Breaking MimbleWimble - Reading Assignment

Its more 6.6%

The solution would be to combine Mimblewimble with another protocol that obscures the transaction graph.

1. What is a ‘sniffer node’?

It is a node that picks up all transactions before CoinJoin aggregation is completed, in order to reveal true source and target of transactions.

2. Which pieces of information can be determined by a supernode? Which pieces cannot?

The senders and receivers of transactions are exposed, however the amounts are not.

3. What % of live nodes did the author connect with?

6.67%

4. What single potential solution is mentioned? Can you think of another?

Combining MimbleWimble with another protocol that hides the transaction likability like in Ethereum 9¾ (which combines Mimblewimble with a Zerocash-style commitment-nullifier scheme) would be one way.

5. Read Grin’s Response: https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9 . Would you add anything to it?

Not really, I think the author did well to directly answer to the points made in the medium article and was honest in their response.

1. What is a ‘sniffer node’?

“Sniffer node” is node connected to other nodes in network used for observing the network and taking note of the original transactions before they get aggregated. In Grin, “sniffer node” collects transactions that are broadcasted from other nodes as part of the stem and fluff phase in Dandelion.

2. Which pieces of information can be determined by a supernode? Which pieces cannot?

Supernode, can catch any transaction (inputs and outputs) before their aggregation on Dandelion path from all other nodes it is connected with, except if two transactions intersect in their Dandelion path before being caught by that supernode. Also, MimbleWimble successfully obfuscates transaction amounts and addresses.

3. What % of live nodes did the author connect with?

Author connected with 200 peers out of the total 3000 peers in Grin’s network or 6.66% and claims that he was able to link 96% of all transactions.

4. What single potential solution is mentioned? Can you think of another?

As a potential solution, author mentioned combining Mimblewimble with another protocol that obscures the transaction graph, such as in Ethereum 9¾ (which combines Mimblewimble with a Zerocash-style commitment-nullifier scheme).

I think solution will come in one of the regular hardforks where Grin team will implement some RingCT-like privacy enchanting mechanisms.

5. Read Grin’s Response: https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9 8. Would you add anything to it?

“We have to assume that the author conveniently confused transaction outputs (TXOs) with addresses, but these are not the same. And, as we’ve already detailed, the fact that TXOs can be linked is hardly news.”

This part of the Grin’s response was enough proof for me to dismiss original article as sensationalist FUD from “researchers” with questionable expertise.

1. Observes the network and take a note of the original transactions.

2. Transaction participants could be determined but if two transactions intersects on their paths then the super node is not able to break it.

3. 6.7% (200 out of 3000).

4. Combining MW with another service or going through another mixing service.

5. I am not sure, but looks like a fair response.

Questions:

• What is a ‘sniffer node’?

A sniffer node is an observer who’s intent is to pick up transactions before

• Which pieces of information can be determined by a supernode? Which pieces cannot?

Before the cut-through aggregation, Ssupernodes can estab. the transaction’s sender & the receiver ; yet the IP addresses or transaction amounts.

• What % of live nodes did the author connect with?

200/3000 ~ 6.66 %

• What single potential solution is mentioned? Can you think of another?\

‘Mimblewimbling’ (Obscuring) transactions on other platform

• Read Grin’s Response: https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9. Would you add anything to it?

Quality Development and time to market with good use case= Classic FundaMentals/PumpaMentals balance!!

1. What is a ‘sniffer node’?
   A sniffer node can monitor the network and take note of the original transactions before they get aggregated.

2. Which pieces of information can be determined by a supernode? Which pieces cannot?
   Each Grin node connects to 8 other peers. But by jacking up the number of peers, he can connect his sniffer node to every other node in the network. Assuming he stays alive long enough, eventually almost every node will connect to him, making him a “supernode”.

3. What % of live nodes did the author connect with?
   He was able to link 96% of all transactions while only connecting to 200 peers out of the total 3000 peers in Grin’s network.

