Neither cut-through nor kernel offsets protect against archive nodes, in which case the additional privacy compared to Bitcoin is just the obscured values. Does obscured values mitigate chain-analysis to any significant degree (compared to the never-reuse-addresses technique), or is the Grin privacy more or less equal to that of Bitcoin (or have I perhaps missed something here)?
As far as I can tell, more or less anyone can run an archive node with ease, so privacy that only protects against non-archiving adversaries seems to be irrelevant.
Archive nodes can’t tell who sent what to who.
2 Likes
And what about dandelion here? Wouldn’t that also be a differentiator vs btc?
I was under the impression that miners aggregated the transactions, but apparently they are aggregated during the Dandelion phase, which is a relief.
This sparks another question though: Can an adversary simply fire up enough nodes in order increase it chances to receive unaggregated transactions to a degree where users become deanonymized, regardless of what type of Dandelion protocol is used?
Aggregation is more for space savings than privacy. A node recording all transactions cannot see addresses or amounts, just that certain outputs and Inputs are spent. You can’t see who sent how much to who, no amounts or addresses, just random numbers.
1 Like
Cut-through is for space saving. Kernel offsets and the aggregation thereof is for and only for privacy, to not be able to link inputs and outputs to each other like you can do with Bitcoin.
The lack of addresses isn’t any more private than never reusing addresses in Bitcoin where inputs and outputs are tracked to deanonymize people.
1 Like