Breaking MimbleWimble - Reading Assignment

• What is a ‘sniffer node’?

A sniffer node can observe the network and take note of the original transactions before they get aggregated. It captures and stores IP packets for traffic and content studies.

• Which pieces of information can be determined by a supernode? Which pieces cannot?

It can see any transaction that did not intersect with another transaction prior reaching the supernode; it can see which inputs correspond to each output. It will never be able to see amounts of the transactions though.

• What % of live nodes did the author connect with?

96%

• What single potential solution is mentioned? Can you think of another?

Solution proposed: combining Mimblewimble with another protocol that obscures the transaction graph

• Read Grin’s Response. Would you add anything to it?

No single code nor protocol is perfect, and critical points being pointed out (in a correct way) will always be beneficial to everyone.

1. a sniffer node is a node that is listening to all activity and taking notes.

2. All data Bar IP Address and TX amounts.

3. 6.6% of live nodes

4. he suggest combining MW with another protocol to obscure the TX graph.

5. Nothing to add they covered everything.

1. a sniffer node picks up all transactions before cut-through aggregation is finished.

2. All of the inputs and outputs are tossed into one giant bucket, with no easy way to determine who paid who within that bucket. Single transactions can’t be seen once they have been added to the bucket.

3. 6.66% (200 nodes out of 3000).

4. If you want strong privacy, you can always combine Mimblewimble with another protocol that obscures the transaction graph, such as in Ethereum 9¾ (which combines Mimblewimble with a Zerocash-style commitment-nullifier scheme).

5. Nothing to add.

1. A sniffer node is a node that observes/spies on the network and takes note of the original transactions before they get aggregated.

2. A supernode is connected to every other node and will instantly get any transaction that enters fluff phase (Dandelion), before it can be merged with other transactions for anonymity.
   Pieces of information can be determined by a supernode are txs inputs and outputs, meanwhile tx amount cannot be.

3. The author was able to link 96 % of all the txs while connecting to 200 peers (6,67 % of all 3000).

4. Single potential solution is mentioned: to combine Mimblewimble with another protocol that obscures the transaction graph, such as in [Ethereum 9¾] which combines Mimblewimble with a Zerocash-style commitment-nullifier scheme.
   I could only think of using decoys which I found later was the solution implemented in Beam.

5. No. It’s a good read from the other side’s perspective that makes it more clear and understable to see the whole picture.

1. Sniffer node picks up all transactions before cut-through aggregation is finished in CoinJoin you will be able to track transaction owners.
2. If transaction enters fluff phase. If transaction is in the stem phase. We are also able to determine who paid whom but not the amount.
3. 6,67% (divide the 200 peers he connected with by the 3000 total peers)
4. combine Mimblewimble with another protocol that obscures the transaction graph.
5. Well stated arguments that provide us with information that the author of the previous article did not do the research needed to know what is happening in MimbleWimble like when author conveniently confused transaction outputs (TXOs) with addresses.

Grin is a minimal cryptocurrency that aims to be privacy-preserving, scalable, and fair. It’s far from perfect, but it achieves an equivalent security model as Bitcoin with better privacy that comes enabled by default, with less data required to be kept on chain. It does all this without a trusted setup, without a development tax, ICO, or pre-mine.

1. Sniffer node refers to a node that is ran to observe the network and to note all original transactions before cut-through aggregation is finished.

2. Before two transactions intersect on their Dandelion path, a supernode can disaggregate transactions by using simple set subtraction. The supernode cannot catch the transactions if the transactions intersact in their Dandelion path before the supernode see them.

3. The author connected with 6.7% (200 peers out of the total 3000 peers in Grin’s network) and was able to link 96% of all transactions.

4. The author suggested combining Mimblewimble with another protocol that obscures the transaction graph, such in Ethereum 9 3/4.

5. Grin responded with the keypoint that “Mimblewimble does not have addresses” and the fact that the author of “Breaking Mimblewimble’s Privacy Model” actually did not reach out to the Grin community for comments make readers re-evaluate that author’s intention.

1.) A “sniffer node” is a node that can pick up all transactions before cut-through aggregation. Super transactions are created with cut-through aggregation (random inputs and outputs that hide the sender and receiver), but if a sniffer node observes the P2P network and gets a hold of these transactions before their aggregation, the sender and receivers’ data is able to be linked.
2.) The pieces of information that can be determined by a supernode are the origin of the transaction and the Dandelion path of any transaction before aggregation. The pieces of information that can’t be determined by a supernode are the Dandelion path’s of each transaction if intersected before aggregation.
3.) The author was able to connect with 96% of live nodes using Mimblewimble on the Grin blockchain.
The author was able to perform this while only connecting with 200/3,000 total peers on the Grin network.
4.) The single potential solution that is mentioned here is combining Mimblewimble with another protocol that obscures a transaction graph, such as Ethereum 9 3/4. Another protocol I could think of would be PETchain, which is a privacy-enhancing protocol where data is stored securely in a distributed manner and processed in a user-selected trusted execution environment (also executed by a smart contract).
5.) Honestly, the only thing I would add to this response would be a little more insight on how GRIN is developing to enhance ever-improving privacy themselves. They did a great job pointing out some of the flaws in this “attack” and how some address-finds were not even mentioned at all, which is supposed to be the main basis of the attack. I would have just put more into the conclusion about some of GRIN’s latest projects or developments to improve privacy, since any protocol’s privacy is only as good as their anonymity set. How is GRIN striving to improve their anonymity set?

