Network Analysis Attacks

I am looking to see what the landscape looks for a few private currencies. I’m looking to see if a network analysis attack is possible on a grin user? If I send grin, could an attacker (if they were monitoring my traffic) know that I was using Grin?

I’ve seen solutions mentioned such as Tor and VPNs. Is there something being built to help further combat these issues either by the Grin community or externally?
Is Grin or the Grin community looking to build something that could further obfuscate traffic and possibly implement it at the protocol level? Would this even be possible to add to the protocol level? Any insight is helpful.

Does the file transferral of the tx help obfuscate some information? The transaction still needs to be uploaded to the network, so if you have an APT they could be watching all points of entry. Let me know if I am wrong in my understanding of the concepts

1 Like

I2P is being built into the node; see this pull request on Igno’s fork for example.

The transaction slates are in plaintext, but there is no requirement of you broadcasting it to the network. You can have an unknown third party doing that; as long as it eventually get broadcasted you’re fine. I can easily imagine multiple centralized hidden services (TOR, I2P) doing precisely this: broadcasting transactions to the network from anonymous users.

Thanks for the response and insight, Looking at the request, Igno is looking at implementing it to the wallet, but making it optional. Is interaction on i2p very complicated? Why steer away from TOR? or is I2P a better solution?

I see this as well https://github.com/mimblewimble/grin/issues/2712

I2P vs TOR was briefly discussed in your link. I am not very knowledgeable, but there is this article regarding the differences between the two.

1 Like

What does I2P solve compared to Dandelion++? Isn’t what I2P trying to solve already completed by Dandelion?

My understanding is that there can still be correlation attacks by timing attacks when using dandelion. An attacker could still possibly correlate a transaction to its owner by seeing that the spender is connecting to the network to broadcast a stem transaction.

So I2P would come in to solve this, because it will create this encrypted tunnel to the node, so there is no way for an attacker to correalte the tx with the node becasue the attacker cannot view any traffic?

If I am completely wrong in my understanding, please feel free to correct me