Researcher compromises anonymity of MimbleWimble for $ 60 – Bitcoin – News 2020

MimbleWimble's anonymity compromised for $ 60

Considered by some to be the most promising advance in the blockchain ecosystem since Bitcoin itself (and no less mysterious and secret), the MimbleWimble protocol is perhaps going through what could be its most serious crisis.

Indeed, Ivan Boogatyy published a few hours ago a security report describing a certain number of experiments which led him to test the vulnerabilities of MimbleWimble. These experiments bring him to a disturbing observation: not only is it possible in reality to blow up the protection supposed to guarantee the anonymity of the protocol, but worse still, the operation requires only a few tens of dollars to be executed.

Charlie Lee, the founder of Litecoin (who has great ambitions in convergence with MimbleWimble), however, puts this revelation into perspective. Like the project developers, he points out that this vulnerability is only partial, and that it is already well known. We take stock.

MimbleWimble, the patronum of Satoshi Nakamoto

When on July 19, 2016, an anonymous person using the pseudonym of Tom Elvis Riddle, The youth version of “The one who has no nose” spreads the White Paper a whole new protocol, the entire crypto community holds its breath. The first readers are as if struck by the famous fate of ” silencio “(” MimbleWimble »In VO), thrown by the most unbearable glasses wizard of the beginning of the XXIth century.

Satoshi would not have denied the modus operandi of the author. Taste for discretion, willingness to offer innovation to the world without seeking compensation, frugality Livra Blanc whose ideas, as innovative as they are, fit in few pages. And what does this new protocol offer? Nothing less than improving the Proof of Work (PoW) architecture Bitcoin, in terms of his anonymity which is ultimately very perfectible (beyond the cliché of “anonymous currency of criminals” which however sticks to his skin).

Although brilliant, the document leaves questions unanswered and will be upgraded by Andrew Poelstra, the mathematician notably behind Blockstream, later in the year. It is then that it will take its name from MimbleWimble.

grin, mw

Through several innovations, MimbleWimble offers its users total anonymity, concealing both the stakeholders of a crypto transaction and its amount, in particular by activating the mechanisms CoinJoin and Confidential Transactions. In short, a regulator’s nightmare.

Several projects have already implemented the protocol. Among the most emblematic are: GRIN and Bean launched in early 2019. We can also cite the wallet IronBelly. Finally, Charlie Lee, the creator of Litecoin (about which you can read interesting hypotheses here) has never hidden any interest in a future implementation of MW in Litecoin architecture.

A solid protocol, guaranteeing increased anonymity, innovative projects, support from all sides, and even a donation of 50 BTC falling from the sky a few days ago ! Everything seemed to be going well, in the best of magic worlds … but that was before a thunderbolt revelation a few hours ago: a researcher would have demonstrated that it was easy, for an unfortunate handful of dollars, to blow up most of the anonymity shell of MimbleWimble!

MimbleWimble, anonymous yes, but at 4%

The specialist in HAVE and in deep learning and venture capital investor at Dragonfly Capital, Ivan Bogatyy published in a long post Medium, the process which allowed him to compromise anonymity of transactions executed via the MimbleWimble protocol. And not just a little: it’s near 96% of all transactions who would be affected by what should be called – with a certain sense of euphemism – a “small vulnerability”.

“The notion of confidentiality on Mimblewim is fundamentally flawed. Using only $ 60 / week of spending on AWS (Amazon Web Service), I was able to discover the exact addresses of senders and recipients for 96% of Grin transactions in real time. The problem is inherent in Mimblewimble, and I don’t believe there is a way to fix it. This means that Mimblewimblewimble should no longer be considered a viable alternative to Zcash or Monero when it comes to privacy. ” Ivan Bogatyy, Medium article on MimbleWimble vulnerabilities.


Bogatyy managed to bypass the system by securing for very small sums, control over a large number of network nodes and exploiting weaknesses in CoinJoin.

In doing so, he managed to – in 96% of cases therefore – determine the addresses of participants in a transaction on the network. However, impossible to know the amounts transferred. It’s always better than nothing …

The researcher specifies: “Grin still offers a more robust privacy model than Bitcoin or other non-confidential coins, since amounts are encrypted securely. But Mimblewimble offers a weaker privacy model than Zcash or Monero. “

Charlie LEE steps up

As we said, the creator of Litecoin sees a lot of potential in the convergence between MW and LiteCoin (even if it is not yet acquired that MimbleWimble is implementable as it is on Bitcoin, or one of its forks like Litecoin, other than as an application overlay, in the same way as the Lightning Network).

The reaction of the interested party was not long in coming: it’s nice but we were aware

“This limitation of the MimbleWimble protocol is well known. MW essentially contributes to a confidential transaction with the benefits of scaling up and slight severability. For much better privacy, you can always use CoinJoin before the broadcast and CJ works great with MW thanks to CT and aggregation. “

Same story on the developer side: the flaw is well known and is the subject of all attention. It does not however alter the added value of the protocol but requires a particular rigor of the user, which in terms of privacy is a basic rule of hygiene.

In this concert of reassuring remarks, we will quote anyway Emin Gun Sirer, who is behind Ava Labs, and the Avalanche protocol, who for his part qualified the experiment “ great attack on the MimbleWimble protocol. “

All of this is somewhat disorderly, for a protocol supposed, more than any other, to be placed above all suspicion. No doubt the next few days will teach us a little more.

Researcher compromises anonymity of MimbleWimble for $ 60 – Bitcoin – News 2020
4.9 (98%) 32 votes