What is a ‘sniffer node’?

A sniffer node is used to monitor transactions and broadcasting activity and behaviours across a network. This can for example, check information before aggregation and mixing.

Which pieces of information can be determined by a supernode? Which pieces cannot?

A supernode will get just about any transaction that enters a fluff phase - which means it will receive the transaction before it can be merged with other transactions to enhance the transactions privacy.

What % of live nodes did the author connect with?

The author was able to connect to 200 / 3000 peers across the network, representing about 6.67% of the entire dandelion network.

What single potential solution is mentioned? Can you think of another?

The author suggested a solution to this would be to combine Mimblewimble with another protocol that obscures the transaction graph, such as Ethereum 9¾.

After Reading Grin’s Response, Would you add anything to it?

The level of depth, research and peers that went into creating such a report is amusing without approaching any of the core Grin team - who seem to be very inviting of conversation.

1. What is a ‘sniffer node’? : A sniffer node is a node that picks up all transactions before cut-through aggregation is finished. A sniffer node can observe the network and take note of the original transactions before they get aggregated.

2. Which pieces of information can be determined by a supernode? Which pieces cannot ? : The supernode connected to every other node will get all transactions that enters into the fluff phase, before they can be merged ; mixed with other transactions to produce anonymity.

3. What % of live nodes did the author connect with ? : The author was able to connect to 200 / 3000 peers across the network, representing about 6.67% of the entire dandelion network.

4. What single potential solution is mentioned? Can you think of another? : The author was able to connect to 200 / 3000 peers across the network, representing about 6.67% of the entire dandelion network.
   The author suggested a solution to this would be to combine Mimblewimble with another protocol that obscures the transaction graph, such as Ethereum 9¾.

5. Read Grin’s Response: https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9. Would you add anything to it? : The only thing I would add is what improvements are GRIN striving to improve upon regarding their anonymity set?..

1. A “sniffer node” in the context of Mimblewimble is a type of node that is able to gather information about transactions passing through the network without actually participating in the transactions themselves. Sniffer nodes can potentially be used to gather information about the identities and addresses of Mimblewimble users, as well as the amounts and destinations of their transactions.

2. A supernode can determine the amount and destination of each transaction, as well as the approximate number of transactions made by a specific user. However, it cannot determine the specific identities of the parties involved in a transaction or the exact details of the transaction itself.

3. connected with approximately 96% of live nodes.

4. To increase the number of nodes on the network to make it more difficult for a single operator to control a significant percentage of the network. Another potential solution could be to implement additional privacy measures, such as obscuring transaction details or using privacy-focused cryptocurrencies like Monero or Zcash.

• What is a ‘sniffer node’?
  A sniffer node picks up all transactions before cut-through aggregation is finished. It can just observe the network and take note of the original transactions before they get aggregated.

• Which pieces of information can be determined by a supernode? Which pieces cannot?
  A supernode is connected to every other node and will instantly get any transaction that enters fluff phase, before it can be merged with other transactions for anonymity.

• What % of live nodes did the author connect with?
  200 peers out of the total 3000 peers in Grin’s network which is approx. 6.7% of the network.

• What single potential solution is mentioned? Can you think of another?
  For strong privacy, you can always combine Mimblewimble with another protocol that obscures the transaction graph, such as in Ethereum 9¾h (which combines Mimblewimble with a Zerocash-style commitment-nullifier scheme).

• Read Grin’s Response: https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9. Would you add anything to it?
  Seems like a good read. So, nothing to add at this point.

1. What is a ‘sniffer node’?
A node that picks up all transactions before cut-through aggregation is finished.

2. Which pieces of information can be determined by a supernode? Which pieces cannot?
Who paid who. It lets us link transactions together and determine the flow of payments.
Amounts paid and received cannot.

3. What % of live nodes did the author connect with?
200/300=6.66%

4. What single potential solution is mentioned? Can you think of another?
Combining Mimblewimble with another protocol that obscures the transaction graph.
A different solution would be increasing the anonymity set by having more users.

5. Read Grin’s Response: https://medium.com/grin-mimblewimble/factual-inaccuracies-of-breaking-mimblewimbles-privacy-model-8063371839b9. Would you add anything to it?
Grin needs to fight FUD hard until it becomes a more extended used network if it ever becomes one.