Pi Network - auto mobile mining: Join now and be one of the pioneers!!

Blog

Ivan Bogatyy of Dragonfly Research says he was able to use as little as $60 per week on Amazon Web Services (AWS) to expose a critical vulnerability on the Mimblewimble (MW) privacy architecture. This flaw in the MW protocol may dent the network’s aspiration of being a viable alternative to other privacy-focused blockchains like ZCash and Monero.


Massive Mimblewimble Flaw Uncovered

In a Medium post published on Monday (November 18, 2019), Bogatty revealed that he was able to expose the participating addresses in 96% of Grin transactions on MW. According to Bogatyy, this exploit of the MW protocol only cost $60 per week on AWS — Amazon’s cloud computing platform.

An excerpt from Bogatyy’s post showing the severity of the problem and the ease with which attackers can exploit vulnerability reads:

In my attack, I was able to link 96% of all transactions while only connecting to 200 peers out of the total 3000 peers in Grin’s network. But if I wanted to spend a bit more money, I could easily connect to 3000 nodes to disaggregate almost all transactions.

By “disaggregate,” Bogatyy is referring to the process of preventing transactions from coupling together in MW’s CoinJoin which ensures anonymity.

While other privacy-focused cryptos use decoy UTXOs or shielded transactions, MW achieves anonymity by means of massive CoinJoins. Each CoinJoin is an amalgamation of multiple transactions in a single block to create the ‘anonymity set.’

Still A Viable Alternative to ZEC and XMR?

Bogatyy did remark that the vulnerability was known to the MW developers. However, his findings prove that it requires little capital outlay to exploit the weakness in MW’s privacy architecture.

For Bogatyy, the presence of and ease with which attackers can take advantage of the vulnerability also makes MW a poor alternative to the likes of Zcash (ZEC) and Monero (XMR). According to Bogatyy:

The problem is inherent to Mimblewimble, and I don’t believe there’s a way to fix it. This means Mimblewimble should no longer be considered a viable alternative to Zcash or Monero when it comes to privacy.

The presence of this vulnerability may also affect Litecoin’s proposed MW integration. Back in early 2019, the Litecoin Foundation announced that it was looking to incorporate extension blocks on Litecoin to ensure privacy and anonymity.

What do you think about the vulnerability exposed in the Mimblewimble privacy architecture? Let us know in the comments below.


Images via Twitter @IvanBogatyy.

No Comments

Be the first to start a conversation

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Categories

Pi Network - auto mobile mining

Become one of the pioneers!!

Random Posts

DOWNLOAD MY EBOOK FOR FREE

"Your Headline Here How I Made $4947 In 1 Month"

Lorem pretium lorem orci elit nunc imperdiet nec vel sit pretium hendrerit amet nec orci gravida gravida sapien purus massa

Quick Bio About Me

mypicmeLorem proin accumsan accumsan volutpat ut nullam odio eleifend libero quisque ipsum gravida eleifend dolor nunc sagittis venenatis orci eleifend lorem quisque venenatis non sagittis sagittis ipsum nunc.

lacus eleifend pretium eros sed consectetur venenatis praesent sapien consectetur dolor nullam laoreet orci mauris ornare congue lacinia auctor lorem quis quis lacus eleifend pretium eros sed consectetur venenatis praesent sapien consectetur dolor nullam laoreet orci mauris

Resources

  • Resource 1

    Lorem sed praesent quisque auctor libero eros lorem nec praesent accumsan ornare venenatis nullam.

  • Resource 2

    Lorem sed praesent quisque auctor libero eros lorem nec praesent accumsan ornare venenatis nullam.

Random Blog Posts

© 2020 Cryptoracle.info - Crypto News