4. What single potential solution is mentioned? Can you think of another?
   Dandelion

Breaking MimbleWimble - Reading

1. A ‘Sniffer node’ can observe the network and take note of the original transactions before they get aggregated ie. it picks up all transactions before cut-through aggregation is finished.

2. Pieces that can be determined by a Supernode are transactions that have not yet intersected in a dandelion path. like transaction that enters fluff phase.

   Pieces of information that Supernode cannot see are transaction that are already intersected in the Dandelion path and the transaction amount.

3. The percentage of live nodes the author connected with can be calculated as (200/3000 * 100 = 6.67 % of live nodes.

4. The single potential solution mentioned is Ethereum 9 3/4 (which combines MimbleWimble with Zerocash style commitment - nullifier scheme - this will obscure the transaction graph.

5. “GRIN’s response” something to add.
   The fact that you can link UTXOs now because of low usage, should not even happened in the first place. The author exploited that and it brought about damaging consequences, although I think this will be just temporary. Possible solution highlighted above , if true, should rectify the problem.

• What is a ‘sniffer node’?
  A node which observes the network and takes note of the original transactions before they get aggregated.
• Which pieces of information can be determined by a supernode? Which pieces cannot?
  Sender and receive of a transaction. Cannot see amounts.
• What % of live nodes did the author connect with?
  6.66%
• What single potential solution is mentioned? Can you think of another?
  Combine Mimblewimble with another protocol that obscures the transaction graph.
• Read Grin’s Response: Would you add anything to it? I’d like to hear a reply to Grin’s response…

1.- Are nodes to monitor the transactions in order to see though Coinjoin mixing techniques. It only can see the information before its been mixed.
2.- Transactions before there have been aggregated.
3.- 200 / 3000 = 0.06666*100 = 6.66%
4.- Combine MimbleWimble with another protocol that obscure tx graph, like Ethereum 9 3/4
5.- He described it very well and most important, to be part of a community, this is a great example.

• What is a ‘sniffer node’?
  Monitors the blockchain looking for transactions and linking addresses to transactions before the cut through aggregation is finished.

• Which pieces of information can be determined by a supernode? Which pieces cannot?

Transaction info like addresses they are connected to but not after aggregation.

• What % of live nodes did the author connect with?

6.66%

• What single potential solution is mentioned? Can you think of another?

To merge with another protocol the obfuscates the transaction graph.

• Read Grin’s Response: https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9. Would you add anything to it?

I think that we have to always remember that there are two competing coins in this discussion and to take comments from both sides with a grain of salt.

1. IT is a node that is connected to the network to aggregate data.
2. It can connect sender and receiver however it cannot determine amount.
3. 6.67% of nodes or 200/3000
4. Combining Mimblewimble with Zerocash to delink the sender and receiver.
5. I think he did a good job trying to remain balanced and not accusative. The only thing I would have added was a roadmap of where Grin is trying to go. He mentioned the Open research problems but talking about what the Grin community wants short term and how people can help get there.

1. A sniffer node monitors the blockchain network in real-time, collecting all transactions before they are accumulated within a block. Because transactions have to be built up one at a time, a sniffer node will be able to take note of the original transactions before aggregation.

2. A supernode can determine the original transaction with a high probability before aggregation takes place. However, knowing the original transaction cannot determine the amount sent because it is encrypted as a commitment.

3. The author was able to connect to 6.67 percent of the peers within Grin’s network. This was calculated by: (200/3000) * 100 = 6.67

4. The article mentions combining Mimblewimble with another protocol such as Ethereum 9 3/4, which obscures the transaction graph. Another protocol that aims to achieve this is Sword.

5. Grin already acknowledges that their privacy is far from perfect, however, the claims made in the article lack enough network analysis to apply to Mimblewimble.

