A developer for the privacy-focused cryptocurrency Grin has refuted claims that its security protocol MimbleWimble has been broken.
Grin core developer Daniel Lehnberg published a Medium post addressing the “factual inaccuracies” of an article by Ivan Bogatyy claiming to have broken Grin’s privacy model.
Bogatyy, a researcher with the U.S.-based Dragonfly Capital Partners, outlined how he was able to break the Mimblewimble privacy protocol used by Grin and other security-oriented crypto,
He wrote that "Mimblewimble’s privacy is fundamentally flawed" and that using only $60 he managed to "uncover the exact addresses of senders and recipients for 96% [of] Grin transactions in real time."
The post continued, arguing "the problem is inherent to Mimblewimble" and he doesn't believe there would be a way to fix the problem. Per his words, Mimblewimble should no longer "be considered a viable alternative to Zcash or Monero when it comes to privacy."
Lehnberg refuted Bagotyy’s claim that Mimblewimble is fundamentally flawed and argued the researcher’s work did not constitute a true attack on the network,
The “attack” that the author claims to have made is the well-documented and discussed transaction graph input-output-linkability problem. This is not new to anyone on the Grin team or anyone who has studied the Mimblewimble protocol.
The Grin developer concluded,
The Grin team has consistently acknowledged that Grin’s privacy is far from perfect. While transaction linkability is a limitation that we’re looking to mitigate as part of our goal of ever-improving privacy, it does not ‘break’ Mimblewimble nor is it anywhere close to being so fundamental as to render it or Grin’s privacy features useless.
Featured Image Credit: Photo via Pixabay.com