Bitcoin
$9,251.03 0.06%
BTC · 34w

Breaking Mimblewimble’s Privacy Model

TL;DR: Mimblewimble’s privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time.

The problem is inherent to Mimblewimble, and I don’t believe there’s a way to fix it. This means Mimblewimble should no longer be considered a viable alternative to Zcash or Monero when it comes to privacy.

In the last two years, Mimblewimble has grown in popularity as an up-and-coming, lightweight privacy protocol. Mimblewimble was invented in 2016 by a pseudonymous hacker known as Tom Elvis Jedusor, who dropped a text description of the protocol into an IRC chat and then disappeared. Since then, Mimblewimble was most famously implemented in the “fair launched” privacy coin Grin, the VC-backed projects Tari and BEAM, and is even being considered for integration into Litecoin.

Several researchers have hypothesized a possible privacy weakness in Mimblewimble. My contribution is to demonstrate the precise way to perform an attack, prove its viability on a live network, and measure its efficacy. In live testing on Grin, I was able to unmask the flow of transactions with a 96% success rate. Therefore, it’s now clear that Mimblewimble should not be relied upon for robust privacy.

Here is a more technical deep-dive into this attack, complete with open-source code to reproduce it, data collected, and a technical FAQ. What follows in this article will be a high-level, intuitive explanation of linkability, how the attack works, and what it means for privacy tech.

What is linkability?

It’s important to understand what this attack means and what it doesn’t mean.

This attack does not let us determine the amounts that people are getting paid. Mimblewimble successfully obfuscates payment amounts using vanilla elliptic curve cryptography (Pedersen commitments). What this attack does let us do is determine who paid who. In other words, it le...

Continue on medium.com
Recent news
BTC +0.06% · forbes.com · Now

This El Salvador Village Adopts Bitcoin As Money

On the coast of El Salvador, lies a small rustic beach town of 3,000 locals, known as El Zonte. While other tourist hot-spots continue to struggle as borders remain closed, the people of El Zonte have...
BTC +0.06% · decrypt.co · 2h

Does China actually control Bitcoin?

Ever since ASIC miners entered mass production, there have been concerns about China's monopoly over the Bitcoin hash rate. But are they justified?
BTC +0.06% · bitcoin-takeover.com · 4h

S5 E10: Arthur van Pelt on Craig Wright

Arthur van Pelt talks about his “Faketoshi Fraud Timeline” – a website where he documents the entire history of Craig Wright’s forgeries and lies.
BTC +0.06% · nownodes.io · 6h

How to make a Bitcoin transaction with Python

In the last article, we learned about creating Bitcoin HD wallets. Today, we will talk about how to create, sign, and broadcast a Bitcoin transaction using Python. Prerequisite We will be using bit py...