- The latest to join the list of companies to come under the radar of false privacy claims happens to be probably the most talked about blockchain protocol in the crypto world, MimbleWimble(MW).
- EllipticCurve Cryptography (ECC), which combines the signature of the sender and receiver to create a private address, shielding the transaction from the public eyes.
- This advancement comes on the heels of GRIN (a cryptocurrency which uses MW) Product Manager Daniel Lehnberg’s announcement of GRIN receiving a 50 BTC donation from an early adopter of Bitcoin.
As the world becomes increasingly closer due to the advent of technology, data theft, government surveillance and other such privacy concerns have also steadily been on the rise.
The Harry Potter inspired protocol’s security flaws have been revealed by Ivan Bogatyy, a former Google engineer and a venture capitalist with Dragonfly Capital.
To understand the jinx in the armor, one needs to understand the basis of MW’s privacy model. Essentially, cryptocurrency transactions can be traced, as the sender and receiver both need an address to send and receive the amount respectively.
This address can then be used by any user(read public) to track a transaction. Using MW, anonymity prevails in transactions as the address simply doesn’t exist. It uses EllipticCurve Cryptography (ECC), which combines the signature of the sender and receiver to create a private address, shielding the transaction from the public eyes.
No user can track the amount transacted, or to whom or from it was transacted. It is this feature of MW that caught the attention of the crypto world and propelled it to fame.
Though alternatives like Zcash and Monero exist, it was the efficient yet private nature of MW that it was even being considered to be integrated into Litecoin. Bogatyy exposed the fragility in the privacy model of MW by mounting an attack by spending as little as $60/week on Amazon Web Services.
His report claims “that the attack traces 96% of all sender and recipient addresses in real time.” He even goes on to claim that MW is “fundamentally flawed,” and “unfixable”.
This advancement comes on the heels of GRIN (a cryptocurrency which uses MW) Product Manager Daniel Lehnberg’s announcement of GRIN receiving a 50 BTC donation from an early adopter of Bitcoin. Bogatyy’s reports caused the value of GRIN to fall down by as much as 12.5% in a day.
The GRIN team is now expected to used their 50BTC donation to try and develop a fix for this attack, if they still want to remain ‘robust’ and ‘privacy driven’. MimbleWimble’s integration into Litecoin was supposed to give Litecoin a major boost, bringing it at par with Bitcoin.
Though for users and the crypto experts still have the option of solely privacy-focused platforms like Zcash and Monero, the promise that MimbleWimble held, looks like a failed spell.