Charlie Lee, the creator of Litecoin, is responding to a new blog post criticizing a protocol called Mimblewimble that is intended to improve the privacy of cryptocurrency transactions by obscuring identifying data such as names, addresses and transfer amounts.
Lee is currently testing the protocol for Litecoin integration. Mimblewimble is also used in two privacy cryptocurrencies: Grin and Beam.
According to a post by Ivan Bogatyy, general partner at MetaStable Capital and a former Google software engineer, Mimblewimble is fundamentally flawed and requires only $60/week on Amazon Web Services (AWS) to uncover the exact addresses of senders and recipients for 96% of Grin transactions in real time.
Via Twitter, Lee says there’s a lot of work to be done and that privacy and fungibility are an ongoing battle.
“This limitation of MimbleWimble protocol is well known. MW is basically Confidential Transactions with scaling benefits and slight unlinkability. To get much better privacy, you can still use CoinJoin before broadcasting and CJ works really well with MW due to CT and aggregation.”
Adds Quentin Le Sceller, a Grin core developer,
“Thanks for the article! To be honest, we knew about this ‘new’ vulnerability since the very beginning of Grin github.com/mimblewimble/d.
Recently formalized as an Open Research Problem github.com/mimblewimble/d. We are working on it.”
Grin developers agree that the limitations of the protocol are well-known within the community and also acknowledge that Grin’s privacy is far from perfect.
“Mimblewimble privacy is not ‘fundamentally flawed’. The described ‘attack’ on Mimblewimble/Grin is a misunderstanding of a known limitation. While the article provides some interesting numbers on network analysis, the results presented do not actually constitute an attack, nor do they back up the sensationalized claims made…
While transaction linkability is a limitation that we’re looking to mitigate as part of our goal of ever-improving privacy, it does not ‘break’ Mimblewimble nor is it anywhere close to being so fundamental as to render it or Grin’s privacy features useless.”
“The devs were aware that such an attack was theoretically possible (e.g. this Reddit thread I started a year ago). But now it is proven viable and efficient.
Importantly, I have great respect for the Grin community and core developers, who have all been tremendously helpful in answering my questions. But we also need to be realistic about how much privacy Mimblewimble grants.”
The post has sparked a deep discussion about the challenges cryptocurrency developers face as they strive to make changes to existing coins or roll out new technology to outperform older projects.
Joining the discussion, Vitalik Buterin, co-founder of Ethereum, supports the idea of robust security through a method called “non-interactive zero-knowledge proofs” which is used in cryptocurrencies such as ZCash.
“If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (eg. as done with ZK-SNARKs) are truly robustly secure.”
You can check out the full response from Grin developers here.