A Dragonfly Capital Partners researcher based in the United States claimed that did break Grin’s alleged privacy with just a $60 per week spend on Amazon Web Services (AWS). Ivan Bogatyy, posted his claim on November 18, Monday.
Mimblewimble is not private at all.
A privacy-concerned Blockchain protocol named Mimblewimble is not private. According to an expert from Dragonfly Research, a Blockchain research firm, Mimblewimble’s privacy is profoundly weak. The researcher’s claim was reportedly proven when the 96% precise addresses of senders and recipients were discovered from Mimblewimble’s privacy-centered coin named Grin.
Dragonfly Capital Partner’s noted that Mimblewimble developers are aware of Grin’s technical viability on his Reddit thread regarding the issue a year ago.
In addition, the researcher said that the difficulty is intrinsic to Mimblewimble and there is never a way that they can fix it. Mimblewimble must never again be an alternative to Zcash or Monero with regards to privacy, said Bogatyy.
The main methods to cryptocurrency privacy
Bogatyy, in his research referred to anonymity sets. These are algorithms that combine several transactions into a single set so that they cannot be differentiated. He pointed three main methods to cryptocurrency privacy such as Monero, Zcash, and Mimblewimble.
According to the Dragonfly’s reasercher, the anonymity set of Zcash includes all the shielded transactions so they allegedly provide the maximum level of possible anonymity.
On the other hand, for any existing on-chain unspent output from Bitcoin transactions (UTXO), Monero users should choose their own set of anonymity from size 10-25.
As per the transactions carried out in Mimblewimble, all these transactions are combined into a large CoinJoin to make sure that the anonymity set is all the transactions that ended up in the same aggregation.
But then according to Bogatyy, he was able to get 96% transactions before they were able to combine with others for anonymity. He also claimed that there is no one in their set of anonymity and also added that he was not able to hack the whole transactions.
My attack catches 96% transactions before they can be aggregated with others for anonymity. So in reality, there is no one in their anonymity set! pic.twitter.com/mkMhSxYh5B— Ivan Bogatyy (@IvanBogatyy) November 18, 2019
After Bogatyy’s Twitter post, the co-founder of Ethereum named Vitalik Buterin replied to highlight that Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) is the only global anonymity sets that are secured.
If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (eg. as done with ZK-SNARKs) are truly robustly secure. https://t.co/VduwqrbMfs— vitalik.eth (@VitalikButerin) November 18, 2019
Zcash is the only reported first widespread application zk-SNARKs, according to Dragonfly Capital Partners.