1. A sniffer node is a node that picks up all transactions before cut-through aggregation is finished.

2. A supernode is a node that connects to all other nodes.

3. 6%

4. Combine Mimblewimble with an other protocol, e.g. ZeroCash.

5. The response is that the original author misunderstood and magnified (due to lack of understanding of basic concepts) a well known Grid limitation.

1. A sniffer node can just observe the network and take note of the original transactions before they get aggregated.

2. A supernode can determine the origin of a transaction. It is not possible to see the single transactions once they have already been aggregated in a previous node.

3. 200 nodes out of a possible 3,000 making it 6.67%

4. Combining Mimblewimble and another protocol that obscures the transaction graph such as in Ethereum 9¾.

1. A sniffer node “essentially logs intermediary pending transactions before a block is aggregated into a single larger transaction”.
   So if I went to the block explorer and looked at then transaction output of the entire blockchain:

A + C = B + D + G + H + … + fees

I wouldn’t be able to tell if A sent to B or to D, or if C sent to B or H etc.
BUT if I was recording the entire output everytime something changed:

A = B + D + fees
–> A + C = B + D + G + fees

Then now I would be able to tell that C almost certainly sent some transaction amount to G.

2. A supernode can see all transaction data: sender, receiver. It cannot see the transaction amounts due to ECC, and has trouble finding IP addresses due to Dandelion.

3. The author connected with “200 peers out of the total 3000 peers in Grin’s network”, or 6.67%. With this, they were able to “link 96% of all transactions”.

4. The author mentioned the solution “Ethereum 9¾ (which combines Mimblewimble with a Zerocash-style commitment-nullifier scheme)”. In the technical writeup, I see no mention of ring signatures. Maybe they could be a potential solution?

5. I can’t think of anything to add to their response, honestly. It’s funny that it was already publicly known since its inception that Mimblewimble had flaws in its privacy model, but the author of “Breaking Mimblewimble’s Privacy Model” went ahead and published their article, and “did not take the opportunity to let anyone in the Grin community do the same and offer (friendly) feedback on what they were about to publish”. The OP’s article probably caused some misinformation to spread amongst the community as well. " A silly ‘takedown’ ", I concur!

1. A sniffer node is a node that picks up all transactions before cut through aggregation is finished and can therefore identify the sender and receiver.
2. A super node can determine source of any transaction that enters the fluff phase in dandelion. It can not determine amounts.
3. The author connected to 200 out of 3000 live nodes which is 6.67 percent and was able to link 96 percent of all transactions.
4. The single solution mentioned is combining mimblewimble with another protocol that obscures the transaction graph.

I liked Grin’s response especially the fact that UTXO’s are not addresses, that they never claimed to be perfect and continue to be a work in progress.

1. A sniffer node can just observe the network and take note of the original transactions before they get aggregated.
2. A supernode can determine the origin of a transaction. Single transactions can’t be seen once they have been added to the bucket.
3. 200/3000 = 6.67%
4. Mimblewimble could be combined with another protocol that obscures the transaction graph, such as in Ethereum 9¾ (which combines Mimblewimble with a Zerocash-style commitment-nullifier scheme).
5. NO

1. A sniffer node monitors a network and can pick up on data packets being sent over that network.
2. If a transaction is detected before 2 transactions both intersect then a super node can deduce where the origin was from. If not then it will be aggregated before the supernode can get the needed information.
3. 6.7%
4. By combining Mimblewimble with another protocol that obscures the transaction graph like Ethereum 9 3/4
5. No

• What is a ‘sniffer node’? — node that can observe the network and take note of original transactions before they are aggregated in a mixing thing like CoinJoin
• Which pieces of information can be determined by a supernode? Which pieces cannot? — origin of transaction, but cannot be seen once mixed
• What % of live nodes did the author connect with? — 96%
• What single potential solution is mentioned? Can you think of another? — combining mimblewimble with another protocol that obscures transaction graph, like ethereal 9 3/4 which combines mimblewimble and zero cash properties
• Still needs time to develop, uncovering weaknesses is part of engineering and improving upon them making an anti fragile system!