Was not able to find any reference to this article of Ivan Bogatyy on the forum so I decided to start this discussion.
The question is straightforward: Would Grin community accept the lack of privacy (linkability with amount obfuscation) or some workaround could be found?
This is a major issue, however it is definitely not news. In fact, finding out ways to mitigate this has been a priority for a while.
Does this problem get better as the network becomes more popular?
More difficult yes, but absolutely not difficult enough. Privacy needs to exist against powerful adversaries (e.g. CIA, NSA) who have the budget to run six gorillion nodes.
A few grin developers and community members co-authored a response to this article. https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9
Hmm. Judging by the response of the price of Grin today - down ca. 17% as of a few seconds ago - there appear to be a lot of folks who weren’t fully au fait with this vulnerability, notwithstanding that the author of the article seems to have bigged up his claims of breaking the privacy model. Maybe someone with sufficiently deep technical understanding should explain why even given the potential for linkability between inputs and outputs, this doesn’t necessarily mean the actual originator of a transaction could ever be identified?
You don’t know if the coins still belong to the same person after a transaction.
But often it does mean this. Grin is not private, and the response to yesterday’s article proves exactly why we need to be more vocal about this fact. We intend for it to be private sometime soon, and we have several paths we could take to get there, but as is, it’s transparent AF. The only thing hidden are amounts.
OK, but IP addresses are not uncovered with the sort of probing carried out by the sniffer nodes described in Bogatyy’s article - correct?
I actually recall discussion of the existence of this whole issue during discussions at Grincon0 about this time last year in Berlin during or after an address about Dandelion by lesceller… it’s as if someone has gone out and shown something to be the case that deeply embedded people were so aware of, they weren’t bothered to demonstrate it. Deeply embedded people, but not everyone… The important takeaway may be not so much that this deficit has been shown in practice but that there is a need to for more/better education of potential Grin community members/users/investors/adopters.
Correct, IP address is not leaked.
Totally agree about lack of education. There were a lot of inflated expectations among casual grin users.
Actually it is not that easy, I think
You can not confirm Alice spend on darknet market easily.
Because it’s not bitcoin address, only if the commitment darknet market received spent on some kyced market.
You can’t confirm Alice spent money on the darknet with Bitcoin either if the darknet site generates new addresses for each transaction. However, they may not be cautious enough and link their different addresses in the future, at which point you would be incriminated. Same goes for Grin.
ELI5 What sort of ideas for rendering it private, a brief enumeration?
Dandelion tweaks for increasing stem phase aggregation, adding decoy inputs and outputs, improving input selection, using coinjoin servers, payment channel hubs, etc. Mimblewimble is unique, and offers many possibilities. We’ve just got to figure out which combinations lead to the best outcome and tradeoffs.
Could you elaborate on the decoy inputs/outputs idea? This sounds intriguing.
There was some discussion in keybase channel grincoin.teams.node_dev#research
That channel is closed to the public I’m pretty sure.
No - that channel is completely open to anyone who wants to join.
Ah, I confused it with grincoin.teams.community. What a headache to navigate Keybase teams.
I only see one subteam under grincoin.teams and that is grincoin.teams.community. node_dev indeed seems to be hidden.