In to a medium post published by Ivan Bogaty on November 18, Russian computer scientist and former engineer at Google’s artificial intelligence (AI) department said that he was able see the exact addresses senders and receivers in 96% of transactions made through Mimblewimble’s Privacy-centric Coin Grin (GRIN).
Ivan Bogaty said that by spending only $60 per week on Amazon Web Services (AWS), he was able to break GRIN’s privacy model. He wrote:
“Mimblewimble’s privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time.”
To further add the severity of the problem, he claimed that the flaw was there from the start of this unique blockchain protocol called Mimblewimble and there was no way to fix it. So, this means Mimblewimble’s GRIN is no longer an alternative to other privacy-focused altcoins such as Zcash and Monero.
According to Bogaty, Mimblewimble blockchain protocol was invented in 2016 by a hacker using a false name of Tom Elvis Jedusor, who wrote the description of the protocol on Internet Relay Chat (IRC) and then disappeared from the scene. After that it was used by many platforms and also, in the launch of privacy altcoin GRIN.
Bogaty said that in the past, many researcher had also pointed out weaknesses in the privacy model of the protocol. He added:
“My contribution is to demonstrate the precise way to perform an attack, prove its viability on a live network, and measure its efficacy. In live testing on Grin, I was able to unmask the flow of transactions with a 96% success rate. Therefore, it’s now clear that Mimblewimble should not be relied upon for robust privacy.”
Ivan Bogaty, further elaborating the problem, pointed that these possible attacks on the protocol did not allow us to determine the amount of money that people were sending as the protocol was able to obfuscates payment amounts using vanilla elliptic curve cryptography, also called Pedersen Commitments. It only let us to determine who paid who.
According to the researcher, Zcash purportedly provides the maximum possible anonymity as its anonymity set includes all the shielded transactions.
Vitalik Buterin, co-founder of Ethereum, replying to Ivan Bogaty, said that only the anonymity set provided by Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) were truly secure. His tweet reads:
“If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (e.g. as done with ZK-SNARKs) are truly robustly secure.”