Ivan Bogatty investigated how strong the Mimblewimble protocol is. Mimblewimble is currently being used by cryptocurrency Grin and it is said that this privacy model is also being implemented for Litecoin and Bitcoin.
His conclusion: despite Mimblewimble, 96% of all transactions can still be followed.
What is Mimblewimble?
In the past two years, Mimblewimble has become increasingly popular as an emerging, lightweight privacy protocol. Mimblewimble was invented in 2016 by a pseudonymous hacker named Tom Elvis Jedusor. He shared the protocol in an IRC chat and then disappeared. Since then, the best-known implementation of Mimblewimble has been the “fair launch” privacy coin Grin.
Researcher Bogatty launched an attack on Mimblewimble, to test its viability on a live network and to measure its effectiveness. He was able to unmask the way that transactions make from sender to receiver, at a success rate of 96%. Bogatty therefore concludes that you should not rely on Mimblewimble if you are looking for robust privacy.
The attack does not show how many people send each other. It only shows that it is possible to find out who sends each other something. In other words, Bogatty can link transactions to each other and follow the flow of payments.
Not possible with Zcash and Monero
He gives an example why this is important:
Suppose an authoritarian government knows that a certain receiving address is from a political opponent. You send that person a small gift. And if you later send the Mimblewimble transaction to a local exchange, that exchange will share this data with the authoritarian government. Because the government can follow the flow of the transaction, they now know that you support a political opponent.
Bogatty says this is not possible with Zcash and Monero.
Mimblewimble uses two techniques to counter this. The first is full-block cut-through aggregation, and the second is Dandelion. But both are not enough to give complete privacy. He explains that very clearly in his substantiation.
What remains stands the test of time
The researcher does have the best for Grin, Mimblewimble and cryptocurrency. He therefore regards this research as a next step in the evolution of privacy coins.
Bitcoin is now 11 years old, but cryptocurrencies are still in their infancy. Not too long ago, devastating bugs were discovered in both Zcash and Monero. This is to be expected, most interesting technologies are still basic science.
But this is the only way to advance science: we propose new theories and constantly break them down until what remains has stood the test of time.
View his full research here. You can find a more detailed and technical explanation on his GitHub.