{"id":20136,"date":"2019-11-19T14:21:29","date_gmt":"2019-11-19T13:21:29","guid":{"rendered":"https:\/\/crypto-economy.com\/?p=20136"},"modified":"2019-11-19T14:21:29","modified_gmt":"2019-11-19T13:21:29","slug":"grin-former-google-ai-engineer-ivan-bogaty-discovers-flaws-in-mimblewimbles-privacy-model","status":"publish","type":"post","link":"https:\/\/crypto-economy.com\/grin-former-google-ai-engineer-ivan-bogaty-discovers-flaws-in-mimblewimbles-privacy-model\/","title":{"rendered":"[GRIN] Former Google AI Engineer Ivan Bogaty Discovers Flaws in Mimblewimble\u2019s Privacy Model"},"content":{"rendered":"<p lang=\"en-US\" style=\"text-align: justify\" align=\"justify\">I<span lang=\"en-GB\">n to a medium <\/span><strong><a href=\"https:\/\/medium.com\/dragonfly-research\/breaking-mimblewimble-privacy-model-84bcd67bfe52\" target=\"_blank\" rel=\"noopener\"><span lang=\"en-GB\">post<\/span><\/a><\/strong><span lang=\"en-GB\"> published by <\/span><span lang=\"en-GB\"><strong>Ivan Bogaty<\/strong><\/span><span lang=\"en-GB\"> on November 18, Russian computer scientist and former engineer at Google\u2019s artificial intelligence (AI) department said that he was able see the exact addresses senders and receivers in 96% of transactions made through<\/span> <span lang=\"en-GB\">Mimblewimble\u2019s Privacy-centric Coin Grin (GRIN).<\/span><!--more--><\/p>\n<p lang=\"en-US\" style=\"text-align: justify\" align=\"justify\"><span lang=\"en-GB\">Ivan Bogaty said that by spending only $60 per week on Amazon Web Services (AWS), he was able to break GRIN\u2019s privacy model. He wrote:<\/span><\/p>\n<p lang=\"en-US\" style=\"text-align: center\" align=\"justify\"><em>\u201c<span lang=\"en-GB\">Mimblewimble\u2019s privacy is fundamentally flawed. Using only $60\/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time.\u201d<\/span><\/em><\/p>\n<p lang=\"en-US\" style=\"text-align: justify\" align=\"justify\"><span lang=\"en-GB\">To further add the severity of the problem, he claimed that the flaw was there from the start of this unique blockchain protocol called Mimblewimble and there was no way to fix it. So, this means Mimblewimble\u2019s GRIN is no longer an alternative to other privacy-focused altcoins such as Zcash and <strong><a href=\"https:\/\/crypto-economy.com\/nick-szabo-recommends-users-monero-xmr-to-protect-privacy\/\">Monero<\/a><\/strong>.<\/span><\/p>\n<p lang=\"en-US\" style=\"text-align: justify\" align=\"justify\"><span lang=\"en-GB\">According to Bogaty, Mimblewimble blockchain protocol was invented in 2016 by a hacker using a false name of Tom Elvis Jedusor, who wrote the <\/span><strong><a href=\"https:\/\/github.com\/mimblewimble\/docs\/wiki\/MimbleWimble-Origin\" target=\"_blank\" rel=\"noopener\"><span lang=\"en-GB\">description<\/span><\/a><\/strong><span lang=\"en-GB\"> of the protocol on Internet Relay Chat (IRC) and then disappeared from the scene. After that it was used by many platforms and also, in the launch of privacy altcoin GRIN.<\/span><\/p>\n<p lang=\"en-US\" style=\"text-align: justify\" align=\"justify\"><span lang=\"en-GB\">Bogaty said that in the past, many researcher had also pointed out weaknesses in the privacy model of the protocol. He added:<\/span><\/p>\n<p lang=\"en-US\" style=\"text-align: center\" align=\"justify\"><em>\u201c<span lang=\"en-GB\">My contribution is to demonstrate the precise way to perform an attack, prove its viability on a live network, and measure its efficacy. In live testing on Grin, I was able to unmask the flow of transactions with a 96% success rate. Therefore, it\u2019s now clear that Mimblewimble should not be relied upon for robust privacy.\u201d<\/span><\/em><\/p>\n<p lang=\"en-US\" align=\"justify\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-20140\" src=\"https:\/\/crypto-economy.com\/wp-content\/uploads\/2022\/12\/open.jpg\" alt=\"\" width=\"696\" height=\"353\" \/><\/p>\n<p lang=\"en-US\" style=\"text-align: justify\" align=\"justify\"><span lang=\"en-GB\">Ivan Bogaty, further elaborating the problem, pointed that these possible attacks on the protocol did not allow us to determine the amount of money that people were sending as the protocol was able to obfuscates payment amounts using vanilla elliptic curve cryptography, also called <\/span><strong><a href=\"https:\/\/github.com\/mimblewimble\/grin\/blob\/master\/doc\/switch_commitment.md\" target=\"_blank\" rel=\"noopener\"><span lang=\"en-GB\">Pedersen Commitments<\/span><\/a><\/strong><span lang=\"en-GB\">. It only let us to determine who paid who.<\/span><\/p>\n<p lang=\"en-US\" style=\"text-align: justify\" align=\"justify\"><span lang=\"en-GB\">According to the researcher, Zcash purportedly provides the maximum possible anonymity as its anonymity set includes all the shielded transactions.<\/span><\/p>\n<p lang=\"en-US\" style=\"text-align: justify\" align=\"justify\"><span lang=\"en-GB\"><a href=\"https:\/\/crypto-economy.com\/vitalik-buterin-the-boy-genius-behind-ethereum-eth\/\"><strong>Vitalik Buterin<\/strong><\/a>, co-founder of Ethereum, <\/span><strong><a href=\"https:\/\/twitter.com\/VitalikButerin\/status\/1196468111995756544\" target=\"_blank\" rel=\"noopener\"><span lang=\"en-GB\">replying<\/span><\/a><\/strong><span lang=\"en-GB\"> to Ivan Bogaty, said that only the anonymity set provided by Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) were truly secure. His tweet reads:<\/span><\/p>\n<p lang=\"en-US\" style=\"text-align: center\" align=\"justify\"><em>\u201c<span lang=\"en-GB\">If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (e.g. as done with ZK-SNARKs) are truly robustly secure.\u201d<\/span><\/em><\/p>\n<p class=\"western\" lang=\"en-US\" style=\"text-align: justify\" align=\"justify\">\n","protected":false},"excerpt":{"rendered":"<p>In to a medium post published by Ivan Bogaty on November 18, Russian computer scientist and former engineer at Google\u2019s artificial intelligence (AI) department said that he was able see the exact addresses senders and receivers in 96% of transactions made through Mimblewimble\u2019s Privacy-centric Coin Grin (GRIN).<\/p>\n","protected":false},"author":4,"featured_media":20139,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[70,74],"tags":[4656,5109,5001,5140],"_links":{"self":[{"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/posts\/20136"}],"collection":[{"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/comments?post=20136"}],"version-history":[{"count":0,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/posts\/20136\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/media\/20139"}],"wp:attachment":[{"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/media?parent=20136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/categories?post=20136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crypto-economy.com\/wp-json\/wp\/v2\/tags?post=20136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}