underway. Similar to previous cycles, after Bitcoin (BTC) makes a significant run-up in price and then enters a consolidation period, funds begin to migrate into large and small market cap altcoins. Data from Cointelegraph Markets and TradingView shows that while Bitcoin traded in a range between $57,000 and $60,200 over the past week, multiple altcoins saw double-digit gains as exchange listings and protocol developments brought a new wave of enthusiasm and trading volume for select projects. Tron ecosystem leads the …
Blockchain / April 6, 2021
Finblox withdrawal restrictions trigger concerns from the community
Finblox, a crypto-staking platform backed by Three Arrows Capital (3AC) has paused reward distributions and tightened its withdrawal limits. Following this, community members expressed concerns over their assets, with some calling for transparency and bringing up decentralization. In a tweet, Finblox announced that the firm is assessing the effects of 3AC’s situation on its liquidity. While the firm does this, it highlighted, Finblox has paused its reward distribution for all of its users and lowered its monthly withdrawal limit to $1,500. Many of the platform’s users were disappointed with the news, sharing their frustrations about not being able to withdraw …
Blockchain / June 17, 2022