A Dragonfly Researcher Breaks Mimblewimble’s Privacy, Proving That The Model Is Flawed

Alo Kingsley  Nov 21, 2019 00:30  UTC 16:30

2 Min Read

 

It is quite a pity that the esteemed privacy of Grin has been tampered with by a Dragonfly researcher who was able to unearth the real addresses of senders and receivers of up to 96% of transactions carried out in Grin’s blockchain. The researcher shared this on a Medium post on Nov.18.

 

The researcher claimed that some other researchers have sometimes said that the privacy model of Mimblewimble, a privacy-focused blockchain protocol, is suffering from some weakness and, therefore, flawed. His recent live testing on Grin has proved the speculation to be true since he was able to uncover the sending and receiving of transactions with an estimated success rate of 96%. This made the researcher conclude that Mimblewimble is not a reliable privacy chain.

 

One major thing of concern about this faulty privacy protocol is that it is part of Mimblewimble; it is inherent to the protocol without much hope of being fixed. This unfortunate event made the researcher warn that Grin/ Mimblewimble should not be taken as an alternative privacy protocol with reference to Zcash or Monero.

 

The researcher claimed that Mimblewimble developers are aware of the technical issues and feasibility of an attack, they did not do anything even though he warned them on a Reddit post last year.

 

In the said post, the researcher did not spare any information regarding the attack, how it works, and what it means for privacy tech. He then provided technical details into this attack with open-source code to reproduce it, data collected, and a technical Frequently Asked Questions.



Image via Shutterstock




Read More