List of Grin problems and their solutions - Open Discussion + Cool Website to compare Grin inflation

-a potential inflation bug (like with all privacy coins)
-the balance is locked for the next minutes after you made a tx (like with monero)
-no ledger nano support (we hope soon)
-the tx graph issue “Researcher Breaks Mimblewimble, Deanonymizing 96% of Grin Transactions” (soon fixed?)
-the interactive tx (but if the receiver is online , it’s not interactive anymore)

That being said Grin has a lot of advantages too not mentioned in this post

Feel free to comment with potential solutions that could arrive to fix those problems

one of the the biggest ones seems to be the tx graph issue
“Obscuring transaction outputs from being linked by monitoring nodes is not something that’s covered by Mimblewimble’s privacy model. The ambition is to get there, but we’re not there yet”

This statement was published in November 2019
Is there any progress on this issue ? Anything we can expect ?

If there was plenty of transactions in each block (with more adoption) , would it make Grin much more private ? How would it compare with monero regarding privacy ?

What about the inflation bug threat ? Is it highly likely ? Could it be devastating for Monero/Grin ?

btw I also wanted to mention I found this website about monero , this page compares 4 privacy coins with respect to the emission curve (monero , dash , zcash , grin)
https://moneroj.net/compinflation/ (being updated now it seems)

Also I’ll repost that comparison image I saw on twitter

thanks

6 Likes

After some discussion here, I think slatepacks solve 90% of the issue with not having offline transactions.

The (non-)existing problem with interactive transactions & UX - Rant

3 Likes

What do you mean here?

I think tx graph issues are overblown because they don’t reveal as much as people think (for example you can’t see the amounts). I know it’s not perfect privacy, but if people only know at best when i’ve made a transaction without any other data then i don’t really mind, so my guess is that majority of the people are fine with that. There are some ideas (eg. coinswap) of how to obfuscate tx graph but i don’t see it being implemented anytime soon (people would first need to verify that it works)

I don’t think it would make it more private since you can spy on the node network for transactions before they’re merged in a block. I don’t expect grin to ever have as strong privacy as privacy focused coins (they give up scalability for it so it’s easier to make it more private)

If hidden inflation happens the coin should be destroyed unless you somehow spot it and reorg it in time since they could have printed billions of coins. I think it’s the same for all coins which hide amounts, but am not sure

Well slatepack would be ok if monero and bitcoin did not exist I think

Balance locked well I mean you know when you send a tx , if you want to send another one in the same minute u have to wait right? Like with monero. It’s a problem bitcoin doesn’t have.

About the tx graph so it’s possible to have tainted coins in grin just like with bitcoin?

(relative) time locks for layer 2

Does that mean that Grin could have a layer 2 (which would also improve privacy)?

After you’ve broadcasted the transaction you must wait for it to land on chain (and possibly wait for tx to get more confirmations) and only then can you use the coins from that output, i think they all have the same problem, even btc. I’m guessing you mean the input locking during transaction creation but in the future we should move towards late-locking inputs by default so afaik grin should lock your coins the same way btc does

So u mean in the future u could send multiple tx from the same monero/grin wallet in a short time span like it is already possible with bitcoin ? Without having to wait about 10min between each sending?

I have never used monero, but grin should work the same as btc in terms of input locking. In btc if you have only 1 utxo and you make a transaction then you will need to wait for the transaction to get mined (average 5min) and that’s the least amount of time you need to wait, wallet might require more confirmations. Afaik all coins have this problem. So basically your problem is solved by having multiple utxos, wallets should probably try to optimize this (eg try to get more utxos if you don’t have them many, however you lose some privacy by doing that)

2 Likes

I think developers had the experience of lightning payments on grin. So yes it can support layer 2 options.

The amount of money being hidden is definitely not enough to be safe. If Adam Sutler catches you purchasing a record of Tchaikovsky’s 1812 Overture from the local music store, you are done for.

2 Likes

I saw this too in grin docs:
https://docs.grin.mw/about-grin/privacy/
Despite the fact that chain analysis can extract very little (if any) information about users and outputs, it is possible to monitor peer-to-peer network activity and obtain the transactions before they’re included in a block and aggregated with others. By setting up sniffing nodes connected to many peers, you can figure out which outputs are being spent by what transaction, allowing you to build a partial transaction graph by separating the aggregation done at the block level. It’s unclear at this point if meaningful information could be derived from this, as the trail of data stops there.

As of today, an almost complete transaction graph can be constructed. But as usage grows this will gradually become harder. Likewise, many privacy-enhancing techniques can be employed to easily remove linkability of outputs. Fortunately, with mimblewimble these may be added natively, such that nobody knows when a user takes extra privacy precautions to obfuscate the transaction graph, therefore no coins become “tainted”.

The content of the transaction is not stored on chain, so what do you mean?

Unlike with monero. so it’s a good point for grin . Can’t
be cracked if there’s nothing to see

I doubt monero (or any other coin) puts this data on the chain

Transaction graph, but not a graph of addresses, right? Grin addresses don’t exist on chain like in Monero. That alone improves privacy an immense amount. No need to manage a book of addresses and remember where you already used each address.

i’ve read this but still don’t understand what you mean, can you elaborate?

Once in the blockchain the information is safe, but during propagation/aggregation it is not. That is why obfuscations such as Dandelion exist, but they are just that: mere obfuscations.

My knowledge is outdated by a few years, though.

only the parties involved in the transaction know their own amounts and what’s the transaction’s content (in other words who is paying to who and what). Nobody else knows this even if the transaction is not yet merged with the other ones, they can only analyze the relations between the utxos - they can build the transaction graph. Also dandelion doesn’t guarantee that your tx will get merged since the first node can be a fluff node or just be evil and fluff or there is no other tx to merge with